From 51bf5191e927e39b7a27dc3de6ced25893a34932 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20Rafael=20Siqueira?=
 <osergiosiqueira@gmail.com>
Date: Wed, 17 Sep 2025 20:34:08 -0300
Subject: [PATCH] add expires_at to cert

---
 enrollments-events/app/enrollment.py                  |  2 --
 enrollments-events/app/events/issue_cert.py           | 11 +++++++----
 .../tests/events/test_reenroll_if_failed.py           |  2 +-
 enrollments-events/tests/seeds.jsonl                  |  2 +-
 id.saladeaula.digital/app/routes/authorize.py         |  4 +++-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/enrollments-events/app/enrollment.py b/enrollments-events/app/enrollment.py
index 68ec707..f1cd926 100644
--- a/enrollments-events/app/enrollment.py
+++ b/enrollments-events/app/enrollment.py
@@ -70,8 +70,6 @@ def enroll(
             }
         )
 
-        print(course.model_dump(include={'cert', 'access_period'}))
-
         for entity in linked_entities:
             keyprefix = entity.type.lower()
             transact.put(
diff --git a/enrollments-events/app/events/issue_cert.py b/enrollments-events/app/events/issue_cert.py
index cf80ed7..43e81bb 100644
--- a/enrollments-events/app/events/issue_cert.py
+++ b/enrollments-events/app/events/issue_cert.py
@@ -1,5 +1,5 @@
 import json
-from datetime import datetime
+from datetime import datetime, timedelta
 
 import requests
 from aws_lambda_powertools import Logger
@@ -36,12 +36,14 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
         # There is no certificate to issue from metadata
         return False
 
+    cert = course['cert']
     started_at: datetime = fromisoformat(course['started_at'])  # type: ignore
     completed_at: datetime = fromisoformat(course['completed_at'])  # type: ignore
+    cert_expires_at = now_ + timedelta(days=int(cert['exp_interval']))
 
-    json_data = json.dumps(
+    data = json.dumps(
         {
-            'template_s3_uri': course['cert']['s3_uri'],
+            'template_s3_uri': cert['s3_uri'],
             'template_vars': {
                 'name': new_image['user']['name'],
                 'cpf': _cpffmt(new_image['user']['cpf']),
@@ -54,7 +56,7 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
         },
     )
     # Send template URI and data to Paperforge API to generate a PDF
-    r = requests.post(PAPERFORGE_API, data=json_data)
+    r = requests.post(PAPERFORGE_API, data=data)
     r.raise_for_status()
 
     object_key = f'issuedcerts/{enrollment_id}.pdf'
@@ -83,6 +85,7 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
             ':issued_cert': {
                 's3_uri': s3_uri,
                 'issued_at': now_,
+                'expires_at': cert_expires_at,
             },
         },
         cond_expr='attribute_exists(sk)',
diff --git a/enrollments-events/tests/events/test_reenroll_if_failed.py b/enrollments-events/tests/events/test_reenroll_if_failed.py
index 1f3834f..995b038 100644
--- a/enrollments-events/tests/events/test_reenroll_if_failed.py
+++ b/enrollments-events/tests/events/test_reenroll_if_failed.py
@@ -3,7 +3,7 @@ from aws_lambda_powertools.utilities.typing import LambdaContext
 from layercake.dynamodb import DynamoDBPersistenceLayer
 
 
-def test_enroll(
+def test_reenroll(
     seeds,
     dynamodb_persistence_layer: DynamoDBPersistenceLayer,
     lambda_context: LambdaContext,
diff --git a/enrollments-events/tests/seeds.jsonl b/enrollments-events/tests/seeds.jsonl
index a9ec29c..3cf441c 100644
--- a/enrollments-events/tests/seeds.jsonl
+++ b/enrollments-events/tests/seeds.jsonl
@@ -25,7 +25,7 @@
 {"id": "14682b79-3df2-4351-9229-8b558af046a0", "sk": "METADATA#COURSE", "access_period": 360}
 
 {"id": "1ee108ae-67d4-4545-bf6d-4e641cdaa4e0", "sk": "0", "score": 100, "course": {"name": "CIPA Grau de Risco 1"}, "user": {"name": "Kurt Cobain"}}
-{"id": "1ee108ae-67d4-4545-bf6d-4e641cdaa4e0", "sk": "METADATA#COURSE", "cert": {"s3_uri": "s3://saladeaula.digital/certs/samples/cipa-grau-de-risco-1.html"}}
+{"id": "1ee108ae-67d4-4545-bf6d-4e641cdaa4e0", "sk": "METADATA#COURSE", "cert": {"s3_uri": "s3://saladeaula.digital/certs/samples/cipa-grau-de-risco-1.html", "exp_interval": 700}}
 {"id": "1ee108ae-67d4-4545-bf6d-4e641cdaa4e0", "sk": "STARTED", "started_at": "2025-08-24T01:44:42.703012-03:06"}
 {"id": "1ee108ae-67d4-4545-bf6d-4e641cdaa4e0", "sk": "COMPLETED", "completed_at": "2025-08-31T21:59:10.842467-03:00"}
 
diff --git a/id.saladeaula.digital/app/routes/authorize.py b/id.saladeaula.digital/app/routes/authorize.py
index e40f256..f55757f 100644
--- a/id.saladeaula.digital/app/routes/authorize.py
+++ b/id.saladeaula.digital/app/routes/authorize.py
@@ -8,6 +8,7 @@ from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Router
 from aws_lambda_powertools.event_handler.exceptions import (
     BadRequestError,
+    ForbiddenError,
     ServiceError,
     UnauthorizedError,
 )
@@ -42,7 +43,8 @@ def authorize():
 
         # Deny authorization if user has no scopes matching the client request
         if not user_scopes & client_scopes:
-            raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED)
+            raise ForbiddenError()
+            # raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED)
 
         return server.create_authorization_response(
             request=router.current_event,