use of uk.gov.di.authentication.frontendapi.entity.SignUpResponse in project di-authentication-api by alphagov.
the class SignUpHandler method handleRequestWithUserContext.
@Override
public APIGatewayProxyResponseEvent handleRequestWithUserContext(APIGatewayProxyRequestEvent input, Context context, SignupRequest request, UserContext userContext) {
attachSessionIdToLogs(userContext.getSession());
attachLogFieldToLogs(PERSISTENT_SESSION_ID, extractPersistentIdFromHeaders(input.getHeaders()));
attachLogFieldToLogs(CLIENT_ID, userContext.getClient().map(ClientRegistry::getClientID).orElse("unknown"));
LOG.info("Received request");
Optional<ErrorResponse> passwordValidationErrors = ValidationHelper.validatePassword(request.getPassword());
if (passwordValidationErrors.isEmpty()) {
if (authenticationService.userExists(request.getEmail())) {
auditService.submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT_EMAIL_ALREADY_EXISTS, context.getAwsRequestId(), userContext.getSession().getSessionId(), userContext.getClient().map(ClientRegistry::getClientID).orElse(AuditService.UNKNOWN), AuditService.UNKNOWN, request.getEmail(), IpAddressHelper.extractIpAddress(input), AuditService.UNKNOWN, PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1009);
}
authenticationService.signUp(request.getEmail(), request.getPassword(), new Subject(), new TermsAndConditions(configurationService.getTermsAndConditionsVersion(), LocalDateTime.now(ZoneId.of("UTC")).toString()));
var consentRequired = ConsentHelper.userHasNotGivenConsent(userContext);
auditService.submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT, context.getAwsRequestId(), userContext.getSession().getSessionId(), userContext.getClient().map(ClientRegistry::getClientID).orElse(AuditService.UNKNOWN), AuditService.UNKNOWN, request.getEmail(), IpAddressHelper.extractIpAddress(input), AuditService.UNKNOWN, PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
sessionService.save(userContext.getSession().setEmailAddress(request.getEmail()).setNewAccount(NEW));
LOG.info("Successfully processed request");
try {
return generateApiGatewayProxyResponse(200, new SignUpResponse(consentRequired));
} catch (JsonException e) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
}
} else {
return generateApiGatewayProxyErrorResponse(400, passwordValidationErrors.get());
}
}
use of uk.gov.di.authentication.frontendapi.entity.SignUpResponse in project di-authentication-api by alphagov.
the class SignUpHandlerTest method shouldReturn200IfSignUpIsSuccessful.
@ParameterizedTest
@MethodSource("consentValues")
void shouldReturn200IfSignUpIsSuccessful(boolean consentRequired) throws JsonProcessingException, Json.JsonException {
String email = "joe.bloggs@test.com";
String password = "computer-1";
String persistentId = "some-persistent-id-value";
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
headers.put("Session-Id", session.getSessionId());
when(authenticationService.userExists(eq("joe.bloggs@test.com"))).thenReturn(false);
when(clientService.getClient(CLIENT_ID.getValue())).thenReturn(Optional.of(generateClientRegistry(consentRequired)));
when(clientSessionService.getClientSessionFromRequestHeaders(anyMap())).thenReturn(Optional.of(clientSession));
usingValidSession();
usingValidClientSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
event.setHeaders(headers);
event.setBody(format("{ \"password\": \"computer-1\", \"email\": \"%s\" }", email.toUpperCase()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
verify(authenticationService).signUp(eq("joe.bloggs@test.com"), eq(password), any(Subject.class), any(TermsAndConditions.class));
verify(sessionService).save(argThat((session) -> session.getEmailAddress().equals("joe.bloggs@test.com")));
assertThat(result, hasStatus(200));
SignUpResponse signUpResponse = objectMapper.readValue(result.getBody(), SignUpResponse.class);
assertThat(signUpResponse.isConsentRequired(), equalTo(consentRequired));
verify(authenticationService).signUp(eq(email), eq("computer-1"), any(Subject.class), any(TermsAndConditions.class));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT, context.getAwsRequestId(), session.getSessionId(), CLIENT_ID.getValue(), AuditService.UNKNOWN, "joe.bloggs@test.com", "123.123.123.123", AuditService.UNKNOWN, persistentId);
verify(sessionService).save(argThat(session -> session.isNewAccount() == Session.AccountState.NEW));
}
use of uk.gov.di.authentication.frontendapi.entity.SignUpResponse in project di-authentication-api by alphagov.
the class SignupIntegrationTest method shouldReturn200WhenValidSignUpRequest.
@ParameterizedTest
@MethodSource("consentValues")
void shouldReturn200WhenValidSignUpRequest(boolean consentRequired) throws IOException, Json.JsonException {
String sessionId = redis.createSession();
Map<String, String> headers = new HashMap<>();
headers.put("Session-Id", sessionId);
headers.put("Client-Session-Id", CLIENT_SESSION_ID);
headers.put("X-API-Key", FRONTEND_API_KEY);
Scope scope = new Scope();
scope.add(OIDCScopeValue.OPENID);
AuthenticationRequest authRequest = new AuthenticationRequest.Builder(ResponseType.CODE, scope, new ClientID(CLIENT_ID), URI.create(REDIRECT_URI)).nonce(new Nonce()).build();
redis.createClientSession(CLIENT_SESSION_ID, authRequest.toParameters());
clientStore.registerClient(CLIENT_ID, "The test client", singletonList(REDIRECT_URI), singletonList("test-client@test.com"), singletonList(scope.toString()), Base64.getMimeEncoder().encodeToString(GENERATE_RSA_KEY_PAIR().getPublic().getEncoded()), singletonList("http://localhost/post-redirect-logout"), "http://example.com", String.valueOf(ServiceType.MANDATORY), "https://test.com", "public", consentRequired);
var response = makeRequest(Optional.of(new SignupRequest("joe.bloggs+5@digital.cabinet-office.gov.uk", "password-1")), headers, Map.of());
assertThat(response, hasStatus(200));
SignUpResponse signUpResponse = objectMapper.readValue(response.getBody(), SignUpResponse.class);
assertThat(signUpResponse.isConsentRequired(), equalTo(consentRequired));
assertTrue(userStore.userExists("joe.bloggs+5@digital.cabinet-office.gov.uk"));
assertEventTypesReceived(auditTopic, List.of(CREATE_ACCOUNT));
}
Aggregations