Search in sources :

Example 1 with UpdatePhoneNumberRequest

use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.

the class UpdatePhoneNumberIntegrationTest method shouldReturn400WhenOtpIsInvalid.

@Test
void shouldReturn400WhenOtpIsInvalid() throws Exception {
    String publicSubjectID = userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
    String badOtp = "This is not the correct OTP";
    var response = makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, badOtp)), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", publicSubjectID));
    assertThat(response, hasStatus(HttpStatus.SC_BAD_REQUEST));
    assertThat(response, hasBody(new ObjectMapper().writeValueAsString(ErrorResponse.ERROR_1020)));
    assertNoNotificationsReceived(notificationsQueue);
    assertNoAuditEventsReceived(auditTopic);
}
Also used : ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) UpdatePhoneNumberRequest(uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Example 2 with UpdatePhoneNumberRequest

use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.

the class UpdatePhoneNumberHandler method updatePhoneNumberRequestHandler.

public APIGatewayProxyResponseEvent updatePhoneNumberRequestHandler(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
        attachSessionIdToLogs(sessionId);
        LOG.info("UpdatePhoneNumberHandler received request");
        try {
            UpdatePhoneNumberRequest updatePhoneNumberRequest = objectMapper.readValue(input.getBody(), UpdatePhoneNumberRequest.class);
            boolean isValidOtpCode = codeStorageService.isValidOtpCode(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getOtp(), NotificationType.VERIFY_PHONE_NUMBER);
            if (!isValidOtpCode) {
                return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1020);
            }
            UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePhoneNumberRequest.getEmail());
            Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
            RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
            dynamoService.updatePhoneNumber(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getPhoneNumber());
            LOG.info("Phone Number has successfully been updated. Adding message to SQS queue");
            NotifyRequest notifyRequest = new NotifyRequest(updatePhoneNumberRequest.getEmail(), NotificationType.PHONE_NUMBER_UPDATED);
            sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
            auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PHONE_NUMBER, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), updatePhoneNumberRequest.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
            LOG.info("Message successfully added to queue. Generating successful gateway response");
            return generateEmptySuccessApiGatewayResponse();
        } catch (JsonException | IllegalArgumentException e) {
            return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
        }
    });
}
Also used : JsonException(uk.gov.di.authentication.shared.serialization.Json.JsonException) UserProfile(uk.gov.di.authentication.shared.entity.UserProfile) NotifyRequest(uk.gov.di.accountmanagement.entity.NotifyRequest) Subject(com.nimbusds.oauth2.sdk.id.Subject) UpdatePhoneNumberRequest(uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest)

Example 3 with UpdatePhoneNumberRequest

use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.

the class UpdatePhoneNumberIntegrationTest method shouldThrowExceptionWhenSubjectIdMissing.

@Test
void shouldThrowExceptionWhenSubjectIdMissing() {
    userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    String otp = redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
    Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, otp)), Collections.emptyMap(), Collections.emptyMap()));
    assertThat(ex.getMessage(), is("principalId is missing"));
}
Also used : UpdatePhoneNumberRequest(uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Example 4 with UpdatePhoneNumberRequest

use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.

the class UpdatePhoneNumberHandler method handleRequest.

@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
    return isWarming(input).orElseGet(() -> {
        String sessionId = RequestHeaderHelper.getHeaderValueOrElse(input.getHeaders(), SESSION_ID_HEADER, "");
        attachSessionIdToLogs(sessionId);
        LOG.info("UpdatePhoneNumberHandler received request");
        try {
            UpdatePhoneNumberRequest updatePhoneNumberRequest = objectMapper.readValue(input.getBody(), UpdatePhoneNumberRequest.class);
            boolean isValidOtpCode = codeStorageService.isValidOtpCode(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getOtp(), NotificationType.VERIFY_PHONE_NUMBER);
            if (!isValidOtpCode) {
                return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1020);
            }
            Optional<ErrorResponse> phoneValidationErrors = validationService.validatePhoneNumber(updatePhoneNumberRequest.getPhoneNumber());
            if (phoneValidationErrors.isPresent()) {
                return generateApiGatewayProxyErrorResponse(400, phoneValidationErrors.get());
            }
            UserProfile userProfile = dynamoService.getUserProfileByEmail(updatePhoneNumberRequest.getEmail());
            Map<String, Object> authorizerParams = input.getRequestContext().getAuthorizer();
            RequestBodyHelper.validatePrincipal(new Subject(userProfile.getPublicSubjectID()), authorizerParams);
            dynamoService.updatePhoneNumber(updatePhoneNumberRequest.getEmail(), updatePhoneNumberRequest.getPhoneNumber());
            LOG.info("Phone Number has successfully been updated. Adding message to SQS queue");
            NotifyRequest notifyRequest = new NotifyRequest(updatePhoneNumberRequest.getEmail(), NotificationType.PHONE_NUMBER_UPDATED);
            sqsClient.send(objectMapper.writeValueAsString((notifyRequest)));
            auditService.submitAuditEvent(AccountManagementAuditableEvent.UPDATE_PHONE_NUMBER, context.getAwsRequestId(), sessionId, AuditService.UNKNOWN, userProfile.getSubjectID(), userProfile.getEmail(), IpAddressHelper.extractIpAddress(input), updatePhoneNumberRequest.getPhoneNumber(), PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
            LOG.info("Message successfully added to queue. Generating successful gateway response");
            return generateEmptySuccessApiGatewayResponse();
        } catch (JsonProcessingException | IllegalArgumentException e) {
            return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
        }
    });
}
Also used : UserProfile(uk.gov.di.authentication.shared.entity.UserProfile) NotifyRequest(uk.gov.di.accountmanagement.entity.NotifyRequest) Subject(com.nimbusds.oauth2.sdk.id.Subject) ErrorResponse(uk.gov.di.authentication.shared.entity.ErrorResponse) ApiGatewayResponseHelper.generateApiGatewayProxyErrorResponse(uk.gov.di.authentication.shared.helpers.ApiGatewayResponseHelper.generateApiGatewayProxyErrorResponse) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) UpdatePhoneNumberRequest(uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest)

Example 5 with UpdatePhoneNumberRequest

use of uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest in project di-authentication-api by alphagov.

the class UpdatePhoneNumberIntegrationTest method shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount.

@Test
void shouldThrowExceptionWhenUserAttemptsToUpdateDifferentAccount() {
    userStore.signUp(TEST_EMAIL, "password-1", SUBJECT);
    String otherSubjectID = userStore.signUp("other.user@digital.cabinet-office.gov.uk", "password-2", new Subject());
    String otp = redis.generateAndSavePhoneNumberCode(TEST_EMAIL, 300);
    Exception ex = assertThrows(RuntimeException.class, () -> makeRequest(Optional.of(new UpdatePhoneNumberRequest(TEST_EMAIL, NEW_PHONE_NUMBER, otp)), Collections.emptyMap(), Collections.emptyMap(), Collections.emptyMap(), Map.of("principalId", otherSubjectID)));
    assertThat(ex.getMessage(), is("Subject ID does not match principalId"));
}
Also used : Subject(com.nimbusds.oauth2.sdk.id.Subject) UpdatePhoneNumberRequest(uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)

Aggregations

UpdatePhoneNumberRequest (uk.gov.di.accountmanagement.entity.UpdatePhoneNumberRequest)5 Subject (com.nimbusds.oauth2.sdk.id.Subject)3 Test (org.junit.jupiter.api.Test)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)3 NotifyRequest (uk.gov.di.accountmanagement.entity.NotifyRequest)2 UserProfile (uk.gov.di.authentication.shared.entity.UserProfile)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 ErrorResponse (uk.gov.di.authentication.shared.entity.ErrorResponse)1 ApiGatewayResponseHelper.generateApiGatewayProxyErrorResponse (uk.gov.di.authentication.shared.helpers.ApiGatewayResponseHelper.generateApiGatewayProxyErrorResponse)1 JsonException (uk.gov.di.authentication.shared.serialization.Json.JsonException)1