use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.
the class UpdatePhoneNumberIntegrationTest method shouldReturn400WhenOtpIsInvalid.
@Test
void shouldReturn400WhenOtpIsInvalid() throws Exception {
String publicSubjectID = userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
String badOtp = "This is not the correct OTP";
var response = makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, badOtp)), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", publicSubjectID));
assertThat(response, hasStatus(HttpStatus.SC_BAD_REQUEST));
assertThat(response, hasBody(new ObjectMapper().writeValueAsString(ErrorResponse.ERROR_1020)));
assertNoNotificationsReceived(notificationsQueue);
assertNoAuditEventsReceived(auditTopic);
}
use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.
the class UpdatePhoneNumberHandler method updatePhoneNumberRequestHandler.
public APIGatewayProxyResponseEvent updatePhoneNumberRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
attachSessionIdToLogs(sessionId);
LOG.info("UpdatePhoneNumberHandler received request");
try {
UpdatePhoneNumberRequest updatePhoneNumberRequest = objectMapper.readValue(input.getBody(), UpdatePhoneNumberRequest.class);
boolean isValidOtpCode = codeStorageService.isValidOtpCode(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getOtp(), NotificationType.VERIFY_PHONE_NUMBER);
if (!isValidOtpCode) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1020);
}
UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePhoneNumberRequest.getEmail());
Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
dynamoService.updatePhoneNumber(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getPhoneNumber());
LOG.info("Phone Number has successfully been updated. Adding message to SQS queue");
NotifyRequest notifyRequest = new NotifyRequest(updatePhoneNumberRequest.getEmail(), NotificationType.PHONE_NUMBER_UPDATED);
sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PHONE_NUMBER, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), updatePhoneNumberRequest.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
LOG.info("Message successfully added to queue. Generating successful gateway response");
return generateEmptySuccessApiGatewayResponse();
} catch (JsonException | IllegalArgumentException e) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
}
});
}
use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.
the class UpdatePhoneNumberIntegrationTest method shouldThrowExceptionWhenSubjectIdMissing.
@Test
void shouldThrowExceptionWhenSubjectIdMissing() {
userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
String otp = redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, otp)), Collections.emptyMap(), Collections.emptyMap()));
assertThat(ex.getMessage(), is("principalId is missing"));
}
use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.
the class UpdatePhoneNumberHandler method handleRequest.
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
attachSessionIdToLogs(sessionId);
LOG.info("UpdatePhoneNumberHandler received request");
try {
UpdatePhoneNumberRequest updatePhoneNumberRequest = objectMapper.readValue(input.getBody(), UpdatePhoneNumberRequest.class);
boolean isValidOtpCode = codeStorageService.isValidOtpCode(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getOtp(), NotificationType.VERIFY_PHONE_NUMBER);
if (!isValidOtpCode) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1020);
}
Optional<ErrorResponse> phoneValidationErrors = validationService.validatePhoneNumber(updatePhoneNumberRequest.getPhoneNumber());
if (phoneValidationErrors.isPresent()) {
return generateApiGatewayProxyErrorResponse(400, phoneValidationErrors.get());
}
UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePhoneNumberRequest.getEmail());
Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
dynamoService.updatePhoneNumber(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getPhoneNumber());
LOG.info("Phone Number has successfully been updated. Adding message to SQS queue");
NotifyRequest notifyRequest = new NotifyRequest(updatePhoneNumberRequest.getEmail(), NotificationType.PHONE_NUMBER_UPDATED);
sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PHONE_NUMBER, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), updatePhoneNumberRequest.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
LOG.info("Message successfully added to queue. Generating successful gateway response");
return generateEmptySuccessApiGatewayResponse();
} catch (JsonProcessingException | IllegalArgumentException e) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
}
});
}
use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.
the class UpdatePhoneNumberIntegrationTest method shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount.
@Test
void shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount() {
userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
String otherSubjectID = userStore.signUp("other.user@digital.cabinet-office.gov.uk", "password-2", new Subject());
String otp = redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, otp)), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", otherSubjectID)));
assertThat(ex.getMessage(), is("Subject ID does not match principalId"));
}
Aggregations