Send Auth header for epic requests (#14794)

* Send Auth header for epic requests

* Rename to getAuthHeaders

Author: tomrf1

dotcom-rendering/package.json

@@ -43,7 +43,7 @@
 		"@guardian/shimport": "1.0.2",
 		"@guardian/source": "11.3.0",
 		"@guardian/source-development-kitchen": "18.1.1",
-		"@guardian/support-dotcom-components": "8.0.0",
+		"@guardian/support-dotcom-components": "8.1.0",
 		"@guardian/tsconfig": "0.2.0",
 		"@playwright/test": "1.56.1",
 		"@sentry/browser": "10.20.0",

dotcom-rendering/src/components/SlotBodyEnd/ReaderRevenueEpic.tsx

@@ -20,6 +20,7 @@ import type {
 import { useEffect, useState } from 'react';
 import { submitComponentEvent } from '../../client/ophan/ophan';
 import {
+	getAuthHeaders,
 	hasCmpConsentForWeeklyArticleCount,
 	hasOptedOutOfArticleCount,
 	shouldHideSupportMessaging,
@@ -64,7 +65,6 @@ const buildPayload = async (
 		showSupportMessaging: !data.hideSupportMessagingForUser,
 		epicViewLog: getEpicViewLog(storage.local),
 		weeklyArticleHistory: await data.asyncArticleCount,
-
 		hasOptedOutOfArticleCount: await hasOptedOutOfArticleCount(),
 		mvtId: Number(getCookie({ name: 'GU_mvt_id', shouldMemoize: true })),
 		countryCode: data.countryCode,
@@ -107,9 +107,12 @@ export const canShowReaderRevenueEpic = async (
 		hideSupportMessagingForUser,
 	});
 
+	const headers = await getAuthHeaders();
+
 	const response: ModuleDataResponse<EpicProps> = await getEpic(
 		contributionsServiceUrl,
 		contributionsPayload,
+		headers,
 	);
 	const module: ModuleData<EpicProps> | undefined = response.data?.module;
 

dotcom-rendering/src/lib/contributions.test.ts

@@ -1,9 +1,10 @@
-import { setCookie, storage } from '@guardian/libs';
+import { onConsent as onConsent_, setCookie, storage } from '@guardian/libs';
 import MockDate from 'mockdate';
 import { createOrRenewCookie } from '../client/userFeatures/cookies/cookieHelpers';
 import { HIDE_SUPPORT_MESSAGING_COOKIE } from '../client/userFeatures/cookies/hideSupportMessaging';
 import { USER_BENEFITS_EXPIRY_COOKIE } from '../client/userFeatures/cookies/userBenefitsExpiry';
 import {
+	getAuthHeaders,
 	getLastOneOffContributionTimestamp,
 	hasHideSupportMessagingCookie,
 	isRecentOneOffContributor,
@@ -13,6 +14,7 @@ import {
 	SUPPORT_ONE_OFF_CONTRIBUTION_COOKIE,
 	withinLocalNoBannerCachePeriod,
 } from './contributions';
+import { getAuthStatus as getAuthStatus_ } from './identity';
 
 const clearAllCookies = () => {
 	const cookies = document.cookie.split(';');
@@ -199,3 +201,63 @@ describe('hasSupporterCookie', () => {
 		expect(hasHideSupportMessagingCookie(true)).toEqual('Pending');
 	});
 });
+
+jest.mock('@guardian/libs', () => ({
+	...jest.requireActual('@guardian/libs'),
+	onConsent: jest.fn(),
+}));
+jest.mock('./identity', () => ({
+	...jest.requireActual('./identity'),
+	getAuthStatus: jest.fn(),
+}));
+
+const onConsent = onConsent_ as jest.MockedFunction<typeof onConsent_>;
+const getAuthStatus = getAuthStatus_ as jest.MockedFunction<
+	typeof getAuthStatus_
+>;
+
+describe('getAuthHeaders', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('returns undefined when user has not consented to targeting', async () => {
+		(onConsent as jest.Mock).mockResolvedValue({ canTarget: false });
+
+		const result = await getAuthHeaders();
+
+		expect(result).toBeUndefined();
+	});
+
+	it('returns undefined when consent check fails', async () => {
+		(onConsent as jest.Mock).mockRejectedValue(new Error('Consent error'));
+
+		const result = await getAuthHeaders();
+
+		expect(result).toBeUndefined();
+	});
+
+	it('returns undefined when user has consented but is not signed in', async () => {
+		(onConsent as jest.Mock).mockResolvedValue({ canTarget: true });
+		(getAuthStatus as jest.Mock).mockResolvedValue({ kind: 'SignedOut' });
+
+		const result = await getAuthHeaders();
+
+		expect(result).toBeUndefined();
+	});
+
+	it('returns Authorization header when user has consented and is signed in', async () => {
+		(onConsent as jest.Mock).mockResolvedValue({ canTarget: true });
+		(getAuthStatus as jest.Mock).mockResolvedValue({
+			kind: 'SignedIn',
+			accessToken: { accessToken: 'token' },
+		});
+
+		const result = await getAuthHeaders();
+
+		expect(result).toEqual({
+			Authorization: 'Bearer token',
+			'X-GU-IS-OAUTH': 'true',
+		});
+	});
+});

dotcom-rendering/src/lib/contributions.ts

@@ -1,6 +1,8 @@
 import {
+	type ConsentState,
 	getCookie,
 	isUndefined,
+	onConsent,
 	onConsentChange,
 	storage,
 } from '@guardian/libs';
@@ -13,6 +15,7 @@ import type { ArticleDeprecated } from '../types/article';
 import type { Front } from '../types/front';
 import type { DCRNewslettersPageType } from '../types/newslettersPage';
 import type { TagPage } from '../types/tagPage';
+import { getAuthStatus, getOptionsHeaders } from './identity';
 
 // User Attributes API cookies (created on sign-in)
 export const RECURRING_CONTRIBUTOR_COOKIE = 'gu_recurring_contributor';
@@ -223,3 +226,20 @@ export const getPurchaseInfo = (): PurchaseInfo => {
 
 	return purchaseInfo;
 };
+
+const hasCanTargetConsent = (): Promise<boolean> =>
+	onConsent()
+		.then(({ canTarget }: ConsentState) => canTarget)
+		.catch(() => false);
+
+// Returns Auth headers only if user has targeting consent and is signed in
+export const getAuthHeaders = async (): Promise<HeadersInit | undefined> => {
+	const hasConsented = await hasCanTargetConsent();
+	if (hasConsented) {
+		const authStatus = await getAuthStatus();
+		if (authStatus.kind === 'SignedIn') {
+			return getOptionsHeaders(authStatus).headers;
+		}
+	}
+	return undefined;
+};