[DL-17363] Handle 403 responses from get Penalties and get Financial Details (#1060)

Author: Jake-Raffe

app/v1/connectors/httpparsers/FinancialDataHttpParser.scala

@@ -39,6 +39,9 @@ object FinancialDataHttpParser extends Logging {
               errorConnectorLog(s"[FinancialDataHttpParser][read] invalid JSON errors: $errors")(response)
               Left(ErrorWrapper(responseCorrelationId, InvalidJson))
           }
+        case FORBIDDEN =>
+          errorConnectorLog(s"[FinancialDataHttpParser][read] 403 error: ${response.body}")(response)
+          Left(ErrorWrapper(responseCorrelationId, UnauthorisedError))
         case status =>
           val mtdErrors = errorHelper(response.json)
           errorConnectorLog(s"[FinancialDataHttpParser][read] status: $status with Error $mtdErrors")(response)

app/v1/connectors/httpparsers/PenaltiesHttpParser.scala

@@ -39,6 +39,9 @@ object PenaltiesHttpParser extends Logging {
               errorConnectorLog(s"[PenaltiesHttpParser][read] invalid JSON errors: $errors")(response)
               Left(ErrorWrapper(responseCorrelationId, InvalidJson))
           }
+        case FORBIDDEN =>
+          errorConnectorLog(s"[PenaltiesHttpParser][read] 403 error: ${response.body}")(response)
+          Left(ErrorWrapper(responseCorrelationId, UnauthorisedError))
         case status =>
           val mtdErrors = errorHelper(response.json)
           errorConnectorLog(s"[PenaltiesHttpParser][read] status: $status with Error $mtdErrors")(response)

app/v1/controllers/FinancialDataController.scala

@@ -19,19 +19,18 @@ package v1.controllers
 import cats.data.EitherT
 import cats.implicits._
 import config.AppConfig
-
-import javax.inject.{Inject, Singleton}
 import play.api.libs.json.Json
-import play.api.mvc.{Action, AnyContent, ControllerComponents, Result}
-import utils.{EndpointLogContext, IdGenerator, Logging}
+import play.api.mvc.{ Action, AnyContent, ControllerComponents, Result }
+import utils.{ EndpointLogContext, IdGenerator, Logging }
 import v1.audit.AuditEvents
 import v1.controllers.requestParsers.FinancialDataRequestParser
 import v1.models.audit.AuditResponse
 import v1.models.errors._
 import v1.models.request.penalties.FinancialRawData
-import v1.services.{AuditService, EnrolmentsAuthService, PenaltiesService}
+import v1.services.{ AuditService, EnrolmentsAuthService, PenaltiesService }
 
-import scala.concurrent.{ExecutionContext, Future}
+import javax.inject.{ Inject, Singleton }
+import scala.concurrent.{ ExecutionContext, Future }
 
 @Singleton
 class FinancialDataController @Inject()(val authService: EnrolmentsAuthService,
@@ -40,64 +39,65 @@ class FinancialDataController @Inject()(val authService: EnrolmentsAuthService,
                                         auditService: AuditService,
                                         cc: ControllerComponents,
                                         val idGenerator: IdGenerator,
-                                        appConfig: AppConfig)
-                                       (implicit ec: ExecutionContext)
-  extends AuthorisedController(cc) with BaseController with Logging {
+                                        appConfig: AppConfig)(implicit ec: ExecutionContext)
+    extends AuthorisedController(cc)
+    with BaseController
+    with Logging {
 
   implicit val endpointLogContext: EndpointLogContext =
     EndpointLogContext(
       controllerName = "FinancialDataController",
       endpointName = "retrieveFinancialData"
     )
 
-
   def retrieveFinancialData(vrn: String, chargeReference: String): Action[AnyContent] = authorisedAction(vrn).async { implicit request =>
-
     implicit val correlationId: String = idGenerator.getUid
 
-    infoLog(s"${endpointLogContext.toString} correlationId: $correlationId: " +
-      s"attempting to retrieve financial data for VRN: $vrn")
-
+    infoLog(
+      s"${endpointLogContext.toString} correlationId: $correlationId: " +
+        s"attempting to retrieve financial data for VRN: $vrn")
 
     val result: EitherT[Future, ErrorWrapper, Result] = {
       for {
-        parsedRequest <- EitherT.fromEither[Future](requestParser.parseRequest(FinancialRawData(vrn, chargeReference)))
+        parsedRequest   <- EitherT.fromEither[Future](requestParser.parseRequest(FinancialRawData(vrn, chargeReference)))
         serviceResponse <- EitherT(service.retrieveFinancialData(parsedRequest))
       } yield {
 
-        infoLog(s"${endpointLogContext.toString} " +
-          s"Successfully retrieved Financial Data with correlationId : ${serviceResponse.correlationId}")
-
+        infoLog(
+          s"${endpointLogContext.toString} " +
+            s"Successfully retrieved Financial Data with correlationId : ${serviceResponse.correlationId}")
 
-        auditService.auditEvent(AuditEvents.auditFinancialData(serviceResponse.correlationId,
-          request.userDetails, AuditResponse(OK, Right(Some(Json.toJson(serviceResponse.responseData))))
-        ))
+        auditService.auditEvent(
+          AuditEvents.auditFinancialData(serviceResponse.correlationId,
+                                         request.userDetails,
+                                         AuditResponse(OK, Right(Some(Json.toJson(serviceResponse.responseData))))))
 
         Ok(Json.toJson(serviceResponse.responseData))
           .withApiHeaders(serviceResponse.correlationId)
       }
     }
     result.leftMap { errorWrapper: ErrorWrapper =>
       val resCorrelationId: String = errorWrapper.correlationId
-      val leftResult = errorResult(errorWrapper).withApiHeaders(resCorrelationId)
+      val leftResult               = errorResult(errorWrapper).withApiHeaders(resCorrelationId)
       warnLog(ControllerError(endpointLogContext, vrn, request, leftResult.header.status, errorWrapper.error.message, resCorrelationId))
 
-      auditService.auditEvent(AuditEvents.auditFinancialData(resCorrelationId,
-        request.userDetails, AuditResponse(httpStatus = leftResult.header.status, Left(errorWrapper.auditErrors))
-      ))
+      auditService.auditEvent(
+        AuditEvents.auditFinancialData(resCorrelationId,
+                                       request.userDetails,
+                                       AuditResponse(httpStatus = leftResult.header.status, Left(errorWrapper.auditErrors))))
 
       leftResult
     }.merge
   }
 
   private def errorResult(errorWrapper: ErrorWrapper): Result = {
     (errorWrapper.error: @unchecked) match {
-      case VrnFormatError | RuleIncorrectGovTestScenarioError |
-           FinancialInvalidIdNumber |
-           FinancialInvalidSearchItem |
-           MtdError("INVALID_REQUEST", _, _) => BadRequest(Json.toJson(errorWrapper))
+      case VrnFormatError | RuleIncorrectGovTestScenarioError | FinancialInvalidIdNumber | FinancialInvalidSearchItem |
+          MtdError("INVALID_REQUEST", _, _) =>
+        BadRequest(Json.toJson(errorWrapper))
       case FinancialNotDataFound => NotFound(Json.toJson(errorWrapper))
-      case _ => InternalServerError(Json.toJson(errorWrapper))
+      case UnauthorisedError     => Forbidden(Json.toJson(errorWrapper))
+      case _                     => InternalServerError(Json.toJson(errorWrapper))
     }
   }
 }

app/v1/controllers/PenaltiesController.scala

@@ -39,51 +39,52 @@ class PenaltiesController @Inject()(val authService: EnrolmentsAuthService,
                                     auditService: AuditService,
                                     cc: ControllerComponents,
                                     val idGenerator: IdGenerator,
-                                    appConfig: AppConfig)
-                                   (implicit ec: ExecutionContext)
-  extends AuthorisedController(cc) with BaseController with Logging {
+                                    appConfig: AppConfig)(implicit ec: ExecutionContext)
+    extends AuthorisedController(cc)
+    with BaseController
+    with Logging {
 
   implicit val endpointLogContext: EndpointLogContext =
     EndpointLogContext(
       controllerName = "PenaltiesController",
       endpointName = "retrievePenalties"
     )
 
-
   def retrievePenalties(vrn: String): Action[AnyContent] = authorisedAction(vrn).async { implicit request =>
-
     implicit val correlationId: String = idGenerator.getUid
 
-    infoLog(s"${endpointLogContext.toString} correlationId: $correlationId: " +
-      s"attempting to retrieve penalties for VRN: $vrn")
-
+    infoLog(
+      s"${endpointLogContext.toString} correlationId: $correlationId: " +
+        s"attempting to retrieve penalties for VRN: $vrn")
 
     val result: EitherT[Future, ErrorWrapper, Result] = {
       for {
-        parsedRequest <- EitherT.fromEither[Future](requestParser.parseRequest(PenaltiesRawData(vrn)))
+        parsedRequest   <- EitherT.fromEither[Future](requestParser.parseRequest(PenaltiesRawData(vrn)))
         serviceResponse <- EitherT(service.retrievePenalties(parsedRequest))
       } yield {
 
-        infoLog(s"${endpointLogContext.toString} " +
-          s"Successfully retrieved Payments from DES with correlationId : ${serviceResponse.correlationId}")
-
+        infoLog(
+          s"${endpointLogContext.toString} " +
+            s"Successfully retrieved Payments from DES with correlationId : ${serviceResponse.correlationId}")
 
-        auditService.auditEvent(AuditEvents.auditPenalties(serviceResponse.correlationId,
-          request.userDetails, AuditResponse(OK, Right(Some(Json.toJson(serviceResponse.responseData))))
-        ))
+        auditService.auditEvent(
+          AuditEvents.auditPenalties(serviceResponse.correlationId,
+                                     request.userDetails,
+                                     AuditResponse(OK, Right(Some(Json.toJson(serviceResponse.responseData))))))
 
         Ok(Json.toJson(serviceResponse.responseData))
           .withApiHeaders(serviceResponse.correlationId)
       }
     }
     result.leftMap { errorWrapper: ErrorWrapper =>
       val resCorrelationId: String = errorWrapper.correlationId
-      val leftResult = errorResult(errorWrapper).withApiHeaders(resCorrelationId)
+      val leftResult               = errorResult(errorWrapper).withApiHeaders(resCorrelationId)
       warnLog(ControllerError(endpointLogContext, vrn, request, leftResult.header.status, errorWrapper.error.message, resCorrelationId))
 
-      auditService.auditEvent(AuditEvents.auditPenalties(resCorrelationId,
-        request.userDetails, AuditResponse(httpStatus = leftResult.header.status, Left(errorWrapper.auditErrors))
-      ))
+      auditService.auditEvent(
+        AuditEvents.auditPenalties(resCorrelationId,
+                                   request.userDetails,
+                                   AuditResponse(httpStatus = leftResult.header.status, Left(errorWrapper.auditErrors))))
 
       leftResult
     }.merge
@@ -92,7 +93,8 @@ class PenaltiesController @Inject()(val authService: EnrolmentsAuthService,
   private def errorResult(errorWrapper: ErrorWrapper): Result = {
     (errorWrapper.error: @unchecked) match {
       case PenaltiesInvalidIdValue | RuleIncorrectGovTestScenarioError => BadRequest(Json.toJson(errorWrapper))
-      case _ => InternalServerError(Json.toJson(errorWrapper))
+      case UnauthorisedError                                           => Forbidden(Json.toJson(errorWrapper))
+      case _                                                           => InternalServerError(Json.toJson(errorWrapper))
     }
   }
 }

app/v1/services/AuditService.scala

@@ -16,18 +16,17 @@
 
 package v1.services
 
-import javax.inject.{Inject, Singleton}
-import play.api.libs.json.{Json, Writes}
-import play.api.{Configuration, Logger}
+import play.api.Configuration
+import play.api.libs.json.{ Json, Writes }
 import uk.gov.hmrc.http.HeaderCarrier
 import uk.gov.hmrc.play.audit.AuditExtensions
-import uk.gov.hmrc.play.audit.http.connector.{AuditConnector, AuditResult}
+import uk.gov.hmrc.play.audit.http.connector.{ AuditConnector, AuditResult }
 import uk.gov.hmrc.play.audit.model.ExtendedDataEvent
 import uk.gov.hmrc.play.bootstrap.config.AppName
 import v1.models.audit.AuditEvent
 
-
-import scala.concurrent.{ExecutionContext, Future}
+import javax.inject.{ Inject, Singleton }
+import scala.concurrent.{ ExecutionContext, Future }
 
 @Singleton
 class AuditService @Inject()(auditConnector: AuditConnector,

test/v1/connectors/httpparsers/FinancialDataHttpParserSpec.scala

@@ -16,13 +16,14 @@
 
 package v1.connectors.httpparsers
 
-import play.api.http.Status.{ BAD_REQUEST, CREATED, OK }
+import play.api.http.Status.{ BAD_REQUEST, CREATED, FORBIDDEN, OK }
 import play.api.libs.json.{ JsValue, Json }
 import support.UnitSpec
 import uk.gov.hmrc.http.HttpResponse
 import v1.connectors.httpparsers.FinancialDataHttpParser.FinancialDataHttpReads
 import v1.constants.FinancialDataConstants
 import v1.constants.FinancialDataConstants._
+import v1.constants.PenaltiesConstants.errorWrapper
 import v1.models.errors._
 import v1.models.outcomes.ResponseWrapper
 import v1.models.response.financialData.FinancialDataResponse
@@ -94,7 +95,17 @@ class FinancialDataHttpParserSpec extends UnitSpec {
       }
     }
 
-    "API response is an error (any non 200/201 status)" must {
+    "response is FORBIDDEN (403)" must {
+      "return an UnauthorisedError" in {
+        val response =
+          HttpResponse(status = FORBIDDEN, body = "403 - Forbidden", headers = Map("CorrelationId" -> Seq(correlationId)))
+        val result = FinancialDataHttpReads.read("", "", response)
+
+        result shouldBe Left(errorWrapper(MtdError("CLIENT_OR_AGENT_NOT_AUTHORISED", "The client and/or agent is not authorised")))
+      }
+    }
+
+    "API response is an error (any non 200/201/403 status)" must {
       "return the error in an ErrorWrapper (appropriate error handled by .errorHelper)" in {
         val error = Json.parse("""
             |{

test/v1/connectors/httpparsers/PenaltiesHttpParserSpec.scala

@@ -66,7 +66,17 @@ class PenaltiesHttpParserSpec extends UnitSpec {
       }
     }
 
-    "response is an error (any non 200 status)" when {
+    "response is FORBIDDEN (403)" must {
+      "return an UnauthorisedError" in {
+        val response =
+          HttpResponse(status = FORBIDDEN, body = "403 - Forbidden", headers = Map("CorrelationId" -> Seq(correlationId)))
+        val result = PenaltiesHttpReads.read("", "", response)
+
+        result shouldBe Left(errorWrapper(MtdError("CLIENT_OR_AGENT_NOT_AUTHORISED", "The client and/or agent is not authorised")))
+      }
+    }
+
+    "response is an error (any non 200 or 403 status)" when {
       "return an error in an ErrorWrapper (appropriate error handled by .errorHelper)" in {
         val errorJson    = buildErrorHip("002", Some("Invalid Tax Regime"))
         val httpResponse = buildHttpResponse(BAD_REQUEST, errorJson)

test/v1/controllers/FinancialDataControllerSpec.scala

@@ -24,15 +24,21 @@ import v1.audit.AuditEvents
 import v1.constants.FinancialDataConstants
 import v1.mocks.MockIdGenerator
 import v1.mocks.requestParsers.MockFinancialDataRequestParser
-import v1.mocks.services.{MockAuditService, MockEnrolmentsAuthService, MockPenaltiesService}
-import v1.models.audit.{AuditError, AuditResponse}
-import v1.models.errors.{FinancialNotDataFound, MtdError, RuleIncorrectGovTestScenarioError, UnexpectedFailure, VrnFormatError}
+import v1.mocks.services.{ MockAuditService, MockEnrolmentsAuthService, MockPenaltiesService }
+import v1.models.audit.{ AuditError, AuditResponse }
+import v1.models.errors._
 
 import scala.concurrent.ExecutionContext.Implicits.global
 import scala.concurrent.Future
 
-class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolmentsAuthService
-  with MockPenaltiesService with MockFinancialDataRequestParser with MockAuditService with MockIdGenerator with MockAppConfig {
+class FinancialDataControllerSpec
+    extends ControllerBaseSpec
+    with MockEnrolmentsAuthService
+    with MockPenaltiesService
+    with MockFinancialDataRequestParser
+    with MockAuditService
+    with MockIdGenerator
+    with MockAppConfig {
 
   trait Test {
     val hc: HeaderCarrier = HeaderCarrier()
@@ -63,9 +69,11 @@ class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolments
 
             MockPenaltiesRequestParser.parse(FinancialDataConstants.rawData)(Right(FinancialDataConstants.financialRequest))
 
-            MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(Right(FinancialDataConstants.wrappedFinancialDataResponse()))
+            MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(
+              Right(FinancialDataConstants.wrappedFinancialDataResponse()))
 
-            val result: Future[Result] = controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
+            val result: Future[Result] =
+              controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
 
             status(result) shouldBe OK
             contentAsJson(result) shouldBe FinancialDataConstants.testUpstreamFinancialDetails
@@ -83,9 +91,11 @@ class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolments
 
             MockPenaltiesRequestParser.parse(FinancialDataConstants.rawData)(Right(FinancialDataConstants.financialRequest))
 
-            MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(Right(FinancialDataConstants.wrappedFinancialDataResponse(FinancialDataConstants.testFinancialDataResponse)))
+            MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(
+              Right(FinancialDataConstants.wrappedFinancialDataResponse(FinancialDataConstants.testFinancialDataResponse)))
 
-            val result: Future[Result] = controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
+            val result: Future[Result] =
+              controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
 
             status(result) shouldBe OK
             contentAsJson(result) shouldBe FinancialDataConstants.testUpstreamFinancialDetails
@@ -106,6 +116,7 @@ class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolments
             (VrnFormatError, BAD_REQUEST),
             (RuleIncorrectGovTestScenarioError, BAD_REQUEST),
             (FinancialNotDataFound, NOT_FOUND),
+            (UnauthorisedError, FORBIDDEN),
             (UnexpectedFailure.mtdError(INTERNAL_SERVER_ERROR, "error"), INTERNAL_SERVER_ERROR)
           )
 
@@ -119,9 +130,11 @@ class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolments
 
                 MockPenaltiesRequestParser.parse(FinancialDataConstants.rawData)(Right(FinancialDataConstants.financialRequest))
 
-                MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(Left(FinancialDataConstants.errorWrapper(mtdError)))
+                MockPenaltiesService.retrieveFinancialData(FinancialDataConstants.financialRequest)(
+                  Left(FinancialDataConstants.errorWrapper(mtdError)))
 
-                val result: Future[Result] = controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
+                val result: Future[Result] =
+                  controller.retrieveFinancialData(FinancialDataConstants.vrn, FinancialDataConstants.searchItem)(fakeGetRequest)
 
                 status(result) shouldBe expectedStatus
                 contentAsJson(result) shouldBe Json.toJson(mtdError)
@@ -152,11 +165,12 @@ class FinancialDataControllerSpec extends ControllerBaseSpec with MockEnrolments
           contentType(result) shouldBe Some("application/json")
           header("X-CorrelationId", result) shouldBe Some(FinancialDataConstants.correlationId)
 
-          MockedAuditService.verifyAuditEvent(AuditEvents.auditFinancialData(
-            correlationId = FinancialDataConstants.correlationId,
-            userDetails = FinancialDataConstants.userDetails,
-            auditResponse = AuditResponse(BAD_REQUEST, Some(Seq(AuditError(VrnFormatError.code))), None)
-          ))
+          MockedAuditService.verifyAuditEvent(
+            AuditEvents.auditFinancialData(
+              correlationId = FinancialDataConstants.correlationId,
+              userDetails = FinancialDataConstants.userDetails,
+              auditResponse = AuditResponse(BAD_REQUEST, Some(Seq(AuditError(VrnFormatError.code))), None)
+            ))
         }
       }
     }