Search in sources :

Example 71 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class UpdateProfileHandlerTest method shouldReturn204WhenUpdatingProfileWithConsent.

@Test
void shouldReturn204WhenUpdatingProfileWithConsent() throws ClientNotFoundException, URISyntaxException {
    usingValidSession();
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    ClientID clientID = new ClientID();
    AuthorizationCode authorizationCode = new AuthorizationCode();
    AuthenticationRequest authRequest = generateValidClientSessionAndAuthRequest(clientID);
    AuthenticationSuccessResponse authSuccessResponse = new AuthenticationSuccessResponse(authRequest.getRedirectionURI(), authorizationCode, null, null, authRequest.getState(), null, null);
    when(authenticationService.getUserProfileFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(generateUserProfileWithoutConsent()));
    event.setHeaders(Map.of(COOKIE, buildCookieString("gs", SESSION_ID + "." + CLIENT_SESSION_ID, 3600, "Secure; HttpOnly;", "domain")));
    event.setBody(format("{ \"email\": \"%s\", \"updateProfileType\": \"%s\", \"profileInformation\": \"%s\" }", TEST_EMAIL_ADDRESS, CAPTURE_CONSENT, CONSENT_VALUE));
    APIGatewayProxyResponseEvent result = makeHandlerRequest(event);
    verify(authenticationService).updateConsent(eq(TEST_EMAIL_ADDRESS), any(ClientConsent.class));
    assertThat(result, hasStatus(204));
    verify(auditService).submitAuditEvent(UPDATE_PROFILE_CONSENT_UPDATED, "request-id", session.getSessionId(), clientID.getValue(), INTERNAL_SUBJECT, TEST_EMAIL_ADDRESS, "", PHONE_NUMBER, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
Also used : AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) ClientConsent(uk.gov.di.authentication.shared.entity.ClientConsent) AuthenticationSuccessResponse(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse) Test(org.junit.jupiter.api.Test)

Example 72 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class VerifyCodeHandlerTest method shouldReturn400IfRequestIsMissingNotificationType.

@Test
void shouldReturn400IfRequestIsMissingNotificationType() {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Session-Id", "a-session-id"));
    event.setBody(format("{ \"code\": \"%s\"}", CODE));
    when(sessionService.getSessionFromRequestHeaders(event.getHeaders())).thenReturn(Optional.of(session));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(400));
    assertThat(result, hasJsonBody(ErrorResponse.ERROR_1001));
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 73 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class ResetPasswordHandlerTest method shouldReturn204ForSuccessfulRequestWithNoCode.

@Test
public void shouldReturn204ForSuccessfulRequestWithNoCode() throws Json.JsonException {
    when(authenticationService.getUserCredentialsFromEmail(EMAIL)).thenReturn(generateUserCredentials());
    usingValidSession();
    NotifyRequest notifyRequest = new NotifyRequest(EMAIL, NotificationType.PASSWORD_RESET_CONFIRMATION);
    Map<String, String> headers = new HashMap<>();
    headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
    headers.put("Session-Id", session.getSessionId());
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(headers);
    event.setBody(format("{ \"password\": \"%s\"}", NEW_PASSWORD));
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(204));
    verify(sqsClient, times(1)).send(objectMapper.writeValueAsString(notifyRequest));
    verify(authenticationService, times(1)).updatePassword(EMAIL, NEW_PASSWORD);
    verify(auditService).submitAuditEvent(FrontendAuditableEvent.PASSWORD_RESET_SUCCESSFUL, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, EMAIL, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) NotifyRequest(uk.gov.di.authentication.shared.entity.NotifyRequest) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 74 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class ResetPasswordHandlerTest method shouldReturn204ForSuccessfulMigratedUserRequest.

@Test
public void shouldReturn204ForSuccessfulMigratedUserRequest() throws Json.JsonException {
    when(codeStorageService.getSubjectWithPasswordResetCode(CODE)).thenReturn(Optional.of(SUBJECT));
    when(authenticationService.getUserCredentialsFromSubject(SUBJECT)).thenReturn(generateMigratedUserCredentials());
    usingValidSession();
    NotifyRequest notifyRequest = new NotifyRequest(EMAIL, NotificationType.PASSWORD_RESET_CONFIRMATION);
    Map<String, String> headers = new HashMap<>();
    headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
    headers.put("Session-Id", session.getSessionId());
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setBody(format("{ \"code\": \"%s\", \"password\": \"%s\"}", CODE, NEW_PASSWORD));
    event.setHeaders(headers);
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(204));
    verify(sqsClient, times(1)).send(objectMapper.writeValueAsString(notifyRequest));
    verify(authenticationService, times(1)).updatePassword(EMAIL, NEW_PASSWORD);
    verify(codeStorageService, times(1)).deleteSubjectWithPasswordResetCode(CODE);
    verify(auditService).submitAuditEvent(FrontendAuditableEvent.PASSWORD_RESET_SUCCESSFUL, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, EMAIL, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) NotifyRequest(uk.gov.di.authentication.shared.entity.NotifyRequest) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 75 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class ResetPasswordHandlerTest method shouldReturn400WhenCodeIsInvalid.

@Test
public void shouldReturn400WhenCodeIsInvalid() {
    usingValidSession();
    when(codeStorageService.getSubjectWithPasswordResetCode(CODE)).thenReturn(Optional.empty());
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setBody(format("{ \"code\": \"%s\", \"password\": \"%s\"}", CODE, NEW_PASSWORD));
    event.setHeaders(Map.of("Session-Id", session.getSessionId()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(400));
    assertThat(result, hasJsonBody(ErrorResponse.ERROR_1021));
    verify(authenticationService, never()).updatePassword(EMAIL, NEW_PASSWORD);
    verifyNoInteractions(auditService);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Aggregations

APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)239 Test (org.junit.jupiter.api.Test)217 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)182 HashMap (java.util.HashMap)70 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)37 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)33 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)29 NotifyRequest (uk.gov.di.authentication.shared.entity.NotifyRequest)17 URI (java.net.URI)15 Map (java.util.Map)15 UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)14 Context (com.amazonaws.services.lambda.runtime.Context)13 NotifyRequest (uk.gov.di.accountmanagement.entity.NotifyRequest)13 Subject (com.nimbusds.oauth2.sdk.id.Subject)12 Instant (java.time.Instant)11 Matchers.containsString (org.hamcrest.Matchers.containsString)11 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)10 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)10 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)8 JWSObject (com.nimbusds.jose.JWSObject)8