use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class UpdateProfileHandlerTest method shouldReturn204WhenUpdatingProfileWithConsent.
@Test
void shouldReturn204WhenUpdatingProfileWithConsent() throws ClientNotFoundException, URISyntaxException {
usingValidSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
ClientID clientID = new ClientID();
AuthorizationCode authorizationCode = new AuthorizationCode();
AuthenticationRequest authRequest = generateValidClientSessionAndAuthRequest(clientID);
AuthenticationSuccessResponse authSuccessResponse = new AuthenticationSuccessResponse(authRequest.getRedirectionURI(), authorizationCode, null, null, authRequest.getState(), null, null);
when(authenticationService.getUserProfileFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(generateUserProfileWithoutConsent()));
event.setHeaders(Map.of(COOKIE, buildCookieString("gs", SESSION_ID + "." + CLIENT_SESSION_ID, 3600, "Secure; HttpOnly;", "domain")));
event.setBody(format("{ \"email\": \"%s\", \"updateProfileType\": \"%s\", \"profileInformation\": \"%s\" }", TEST_EMAIL_ADDRESS, CAPTURE_CONSENT, CONSENT_VALUE));
APIGatewayProxyResponseEvent result = makeHandlerRequest(event);
verify(authenticationService).updateConsent(eq(TEST_EMAIL_ADDRESS), any(ClientConsent.class));
assertThat(result, hasStatus(204));
verify(auditService).submitAuditEvent(UPDATE_PROFILE_CONSENT_UPDATED, "request-id", session.getSessionId(), clientID.getValue(), INTERNAL_SUBJECT, TEST_EMAIL_ADDRESS, "", PHONE_NUMBER, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class VerifyCodeHandlerTest method shouldReturn400IfRequestIsMissingNotificationType.
@Test
void shouldReturn400IfRequestIsMissingNotificationType() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", "a-session-id"));
event.setBody(format("{ \"code\": \"%s\"}", CODE));
when(sessionService.getSessionFromRequestHeaders(event.getHeaders())).thenReturn(Optional.of(session));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1001));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class ResetPasswordHandlerTest method shouldReturn204ForSuccessfulRequestWithNoCode.
@Test
public void shouldReturn204ForSuccessfulRequestWithNoCode() throws Json.JsonException {
when(authenticationService.getUserCredentialsFromEmail(EMAIL)).thenReturn(generateUserCredentials());
usingValidSession();
NotifyRequest notifyRequest = new NotifyRequest(EMAIL, NotificationType.PASSWORD_RESET_CONFIRMATION);
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
headers.put("Session-Id", session.getSessionId());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(headers);
event.setBody(format("{ \"password\": \"%s\"}", NEW_PASSWORD));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(204));
verify(sqsClient, times(1)).send(objectMapper.writeValueAsString(notifyRequest));
verify(authenticationService, times(1)).updatePassword(EMAIL, NEW_PASSWORD);
verify(auditService).submitAuditEvent(FrontendAuditableEvent.PASSWORD_RESET_SUCCESSFUL, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, EMAIL, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_ID);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class ResetPasswordHandlerTest method shouldReturn204ForSuccessfulMigratedUserRequest.
@Test
public void shouldReturn204ForSuccessfulMigratedUserRequest() throws Json.JsonException {
when(codeStorageService.getSubjectWithPasswordResetCode(CODE)).thenReturn(Optional.of(SUBJECT));
when(authenticationService.getUserCredentialsFromSubject(SUBJECT)).thenReturn(generateMigratedUserCredentials());
usingValidSession();
NotifyRequest notifyRequest = new NotifyRequest(EMAIL, NotificationType.PASSWORD_RESET_CONFIRMATION);
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_ID);
headers.put("Session-Id", session.getSessionId());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody(format("{ \"code\": \"%s\", \"password\": \"%s\"}", CODE, NEW_PASSWORD));
event.setHeaders(headers);
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(204));
verify(sqsClient, times(1)).send(objectMapper.writeValueAsString(notifyRequest));
verify(authenticationService, times(1)).updatePassword(EMAIL, NEW_PASSWORD);
verify(codeStorageService, times(1)).deleteSubjectWithPasswordResetCode(CODE);
verify(auditService).submitAuditEvent(FrontendAuditableEvent.PASSWORD_RESET_SUCCESSFUL, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, EMAIL, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_ID);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class ResetPasswordHandlerTest method shouldReturn400WhenCodeIsInvalid.
@Test
public void shouldReturn400WhenCodeIsInvalid() {
usingValidSession();
when(codeStorageService.getSubjectWithPasswordResetCode(CODE)).thenReturn(Optional.empty());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody(format("{ \"code\": \"%s\", \"password\": \"%s\"}", CODE, NEW_PASSWORD));
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1021));
verify(authenticationService, never()).updatePassword(EMAIL, NEW_PASSWORD);
verifyNoInteractions(auditService);
}
Aggregations