use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class ResetPasswordRequestHandlerTest method shouldReturn400IfInvalidSessionProvided.
@Test
void shouldReturn400IfInvalidSessionProvided() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody(format("{ \"email\": \"%s\" }", TEST_EMAIL_ADDRESS));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(400, result.getStatusCode());
verify(awsSqsClient, never()).send(anyString());
verify(codeStorageService, never()).saveOtpCode(anyString(), anyString(), anyLong(), any(NotificationType.class));
verify(sessionService, never()).save(argThat(this::isSessionWithEmailSent));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class ResetPasswordRequestHandlerTest method shouldReturn200AndPutMessageOnQueueForAValidLinkFlowRequest.
@Test
void shouldReturn200AndPutMessageOnQueueForAValidLinkFlowRequest() throws Json.JsonException {
String persistentId = "some-persistent-id-value";
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
headers.put("Session-Id", session.getSessionId());
Subject subject = new Subject("subject_1");
when(authenticationService.getSubjectFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(subject);
when(resetPasswordService.buildResetPasswordLink(TEST_SIX_DIGIT_CODE, session.getSessionId(), persistentId)).thenReturn(TEST_RESET_PASSWORD_LINK);
NotifyRequest notifyRequest = new NotifyRequest(TEST_EMAIL_ADDRESS, RESET_PASSWORD, TEST_RESET_PASSWORD_LINK);
String serialisedRequest = objectMapper.writeValueAsString(notifyRequest);
usingValidSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
event.setHeaders(headers);
event.setBody(format("{ \"email\": \"%s\" }", TEST_EMAIL_ADDRESS));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(204, result.getStatusCode());
verify(awsSqsClient).send(serialisedRequest);
verify(codeStorageService).savePasswordResetCode(subject.getValue(), TEST_SIX_DIGIT_CODE, CODE_EXPIRY_TIME, RESET_PASSWORD);
verify(sessionService).save(argThat(this::isSessionWithEmailSent));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.PASSWORD_RESET_REQUESTED, context.getAwsRequestId(), session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, TEST_EMAIL_ADDRESS, "123.123.123.123", AuditService.UNKNOWN, persistentId);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class CheckUserExistsHandlerTest method shouldReturn200IfUserDoesNotExist.
@Test
void shouldReturn200IfUserDoesNotExist() throws JsonProcessingException, Json.JsonException {
usingValidSession();
when(authenticationService.userExists(eq("joe.bloggs@digital.cabinet-office.gov.uk"))).thenReturn(false);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody("{ \"email\": \"joe.bloggs@digital.cabinet-office.gov.uk\" }");
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(200, result.getStatusCode());
CheckUserExistsResponse checkUserExistsResponse = objectMapper.readValue(result.getBody(), CheckUserExistsResponse.class);
assertEquals("joe.bloggs@digital.cabinet-office.gov.uk", checkUserExistsResponse.getEmail());
assertFalse(checkUserExistsResponse.doesUserExist());
verify(auditService).submitAuditEvent(FrontendAuditableEvent.CHECK_USER_NO_ACCOUNT_WITH_EMAIL, "aws-session-id", session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, "joe.bloggs@digital.cabinet-office.gov.uk", "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class CheckUserExistsHandlerTest method shouldReturn200IfUserExists.
@Test
void shouldReturn200IfUserExists() throws JsonProcessingException, Json.JsonException {
usingValidSession();
String persistentId = "some-persistent-id-value";
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
headers.put("Session-Id", session.getSessionId());
when(authenticationService.userExists(eq("joe.bloggs@digital.cabinet-office.gov.uk"))).thenReturn(true);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody("{ \"email\": \"joe.bloggs@digital.cabinet-office.gov.uk\" }");
event.setHeaders(headers);
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(200, result.getStatusCode());
CheckUserExistsResponse checkUserExistsResponse = objectMapper.readValue(result.getBody(), CheckUserExistsResponse.class);
assertEquals("joe.bloggs@digital.cabinet-office.gov.uk", checkUserExistsResponse.getEmail());
assertTrue(checkUserExistsResponse.doesUserExist());
verify(auditService).submitAuditEvent(FrontendAuditableEvent.CHECK_USER_KNOWN_EMAIL, "aws-session-id", session.getSessionId(), AuditService.UNKNOWN, AuditService.UNKNOWN, "joe.bloggs@digital.cabinet-office.gov.uk", "123.123.123.123", AuditService.UNKNOWN, persistentId);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class CheckUserExistsHandlerTest method shouldReturn400IfRequestIsMissingSessionId.
@Test
void shouldReturn400IfRequestIsMissingSessionId() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setBody("{ \"email\": \"joe.bloggs@digital.cabinet-office.gov.uk\" }");
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(400, result.getStatusCode());
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1000));
verifyNoInteractions(auditService);
}
Aggregations