MeasureAuthoringTool · jkotanchik-SB · Sep 27, 2023 · Jul 14, 2022 · Jul 14, 2022 · Jul 14, 2022
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -30,13 +30,10 @@ jobs:
           ruby-version: 2.7.2
           bundler-cache: true
 
-      - name: Use Node.js 14.x
+      - name: Use Node.js 16.x
         uses: actions/setup-node@v2
         with:
-          node-version: 14.x
-
-      - name: Use latest npm
-        run: npm install -g npm
+          node-version: 16.x
 
       - name: Install bundler & bundle-audit
         run: |
@@ -91,13 +88,10 @@ jobs:
           ruby-version: 2.7.2
           bundler-cache: true
 
-      - name: Use Node.js 14.x
+      - name: Use Node.js 16.x
         uses: actions/setup-node@v2
         with:
-          node-version: 14.x
-
-      - name: Use latest npm
-        run: npm install -g npm
+          node-version: 16.x
 
       - name: Install bundler & bundle-audit
         run: |

diff --git a/Dockerfile b/Dockerfile
@@ -14,7 +14,7 @@ RUN bash -lc "rvm install ruby-${RUBY_VERSION} && rvm --default use ruby-${RUBY_
 RUN rm -f /etc/service/nginx/down \
     && rm -f /etc/nginx/sites-enabled/default \
     && apt update \
-    && curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y nodejs \
     && npm install -g npm@latest \
     && apt-get install shared-mime-info -y

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/projecttacoma/cqm-parsers.git
-  revision: 847019101f1a122f44e3cda0b7313d40cb71e6bb
+  revision: 5a365ca38825eac00017d2eb2cb5c35ad96d62f8
   branch: bonnie_version
   specs:
     cqm-parsers (0.2.1.1)

diff --git a/app/assets/javascripts/views/import_measure_view.js.coffee b/app/assets/javascripts/views/import_measure_view.js.coffee
@@ -72,11 +72,6 @@ class Thorax.Views.ImportMeasure extends Thorax.Views.BonnieView
           $('#vsac-query-settings').removeClass('hidden')
           $('#vsacCachedMsg').removeClass('hidden')
           $('#loadButton').prop('disabled', false)
-          # If the measure import window is open long enough for the VSAC
-          # credentials to expire, we need to reshow the vsacApiKey dialog.
-          setTimeout ->
-            @clearCachedVSACTicket()
-          , new Date(data.expires) - new Date()
         else
           $('#vsacSignIn').removeClass('hidden')
           $('#vsac-query-settings').removeClass('hidden')

diff --git a/app/controllers/api_v1/measures_controller.rb b/app/controllers/api_v1/measures_controller.rb
@@ -81,8 +81,7 @@ def description
       param :population_titles, Array, of: String, :required => false, :desc => "The titles of the populations. If this is not included, populations will assume default values. i.e. \"Population 1\", \"Population 2\", etc."
       param :calculate_sdes, %w[true false], :required => false, :desc => "Should Supplemental Data Elements be included in calculations. Defaults to 'false' if not supplied."
 
-      param :vsac_tgt, String, :required => true, :desc => "VSAC ticket granting ticket. See https://www.nlm.nih.gov/vsac/support/"
-      param :vsac_tgt_expires_at, Integer, :required => true, :desc => "VSAC ticket granting ticket expiration time in seconds since epoch."
+      param :vsac_api_key, String, :required => true, :desc => "UMLS Api Key."
       param :vsac_query_type, %w[release profile], :required => false, :desc => "The type of VSAC query, either 'release', or 'profile'. Default to 'profile' if not supplied."
       param :vsac_query_include_draft, %w[true false], :required => false, :desc => "If VSAC should fetch draft value sets. Defaults to 'true' if not supplied."
       param :vsac_query_release, String, :required => false, :desc => "The program release used to retrieve value sets. Defaults to latest release for the eCQM program."
@@ -210,7 +209,7 @@ def calculated_results
     formats ["multipart/form-data"]
     error :code => 400, :desc => "Client sent bad parameters. Response contains explanation."
     error :code => 409, :desc => "Measure with this HQMF Set ID already exists."
-    error :code => 500, :desc => "A server error occured."
+    error :code => 500, :desc => "A server error occurred."
     param_group :measure_upload
     def create
       permitted_params = params.permit!.to_h

diff --git a/app/controllers/measures_controller.rb b/app/controllers/measures_controller.rb
@@ -31,7 +31,7 @@ def create
 
     begin
       scan_for_viruses(params[:measure_file])
-      vsac_tgt = obtain_ticket_granting_ticket
+      set_vsac_api_key
     rescue VirusFoundError => e
       logger.error "VIRSCAN: error message: #{e.message}"
       raise MeasurePackageVirusFoundError.new
@@ -43,13 +43,11 @@ def create
       raise convert_vsac_error_into_shared_error(e)
     end
 
-    params[:vsac_tgt] = vsac_tgt[:ticket]
-    params[:vsac_tgt_expires_at] = vsac_tgt[:expires]
     measures, main_hqmf_set_id = persist_measure(params[:measure_file], params.permit!.to_h, current_user)
     redirect_to "#{root_path}##{params[:redirect_route]}"
   rescue StandardError => e
-    # also clear the ticket granting ticket in the session if it was a VSACTicketExpiredError
-    session[:vsac_tgt] = nil if e.is_a?(VSACTicketExpiredError)
+    # also clear the vsac api key in the session if it was a VSACInvalidCredentialsError
+    session[:vsac_api_key] = nil if e.is_a?(VSACInvalidCredentialsError)
     flash[:error] = turn_exception_into_shared_error_if_needed(e).front_end_version
     redirect_to "#{root_path}##{params[:redirect_route]}"
   end
@@ -130,20 +128,24 @@ def measurement_period
   private
 
   def persist_measure(uploaded_file, permitted_params, user)
-    measures, main_hqmf_set_id =
-      if permitted_params[:hqmf_set_id].present?
-        update_measure(uploaded_file: uploaded_file,
-                      target_id: permitted_params[:hqmf_set_id],
-                      value_set_loader: build_vs_loader(permitted_params, false),
-                      user: user)
-      else
-        create_measure(uploaded_file: uploaded_file,
-                      measure_details: retrieve_measure_details(permitted_params),
-                      value_set_loader: build_vs_loader(permitted_params, false),
-                      user: user)
-      end
-    check_measures_for_unsupported_data_elements(measures)
-    return measures, main_hqmf_set_id
+    logger.tagged(user.harp_id ? user.harp_id : "unknown user") do
+      measures, main_hqmf_set_id =
+        if permitted_params[:hqmf_set_id].present?
+          logger.info("update")
+          update_measure(uploaded_file: uploaded_file,
+                        target_id: permitted_params[:hqmf_set_id],
+                        value_set_loader: build_vs_loader(permitted_params, false),
+                        user: user)
+        else
+          logger.info("create")
+          create_measure(uploaded_file: uploaded_file,
+                        measure_details: retrieve_measure_details(permitted_params),
+                        value_set_loader: build_vs_loader(permitted_params, false),
+                        user: user)
+        end
+      check_measures_for_unsupported_data_elements(measures)
+      return measures, main_hqmf_set_id
+    end
   end
 
   def check_measures_for_unsupported_data_elements(measures)
@@ -162,6 +164,15 @@ def retrieve_measure_details(params)
     }
   end
 
+  def set_vsac_api_key
+    if session[:vsac_api_key].nil?
+      raise Util::VSAC::VSACNoCredentialsError.new if params[:vsac_api_key].nil?
+      session[:vsac_api_key] = params[:vsac_api_key]
+    else
+      params[:vsac_api_key] = session[:vsac_api_key]
+    end
+  end
+
   def shift_years(measure, year_shift)
     # Copy the patients to make sure there are no errors before saving every patient
     patients = CQM::Patient.by_user_and_hqmf_set_id(current_user, measure.hqmf_set_id).all.entries
@@ -202,33 +213,4 @@ def shift_birth_datetime(birth_datetime, year_shift)
       birth_datetime.change(year: year_shift + birth_datetime.year)
     end
   end
-
-  def obtain_ticket_granting_ticket
-    # Retreive a (possibly) existing ticket granting ticket
-    ticket_granting_ticket = session[:vsac_tgt]
-
-    # If the ticket granting ticket doesn't exist (or has expired), get a new one
-    if ticket_granting_ticket.nil?
-      # The user could open a second browser window and remove their ticket_granting_ticket in the session after they
-      # prepared a measure upload assuming ticket_granting_ticket in the session in the first tab
-
-      # First make sure we have credentials to attempt getting a ticket with. Throw an error if there are no credentials.
-      if params[:vsac_api_key].nil?
-        raise Util::VSAC::VSACNoCredentialsError.new
-      end
-
-      # Retrieve a new ticket granting ticket by creating the api class.
-      api = Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], api_key: params[:vsac_api_key])
-      ticket_granting_ticket = api.ticket_granting_ticket
-
-      # Create a new ticket granting ticket session variable
-      session[:vsac_tgt] = ticket_granting_ticket
-      return ticket_granting_ticket
-
-      # If it does exist, let the api test it
-    else
-      api = Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], ticket_granting_ticket: ticket_granting_ticket)
-      return api.ticket_granting_ticket
-    end
-  end
 end
diff --git a/app/controllers/vsac_util_controller.rb b/app/controllers/vsac_util_controller.rb
@@ -51,26 +51,20 @@ def program_release_names
   ##
   # GET /vsac_util/auth_valid
   #
-  # Gets the status of the ticket_granting_ticket in the session. Returns JSON:
-  # { valid: boolean, expires: DateTime }
+  # Gets the status of the API KEY in the session. Returns JSON:
+  # { valid: boolean }
   def auth_valid
-    # If VSAC TGT is still valid, return its expiration date/time
-    ticket_granting_ticket = session[:vsac_tgt]
+    vsac_api_key = session[:vsac_api_key]
 
-    # If there is no VSAC ticket granting ticket then return false.
-    if ticket_granting_ticket.nil? || ticket_granting_ticket.empty?
-      session[:vsac_tgt] = nil
-      render :json => {valid: false}
-
-    # If it exists then check it using the API
+    if vsac_api_key.nil? || vsac_api_key.empty?
+      session[:vsac_api_key] = nil
+      render :json => {valid:false}
     else
       begin
-        Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], ticket_granting_ticket: ticket_granting_ticket)
-        render :json => {valid: true, expires: ticket_granting_ticket[:expires]}
-
-      # API will throw an error if it has expired
-      rescue Util::VSAC::VSACTicketExpiredError
-        session[:vsac_tgt] = nil
+        Util::VSAC::VSACAPI.new(config: APP_CONFIG['vsac'], api_key: vsac_api_key)
+        render :json => {valid: true}
+      rescue Util::VSAC::VSACInvalidCredentialsError
+        session[:vsac_api_key] = nil
         render :json => {valid: false}
       end
     end
@@ -79,10 +73,10 @@ def auth_valid
   ##
   # POST /vsac_util/auth_expire
   #
-  # Dumps the ticket_granting_ticket in the user session if there is one. Always returns JSON {}.
+  # Sets the vsac_api_key in the user session to nil. Always returns JSON {}.
   def auth_expire
     # Force expire the VSAC session
-    session[:vsac_tgt] = nil
+    session[:vsac_api_key] = nil
     render :json => {}
   end
 end
diff --git a/app/helpers/measure_helper.rb b/app/helpers/measure_helper.rb
@@ -256,11 +256,9 @@ def retrieve_vasc_options(params, get_defaults_from_vsac = false)
   end
 
   def build_vs_loader(params, get_defaults_from_vsac)
-    vsac_tgt_object = {ticket: params[:vsac_tgt], expires: Time.at(params[:vsac_tgt_expires_at].to_i)} if params[:vsac_tgt].present? && params[:vsac_tgt_expires_at].present?
-
-    return Measures::VSACValueSetLoader.new(
+    Measures::VSACValueSetLoader.new(
       options: retrieve_vasc_options(params, get_defaults_from_vsac),
-      ticket_granting_ticket: vsac_tgt_object
+      vsac_api_key: params[:vsac_api_key]
     )
   end
 

diff --git a/config/application.rb b/config/application.rb
@@ -40,11 +40,13 @@ class Application < Rails::Application
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
-    Rails.logger = Logger.new(STDOUT)
-    Rails.logger.formatter = proc do |severity, datetime, progname, msg|
+    # Configure log formatter
+    logger = Logger.new(STDOUT)
+    logger.formatter = proc do |severity, datetime, progname, msg|
       date_format = datetime.strftime("%Y-%m-%d %H:%M:%S")
       "#{date_format} [#{severity}] - #{msg}'\n"
     end
+    Rails.logger = ActiveSupport::TaggedLogging.new(logger)
 
     config.log_level = :info
 
@@ -53,6 +55,9 @@ class Application < Rails::Application
     config.filter_parameters += [:vsac_api_key]
     config.filter_parameters += [:api_key]
 
+    # Configure log tags that will apply to all log entries
+    config.log_tags = [:request_id]
+
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
 

diff --git a/config/bonnie.yml b/config/bonnie.yml
@@ -1,5 +1,5 @@
 defaults: &defaults
-  version: 5.1.4
+  version: 5.1.5
   enable_logging: true
   enable_rationale: true
   check_crosswalk: false