Skip to content

HDPI-5819 Pin pack generation on case issue#1984

Merged
arun-hmcts merged 63 commits into
masterfrom
HDPI-5819
Jul 2, 2026
Merged

HDPI-5819 Pin pack generation on case issue#1984
arun-hmcts merged 63 commits into
masterfrom
HDPI-5819

Conversation

@gergelykisshmcts

Copy link
Copy Markdown
Contributor

Jira link

See HDPI-5819

Change description

Generates the defendant access code letter (pin pack) when a case is issued, so each
defendant has a printable letter containing a unique access code they can use to respond
online or by post.

Testing done

Added unit tests for the new code paths and updated tests for the modified ones.

Local build verification:

gradlew build end-to-end on this branch is green:

The test-pin sink was deliberately refactored from a JPA entity + repository to a plain
JdbcTemplate writer + reader. This keeps the table out of Hibernate's schema validation, so
the @DataJpaTest slice and other JPA-validating tests can boot without the runtime-created
table being present.

Manual end-to-end (local stack)

Verified live by issuing real cases through XUI / Make a claim against bootWithCCD,
docmosis-tornado, and the local wiremock stubs for doc-assembly + Location Reference.

Case ref Scenario verified :
1781600966587792 AC01 : 1 v 1 (John Smith) 1× DEFENDANT_ACCESS_CODE doc with category_id NULL; 1 BCrypt row in party_access_code; 1 SUCCESS log row; 1 plaintext row in testing_support_pin; GET /testing-support/pins/{ref} returns one entry; rendered PDF shows the right pin + name + addresses + court block.
1781606860693552 AC02 : 1 v many (John Smith + Jane Doe) 2 docs (category NULL each), 2 distinct BCrypt codes, 2 SUCCESS log rows, 2 distinct plaintext pins (WDAHVW5MS7MV, EYP2MF8REKBP); /pins JSON has two top-level keys; one PDF per defendant.
1781614122802623 AC04 + AC05 : persons unknown + no-address (one of each) DB shape identical to AC02; /pins returns {} for the persons-unknown / no-address defendant and an entry without an address key for the named / no-address defendant : the two response shapes downstream uses to detect each fallback; rendered PDFs show "Persons unknown" and property-address fallback.
All three AC03 : BCrypt at rest party_access_code.code starts with $2a$10$ (BCrypt), distinct per defendant, different from the plaintext value in testing_support_pin.plaintext_code. Plaintext never lives in party_access_code.
All three AC06 : respond-by-post court The court block on each rendered letter shows the venue returned by rd-location-ref-api (court_name, court_address, postcode), verified against the canonical LrdCourtVenueResponse schema in hmcts/rd-location-ref-api.
All three Hidden from Case File document.category_id is NULL for every DEFENDANT_ACCESS_CODE row (the DocumentService.mapDocumentTypeToCategory switch returns Optional.empty() for this type).
All three Failure logging Forced a failure by killing the location-reference stub mid-run: claim_activity_log recorded DOCUMENTS_CREATED / FAILURE in a new transaction (visible despite the outer rollback); db-scheduler retried with backoff; subsequent attempt logged SUCCESS.

Evidence rendered locally (one PDF per defendant per case, via Docmosis Tornado direct :
same engine pcs-api hits via doc-assembly in prod):

  • case-1781600966587792-defendant1-9LAJ7HBXTHR6.pdf
  • case-1781606860693552-defendant1-WDAHVW5MS7MV.pdf
  • case-1781606860693552-defendant2-EYP2MF8REKBP.pdf
  • case-1781614122802623-defendant1-B9KGP5CXMNXN.pdf (persons unknown, property-address fallback)
  • case-1781614122802623-defendant2-WX4598X7HBKS.pdf (no own address, property-address fallback)

Each was field-checked for: plaintext pin, defendant name (or
"Persons unknown"), case reference, property address, court address + postcode, the
"Respond by: The date of the hearing" label, and the /access-your-case URL.

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

  • Yes
  • No

Checklist

  • commit messages are meaningful and follow good commit message guidelines
  • README and other documentation has been updated / added (if needed)
  • tests have been updated / new tests has been added (if needed)
  • Does this PR introduce a breaking change

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown

CCD diff summary

👉 Full report: https://github.com/hmcts/pcs-api/actions/runs/28606969848?check_suite_focus=true

No change

Comment thread src/main/resources/application.yaml Outdated
Comment thread src/main/resources/application.yaml Outdated
@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z Bot requested a deployment to preview July 2, 2026 07:11 Abandoned
@hmcts-jenkins-j-to-z hmcts-jenkins-j-to-z Bot requested a deployment to preview July 2, 2026 08:38 Abandoned
@arun-hmcts arun-hmcts merged commit 558a5c2 into master Jul 2, 2026
12 checks passed
@arun-hmcts arun-hmcts deleted the HDPI-5819 branch July 2, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants