Examples with UpdatePasswordRequest uk.gov.di.accountmanagement.entity.UpdatePasswordRequest used on opensource projects

Example 1 with UpdatePasswordRequest

use of uk.gov.di.accountmanagement.entity.UpdatePasswordRequest in project di-authentication-api by alphagov.

the class UpdatePasswordIntegrationTest method shouldThrowExceptionWhenSubjectIdMissing.

@Test
void shouldThrowExceptionWhenSubjectIdMissing() {
    userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePasswordRequest(TEST_EMAIL, "password-2")), Collections.emptyMap(), Collections.emptyMap()));
    assertThat(ex.getMessage(), is("principalId is missing"));
}

Example 2 with UpdatePasswordRequest

use of uk.gov.di.accountmanagement.entity.UpdatePasswordRequest in project di-authentication-api by alphagov.

the class UpdatePasswordIntegrationTest method shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount.

@Test
void shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount() {
    String correctSubjectID = userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    String otherSubjectID = userStore.signUp("other.user@digital.cabinet-office.gov.uk", "password-2", new Subject());
    Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePasswordRequest(TEST_EMAIL, "password-2")), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", otherSubjectID)));
    assertThat(ex.getMessage(), is("Subject ID does not match principalId"));
}

Example 3 with UpdatePasswordRequest

use of uk.gov.di.accountmanagement.entity.UpdatePasswordRequest in project di-authentication-api by alphagov.

the class UpdatePasswordIntegrationTest method shouldReturn400WhenNewPasswordIsSameAsOldPassword.

@Test
void shouldReturn400WhenNewPasswordIsSameAsOldPassword() throws Exception {
    String publicSubjectID = userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    var response = makeRequest(Optional.of(new UpdatePasswordRequest(TEST_EMAIL, "password-1")), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", publicSubjectID));
    assertThat(response, hasStatus(HttpStatus.SC_BAD_REQUEST));
    assertThat(response, hasBody(new ObjectMapper().writeValueAsString(ErrorResponse.ERROR_1024)));
    assertNoNotificationsReceived(notificationsQueue);
    assertNoAuditEventsReceived(auditTopic);
}

Example 4 with UpdatePasswordRequest

use of uk.gov.di.accountmanagement.entity.UpdatePasswordRequest in project di-authentication-api by alphagov.

the class UpdatePasswordHandler method handleRequest.

@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
        attachSessionIdToLogs(sessionId);
        LOG.info("UpdatePasswordHandler received request");
        context.getClientContext();
        try {
            UpdatePasswordRequest updatePasswordRequest = objectMapper.readValue(input.getBody(), UpdatePasswordRequest.class);
            UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePasswordRequest.getEmail());
            Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
            RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
            String currentPassword = dynamoService.getUserCredentialsFromEmail(updatePasswordRequest.getEmail()).getPassword();
            if (verifyPassword(currentPassword, updatePasswordRequest.getNewPassword())) {
                return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1024);
            }
            dynamoService.updatePassword(updatePasswordRequest.getEmail(), updatePasswordRequest.getNewPassword());
            LOG.info("User Password has successfully been updated.  Adding confirmation message to SQS queue");
            NotifyRequest notifyRequest = new NotifyRequest(updatePasswordRequest.getEmail(), NotificationType.PASSWORD_UPDATED);
            sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
            LOG.info("Message successfully added to queue. Generating successful gateway response");
            auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PASSWORD, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), userProfile.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
            return generateEmptySuccessApiGatewayResponse();
        } catch (JsonProcessingException | IllegalArgumentException e) {
            return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
        }
    });
}

Example 5 with UpdatePasswordRequest

use of uk.gov.di.accountmanagement.entity.UpdatePasswordRequest in project di-authentication-api by alphagov.

the class UpdatePasswordHandler method updatePasswordRequestHandler.

public APIGatewayProxyResponseEvent updatePasswordRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
        attachSessionIdToLogs(sessionId);
        LOG.info("UpdatePasswordHandler received request");
        context.getClientContext();
        try {
            UpdatePasswordRequest updatePasswordRequest = objectMapper.readValue(input.getBody(), UpdatePasswordRequest.class);
            UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePasswordRequest.getEmail());
            Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
            RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
            String currentPassword = dynamoService.getUserCredentialsFromEmail(updatePasswordRequest.getEmail()).getPassword();
            if (verifyPassword(currentPassword, updatePasswordRequest.getNewPassword())) {
                return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1024);
            }
            dynamoService.updatePassword(updatePasswordRequest.getEmail(), updatePasswordRequest.getNewPassword());
            LOG.info("User Password has successfully been updated.  Adding confirmation message to SQS queue");
            NotifyRequest notifyRequest = new NotifyRequest(updatePasswordRequest.getEmail(), NotificationType.PASSWORD_UPDATED);
            sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
            LOG.info("Message successfully added to queue. Generating successful gateway response");
            auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PASSWORD, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), userProfile.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
            return generateEmptySuccessApiGatewayResponse();
        } catch (JsonException | IllegalArgumentException e) {
            return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
        }
    });
}