Authenticate to the API

Pass the id_token with requests to the API, so we can retrieve
information and update clients.  Note that we're not showing anything to
the user that indicates to them whether or not their request to update a
user was successful (see #35).

Next, don't show the search screen until the user has logged in.

app/controllers/client.server.controller.js

@@ -37,8 +37,9 @@ exports.addClient = function(req, res) {
       path: '/openhmis/api/v3/clients/',
       method: 'POST',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-          'Content-Length': post_data.length
+          'Content-Type': 'application/json',
+          'Content-Length': post_data.length,
+          'Authorization': req.body.id_token
       }
   };
 
@@ -82,7 +83,8 @@ exports.getEnrollments = function(req, res) {
       path: '/openhmis/api/v3/enrollments/',
       method: 'GET',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded'
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'Authorization': req.query.id_token
       }
   };
 
@@ -104,7 +106,6 @@ exports.getEnrollments = function(req, res) {
 };
 
 exports.getClients = function(req, res) {
-
   // Eventually we need authentication
 
   // An object of options to indicate where to post to
@@ -114,7 +115,8 @@ exports.getClients = function(req, res) {
       path: '/openhmis/api/v3/clients/',
       method: 'GET',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded'
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'Authorization': req.query.id_token
       }
   };
 
@@ -146,7 +148,8 @@ exports.getClient = function(req, res) {
       path: '/openhmis/api/v3/clients/' + req.params.id,
       method: 'GET',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded'
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'Authorization': req.query.id_token
       }
   };
 
@@ -171,6 +174,15 @@ exports.editClient = function(req, res) {
   // Eventually we need authentication
 
     // Build an object that we want to send
+
+    // TODO: we shouldn't need to do this workaround, but for some
+    // reason the 'raceNone' value is appearing as the empty string when
+    // it should be null.  The API doesn't accept non-null values for
+    // 'raceNone' when any other race is set, so it needs to be null,
+    // not the empty string, when we send it over.  Thoughts, anyone?
+    if (req.body.raceNone == '') {
+        req.body.raceNone = null;
+    }
     var client = {
         personalId: req.body.personalId,
         firstName: req.body.firstName,
@@ -188,6 +200,7 @@ exports.editClient = function(req, res) {
     }
 
     // Put together the data
+    var wrap_client = { "data": { "item": client}};
     var client_string = JSON.stringify(client);
 
     // An object of options to indicate where to put to
@@ -197,8 +210,9 @@ exports.editClient = function(req, res) {
       path: '/openhmis/api/v3/clients/' + client.personalId,
       method: 'PUT',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-          'Content-Length': client_string.length
+          'Content-Type': 'application/json',
+          'Content-Length': client_string.length,
+          'Authorization': req.body.id_token
       }
   };
 
@@ -258,7 +272,7 @@ exports.authenticateUser = function(req, res) {
       path: '/openhmis/api/v3/authenticate/google/',
       method: 'POST',
       headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
+          'Content-Type': 'application/json',
           'Content-Length': post_data.length
       }
   };
@@ -273,7 +287,7 @@ exports.authenticateUser = function(req, res) {
           data.push(chunk);
       });
       res_post.on('end', function() {
-        res.send(data.join(''));
+        res.send(data);
       });
   });
 

public/js/index.js

@@ -1,4 +1,6 @@
 $(function() {
+    var id_token = $("#id_token").val();
+    var token_obj = {'id_token': id_token};
     $(document).ready(function() {
         // minimum search length needed to start looking for matches.
         var minSearchLength = 1;
@@ -23,18 +25,21 @@ $(function() {
                 }
             }
         });
-
+        
         // event handlers
-            // TBD: pass id_token here 
             $.ajax("/clients", {
                 method: "GET",
-                dataType: "json"
+                dataType: "json",
+                data: token_obj
             }).done(function(result_data) {
+                // TODO: check for error here
+                if (typeof(result_data.error) !== 'undefined') {
+                    console.log("DEBUG: uh oh, there was an error.");
+                }
+                // TODO: only if we have data, do this:
+                // if (typeof(result_data.data) !== 'undefined') {}
                 var data = result_data.data.items;
                 var dataLength = data.length;
-                // TBD: check for error here
-                // so I need to have the user sign in and then pass an
-                // Authorization header with my request, of course.
                 $("#index").data("full-data", data);
                 $("#searchForm #searchField").keyup(function() {
                     $("#duplicate_box").remove();
@@ -129,10 +134,10 @@ $(function() {
                         reader.readAsText(file);
 
                         //reset data with newly imported clients
-                        // TBD: pass id_token here 
                         $.ajax("/clients", {
                             method: "GET",
-                            dataType: "json"
+                            dataType: "json",
+                            data: token_obj
                         }).done(function(data) {
                             $("#index").data("full-data", data);
                         });
@@ -614,10 +619,10 @@ $(function() {
             "\n";
 
         // Export all clients.
-        // TBD: pass id_token here 
         $.ajax("/clients", {
             method: "GET",
-            dataType: "json"
+            dataType: "json",
+            data: token_obj
         }).done(function(clients) {
             // The Universal Data Elements (UDE) export set here is
             // defined by "HMIS-Data-Dictionary final Aug 2014.pdf",
@@ -817,10 +822,10 @@ $(function() {
             }
 
             // Export enrollements.
-            // TBD: pass id_token here 
             $.ajax("/enrollments", {
                 method: "GET",
-                dataType: "json"
+                dataType: "json",
+                data: token_obj
             }).done(function(enrollments) {
                 // TBD: The example file we received was named
                 // ProgramParticipation.csv, but HMIS CSV spec says there
@@ -1145,7 +1150,7 @@ $(function() {
                 new_client['dateCreated'] = quickConvertDate(line[21]);
                 new_client['dateUpdated'] = quickConvertDate(line[22]);
                 // do the POST!
-                // TBD: pass id_token here 
+                new_client['id_token'] = id_token;
                 $.ajax("/clients/", {
                     method: "POST",
                     data: new_client,
@@ -1323,23 +1328,23 @@ $(function() {
         client['raceNone'] = 1;
         if ($("#asian").is(":checked") == true){
             client['asian'] = 1;
-            client['raceNone'] = 0;
+            client['raceNone'] = null;
         }
         if ($("#blackAfAmerican").is(":checked") == true){
             client['blackAfAmerican'] = 1;
-            client['raceNone'] = 0;
+            client['raceNone'] = null;
         }
         if ($("#amIndAKNative").is(":checked") == true){
             client['amIndAKNative'] = 1;
-            client['raceNone'] = 0;
+            client['raceNone'] = null;
         }
         if ($("#white").is(":checked") == true){
             client['white'] = 1;
-            client['raceNone'] = 0;
+            client['raceNone'] = null;
         }
         if ($("#nativeHIOtherPacific").is(":checked") == true){
             client['nativeHIOtherPacific'] = 1;
-            client['raceNone'] = 0;
+            client['raceNone'] = null;
         }
         client['personalId'] = "";
         if (entityIndex > 0){
@@ -1351,16 +1356,18 @@ $(function() {
         client['gender'] = $("#intakeForm #gender").val();
         client['ethnicity'] = $("#intakeForm #ethnicity").val();
         client['ssn'] = $("#intakeForm #ssn").val();
+        client['id_token'] = id_token;
         if (entityIndex > 0 ){
-            // TBD: pass id_token here 
             $.ajax("/clients/" + entityIndex, {
                 method: "PUT",
                 data: client,
+                error: function(error) {
+                    console.log("An error occurred: " + error.responseText);
+                },
                 always:  console.log("finished put")
             });
         }
         else{
-            // TBD: pass id_token here 
             $.ajax("/clients/", {
                 method: "POST",
                 data: client,

public/js/login.js

@@ -25,9 +25,11 @@ function signInCallback(authResult) {
           type: 'POST',
           url: '/authenticate/',
           data: auth_info,
-          success: function(result) {
-              var id_token = result["id_token"];
-              $("#id_token").val(id_token);
+         success: function(result) {
+             var result_obj = JSON.parse(result);
+             var id_token_var = result_obj.id_token;
+             $("#id_token").val(id_token_var);
+             // TODO: may need to reload the page here
           },
           error: function(error) {
               console.log("An error occurred: " + error.responseText);