From 53f9586b60c3addf14d5eb7eb96aba2011d80884 Mon Sep 17 00:00:00 2001
From: Khavin Shankar <khavinshankar@gmail.com>
Date: Wed, 5 Jul 2023 07:23:23 +0000
Subject: [PATCH] send 401 when consent is denied in data request

---
 care/abdm/api/viewsets/auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/care/abdm/api/viewsets/auth.py b/care/abdm/api/viewsets/auth.py
index 87c16ca750..7d9305ec01 100644
--- a/care/abdm/api/viewsets/auth.py
+++ b/care/abdm/api/viewsets/auth.py
@@ -257,8 +257,8 @@ def post(self, request, *args, **kwargs):
         # TODO: uncomment later
         consent_id = data["hiRequest"]["consent"]["id"]
         consent = json.loads(cache.get(consent_id)) if consent_id in cache else None
-        # if not consent or not consent["notification"]["status"] == "GRANTED":
-        #     return Response({}, status=status.HTTP_401_UNAUTHORIZED)
+        if not consent or not consent["notification"]["status"] == "GRANTED":
+            return Response({}, status=status.HTTP_401_UNAUTHORIZED)
 
         # TODO: check if from and to are in range and consent expiry is greater than today
         # consent_from = datetime.fromisoformat(