use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class MfaHandlerTest method shouldReturn400IfUserIsBlockedFromRequestingAnyMoreMfaCodes.
@Test
void shouldReturn400IfUserIsBlockedFromRequestingAnyMoreMfaCodes() {
usingValidSession();
when(codeStorageService.isBlockedForEmail(TEST_EMAIL_ADDRESS, CODE_REQUEST_BLOCKED_KEY_PREFIX)).thenReturn(true);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(400, result.getStatusCode());
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1026));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.MFA_INVALID_CODE_REQUEST, "aws-session-id", session.getSessionId(), "", AuditService.UNKNOWN, TEST_EMAIL_ADDRESS, "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class MfaHandlerTest method shouldReturn400IfUserHasReachedTheMfaCodeRequestLimit.
@Test
void shouldReturn400IfUserHasReachedTheMfaCodeRequestLimit() {
usingValidSession();
when(configurationService.getBlockedEmailDuration()).thenReturn(BLOCKED_EMAIL_DURATION);
session.incrementCodeRequestCount();
session.incrementCodeRequestCount();
session.incrementCodeRequestCount();
session.incrementCodeRequestCount();
session.incrementCodeRequestCount();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(400, result.getStatusCode());
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1025));
verify(codeStorageService).saveBlockedForEmail(TEST_EMAIL_ADDRESS, CODE_REQUEST_BLOCKED_KEY_PREFIX, BLOCKED_EMAIL_DURATION);
verify(auditService).submitAuditEvent(FrontendAuditableEvent.MFA_INVALID_CODE_REQUEST, "aws-session-id", session.getSessionId(), "", AuditService.UNKNOWN, TEST_EMAIL_ADDRESS, "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class MfaHandlerTest method shouldReturn204AndNotSendMessageForSuccessfulMfaRequestOnTestClient.
@Test
void shouldReturn204AndNotSendMessageForSuccessfulMfaRequestOnTestClient() throws Json.JsonException {
usingValidSession();
usingValidClientSession(TEST_CLIENT_ID);
when(configurationService.isTestClientsEnabled()).thenReturn(true);
when(authenticationService.getPhoneNumber(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(PHONE_NUMBER));
when(codeGeneratorService.sixDigitCode()).thenReturn(CODE);
NotifyRequest notifyRequest = new NotifyRequest(PHONE_NUMBER, MFA_SMS, CODE);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
verify(sqsClient, never()).send(objectMapper.writeValueAsString(notifyRequest));
verify(codeStorageService).saveOtpCode(TEST_EMAIL_ADDRESS, CODE, CODE_EXPIRY_TIME, MFA_SMS);
assertThat(result, hasStatus(204));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.MFA_CODE_SENT_FOR_TEST_CLIENT, "aws-session-id", session.getSessionId(), TEST_CLIENT_ID, AuditService.UNKNOWN, TEST_EMAIL_ADDRESS, "123.123.123.123", PHONE_NUMBER, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class MfaHandlerTest method shouldReturn400WhenEmailInSessionDoesNotMatchEmailInRequest.
@Test
void shouldReturn400WhenEmailInSessionDoesNotMatchEmailInRequest() {
usingValidSession();
when(authenticationService.getPhoneNumber(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(PHONE_NUMBER));
when(codeGeneratorService.sixDigitCode()).thenReturn(CODE);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Session-Id", session.getSessionId()));
event.setBody(format("{ \"email\": \"%s\"}", "wrong.email@gov.uk"));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(400));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.MFA_MISMATCHED_EMAIL, "aws-session-id", session.getSessionId(), "", AuditService.UNKNOWN, "wrong.email@gov.uk", "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.
the class SendOtpNotificationHandlerTest method shouldReturn400WhenAccountAlreadyExistsWithGivenEmail.
@Test
void shouldReturn400WhenAccountAlreadyExistsWithGivenEmail() {
when(dynamoService.userExists(eq(TEST_EMAIL_ADDRESS))).thenReturn(true);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of());
event.setBody(format("{ \"email\": \"%s\", \"notificationType\": \"%s\" }", TEST_EMAIL_ADDRESS, VERIFY_EMAIL));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertEquals(400, result.getStatusCode());
assertThat(result, hasJsonBody(ErrorResponse.ERROR_1009));
verifyNoInteractions(auditService);
}
Aggregations