[RAA-6562]-[GC]-[ODS code change to fix int tests]-[EW]

EdwardWills-nhs · EdwardWills-nhs · commit aef569c1b1a0 · 2026-04-23T09:05:29.000Z
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -130,12 +130,13 @@ def client():
 @pytest_asyncio.fixture
 async def user_restricted_product(client, make_product):
     # Setup
+    print("user_restricted_product EUOAllowlistRequired=true")
     productName = await make_product(
         [
             "urn:nhsd:apim:user-nhs-id:aal3:e-referrals-service-api",
             "urn:nhsd:apim:user-nhs-id:aal2:e-referrals-service-api",
         ],
-        additional_attributes=[{"name": "EUOAllowlistRequired", "value": "false"}],
+        additional_attributes=[{"name": "EUOAllowlistRequired", "value": "true"}],
     )
 
     print(f"product created: {productName}")
diff --git a/tests/integration/test_user_restricted.py b/tests/integration/test_user_restricted.py
@@ -113,9 +113,12 @@ async def test_user_restricted_invalid_ods_code(
             f"{service_url}{endpoint_url}", headers=client_request_headers
         )
         # Verify the status
-        assert (
-            response.status_code == 403
-        ), "Expected a 403 when accessing the api but got " + str(response.status_code)
+        assert response.status_code == 403, (
+            "Expected a 403 when accessing the api but got "
+            + str(response.status_code)
+            + "; response body: "
+            + response.text
+        )
         # Verify the OperationOutcome payload
         response_data = response.json()
         assert response_data["resourceType"] == "OperationOutcome"
@@ -181,9 +184,12 @@ async def test_user_restricted_missing_ods_header(
             f"{service_url}{endpoint_url}", headers=client_request_headers
         )
         # Verify the status
-        assert (
-            response.status_code == 400
-        ), "Expected a 400 when accessing the api but got " + str(response.status_code)
+        assert response.status_code == 400, (
+            "Expected a 400 when accessing the api but got "
+            + str(response.status_code)
+            + "; response body: "
+            + response.text
+        )
         # Verify the OperationOutcome payload
         response_data = response.json()
         assert response_data["resourceType"] == "OperationOutcome"
@@ -252,7 +258,37 @@ async def test_user_restricted_missing_ods_code(
             f"{service_url}{endpoint_url}", headers=client_request_headers
         )
         # Verify the status
-        # Empty ODS currently falls through to an allowed request for this configured app.
+        assert response.status_code == 400, (
+            "Expected a 400 when accessing the api but got "
+            + str(response.status_code)
+            + "; response body: "
+            + response.text
+        )
+        # Verify the OperationOutcome payload
+        response_data = response.json()
+        assert response_data["resourceType"] == "OperationOutcome"
+        assert response_data["meta"]["lastUpdated"] is not None
+        assert len(response_data["meta"]["profile"]) == 1
+        assert response_data["meta"]["profile"][0] == (
+            "https://www.hl7.org/fhir/R4/operationoutcome.html"
+            if is_fhir_4
+            else "https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1"
+        )
+        assert len(response_data["issue"]) == 1
+        issue = response_data["issue"][0]
+        assert issue["severity"] == "error"
+        assert issue["code"] == "required" if is_fhir_4 else "required"
+        assert issue["diagnostics"] == (
+            "Missing or Empty NHSD-End-User-Organisation-ODS header."
+        )
+        assert len(issue["details"]["coding"]) == 1
+        issue_details = issue["details"]["coding"][0]
         assert (
-            response.status_code == 200
-        ), "Expected a 200 when accessing the api but got " + str(response.status_code)
+            issue_details["system"]
+            == "https://fhir.nhs.uk/CodeSystem/NHSD-API-ErrorOrWarningCode"
+            if is_fhir_4
+            else "https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1"
+        )
+        assert (
+            issue_details["code"] == "MISSING_HEADER" if is_fhir_4 else "MISSING_HEADER"
+        )

Original file line number	Diff line number	Diff line change
`@@ -130,12 +130,13 @@ def client():`
`130`	`130`	`@pytest_asyncio.fixture`
`131`	`131`	`async def user_restricted_product(client, make_product):`
`132`	`132`	`# Setup`
	`133`	`+ print("user_restricted_product EUOAllowlistRequired=true")`
`133`	`134`	`productName = await make_product(`
`134`	`135`	`[`
`135`	`136`	`"urn:nhsd:apim:user-nhs-id:aal3:e-referrals-service-api",`
`136`	`137`	`"urn:nhsd:apim:user-nhs-id:aal2:e-referrals-service-api",`
`137`	`138`	`],`
`138`		`- additional_attributes=[{"name": "EUOAllowlistRequired", "value": "false"}],`
	`139`	`+ additional_attributes=[{"name": "EUOAllowlistRequired", "value": "true"}],`
`139`	`140`	`)`
`140`	`141`
`141`	`142`	`print(f"product created: {productName}")`