Search in sources :

Example 41 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldNotReturnStateWhenStateIsNotSentInRequest.

@Test
public void shouldNotReturnStateWhenStateIsNotSentInRequest() {
    when(dynamoClientService.getClient("client-id")).thenReturn(Optional.of(createClientRegistry()));
    when(tokenValidationService.isTokenSignatureValid(signedIDToken.serialize())).thenReturn(true);
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedIDToken.serialize(), "post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString()));
    generateSessionFromCookie(session);
    setupClientSessionToken(signedIDToken);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    verify(sessionService, times(1)).deleteSessionFromRedis(SESSION_ID);
    verify(clientSessionService).deleteClientSessionFromRedis(CLIENT_SESSION_ID);
    assertThat(response, hasStatus(302));
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(CLIENT_LOGOUT_URI.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, "client-id", AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 42 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldDeleteSessionAndRedirectToDefaultLogoutUriForValidLogoutRequestWithNoQueryParams.

@Test
public void shouldDeleteSessionAndRedirectToDefaultLogoutUriForValidLogoutRequestWithNoQueryParams() {
    when(dynamoClientService.getClient("client-id")).thenReturn(Optional.of(createClientRegistry()));
    when(tokenValidationService.isTokenSignatureValid(signedIDToken.serialize())).thenReturn(true);
    APIGatewayProxyRequestEvent event = generateRequestEvent(null);
    setupSessions();
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    verifySessions();
    assertThat(response, hasStatus(302));
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(DEFAULT_LOGOUT_URI.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 43 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldRedirectToDefaultLogoutUriWhenNoCookieExists.

@Test
public void shouldRedirectToDefaultLogoutUriWhenNoCookieExists() {
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setQueryStringParameters(Map.of("post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString(), "state", STATE.toString()));
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    assertThat(response, hasStatus(302));
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(DEFAULT_LOGOUT_URI + "?state=" + STATE));
    verify(sessionService, times(0)).deleteSessionFromRedis(SESSION_ID);
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PersistentIdHelper.PERSISTENT_ID_UNKNOWN_VALUE);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 44 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldRedirectToDefaultLogoutUriWithErrorMessageWhenLogoutUriInRequestDoesNotMatchClientRegistry.

@Test
public void shouldRedirectToDefaultLogoutUriWithErrorMessageWhenLogoutUriInRequestDoesNotMatchClientRegistry() throws URISyntaxException {
    when(tokenValidationService.isTokenSignatureValid(signedIDToken.serialize())).thenReturn(true);
    when(dynamoClientService.getClient("client-id")).thenReturn(Optional.of(createClientRegistry()));
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedIDToken.serialize(), "post_logout_redirect_uri", "http://localhost/invalidlogout", "state", STATE.toString()));
    session.getClientSessions().add(CLIENT_SESSION_ID);
    setupClientSessionToken(signedIDToken);
    generateSessionFromCookie(session);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    assertThat(response, hasStatus(302));
    ErrorObject errorObject = new ErrorObject(OAuth2Error.INVALID_REQUEST_CODE, "client registry does not contain post_logout_redirect_uri");
    URIBuilder uriBuilder = new URIBuilder(DEFAULT_LOGOUT_URI);
    uriBuilder.addParameter("state", STATE.getValue());
    uriBuilder.addParameter("error_code", errorObject.getCode());
    uriBuilder.addParameter("error_description", errorObject.getDescription());
    URI expectedUri = uriBuilder.build();
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(expectedUri.toString()));
    verify(sessionService, times(1)).deleteSessionFromRedis(SESSION_ID);
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, "client-id", AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) URI(java.net.URI) URIBuilder(org.apache.http.client.utils.URIBuilder) Test(org.junit.jupiter.api.Test)

Example 45 with APIGatewayProxyResponseEvent

use of com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent in project di-authentication-api by alphagov.

the class TokenHandlerTest method shouldReturn200ForSuccessfulTokenRequest.

@ParameterizedTest
@MethodSource("validVectorValues")
public void shouldReturn200ForSuccessfulTokenRequest(String vectorValue, boolean clientRegistryConsent, boolean expectedConsentRequired, boolean clientIdInHeader) throws JOSEException {
    KeyPair keyPair = generateRsaKeyPair();
    UserProfile userProfile = generateUserProfile();
    SignedJWT signedJWT = generateIDToken(CLIENT_ID, PUBLIC_SUBJECT, "issuer-url", new ECKeyGenerator(Curve.P_256).algorithm(JWSAlgorithm.ES256).generate());
    OIDCTokenResponse tokenResponse = new OIDCTokenResponse(new OIDCTokens(signedJWT, accessToken, refreshToken));
    PrivateKeyJWT privateKeyJWT = generatePrivateKeyJWT(keyPair.getPrivate());
    ClientRegistry clientRegistry = generateClientRegistry(keyPair, clientRegistryConsent);
    when(tokenService.validateTokenRequestParams(anyString())).thenReturn(Optional.empty());
    when(clientService.getClient(eq(CLIENT_ID))).thenReturn(Optional.of(clientRegistry));
    when(tokenService.getClientIDFromPrivateKeyJWT(anyString())).thenReturn(Optional.of(CLIENT_ID));
    when(tokenService.validatePrivateKeyJWT(anyString(), eq(clientRegistry.getPublicKey()), eq(BASE_URI), eq(CLIENT_ID))).thenReturn(Optional.empty());
    String authCode = new AuthorizationCode().toString();
    AuthenticationRequest authenticationRequest = generateAuthRequest(JsonArrayHelper.jsonArrayOf(vectorValue));
    VectorOfTrust vtr = VectorOfTrust.parseFromAuthRequestAttribute(authenticationRequest.getCustomParameter("vtr"));
    when(authorisationCodeService.getExchangeDataForCode(authCode)).thenReturn(Optional.of(new AuthCodeExchangeData().setEmail(TEST_EMAIL).setClientSessionId(CLIENT_SESSION_ID).setClientSession(new ClientSession(authenticationRequest.toParameters(), LocalDateTime.now(), vtr))));
    when(dynamoService.getUserProfileByEmail(eq(TEST_EMAIL))).thenReturn(userProfile);
    when(tokenService.generateTokenResponse(CLIENT_ID, INTERNAL_SUBJECT, SCOPES, Map.of("nonce", NONCE), PUBLIC_SUBJECT, vtr.retrieveVectorOfTrustForToken(), userProfile.getClientConsent(), expectedConsentRequired, null, false)).thenReturn(tokenResponse);
    APIGatewayProxyResponseEvent result = generateApiGatewayRequest(privateKeyJWT, authCode, CLIENT_ID, clientIdInHeader);
    assertThat(result, hasStatus(200));
    assertTrue(result.getBody().contains(refreshToken.getValue()));
    assertTrue(result.getBody().contains(accessToken.getValue()));
}
Also used : AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) KeyPair(java.security.KeyPair) UserProfile(uk.gov.di.authentication.shared.entity.UserProfile) OIDCTokenResponse(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) VectorOfTrust(uk.gov.di.authentication.shared.entity.VectorOfTrust) RequestObjectTestHelper.generateSignedJWT(uk.gov.di.authentication.oidc.helper.RequestObjectTestHelper.generateSignedJWT) SignedJWT(com.nimbusds.jwt.SignedJWT) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) AuthCodeExchangeData(uk.gov.di.authentication.shared.entity.AuthCodeExchangeData) OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens) ClientSession(uk.gov.di.authentication.shared.entity.ClientSession) ClientRegistry(uk.gov.di.authentication.shared.entity.ClientRegistry) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Aggregations

APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)260 Test (org.junit.jupiter.api.Test)214 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)182 HashMap (java.util.HashMap)56 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)43 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)30 ErrorObject (com.nimbusds.oauth2.sdk.ErrorObject)22 URI (java.net.URI)21 NotifyRequest (uk.gov.di.authentication.shared.entity.NotifyRequest)17 UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)17 Map (java.util.Map)16 ClientRegistry (uk.gov.di.authentication.shared.entity.ClientRegistry)14 ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)14 Context (com.amazonaws.services.lambda.runtime.Context)13 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)13 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)13 NotifyRequest (uk.gov.di.accountmanagement.entity.NotifyRequest)13 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)12 Subject (com.nimbusds.oauth2.sdk.id.Subject)12 URIBuilder (org.apache.http.client.utils.URIBuilder)11