send 401 when consent is denied in data request

ohcnetwork · Jul 5, 2023 · 53f9586 · 53f9586
1 parent 5205e18
commit 53f9586
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/care/abdm/api/viewsets/auth.py b/care/abdm/api/viewsets/auth.py
@@ -257,8 +257,8 @@ def post(self, request, *args, **kwargs):
         # TODO: uncomment later
         consent_id = data["hiRequest"]["consent"]["id"]
         consent = json.loads(cache.get(consent_id)) if consent_id in cache else None
-        # if not consent or not consent["notification"]["status"] == "GRANTED":
-        #     return Response({}, status=status.HTTP_401_UNAUTHORIZED)
+        if not consent or not consent["notification"]["status"] == "GRANTED":
+            return Response({}, status=status.HTTP_401_UNAUTHORIZED)
 
         # TODO: check if from and to are in range and consent expiry is greater than today
         # consent_from = datetime.fromisoformat(