Search in sources :

Example 1 with RequestIdentity

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.

the class AuthorisationHandlerTest method shouldReturn400WhenAuthorisationRequestCannotBeParsed.

@Test
void shouldReturn400WhenAuthorisationRequestCannotBeParsed() {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(Map.of("client_id", CLIENT_ID.getValue(), "redirect_uri", REDIRECT_URI, "scope", SCOPE, "invalid_parameter", "nonsense", "state", STATE.getValue()));
    event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
    APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
    assertThat(response, hasStatus(302));
    assertEquals("https://localhost:8080?error=invalid_request&error_description=Invalid+request%3A+Missing+response_type+parameter&state=" + STATE.getValue(), response.getHeaders().get(ResponseHeaders.LOCATION));
    verify(auditService).submitAuditEvent(AUTHORISATION_REQUEST_ERROR, AWS_REQUEST_ID, "", "", "", "", "123.123.123.123", "", PERSISTENT_SESSION_ID, pair("description", "Invalid request: Missing response_type parameter"));
}
Also used : RequestIdentity(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity) ProxyRequestContext(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 2 with RequestIdentity

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.

the class AuthorisationHandlerTest method shouldRedirectToLoginWhenRequestObjectIsValid.

@Test
void shouldRedirectToLoginWhenRequestObjectIsValid() {
    when(configService.isDocAppApiEnabled()).thenReturn(true);
    when(requestObjectService.validateRequestObject(any(AuthenticationRequest.class))).thenReturn(Optional.empty());
    when(clientSessionService.generateClientSession(any(ClientSession.class))).thenReturn(CLIENT_SESSION_ID);
    var event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(Map.of("client_id", "test-id", "redirect_uri", "http://localhost:8080", "scope", "openid", "response_type", "code", "request", new PlainJWT(new JWTClaimsSet.Builder().build()).serialize()));
    event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
    var response = makeHandlerRequest(event);
    assertThat(response, hasStatus(302));
    var uri = URI.create(response.getHeaders().get(ResponseHeaders.LOCATION));
    assertEquals(LOGIN_URL.getAuthority(), uri.getAuthority());
    assertTrue(response.getMultiValueHeaders().get(ResponseHeaders.SET_COOKIE).contains(EXPECTED_SESSION_COOKIE_STRING));
    assertTrue(response.getMultiValueHeaders().get(ResponseHeaders.SET_COOKIE).contains(EXPECTED_PERSISTENT_COOKIE_STRING));
    verify(sessionService).save(session);
    inOrder.verify(auditService).submitAuditEvent(OidcAuditableEvent.AUTHORISATION_INITIATED, context.getAwsRequestId(), session.getSessionId(), CLIENT_ID.getValue(), AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : RequestIdentity(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity) PlainJWT(com.nimbusds.jwt.PlainJWT) ProxyRequestContext(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ClientSession(uk.gov.di.authentication.shared.entity.ClientSession) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with RequestIdentity

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.

the class AuthorisationHandlerTest method withRequestEvent.

private APIGatewayProxyRequestEvent withRequestEvent(Map<String, String> requestParams) {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(requestParams);
    event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
    return event;
}
Also used : RequestIdentity(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity) ProxyRequestContext(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)

Example 4 with RequestIdentity

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.

the class AuthorisationHandlerTest method shouldReturn400WhenAuthorisationRequestContainsInvalidScope.

@Test
void shouldReturn400WhenAuthorisationRequestContainsInvalidScope() {
    when(authorizationService.validateAuthRequest(any(AuthenticationRequest.class))).thenReturn(Optional.of(new AuthRequestError(OAuth2Error.INVALID_SCOPE, URI.create("http://localhost:8080"))));
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(Map.of("client_id", "test-id", "redirect_uri", "http://localhost:8080", "scope", "email,openid,profile,non-existent-scope", "response_type", "code"));
    event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
    APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
    assertThat(response, hasStatus(302));
    assertEquals("http://localhost:8080?error=invalid_scope&error_description=Invalid%2C+unknown+or+malformed+scope", response.getHeaders().get(ResponseHeaders.LOCATION));
    verify(auditService).submitAuditEvent(AUTHORISATION_REQUEST_ERROR, AWS_REQUEST_ID, "", "", "", "", "123.123.123.123", "", PERSISTENT_SESSION_ID, pair("description", OAuth2Error.INVALID_SCOPE.getDescription()));
}
Also used : RequestIdentity(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity) ProxyRequestContext(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext) AuthRequestError(uk.gov.di.authentication.oidc.entity.AuthRequestError) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 5 with RequestIdentity

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity in project di-authentication-api by alphagov.

the class AuthorisationHandlerTest method shouldThrowExceptionWhenNoQueryStringParametersArePresent.

@Test
void shouldThrowExceptionWhenNoQueryStringParametersArePresent() {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setRequestContext(new ProxyRequestContext().withIdentity(new RequestIdentity().withSourceIp("123.123.123.123")));
    RuntimeException expectedException = assertThrows(RuntimeException.class, () -> makeHandlerRequest(event), "Expected to throw AccessTokenException");
    assertThat(expectedException.getMessage(), equalTo("No query string parameters are present in the Authentication request"));
}
Also used : RequestIdentity(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity) ProxyRequestContext(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)7 ProxyRequestContext (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.ProxyRequestContext)7 RequestIdentity (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent.RequestIdentity)7 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)6 Test (org.junit.jupiter.api.Test)5 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)3 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)3 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2 PlainJWT (com.nimbusds.jwt.PlainJWT)2 AuthRequestError (uk.gov.di.authentication.oidc.entity.AuthRequestError)2 ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)2 AuthenticationErrorResponse (com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse)1 URI (java.net.URI)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 MethodSource (org.junit.jupiter.params.provider.MethodSource)1