use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.
the class IdentityHandlerTest method shouldReturnIdentityResponseForSuccessfulRequest.
@Test
void shouldReturnIdentityResponseForSuccessfulRequest() throws AccessTokenException, JsonProcessingException {
String serializedCredential = SignedCredentialHelper.generateCredential().serialize();
IdentityResponse identityResponse = new IdentityResponse(SUBJECT.getValue(), serializedCredential);
AccessToken accessToken = new BearerAccessToken();
when(accessTokenService.parse(accessToken.toAuthorizationHeader(), true)).thenReturn(accessTokenInfo);
when(identityService.populateIdentityResponse(accessTokenInfo)).thenReturn(identityResponse);
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(Map.of("Authorization", accessToken.toAuthorizationHeader()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
IdentityResponse receivedIdentityResponse = new ObjectMapper().readValue(result.getBody(), IdentityResponse.class);
assertThat(receivedIdentityResponse.getIdentityCredential(), equalTo(serializedCredential));
assertThat(receivedIdentityResponse.getSub(), equalTo(SUBJECT.getValue()));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.
the class IdentityHandlerTest method shouldReturn401WhenAccessTokenIsMissing.
@Test
void shouldReturn401WhenAccessTokenIsMissing() {
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(401));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.
the class IPVCallbackHandlerTest method shouldRedirectToLoginUriForSuccessfulResponse.
@Test
void shouldRedirectToLoginUriForSuccessfulResponse() throws URISyntaxException {
usingValidSession();
usingValidClientSession();
TokenResponse successfulTokenResponse = new AccessTokenResponse(new Tokens(new BearerAccessToken(), null));
TokenRequest tokenRequest = mock(TokenRequest.class);
Map<String, String> responseHeaders = new HashMap<>();
responseHeaders.put("code", AUTH_CODE.getValue());
responseHeaders.put("state", STATE.getValue());
when(dynamoClientService.getClient(CLIENT_ID.getValue())).thenReturn(Optional.of(generateClientRegistry()));
when(responseService.validateResponse(responseHeaders, SESSION_ID)).thenReturn(Optional.empty());
when(dynamoService.getUserProfileFromEmail(TEST_EMAIL_ADDRESS)).thenReturn(Optional.of(generateUserProfile()));
when(ipvTokenService.constructTokenRequest(AUTH_CODE.getValue())).thenReturn(tokenRequest);
when(ipvTokenService.sendTokenRequest(tokenRequest)).thenReturn(successfulTokenResponse);
when(ipvTokenService.sendIpvInfoRequest(successfulTokenResponse.toSuccessResponse().getTokens().getBearerAccessToken())).thenReturn(SignedCredentialHelper.generateCredential().serialize());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setQueryStringParameters(responseHeaders);
event.setHeaders(Map.of(COOKIE, buildCookieString()));
APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
assertThat(response, hasStatus(302));
URI redirectUri = new URIBuilder(LOGIN_URL).setPath("auth-code").build();
assertThat(response.getHeaders().get("Location"), equalTo(redirectUri.toString()));
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.
the class TokenHandlerTest method shouldReturn200ForRefreshTokenRequestWhenMultipleRefreshTokensAreStored.
@Test
public void shouldReturn200ForRefreshTokenRequestWhenMultipleRefreshTokensAreStored() throws JOSEException, JsonProcessingException {
SignedJWT signedRefreshToken = createSignedRefreshToken();
KeyPair keyPair = generateRsaKeyPair();
RefreshToken refreshToken = new RefreshToken(signedRefreshToken.serialize());
RefreshToken refreshToken2 = new RefreshToken();
OIDCTokenResponse tokenResponse = new OIDCTokenResponse(new OIDCTokens(accessToken, refreshToken));
PrivateKeyJWT privateKeyJWT = generatePrivateKeyJWT(keyPair.getPrivate());
ClientRegistry clientRegistry = generateClientRegistry(keyPair);
when(tokenService.validateTokenRequestParams(anyString())).thenReturn(Optional.empty());
when(clientService.getClient(eq(CLIENT_ID))).thenReturn(Optional.of(clientRegistry));
when(tokenService.validatePrivateKeyJWT(anyString(), eq(clientRegistry.getPublicKey()), eq(BASE_URI), eq(CLIENT_ID))).thenReturn(Optional.empty());
when(tokenValidationService.validateRefreshTokenSignatureAndExpiry(refreshToken)).thenReturn(true);
when(tokenValidationService.validateRefreshTokenScopes(SCOPES.toStringList(), SCOPES.toStringList())).thenReturn(true);
RefreshTokenStore tokenStore = new RefreshTokenStore(List.of(refreshToken.getValue(), refreshToken2.getValue()), INTERNAL_SUBJECT.getValue());
String redisKey = REFRESH_TOKEN_PREFIX + CLIENT_ID + "." + PUBLIC_SUBJECT.getValue();
String tokenStoreString = new ObjectMapper().writeValueAsString(tokenStore);
when(redisConnectionService.getValue(redisKey)).thenReturn(tokenStoreString);
when(tokenService.generateRefreshTokenResponse(eq(CLIENT_ID), eq(INTERNAL_SUBJECT), eq(SCOPES.toStringList()), eq(PUBLIC_SUBJECT))).thenReturn(tokenResponse);
APIGatewayProxyResponseEvent result = generateApiGatewayRefreshRequest(privateKeyJWT, refreshToken.getValue());
assertThat(result, hasStatus(200));
assertTrue(result.getBody().contains(refreshToken.getValue()));
assertTrue(result.getBody().contains(accessToken.getValue()));
String updatedTokenstore = new ObjectMapper().writeValueAsString(new RefreshTokenStore(List.of(refreshToken2.getValue()), INTERNAL_SUBJECT.getValue()));
verify(redisConnectionService, times(1)).saveWithExpiry(redisKey, updatedTokenstore, 1234L);
}
use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.
the class IPVAuthorisationHandlerTest method shouldReturn200AndRedirectURIWithClaims.
@Test
void shouldReturn200AndRedirectURIWithClaims() throws JsonProcessingException, UnsupportedEncodingException {
usingValidSession();
usingValidClientSession(TEST_CLIENT_ID);
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_SESSION_ID);
headers.put("Session-Id", session.getSessionId());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(headers);
event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
assertThat(response, hasStatus(200));
IPVAuthorisationResponse body = new ObjectMapper().readValue(response.getBody(), IPVAuthorisationResponse.class);
assertThat(body.getRedirectUri(), startsWith(IPV_AUTHORISATION_URI + "/authorize"));
assertThat(splitQuery(body.getRedirectUri()).get("claims"), equalTo(claimsSetRequest.toJSONString()));
verify(authorisationService).storeState(eq(session.getSessionId()), any(State.class));
}
Aggregations