Examples with APIGatewayProxyRequestEvent com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent used on opensource projects

Example 41 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class JwksHandlerTest method shouldReturn200WhenRequestIsSuccessful.

@Test
public void shouldReturn200WhenRequestIsSuccessful() throws JOSEException {
    JWK opaqueSigningKey = new RSAKeyGenerator(2048).keyID(UUID.randomUUID().toString()).generate();
    when(tokenValidationService.getPublicJwkWithOpaqueId()).thenReturn(opaqueSigningKey);
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    JWKSet expectedJWKSet = new JWKSet(opaqueSigningKey);
    assertThat(result, hasStatus(200));
    assertThat(result, hasBody(expectedJWKSet.toString(true)));
}

Example 42 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class JwksHandlerTest method shouldReturn500WhenSigningKeyIsNotPresent.

@Test
public void shouldReturn500WhenSigningKeyIsNotPresent() {
    when(tokenValidationService.getPublicJwkWithOpaqueId()).thenReturn(null);
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(500));
    assertThat(result, hasBody("Error providing JWKs data"));
}

Example 43 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldDeleteSessionAndRedirectToClientLogoutUriForValidLogoutRequest.

@Test
public void shouldDeleteSessionAndRedirectToClientLogoutUriForValidLogoutRequest() {
    when(dynamoClientService.getClient("client-id")).thenReturn(Optional.of(createClientRegistry()));
    when(tokenValidationService.isTokenSignatureValid(signedIDToken.serialize())).thenReturn(true);
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedIDToken.serialize(), "post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString(), "state", STATE.toString()));
    setupSessions();
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    verifySessions();
    assertThat(response, hasStatus(302));
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(CLIENT_LOGOUT_URI + "?state=" + STATE));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, "client-id", AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}

Example 44 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldRedirectToDefaultLogoutUriWithErrorMessageWhenClientSessionIdIsNotFoundInSession.

@Test
public void shouldRedirectToDefaultLogoutUriWithErrorMessageWhenClientSessionIdIsNotFoundInSession() throws URISyntaxException {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(Map.of("post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString(), "state", STATE.toString()));
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    event.setHeaders(Map.of(COOKIE, buildCookieString("invalid-client-session-id")));
    generateSessionFromCookie(session);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    assertThat(response, hasStatus(302));
    ErrorObject errorObject = new ErrorObject(OAuth2Error.INVALID_REQUEST_CODE, "invalid session");
    URIBuilder uriBuilder = new URIBuilder(DEFAULT_LOGOUT_URI);
    uriBuilder.addParameter("error_code", errorObject.getCode());
    uriBuilder.addParameter("error_description", errorObject.getDescription());
    URI expectedUri = uriBuilder.build();
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(expectedUri.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}

Example 45 with APIGatewayProxyRequestEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldNotReturnStateWhenStateIsNotSentInRequest.

@Test
public void shouldNotReturnStateWhenStateIsNotSentInRequest() {
    when(dynamoClientService.getClient("client-id")).thenReturn(Optional.of(createClientRegistry()));
    when(tokenValidationService.isTokenSignatureValid(signedIDToken.serialize())).thenReturn(true);
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedIDToken.serialize(), "post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString()));
    generateSessionFromCookie(session);
    setupClientSessionToken(signedIDToken);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    verify(sessionService, times(1)).deleteSessionFromRedis(SESSION_ID);
    verify(clientSessionService).deleteClientSessionFromRedis(CLIENT_SESSION_ID);
    assertThat(response, hasStatus(302));
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(CLIENT_LOGOUT_URI.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, "client-id", AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}