Example 1 with IPVAuthorisationResponse
use of uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse in project di-authentication-api by alphagov.
the class IPVAuthorisationHandlerTest method shouldReturn200AndRedirectURIWithClaims.
@Test
void shouldReturn200AndRedirectURIWithClaims() throws JsonProcessingException, UnsupportedEncodingException {
usingValidSession();
usingValidClientSession(TEST_CLIENT_ID);
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, PERSISTENT_SESSION_ID);
headers.put("Session-Id", session.getSessionId());
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setHeaders(headers);
event.setBody(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS));
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
APIGatewayProxyResponseEvent response = makeHandlerRequest(event);
assertThat(response, hasStatus(200));
IPVAuthorisationResponse body = new ObjectMapper().readValue(response.getBody(), IPVAuthorisationResponse.class);
assertThat(body.getRedirectUri(), startsWith(IPV_AUTHORISATION_URI + "/authorize"));
assertThat(splitQuery(body.getRedirectUri()).get("claims"), equalTo(claimsSetRequest.toJSONString()));
verify(authorisationService).storeState(eq(session.getSessionId()), any(State.class));
}
Also used :
IPVAuthorisationResponse(uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse)
APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
State(com.nimbusds.oauth2.sdk.id.State)
APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
Example 2 with IPVAuthorisationResponse
use of uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse in project di-authentication-api by alphagov.
the class IPVAuthorisationHandlerIntegrationTest method shouldReturn200WithValidIPVAuthorisationRequest.
@Test
void shouldReturn200WithValidIPVAuthorisationRequest() throws IOException {
var response = makeRequest(Optional.of(format("{ \"email\": \"%s\"}", TEST_EMAIL_ADDRESS)), constructFrontendHeaders(SESSION_ID, CLIENT_SESSION_ID, PERSISTENT_SESSION_ID), Map.of());
assertThat(response, hasStatus(200));
IPVAuthorisationResponse body = new ObjectMapper().readValue(response.getBody(), IPVAuthorisationResponse.class);
assertThat(body.getRedirectUri(), startsWith(configurationService.getIPVAuthorisationURI() + "/authorize"));
assertEventTypesReceived(auditTopic, List.of(IPV_AUTHORISATION_REQUESTED));
}
Also used :
IPVAuthorisationResponse(uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Test(org.junit.jupiter.api.Test)
ApiGatewayHandlerIntegrationTest(uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)
Example 3 with IPVAuthorisationResponse
use of uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse in project di-authentication-api by alphagov.
the class IPVAuthorisationHandler method handleRequestWithUserContext.
@Override
public APIGatewayProxyResponseEvent handleRequestWithUserContext(APIGatewayProxyRequestEvent input, Context context, IPVAuthorisationRequest request, UserContext userContext) {
try {
if (!configurationService.isIdentityEnabled()) {
LOG.error("Identity is not enabled");
throw new RuntimeException("Identity is not enabled");
}
var persistentId = PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders());
attachLogFieldToLogs(PERSISTENT_SESSION_ID, persistentId);
var clientId = userContext.getClient().map(ClientRegistry::getClientID);
attachLogFieldToLogs(CLIENT_ID, clientId.orElse(UNKNOWN));
LOG.info("IPVAuthorisationHandler received request");
var authRequest = AuthenticationRequest.parse(userContext.getClientSession().getAuthRequestParams());
var pairwiseSubject = ClientSubjectHelper.getSubjectWithSectorIdentifier(userContext.getUserProfile().orElseThrow(), configurationService.getIPVSector(), authenticationService);
var clientID = new ClientID(configurationService.getIPVAuthorisationClientId());
var state = new State();
var claimsSetRequest = buildIpvClaimsRequest(authRequest).map(ClaimsSetRequest::toJSONString).orElse(null);
var nonce = new Nonce(IdGenerator.generate());
var encryptedJWT = authorisationService.constructRequestJWT(state, nonce, authRequest.getScope(), pairwiseSubject, claimsSetRequest);
var authRequestBuilder = new AuthorizationRequest.Builder(new ResponseType(ResponseType.Value.CODE), clientID).endpointURI(configurationService.getIPVAuthorisationURI()).requestObject(encryptedJWT);
var ipvAuthorisationRequest = authRequestBuilder.build();
authorisationService.storeState(userContext.getSession().getSessionId(), state);
auditService.submitAuditEvent(IPVAuditableEvent.IPV_AUTHORISATION_REQUESTED, context.getAwsRequestId(), userContext.getSession().getSessionId(), clientId.orElse(AuditService.UNKNOWN), AuditService.UNKNOWN, request.getEmail(), IpAddressHelper.extractIpAddress(input), AuditService.UNKNOWN, persistentId);
LOG.info("IPVAuthorisationHandler successfully processed request, redirect URI {}", ipvAuthorisationRequest.toURI().toString());
return generateApiGatewayProxyResponse(200, new IPVAuthorisationResponse(ipvAuthorisationRequest.toURI().toString()));
} catch (ParseException | JsonException e) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1001);
}
}
Also used :
Nonce(com.nimbusds.openid.connect.sdk.Nonce)
IPVAuthorisationResponse(uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse)
JsonException(uk.gov.di.authentication.shared.serialization.Json.JsonException)
State(com.nimbusds.oauth2.sdk.id.State)
ClientRegistry(uk.gov.di.authentication.shared.entity.ClientRegistry)
ClientID(com.nimbusds.oauth2.sdk.id.ClientID)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
ResponseType(com.nimbusds.oauth2.sdk.ResponseType)
Aggregations
IPVAuthorisationResponse (uk.gov.di.authentication.ipv.entity.IPVAuthorisationResponse)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
State (com.nimbusds.oauth2.sdk.id.State)2
Test (org.junit.jupiter.api.Test)2
APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)1
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1
ParseException (com.nimbusds.oauth2.sdk.ParseException)1
ResponseType (com.nimbusds.oauth2.sdk.ResponseType)1
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)1
Nonce (com.nimbusds.openid.connect.sdk.Nonce)1
HashMap (java.util.HashMap)1
LinkedHashMap (java.util.LinkedHashMap)1
ClientRegistry (uk.gov.di.authentication.shared.entity.ClientRegistry)1
JsonException (uk.gov.di.authentication.shared.serialization.Json.JsonException)1
ApiGatewayHandlerIntegrationTest (uk.gov.di.authentication.sharedtest.basetest.ApiGatewayHandlerIntegrationTest)1
