401 unauthorized issue resolved

[indraniBan]

📋 Description

JIRA ID:

Please provide a summary of the change and the motivation behind it. Include relevant context and details.

---

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Please describe how the changes were tested, and include any relevant screenshots, logs, or other information that provides additional context.

Summary by CodeRabbit

• New Features
  • Enhanced secure token management for visit operations improves authentication reliability. These updates streamline token handling, ensuring a smoother and more secure experience when accessing visit-related functionalities.
  • The improvements help maintain consistent authorization and minimize any potential disruptions, providing you with a more robust and trustworthy service.

[coderabbitai]

Walkthrough

The modifications focus on enhancing the VisitServiceImpl class by integrating JWT token handling via cookie management. New Spring framework imports enable retrieval of HTTP request attributes, and dependency injection for CookieUtil is added. Within the beneficiary list methods, the current HTTP request is obtained to extract the JWT token from cookies, which is then appended to the request headers. These changes streamline the process of including authentication tokens in outgoing requests.

Changes

File	Summary
src/.../VisitServiceImpl.java	- Added new Spring imports (LinkedMultiValueMap, MultiValueMap, RequestContextHolder, ServletRequestAttributes, and HttpServletRequest). - Injected CookieUtil via @Autowired. - Modified getBeneficiaryListByIDs and getBeneficiaryListBySearch to retrieve the current HTTP request, extract the JWT token from cookies, and add it to the request headers.

Sequence Diagram(s)

sequenceDiagram
    participant C as Client
    participant V as VisitServiceImpl
    participant R as RequestContextHolder
    participant CU as CookieUtil
    participant API as External API

    C->>V: Call service method (e.g., getBeneficiaryListByIDs)
    V->>R: Retrieve current HTTP request
    R-->>V: Return HTTP request
    V->>CU: Extract JWT token from cookie
    CU-->>V: Return JWT token
    V->>API: Call API with header "Cookie: Jwttoken={token}"
    API-->>V: API response
    V-->>C: Return response

Loading

Poem

I'm a rabbit of code so bright,
Hoping through cookies in pure delight.
JWT tokens I now fetch with a hop,
In headers they gracefully drop.
This change makes my code dance in the light!
🐰💻 Happy hops to new features today!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
47.1% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/main/java/com/iemr/inventory/service/visit/VisitServiceImpl.java (2)

32-35: Unused imports detected.

The imported classes LinkedMultiValueMap and MultiValueMap (lines 32-33) aren't used in the code. Consider removing these unused imports to improve code cleanliness.

-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;

---

107-111: Consider adding null check for RequestContextHolder.

The current implementation assumes that RequestContextHolder.getRequestAttributes() will never return null, which could potentially lead to a NullPointerException if called outside of a request context.

-HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-		.getRequest();
-String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
-header.put("Cookie", "Jwttoken=" + jwtTokenFromCookie);
+if (RequestContextHolder.getRequestAttributes() != null) {
+   HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
+           .getRequest();
+   String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
+   if (jwtTokenFromCookie != null) {
+       header.put("Cookie", "Jwttoken=" + jwtTokenFromCookie);
+   }
+}

Also applies to: 143-147

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32dc85e and bc015b4.

📒 Files selected for processing (1)

• src/main/java/com/iemr/inventory/service/visit/VisitServiceImpl.java (4 hunks)

🔇 Additional comments (4)

src/main/java/com/iemr/inventory/service/visit/VisitServiceImpl.java (4)

62-63: Good addition of CookieUtil dependency.

The CookieUtil autowiring adds the necessary functionality to retrieve JWT tokens from cookies, which is essential for resolving the 401 unauthorized issue.

---

107-111: JWT token handling added correctly.

The implementation correctly retrieves the JWT token from cookies and adds it to the request headers, which should resolve the 401 unauthorized issue. This approach ensures that authenticated requests are properly forwarded to downstream services.

---

143-147: Consistent implementation of JWT token handling.

The same JWT token retrieval logic is correctly applied here as in the getBeneficiaryListByIDs method, ensuring consistent authentication behavior across all beneficiary-related API calls.

---

62-63: Consider adding unit tests for the JWT authentication flow.

The newly added authentication flow should be properly tested to ensure it handles various scenarios correctly, including:

1. When a valid JWT token is present in cookies
2. When no JWT token is present
3. When RequestContextHolder returns null

This will help ensure the robustness of the authentication mechanism.

Also applies to: 107-111, 143-147