use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class SignUpHandlerTest method shouldReturn400IfUserAlreadyExists.
@Test
void shouldReturn400IfUserAlreadyExists() {
when(authenticationService.userExists(eq("joe.bloggs@test.com"))).thenReturn(true);
usingValidSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
event.setHeaders(Map.of("Session-Id", "a-session-id"));
event.setBody("{ \"password\": \"computer-1\", \"email\": \"joe.bloggs@test.com\" }");
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1009));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT_EMAIL_ALREADY_EXISTS, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, "joe.bloggs@test.com", "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class SignUpHandlerTest method shouldReturn400IfSessionIdMissing.
@Test
void shouldReturn400IfSessionIdMissing() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody("{ \"password\": \"computer-1\", \"email\": \"joe.bloggs@test.com\" }");
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1000));
verifyNoInteractions(auditService);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class SignUpHandlerTest method shouldReturn400IfPasswordFailsValidation.
@Test
void shouldReturn400IfPasswordFailsValidation() {
usingValidSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setBody("{ \"password\": \"computer\", \"email\": \"joe.bloggs@test.com\" }");
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1007));
verifyNoInteractions(auditService);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class StartHandlerTest method shouldReturn400WhenBuildClientStartInfoThrowsException.
@Test
void shouldReturn400WhenBuildClientStartInfoThrowsException() throws ParseException, Json.JsonException {
when(startService.buildUserContext(session, clientSession)).thenReturn(userContext);
when(startService.buildClientStartInfo(userContext)).thenThrow(new ParseException("Unable to parse authentication request"));
usingValidClientSession();
usingValidSession();
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
headers.put(CLIENT_SESSION_ID_HEADER, CLIENT_SESSION_ID);
headers.put(SESSION_ID_HEADER, SESSION_ID);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(headers);
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
String expectedResponse = objectMapper.writeValueAsString(ErrorResponse.ERROR_1038);
assertThat(result, hasBody(expectedResponse));
verifyNoInteractions(auditService);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class StartHandlerTest method shouldReturn200WhenDocCheckingAppUserIsPresent.
@Test
void shouldReturn200WhenDocCheckingAppUserIsPresent() throws Json.JsonException, ParseException, Json.JsonException {
when(configurationService.getDocAppDomain()).thenReturn(URI.create("https://doc-app"));
var userStartInfo = new UserStartInfo(false, false, false, false, null, null, true);
when(startService.buildUserContext(session, clientSession)).thenReturn(userContext);
var scope = new Scope(OIDCScopeValue.OPENID, CustomScopeValue.DOC_CHECKING_APP);
when(startService.buildClientStartInfo(userContext)).thenReturn(new ClientStartInfo(TEST_CLIENT_NAME, scope.toStringList(), "MANDATORY", false, REDIRECT_URL));
when(startService.getGATrackingId(anyMap())).thenReturn(null);
when(startService.getCookieConsentValue(anyMap(), anyString())).thenReturn(null);
when(startService.buildUserStartInfo(userContext, null, null, true)).thenReturn(userStartInfo);
usingValidClientSession();
usingValidSession();
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
headers.put(CLIENT_SESSION_ID_HEADER, CLIENT_SESSION_ID);
headers.put(SESSION_ID_HEADER, SESSION_ID);
var event = new APIGatewayProxyRequestEvent();
event.setHeaders(headers);
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
var result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
var response = objectMapper.readValue(result.getBody(), StartResponse.class);
assertThat(response.getClient().getClientName(), equalTo(TEST_CLIENT_NAME));
assertThat(response.getClient().getScopes(), equalTo(scope.toStringList()));
assertThat(response.getClient().getServiceType(), equalTo(ServiceType.MANDATORY.toString()));
assertThat(response.getClient().getRedirectUri(), equalTo(REDIRECT_URL));
assertFalse(response.getClient().getCookieConsentShared());
assertTrue(response.getUser().isDocCheckingAppUser());
assertFalse(response.getUser().isIdentityRequired());
assertFalse(response.getUser().isUpliftRequired());
assertFalse(response.getUser().isAuthenticated());
assertFalse(response.getUser().isConsentRequired());
assertThat(response.getUser().getCookieConsent(), equalTo(null));
assertThat(response.getUser().getGaCrossDomainTrackingId(), equalTo(null));
verify(clientSessionService).saveClientSession(anyString(), any());
verify(auditService).submitAuditEvent(FrontendAuditableEvent.START_INFO_FOUND, "aws-session-id", SESSION_ID, TEST_CLIENT_ID, auditService.UNKNOWN, auditService.UNKNOWN, "123.123.123.123", PERSISTENT_ID, AuditService.UNKNOWN);
}
Aggregations