Merge pull request #4 from CMSgov/BB2-984_handle_bene_auth_rejection

[ BB2-984 ] Adding support for handling the rejection

Author: Nick Bragdon

server/src/app/views.py

@@ -7,7 +7,7 @@
 from ..entities.Settings import Settings
 from ..utils.configUtil import getConfigSettings
 from ..utils.bb2Util import generateAuthorizeUrl, getAccessToken, getBenefitData
-from ..utils.userUtil import getLoggedInUser
+from ..utils.userUtil import clearBB2Data, getLoggedInUser
 from ..shared.LoggerFactory import LoggerFactory
 import json
 
@@ -16,6 +16,8 @@
 front-end to communicate with the server to retrieve data from Blue Button and Medicare.gov
 """
 
+BENE_DENIED_ACCESS = 'access_denied'
+
 # initialize the logger object
 myLogger = LoggerFactory.get_logger(log_file=__name__,log_level='DEBUG')
 loggedInUser = getLoggedInUser()
@@ -56,7 +58,13 @@ def getCurrentAuthToken():
 def authorizationCallback():
     try:
         requestQuery = request.args
-        
+
+        if (requestQuery.get('error') == BENE_DENIED_ACCESS):
+            # clear all saved claims data since the bene has denied access for the application
+            clearBB2Data()
+            myLogger.error('Beneficiary denied application access to their data')
+            return redirect('http://localhost:3000')
+
         if (requestQuery.get('code') == ''):
             myLogger.error('Response was missing access code!')
         if (DBsettings.pkce and requestQuery.get('state')):

server/src/utils/userUtil.py

@@ -11,3 +11,16 @@
 
 def getLoggedInUser():
     return DBusers[0]
+
+def clearBB2Data():
+    logged_in_user = getLoggedInUser()
+    logged_in_user.update({'authToken': {
+        'access_token' : '',
+        'expires_in' : 0,
+        'expires_at' : 0,
+        'token_type' : '',
+        'scope' : '',
+        'refresh_token' : '',
+        'patient' : ''
+    }})
+    logged_in_user.update({'eobData': ''})