use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.
the class AuthorisationHandlerTest method shouldReturn400WhenAuthorisationRequestCannotBeParsed.
@Test
void shouldReturn400WhenAuthorisationRequestCannotBeParsed() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setQueryStringParameters(Map.of("client_id", CLIENT_ID.getValue(), "redirect_uri", REDIRECT_URI, "scope", SCOPE, "invalid_parameter", "nonsense", "state", STATE.getValue()));
event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
assertThat(response, hasStatus(302));
assertEquals("https://localhost:8080?error=invalid_request&error_description=Invalid+request%3A+Missing+response_type+parameter&state=" + STATE.getValue(), response.getHeaders().get(ResponseHeaders.LOCATION));
verify(auditService).submitAuditEvent(AUTHORISATION_REQUEST_ERROR, AWS_REQUEST_ID, "", "", "", "", "123.123.123.123", "", PERSISTENT_SESSION_ID, pair("description", "Invalid request: Missing response_type parameter"));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.
the class AuthorisationHandlerTest method shouldRedirectToLoginWhenRequestObjectIsValid.
@Test
void shouldRedirectToLoginWhenRequestObjectIsValid() {
when(configService.isDocAppApiEnabled()).thenReturn(true);
when(requestObjectService.validateRequestObject(any(AuthenticationRequest.class))).thenReturn(Optional.empty());
when(clientSessionService.generateClientSession(any(ClientSession.class))).thenReturn(CLIENT_SESSION_ID);
var event = new APIGatewayProxyRequestEvent();
event.setQueryStringParameters(Map.of("client_id", "test-id", "redirect_uri", "http://localhost:8080", "scope", "openid", "response_type", "code", "request", new PlainJWT(new JWTClaimsSet.Builder().build()).serialize()));
event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
var response = makeHandlerRequest(event);
assertThat(response, hasStatus(302));
var uri = URI.create(response.getHeaders().get(ResponseHeaders.LOCATION));
assertEquals(LOGIN_URL.getAuthority(), uri.getAuthority());
assertTrue(response.getMultiValueHeaders().get(ResponseHeaders.SET_COOKIE).contains(EXPECTED_SESSION_COOKIE_STRING));
assertTrue(response.getMultiValueHeaders().get(ResponseHeaders.SET_COOKIE).contains(EXPECTED_PERSISTENT_COOKIE_STRING));
verify(sessionService).save(session);
inOrder.verify(auditService).submitAuditEvent(OidcAuditableEvent.AUTHORISATION_INITIATED, context.getAwsRequestId(), session.getSessionId(), CLIENT_ID.getValue(), AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.
the class AuthorisationHandlerTest method withRequestEvent.
private APIGatewayProxyRequestEvent withRequestEvent(Map<String, String> requestParams) {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setQueryStringParameters(requestParams);
event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
return event;
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.
the class AuthorisationHandlerTest method shouldReturn400WhenAuthorisationRequestContainsInvalidScope.
@Test
void shouldReturn400WhenAuthorisationRequestContainsInvalidScope() {
when(authorizationService.validateAuthRequest(any(AuthenticationRequest.class))).thenReturn(Optional.of(new AuthRequestError(OAuth2Error.INVALID_SCOPE, URI.create("http://localhost:8080"))));
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setQueryStringParameters(Map.of("client_id", "test-id", "redirect_uri", "http://localhost:8080", "scope", "email,openid,profile,non-existent-scope", "response_type", "code"));
event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
assertThat(response, hasStatus(302));
assertEquals("http://localhost:8080?error=invalid_scope&error_description=Invalid%2C+unknown+or+malformed+scope", response.getHeaders().get(ResponseHeaders.LOCATION));
verify(auditService).submitAuditEvent(AUTHORISATION_REQUEST_ERROR, AWS_REQUEST_ID, "", "", "", "", "123.123.123.123", "", PERSISTENT_SESSION_ID, pair("description", OAuth2Error.INVALID_SCOPE.getDescription()));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.
the class AuthorisationHandlerTest method shouldThrowExceptionWhenNoQueryStringParametersArePresent.
@Test
void shouldThrowExceptionWhenNoQueryStringParametersArePresent() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
RuntimeException expectedException = assertThrows(RuntimeException.class, () -> makeHandlerRequest(event), "Expected to throw AccessTokenException");
assertThat(expectedException.getMessage(), equalTo("No query string parameters are present in the Authentication request"));
}
Aggregations