use of uk.gov.di.authentication.shared.services.AuditService in project di-authentication-api by alphagov.
the class LoginHandlerTest method shouldReturn200IfLoginIsSuccessfulAndTermsAndConditionsNotAccepted.
@Test
void shouldReturn200IfLoginIsSuccessfulAndTermsAndConditionsNotAccepted() throws JsonProcessingException, Json.JsonException {
when(configurationService.getTermsAndConditionsVersion()).thenReturn("2.0");
String persistentId = "some-persistent-id-value";
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
headers.put("Session-Id", session.getSessionId());
UserProfile userProfile = generateUserProfile(null);
when(authenticationService.getUserProfileByEmailMaybe(EMAIL)).thenReturn(Optional.of(userProfile));
when(authenticationService.login(userCredentials, PASSWORD)).thenReturn(true);
when(clientSession.getAuthRequestParams()).thenReturn(generateAuthRequest().toParameters());
usingValidSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
event.setHeaders(headers);
event.setBody(format("{ \"password\": \"%s\", \"email\": \"%s\" }", PASSWORD, EMAIL.toUpperCase()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
assertThat(result, hasStatus(200));
LoginResponse response = objectMapper.readValue(result.getBody(), LoginResponse.class);
assertThat(response.getRedactedPhoneNumber(), equalTo(RedactPhoneNumberHelper.redactPhoneNumber(PHONE_NUMBER)));
assertThat(response.getLatestTermsAndConditionsAccepted(), equalTo(false));
verify(authenticationService).getUserProfileByEmailMaybe(EMAIL);
verify(auditService).submitAuditEvent(FrontendAuditableEvent.LOG_IN_SUCCESS, "aws-session-id", session.getSessionId(), "", userProfile.getSubjectID(), userProfile.getEmail(), "123.123.123.123", userProfile.getPhoneNumber(), persistentId);
verify(sessionService).save(argThat(session -> session.isNewAccount() == Session.AccountState.EXISTING));
}
use of uk.gov.di.authentication.shared.services.AuditService in project di-authentication-api by alphagov.
the class SignUpHandlerTest method shouldReturn200IfSignUpIsSuccessful.
@ParameterizedTest
@MethodSource("consentValues")
void shouldReturn200IfSignUpIsSuccessful(boolean consentRequired) throws JsonProcessingException, Json.JsonException {
String email = "joe.bloggs@test.com";
String password = "computer-1";
String persistentId = "some-persistent-id-value";
Map<String, String> headers = new HashMap<>();
headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
headers.put("Session-Id", session.getSessionId());
when(authenticationService.userExists(eq("joe.bloggs@test.com"))).thenReturn(false);
when(clientService.getClient(CLIENT_ID.getValue())).thenReturn(Optional.of(generateClientRegistry(consentRequired)));
when(clientSessionService.getClientSessionFromRequestHeaders(anyMap())).thenReturn(Optional.of(clientSession));
usingValidSession();
usingValidClientSession();
APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
event.setRequestContext(contextWithSourceIp("123.123.123.123"));
event.setHeaders(headers);
event.setBody(format("{ \"password\": \"computer-1\", \"email\": \"%s\" }", email.toUpperCase()));
APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
verify(authenticationService).signUp(eq("joe.bloggs@test.com"), eq(password), any(Subject.class), any(TermsAndConditions.class));
verify(sessionService).save(argThat((session) -> session.getEmailAddress().equals("joe.bloggs@test.com")));
assertThat(result, hasStatus(200));
SignUpResponse signUpResponse = objectMapper.readValue(result.getBody(), SignUpResponse.class);
assertThat(signUpResponse.isConsentRequired(), equalTo(consentRequired));
verify(authenticationService).signUp(eq(email), eq("computer-1"), any(Subject.class), any(TermsAndConditions.class));
verify(auditService).submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT, context.getAwsRequestId(), session.getSessionId(), CLIENT_ID.getValue(), AuditService.UNKNOWN, "joe.bloggs@test.com", "123.123.123.123", AuditService.UNKNOWN, persistentId);
verify(sessionService).save(argThat(session -> session.isNewAccount() == Session.AccountState.NEW));
}
Aggregations