Removing bene information when bene has denied access

Author: Nick Bragdon

server/src/routes/Authorize.ts

@@ -5,11 +5,21 @@ import Settings from '../entities/Settings';
 import db from '../utils/db';
 import { getAccessToken, generateAuthorizeUrl } from '../utils/bb2';
 import { getBenefitData } from './Data';
-import { getLoggedInUser } from 'src/utils/user';
+import { clearBB2Data, getLoggedInUser } from 'src/utils/user';
+
+const BENE_DENIED_ACCESS = 'access_denied';
 
 
 export async function authorizationCallback(req: Request, res: Response) {
     try {
+
+        if (req.quey.error === BENE_DENIED_ACCESS) {
+            const loggedInUser = getLoggedInUser(db);
+            // clear all saved claims data since the bene has denied access for the application
+            clearBB2Data(loggedInUser);
+            loggedInUser.errors.push(BENE_DENIED_ACCESS);
+            throw new Error('Beneficiary denied application access to their data');
+        }
 
         if (!req.query.code) {
             throw new Error('Response was missing access code');

server/src/utils/db.ts

@@ -16,7 +16,8 @@ export interface UserInfo {
 export interface User {
     authToken?: AuthorizationToken,
     userInfo: UserInfo,
-    eobData?: any
+    eobData?: any,
+    errors: string[]
 }
 export interface DB {
     patients: object,
@@ -51,7 +52,8 @@ const db: DB = {
             userName: 'jdoe29999',
             pcp: 'Dr. Hibbert',
             primaryFacility: 'Springfield General Hospital'
-        }
+        },
+        errors: []
     }],
     codeChallenges: {},
     codeChallenge: {

server/src/utils/user.ts

@@ -1,4 +1,4 @@
-import { DB } from "./db";
+import { DB, User } from "./db";
 
 /* DEVELOPER NOTES:
 * Here we are literally just grabbing the first user 
@@ -9,4 +9,9 @@ import { DB } from "./db";
 */
 export function getLoggedInUser(db : DB) {
     return db.users[0];
+}
+
+export function clearBB2Data(user: User) {
+    user.authToken = undefined;
+    user.eobData = undefined;
 }