Search in sources :

Example 21 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class IdentityHandlerTest method shouldReturnIdentityResponseForSuccessfulRequest.

@Test
void shouldReturnIdentityResponseForSuccessfulRequest() throws AccessTokenException, JsonProcessingException {
    String serializedCredential = SignedCredentialHelper.generateCredential().serialize();
    IdentityResponse identityResponse = new IdentityResponse(SUBJECT.getValue(), serializedCredential);
    AccessToken accessToken = new BearerAccessToken();
    when(accessTokenService.parse(accessToken.toAuthorizationHeader(), true)).thenReturn(accessTokenInfo);
    when(identityService.populateIdentityResponse(accessTokenInfo)).thenReturn(identityResponse);
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(200));
    IdentityResponse receivedIdentityResponse = new ObjectMapper().readValue(result.getBody(), IdentityResponse.class);
    assertThat(receivedIdentityResponse.getIdentityCredential(), equalTo(serializedCredential));
    assertThat(receivedIdentityResponse.getSub(), equalTo(SUBJECT.getValue()));
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) IdentityResponse(uk.gov.di.authentication.oidc.entity.IdentityResponse) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test)

Example 22 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class IdentityHandlerTest method shouldReturn401WhenAccessTokenIsMissing.

@Test
void shouldReturn401WhenAccessTokenIsMissing() {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(401));
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 23 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class IPVCallbackHandlerTest method shouldRedirectToLoginUriForSuccessfulResponse.

@Test
void shouldRedirectToLoginUriForSuccessfulResponse() throws URISyntaxException {
    usingValidSession();
    usingValidClientSession();
    TokenResponse successfulTokenResponse = new AccessTokenResponse(new Tokens(new BearerAccessToken(), null));
    TokenRequest tokenRequest = mock(TokenRequest.class);
    Map<String, String> responseHeaders = new HashMap<>();
    responseHeaders.put("code", AUTH_CODE.getValue());
    responseHeaders.put("state", STATE.getValue());
    when(dynamoClientService.getClient(CLIENT_ID.getValue())).thenReturn(Optional.of(generateClientRegistry()));
    when(responseService.validateResponse(responseHeaders, SESSION_ID)).thenReturn(Optional.empty());
    when(dynamoService.getUserProfileFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(generateUserProfile()));
    when(ipvTokenService.constructTokenRequest(AUTH_CODE.getValue())).thenReturn(tokenRequest);
    when(ipvTokenService.sendTokenRequest(tokenRequest)).thenReturn(successfulTokenResponse);
    when(ipvTokenService.sendIpvInfoRequest(successfulTokenResponse.toSuccessResponse().getTokens().getBearerAccessToken())).thenReturn(SignedCredentialHelper.generateCredential().serialize());
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(responseHeaders);
    event.setHeaders(Map.of(COOKIE, buildCookieString()));
    APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
    assertThat(response, hasStatus(302));
    URI redirectUri = new URIBuilder(LOGIN_URL).setPath("auth-code").build();
    assertThat(response.getHeaders().get("Location"), equalTo(redirectUri.toString()));
}
Also used : AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse) TokenResponse(com.nimbusds.oauth2.sdk.TokenResponse) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) TokenRequest(com.nimbusds.oauth2.sdk.TokenRequest) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) Matchers.containsString(org.hamcrest.Matchers.containsString) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) AccessTokenResponse(com.nimbusds.oauth2.sdk.AccessTokenResponse) URI(java.net.URI) Tokens(com.nimbusds.oauth2.sdk.token.Tokens) URIBuilder(org.apache.http.client.utils.URIBuilder) Test(org.junit.jupiter.api.Test)

Example 24 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class TokenHandlerTest method shouldReturn200ForRefreshTokenRequestWhenMultipleRefreshTokensAreStored.

@Test
public void shouldReturn200ForRefreshTokenRequestWhenMultipleRefreshTokensAreStored() throws JOSEException, JsonProcessingException {
    SignedJWT signedRefreshToken = createSignedRefreshToken();
    KeyPair keyPair = generateRsaKeyPair();
    RefreshToken refreshToken = new RefreshToken(signedRefreshToken.serialize());
    RefreshToken refreshToken2 = new RefreshToken();
    OIDCTokenResponse tokenResponse = new OIDCTokenResponse(new OIDCTokens(accessToken, refreshToken));
    PrivateKeyJWT privateKeyJWT = generatePrivateKeyJWT(keyPair.getPrivate());
    ClientRegistry clientRegistry = generateClientRegistry(keyPair);
    when(tokenService.validateTokenRequestParams(anyString())).thenReturn(Optional.empty());
    when(clientService.getClient(eq(CLIENT_ID))).thenReturn(Optional.of(clientRegistry));
    when(tokenService.validatePrivateKeyJWT(anyString(), eq(clientRegistry.getPublicKey()), eq(BASE_URI), eq(CLIENT_ID))).thenReturn(Optional.empty());
    when(tokenValidationService.validateRefreshTokenSignatureAndExpiry(refreshToken)).thenReturn(true);
    when(tokenValidationService.validateRefreshTokenScopes(SCOPES.toStringList(), SCOPES.toStringList())).thenReturn(true);
    RefreshTokenStore tokenStore = new RefreshTokenStore(List.of(refreshToken.getValue(), refreshToken2.getValue()), INTERNAL_SUBJECT.getValue());
    String redisKey = REFRESH_TOKEN_PREFIX + CLIENT_ID + "." + PUBLIC_SUBJECT.getValue();
    String tokenStoreString = new ObjectMapper().writeValueAsString(tokenStore);
    when(redisConnectionService.getValue(redisKey)).thenReturn(tokenStoreString);
    when(tokenService.generateRefreshTokenResponse(eq(CLIENT_ID), eq(INTERNAL_SUBJECT), eq(SCOPES.toStringList()), eq(PUBLIC_SUBJECT))).thenReturn(tokenResponse);
    APIGatewayProxyResponseEvent result = generateApiGatewayRefreshRequest(privateKeyJWT, refreshToken.getValue());
    assertThat(result, hasStatus(200));
    assertTrue(result.getBody().contains(refreshToken.getValue()));
    assertTrue(result.getBody().contains(accessToken.getValue()));
    String updatedTokenstore = new ObjectMapper().writeValueAsString(new RefreshTokenStore(List.of(refreshToken2.getValue()), INTERNAL_SUBJECT.getValue()));
    verify(redisConnectionService, times(1)).saveWithExpiry(redisKey, updatedTokenstore, 1234L);
}
Also used : RefreshTokenStore(uk.gov.di.authentication.shared.entity.RefreshTokenStore) KeyPair(java.security.KeyPair) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) ClientRegistry(uk.gov.di.authentication.shared.entity.ClientRegistry) SignedJWT(com.nimbusds.jwt.SignedJWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 25 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class IPVAuthorisationHandlerTest method shouldReturn200AndRedirectURIWithClaims.

@Test
void shouldReturn200AndRedirectURIWithClaims() throws JsonProcessingException, UnsupportedEncodingException {
    usingValidSession();
    usingValidClientSession(TEST_CLIENT_ID);
    Map<String, String> headers = new HashMap<>();
    headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_SESSION_ID);
    headers.put("Session-Id", session.getSessionId());
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setHeaders(headers);
    event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
    assertThat(response, hasStatus(200));
    IPVAuthorisationResponse body = new ObjectMapper().readValue(response.getBody(), IPVAuthorisationResponse.class);
    assertThat(body.getRedirectUri(), startsWith(IPV_AUTHORISATION_URI + "/authorize"));
    assertThat(splitQuery(body.getRedirectUri()).get("claims"), equalTo(claimsSetRequest.toJSONString()));
    verify(authorisationService).storeState(eq(session.getSessionId()), any(State.class));
}
Also used : IPVAuthorisationResponse(uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) State(com.nimbusds.oauth2.sdk.id.State) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.jupiter.api.Test)

Aggregations

APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)260 Test (org.junit.jupiter.api.Test)214 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)182 HashMap (java.util.HashMap)56 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)43 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)30 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)22 URI (java.net.URI)21 NotifyRequest (uk.gov.di.authentication.shared.entity.NotifyRequest)17 UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)17 Map (java.util.Map)16 ClientRegistry (uk.gov.di.authentication.shared.entity.ClientRegistry)14 ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)14 Context (com.amazonaws.services.lambda.runtime.Context)13 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)13 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)13 NotifyRequest (uk.gov.di.accountmanagement.entity.NotifyRequest)13 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)12 Subject (com.nimbusds.oauth2.sdk.id.Subject)12 URIBuilder (org.apache.http.client.utils.URIBuilder)11