Example 1 with Session
use of uk.gov.di.authentication.shared.entity.Session in project di-authentication-api by alphagov.
the class AuthCodeHandler method handleRequest.
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
return isWarming(input).orElseGet(() -> {
Session session = sessionService.getSessionFromRequestHeaders(input.getHeaders()).orElse(null);
if (Objects.isNull(session)) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1000);
}
String clientSessionId = getHeaderValueFromHeaders(input.getHeaders(), CLIENT_SESSION_ID_HEADER, configurationService.getHeadersCaseInsensitive());
if (Objects.isNull(clientSessionId)) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1018);
}
attachSessionIdToLogs(session);
attachLogFieldToLogs(CLIENT_SESSION_ID, clientSessionId);
LOG.info("Processing request");
AuthenticationRequest authenticationRequest;
ClientSession clientSession;
try {
clientSession = clientSessionService.getClientSessionFromRequestHeaders(input.getHeaders()).orElse(null);
if (Objects.isNull(clientSession)) {
LOG.info("ClientSession not found");
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1018);
}
authenticationRequest = AuthenticationRequest.parse(clientSession.getAuthRequestParams());
} catch (ParseException e) {
if (e.getRedirectionURI() == null) {
LOG.warn("Authentication request could not be parsed: redirect URI or Client ID is missing from auth request", e);
throw new RuntimeException("Redirect URI or Client ID is missing from auth request", e);
}
AuthenticationErrorResponse errorResponse = authorizationService.generateAuthenticationErrorResponse(e.getRedirectionURI(), e.getState(), e.getResponseMode(), e.getErrorObject());
LOG.warn("Authentication request could not be parsed", e);
return generateResponse(new AuthCodeResponse(errorResponse.toURI().toString()));
}
try {
if (!authorizationService.isClientRedirectUriValid(authenticationRequest.getClientID(), authenticationRequest.getRedirectionURI())) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1016);
}
VectorOfTrust requestedVectorOfTrust = clientSession.getEffectiveVectorOfTrust();
if (isNull(session.getCurrentCredentialStrength()) || requestedVectorOfTrust.getCredentialTrustLevel().compareTo(session.getCurrentCredentialStrength()) > 0) {
session.setCurrentCredentialStrength(requestedVectorOfTrust.getCredentialTrustLevel());
}
AuthorizationCode authCode = authorisationCodeService.generateAuthorisationCode(clientSessionId, session.getEmailAddress());
AuthenticationSuccessResponse authenticationResponse = authorizationService.generateSuccessfulAuthResponse(authenticationRequest, authCode);
LOG.info("Successfully processed request");
cloudwatchMetricsService.incrementCounter("SignIn", Map.of("Account", session.isNewAccount().name(), "Environment", configurationService.getEnvironment(), "Client", authenticationRequest.getClientID().getValue()));
sessionService.save(session.setAuthenticated(true).setNewAccount(EXISTING));
auditService.submitAuditEvent(OidcAuditableEvent.AUTH_CODE_ISSUED, context.getAwsRequestId(), session.getSessionId(), authenticationRequest.getClientID().getValue(), AuditService.UNKNOWN, session.getEmailAddress(), IpAddressHelper.extractIpAddress(input), AuditService.UNKNOWN, PersistentIdHelper.extractPersistentIdFromHeaders(input.getHeaders()));
return generateResponse(new AuthCodeResponse(authenticationResponse.toURI().toString()));
} catch (ClientNotFoundException e) {
AuthenticationErrorResponse errorResponse = authorizationService.generateAuthenticationErrorResponse(authenticationRequest, OAuth2Error.INVALID_CLIENT);
return generateResponse(new AuthCodeResponse(errorResponse.toURI().toString()));
} catch (URISyntaxException e) {
return generateApiGatewayProxyErrorResponse(400, ErrorResponse.ERROR_1016);
}
});
}
Also used :
AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode)
AuthCodeResponse(uk.gov.di.authentication.oidc.entity.AuthCodeResponse)
AuthenticationErrorResponse(com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse)
ClientNotFoundException(uk.gov.di.authentication.shared.exceptions.ClientNotFoundException)
VectorOfTrust(uk.gov.di.authentication.shared.entity.VectorOfTrust)
URISyntaxException(java.net.URISyntaxException)
AuthenticationSuccessResponse(com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse)
ClientSession(uk.gov.di.authentication.shared.entity.ClientSession)
ParseException(com.nimbusds.oauth2.sdk.ParseException)
AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest)
Session(uk.gov.di.authentication.shared.entity.Session)
ClientSession(uk.gov.di.authentication.shared.entity.ClientSession)
Example 2 with Session
use of uk.gov.di.authentication.shared.entity.Session in project di-authentication-api by alphagov.
the class ValidationServiceTest method shouldReturnCorrectErrorWhenStoredEmailCodeDoesMatchInputAndRetryLimitHasBeenReached.
@Test
void shouldReturnCorrectErrorWhenStoredEmailCodeDoesMatchInputAndRetryLimitHasBeenReached() {
Session session = mock(Session.class);
when(session.getRetryCount()).thenReturn(6);
assertEquals(Optional.of(ErrorResponse.ERROR_1033), validationService.validateVerificationCode(VERIFY_EMAIL, Optional.of("654321"), "123456", session, 5));
}
Also used :
Session(uk.gov.di.authentication.shared.entity.Session)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 3 with Session
use of uk.gov.di.authentication.shared.entity.Session in project di-authentication-api by alphagov.
the class ValidationServiceTest method shouldReturnNoErrorWhenStoredMfaCodeDoesMatchInputAndRetryLimitHasNotBeenReached.
@Test
void shouldReturnNoErrorWhenStoredMfaCodeDoesMatchInputAndRetryLimitHasNotBeenReached() {
Session session = mock(Session.class);
when(session.getRetryCount()).thenReturn(1);
assertEquals(Optional.of(ErrorResponse.ERROR_1035), validationService.validateVerificationCode(MFA_SMS, Optional.of("654321"), "123456", session, 5));
}
Also used :
Session(uk.gov.di.authentication.shared.entity.Session)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 4 with Session
use of uk.gov.di.authentication.shared.entity.Session in project di-authentication-api by alphagov.
the class ValidationServiceTest method shouldReturnCorrectErrorWhenStoredPhoneCodeDoesMatchInputAndRetryLimitHasBeenReached.
@Test
void shouldReturnCorrectErrorWhenStoredPhoneCodeDoesMatchInputAndRetryLimitHasBeenReached() {
Session session = mock(Session.class);
when(session.getRetryCount()).thenReturn(6);
assertEquals(Optional.of(ErrorResponse.ERROR_1034), validationService.validateVerificationCode(VERIFY_PHONE_NUMBER, Optional.of("654321"), "123456", session, 5));
}
Also used :
Session(uk.gov.di.authentication.shared.entity.Session)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 5 with Session
use of uk.gov.di.authentication.shared.entity.Session in project di-authentication-api by alphagov.
the class RedisExtension method createSession.
public String createSession(String sessionId) throws IOException {
Session session = new Session(sessionId);
redis.saveWithExpiry(session.getSessionId(), objectMapper.writeValueAsString(session), 3600);
return session.getSessionId();
}
Also used :
Session(uk.gov.di.authentication.shared.entity.Session)
ClientSession(uk.gov.di.authentication.shared.entity.ClientSession)
Aggregations
Session (uk.gov.di.authentication.shared.entity.Session)29
Test (org.junit.jupiter.api.Test)16
ClientSession (uk.gov.di.authentication.shared.entity.ClientSession)15
AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)8
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8
APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)6
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)6
Subject (com.nimbusds.oauth2.sdk.id.Subject)6
State (com.nimbusds.oauth2.sdk.id.State)5
URI (java.net.URI)5
Optional (java.util.Optional)5
BeforeEach (org.junit.jupiter.api.BeforeEach)5
VectorOfTrust (uk.gov.di.authentication.shared.entity.VectorOfTrust)5
Context (com.amazonaws.services.lambda.runtime.Context)4
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)4
ResponseType (com.nimbusds.oauth2.sdk.ResponseType)4
Scope (com.nimbusds.oauth2.sdk.Scope)4
ClientID (com.nimbusds.oauth2.sdk.id.ClientID)4
Nonce (com.nimbusds.openid.connect.sdk.Nonce)4
OIDCScopeValue (com.nimbusds.openid.connect.sdk.OIDCScopeValue)4
