Merge remote-tracking branch 'origin/master' into liz/claim-appt-asso…

…ciation-logic

.github/workflows/deploy_delay_notifications.yml

@@ -19,9 +19,11 @@ jobs:
           latest_commit_info=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
             "https://api.github.com/repos/${{ github.repository }}/commits/master")
           latest_sha=$(echo "${latest_commit_info}" | jq -r '.sha')
-          commit_time=$(echo "${latest_commit_info}" | jq -r '.commit.committer.date')
           echo "latest_sha=${latest_sha}" >> $GITHUB_ENV
+          echo "latest_sha: ${latest_sha}"
+          commit_time=$(echo "${latest_commit_info}" | jq -r '.commit.committer.date')
           echo "commit_time=${commit_time}" >> $GITHUB_ENV
+          echo "commit_time: ${commit_time}"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -50,10 +52,10 @@ jobs:
           if [ "${latest_sha:0:8}" == "${deployed_sha:0:8}" ]; then
             echo "${info_message} has been deployed."
             echo "dev_summary=${info_message} has been deployed." >> $GITHUB_OUTPUT
-          elif [ "$(date -d "${commit_time}" +%s)" -gt "$(date -d '45 minutes ago' +%s)" ]; then
+          elif [ "$(date -d "${commit_time}" +%s)" -lt "$(date -d '45 minutes ago' +%s)" ]; then
             echo "${info_message} has been delayed for more than 45 minutes. Skipping notification."
             echo "dev_summary=${info_message} has been delayed for more than 45 minutes. Skipping notification." >> $GITHUB_OUTPUT
-          elif [ "$(date -d "${commit_time}" +%s)" -gt "$(date -d '30 minutes ago' +%s)" ]; then
+          elif [ "$(date -d "${commit_time}" +%s)" -lt "$(date -d '30 minutes ago' +%s)" ]; then
             echo "${info_message} has been delayed for more than 30 minutes."
             echo "Current commit on development is ${deployed_sha:0:8}."
             echo "dev_summary=${info_message} has been delayed for more than 30 minutes. Current commit on development is ${deployed_sha:0:8}.\n\nCheck the following list of items for errors: ${action_items}" >> $GITHUB_OUTPUT
@@ -76,10 +78,10 @@ jobs:
           if [ "${latest_sha:0:8}" == "${deployed_sha:0:8}" ]; then
             echo "${info_message} has been deployed."
             echo "staging_summary=${info_message} has been deployed." >> $GITHUB_OUTPUT
-          elif [ "$(date -d "${commit_time}" +%s)" -gt "$(date -d '45 minutes ago' +%s)" ]; then
+          elif [ "$(date -d "${commit_time}" +%s)" -lt "$(date -d '45 minutes ago' +%s)" ]; then
             echo "${info_message} has been delayed for more than 45 minutes. Skipping notification."
             echo "staging_summary=${info_message} has been delayed for more than 45 minutes. Skipping notification." >> $GITHUB_OUTPUT
-          elif [ "$(date -d "${commit_time}" +%s)" -gt "$(date -d '30 minutes ago' +%s)" ]; then
+          elif [ "$(date -d "${commit_time}" +%s)" -lt "$(date -d '30 minutes ago' +%s)" ]; then
             echo "${info_message} has been delayed for more than 30 minutes."
             echo "Current commit on staging is ${deployed_sha:0:8}."
             echo "staging_summary=${info_message} has been delayed for more than 30 minutes. Current commit on staging is ${deployed_sha:0:8}.\n\nCheck the following list of items for errors: ${action_items}" >> $GITHUB_OUTPUT
@@ -125,11 +127,22 @@ jobs:
           ssm_parameter: /devops/github_actions_slack_bot_user_token
           env_variable_name: SLACK_BOT_TOKEN
 
-      - name: Slack notify
+      - name: Notify for deployment failure
+        if: ${{ env.latest_sha != '' }}
         uses: ./.github/actions/vsp-github-actions/slack-socket
         with:
           slack_app_token: ${{ env.SLACK_APP_TOKEN }}
           slack_bot_token: ${{ env.SLACK_BOT_TOKEN }}
           message: "Vets API Deployment Delay:"
           blocks: "[{\"type\": \"divider\"}, {\"type\": \"section\", \"text\": { \"type\": \"mrkdwn\", \"text\": \":scared_and_sweating_smiley: GitHub Action Runner Workflow failed! :scared_and_sweating_smiley:\n <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} Run #${{ github.run_number }}>\n\n*Development Summary:*\n${{ needs.check-deployment.outputs.development_summary }}\n\n*Staging Summary:*\n${{ needs.check-deployment.outputs.staging_summary }}\"}}, {\"type\": \"divider\"}]"
           channel_id: "C039HRTHXDH"
+
+      - name: Notify for other failure
+        if: ${{ env.latest_sha == '' }}
+        uses: ./.github/actions/vsp-github-actions/slack-socket
+        with:
+          slack_app_token: ${{ env.SLACK_APP_TOKEN }}
+          slack_bot_token: ${{ env.SLACK_BOT_TOKEN }}
+          message: "Vets API Deployment Delay:"
+          blocks: "[{\"type\": \"divider\"}, {\"type\": \"section\", \"text\": { \"type\": \"mrkdwn\", \"text\": \":scared_and_sweating_smiley: GitHub Action Runner Workflow failed! :scared_and_sweating_smiley:\n\n Unknown error occured. See logs:\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} Run #${{ github.run_number }}>\"}}, {\"type\": \"divider\"}]"
+          channel_id: "C039HRTHXDH"

Gemfile.lock

@@ -245,22 +245,22 @@ GEM
     awesome_print (1.9.2)
     aws-eventstream (1.3.0)
     aws-partitions (1.992.0)
-    aws-sdk-core (3.210.0)
+    aws-sdk-core (3.211.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.94.0)
-      aws-sdk-core (~> 3, >= 3.207.0)
+    aws-sdk-kms (1.95.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.168.0)
-      aws-sdk-core (~> 3, >= 3.207.0)
+    aws-sdk-s3 (1.169.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sns (1.89.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.0)
+    aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
@@ -429,7 +429,7 @@ GEM
     factory_bot_rails (6.4.3)
       factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faker (3.4.2)
+    faker (3.5.1)
       i18n (>= 1.8.11, < 2)
     faraday (2.10.1)
       faraday-net_http (>= 2.0, < 3.2)
@@ -525,13 +525,8 @@ GEM
       thor (>= 0.20, < 2.a)
     google-cloud-env (2.2.1)
       faraday (>= 1.0, < 3.a)
-    google-protobuf (4.28.2)
-      bigdecimal
-      rake (>= 13)
-    google-protobuf (4.28.2-java)
+    google-protobuf (4.28.3)
       bigdecimal
-      ffi (~> 1)
-      ffi-compiler (~> 1)
       rake (>= 13)
     googleauth (1.11.1)
       faraday (>= 1.0, < 3.a)
@@ -600,8 +595,8 @@ GEM
     jar-dependencies (0.4.1)
     jmespath (1.6.2)
     jruby-openssl (0.15.0-java)
-    json (2.7.2)
-    json (2.7.2-java)
+    json (2.7.3)
+    json (2.7.3-java)
     json-schema (5.0.1)
       addressable (~> 2.8)
     json_schema (0.21.0)
@@ -894,15 +889,15 @@ GEM
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.1)
+    rspec-core (3.13.2)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-instrumentation-matcher (0.0.9)
       activesupport
       rspec-expectations
-    rspec-its (1.3.0)
+    rspec-its (1.3.1)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
     rspec-mocks (3.13.2)
@@ -1035,7 +1030,7 @@ GEM
       ffi
     ssrf_filter (1.1.2)
     staccato (0.5.3)
-    statsd-instrument (3.9.2)
+    statsd-instrument (3.9.3)
     stringio (3.1.1)
     strong_migrations (2.0.1)
       activerecord (>= 6.1)

app/controllers/concerns/appointment_authorization.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module AppointmentAuthorization
+  extend ActiveSupport::Concern
+
+  protected
+
+  def authorize
+    raise_access_denied unless current_user.loa3?
+    raise_access_denied_no_icn if current_user.icn.blank?
+  end
+
+  def authorize_with_facilities
+    authorize
+    raise_access_denied_no_facilities unless current_user.authorize(:vaos, :facilities_access?)
+  end
+
+  def raise_access_denied
+    raise Common::Exceptions::Forbidden, detail: 'You do not have access to online scheduling'
+  end
+
+  def raise_access_denied_no_icn
+    raise Common::Exceptions::Forbidden, detail: 'No patient ICN found'
+  end
+
+  def raise_access_denied_no_facilities
+    raise Common::Exceptions::Forbidden, detail: 'No facility associated with user'
+  end
+end

app/controllers/concerns/form_attachment_create.rb

@@ -41,21 +41,39 @@ def validate_file_upload_class!
       raise Common::Exceptions::InvalidFieldValue.new('file_data', filtered_params[:file_data].class.name)
     end
   rescue => e
-    log_exception_to_sentry(e, { context: 'FAC_validate', class: filtered_params[:file_data].class.name })
+    log_message_to_sentry(
+      'form attachment error 1',
+      :info,
+      phase: 'FAC_validate',
+      klass: filtered_params[:file_data].class.name,
+      exception: e.message
+    )
     raise e
   end
 
   def save_attachment_to_cloud!
     form_attachment.set_file_data!(filtered_params[:file_data], filtered_params[:password])
   rescue => e
-    log_exception_to_sentry(e, { context: 'FAC_cloud' })
+    log_message_to_sentry(
+      'form attachment error 2',
+      :info,
+      phase: 'FAC_cloud',
+      exception: e.message
+    )
     raise e
   end
 
   def save_attachment_to_db!
     form_attachment.save!
   rescue => e
-    log_exception_to_sentry(e, { context: 'FAC_db', errors: form_attachment.errors })
+    log_message_to_sentry(
+      'form attachment error 3',
+      :info,
+      phase: 'FAC_db',
+      errors: form_attachment.errors,
+      exception: e.message
+    )
+
     raise e
   end
 

app/controllers/concerns/vet360/writeable.rb

@@ -39,7 +39,7 @@ def invalidate_cache
     def build_record(type, params)
       # This needs to be refactored after V2 upgrade is complete
       model = if type == 'address' && Flipper.enabled?(:va_v3_contact_information_service, @current_user)
-                'VAProfile::Models::V2::Address'
+                'VAProfile::Models::V3::Address'
               else
                 "VAProfile::Models::#{type.capitalize}"
               end

app/controllers/v0/health_care_applications_controller.rb

@@ -80,11 +80,25 @@ def facilities
     private
 
     def active_facilities(lighthouse_facilities)
-      active_ids = StdInstitutionFacility.active.pluck(:station_number).compact
-
+      active_ids = active_ves_facility_ids
       lighthouse_facilities.select { |facility| active_ids.include?(facility.unique_id) }
     end
 
+    def active_ves_facility_ids
+      ids = cached_ves_facility_ids
+
+      return ids if ids.any?
+      return ids if Flipper.enabled?(:hca_retrieve_facilities_without_repopulating)
+
+      HCA::StdInstitutionImportJob.new.perform
+
+      cached_ves_facility_ids
+    end
+
+    def cached_ves_facility_ids
+      StdInstitutionFacility.active.pluck(:station_number).compact
+    end
+
     def health_care_application
       @health_care_application ||= HealthCareApplication.new(params.permit(:form))
     end

app/controllers/v1/nod_callbacks_controller.rb

@@ -7,65 +7,84 @@ class NodCallbacksController < ApplicationController
     include ActionController::HttpAuthentication::Token::ControllerMethods
     include DecisionReviewV1::Appeals::LoggingUtils
 
-    service_tag 'nod-callbacks'
+    service_tag 'appeal-application'
 
     skip_before_action :verify_authenticity_token, only: [:create]
     skip_before_action :authenticate, only: [:create]
     skip_after_action :set_csrf_header, only: [:create]
     before_action :authenticate_header, only: [:create]
 
-    STATUSES_TO_IGNORE = %w[sent delivered temporary-failure].freeze
+    STATSD_KEY_PREFIX = 'api.decision_review.notification_callback'
+
+    DELIVERED_STATUS = 'delivered'
 
     def create
-      return render json: nil, status: :not_found unless Flipper.enabled? :nod_callbacks_endpoint
+      return render json: nil, status: :not_found unless enabled?
 
       payload = JSON.parse(request.body.string)
+      status = payload['status']&.downcase
 
-      log_params = {
-        key: :callbacks,
-        form_id: '10182',
-        user_uuid: nil,
-        upstream_system: 'VANotify',
-        body: payload.merge('to' => '<FILTERED>') # scrub PII from logs
-      }
+      StatsD.increment("#{STATSD_KEY_PREFIX}.received", tags: { status: })
 
-      # save encrypted request body in database table for non-successful notifications
-      payload_status = payload['status']&.downcase
-      if STATUSES_TO_IGNORE.exclude? payload_status
-        begin
-          NodNotification.create!(payload:)
-        rescue ActiveRecord::RecordInvalid => e
-          log_formatted(**log_params.merge(is_success: false), params: { exception_message: e.message })
-          return render json: { message: 'failed' }
-        end
+      if status == DELIVERED_STATUS
+        tags = ['service:supplemental-claim', 'function: form or evidence submission to Lighthouse']
+        StatsD.increment('silent_failure_avoided', tags:)
       end
 
-      log_formatted(**log_params.merge(is_success: true))
+      begin
+        DecisionReviewNotificationAuditLog.create!(notification_id: payload['id'],
+                                                   reference: payload['reference'],
+                                                   status:,
+                                                   payload:)
+      rescue ActiveRecord::RecordInvalid => e
+        log_formatted(**log_params(payload, false), params: { exception_message: e.message })
+        return render json: { message: 'failed' }
+      end
+
+      log_formatted(**log_params(payload, true))
       render json: { message: 'success' }
     end
 
     private
 
+    def log_params(payload, is_success)
+      {
+        key: :decision_review_notification_callback,
+        form_id: '995',
+        user_uuid: nil,
+        upstream_system: 'VANotify',
+        body: payload.merge('to' => '<FILTERED>'), # scrub PII from logs
+        is_success:,
+        params: {
+          notification_id: payload['id'],
+          status: payload['status']
+        }
+      }
+    end
+
     def authenticate_header
       authenticate_user_with_token || authenticity_error
     end
 
     def authenticate_user_with_token
-      Rails.logger.info('nod-callbacks-74832 - Received request, authenticating')
       authenticate_with_http_token do |token|
-        return false if bearer_token_secret.nil?
+        is_authenticated = token == bearer_token_secret
+        Rails.logger.info('NodCallbacksController callback received', is_authenticated:)
 
-        token == bearer_token_secret
+        is_authenticated
       end
     end
 
     def authenticity_error
-      Rails.logger.info('nod-callbacks-74832 - Failed to authenticate request')
       render json: { message: 'Invalid credentials' }, status: :unauthorized
     end
 
     def bearer_token_secret
       Settings.dig(:nod_vanotify_status_callback, :bearer_token)
     end
+
+    def enabled?
+      Flipper.enabled? :nod_callbacks_endpoint
+    end
   end
 end

app/models/claim_va_notification.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class ClaimVANotification < ApplicationRecord
+  belongs_to :saved_claim
+
+  validates :form_type, presence: true
+  validates :email_template_id, presence: true
+  validates :email_sent, inclusion: { in: [true, false] }
+end