Search in sources :

Example 1 with AuthenticationService

use of uk.gov.di.authentication.shared.services.AuthenticationService in project di-authentication-api by alphagov.

the class LoginHandlerTest method shouldReturn200IfLoginIsSuccessfulAndTermsAndConditionsNotAccepted.

@Test
void shouldReturn200IfLoginIsSuccessfulAndTermsAndConditionsNotAccepted() throws JsonProcessingException, Json.JsonException {
    when(configurationService.getTermsAndConditionsVersion()).thenReturn("2.0");
    String persistentId = "some-persistent-id-value";
    Map<String, String> headers = new HashMap<>();
    headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
    headers.put("Session-Id", session.getSessionId());
    UserProfile userProfile = generateUserProfile(null);
    when(authenticationService.getUserProfileByEmailMaybe(EMAIL)).thenReturn(Optional.of(userProfile));
    when(authenticationService.login(userCredentials, PASSWORD)).thenReturn(true);
    when(clientSession.getAuthRequestParams()).thenReturn(generateAuthRequest().toParameters());
    usingValidSession();
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    event.setHeaders(headers);
    event.setBody(format("{ \"password\": \"%s\", \"email\": \"%s\" }", PASSWORD, EMAIL.toUpperCase()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    assertThat(result, hasStatus(200));
    LoginResponse response = objectMapper.readValue(result.getBody(), LoginResponse.class);
    assertThat(response.getRedactedPhoneNumber(), equalTo(RedactPhoneNumberHelper.redactPhoneNumber(PHONE_NUMBER)));
    assertThat(response.getLatestTermsAndConditionsAccepted(), equalTo(false));
    verify(authenticationService).getUserProfileByEmailMaybe(EMAIL);
    verify(auditService).submitAuditEvent(FrontendAuditableEvent.LOG_IN_SUCCESS, "aws-session-id", session.getSessionId(), "", userProfile.getSubjectID(), userProfile.getEmail(), "123.123.123.123", userProfile.getPhoneNumber(), persistentId);
    verify(sessionService).save(argThat(session -> session.isNewAccount() == Session.AccountState.EXISTING));
}
Also used : ClientRegistry(uk.gov.di.authentication.shared.entity.ClientRegistry) BeforeEach(org.junit.jupiter.api.BeforeEach) Json(uk.gov.di.authentication.shared.serialization.Json) CodeStorageService(uk.gov.di.authentication.shared.services.CodeStorageService) ArgumentMatchers.argThat(org.mockito.ArgumentMatchers.argThat) Date(java.util.Date) Matchers.not(org.hamcrest.Matchers.not) Context(com.amazonaws.services.lambda.runtime.Context) Session(uk.gov.di.authentication.shared.entity.Session) ResponseType(com.nimbusds.oauth2.sdk.ResponseType) LogEventMatcher.withMessageContaining(uk.gov.di.authentication.sharedtest.logging.LogEventMatcher.withMessageContaining) Map(java.util.Map) UserProfile(uk.gov.di.authentication.shared.entity.UserProfile) URI(java.net.URI) FrontendAuditableEvent(uk.gov.di.authentication.frontendapi.domain.FrontendAuditableEvent) ClientSession(uk.gov.di.authentication.shared.entity.ClientSession) AuditService(uk.gov.di.authentication.shared.services.AuditService) OIDCScopeValue(com.nimbusds.openid.connect.sdk.OIDCScopeValue) APIGatewayProxyResponseEventMatcher.hasJsonBody(uk.gov.di.authentication.sharedtest.matchers.APIGatewayProxyResponseEventMatcher.hasJsonBody) ZoneId(java.time.ZoneId) String.format(java.lang.String.format) ClientSessionService(uk.gov.di.authentication.shared.services.ClientSessionService) Test(org.junit.jupiter.api.Test) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) Matchers.equalTo(org.hamcrest.Matchers.equalTo) SerializationService(uk.gov.di.authentication.shared.services.SerializationService) Optional(java.util.Optional) Nonce(com.nimbusds.openid.connect.sdk.Nonce) UserCredentials(uk.gov.di.authentication.shared.entity.UserCredentials) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IdGenerator(uk.gov.di.authentication.shared.helpers.IdGenerator) UserMigrationService(uk.gov.di.authentication.frontendapi.services.UserMigrationService) SessionService(uk.gov.di.authentication.shared.services.SessionService) LocalDateTime(java.time.LocalDateTime) ConfigurationService(uk.gov.di.authentication.shared.services.ConfigurationService) HashMap(java.util.HashMap) ArgumentMatchers.anyMap(org.mockito.ArgumentMatchers.anyMap) AuthenticationService(uk.gov.di.authentication.shared.services.AuthenticationService) RequestEventHelper.contextWithSourceIp(uk.gov.di.authentication.sharedtest.helper.RequestEventHelper.contextWithSourceIp) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ClientService(uk.gov.di.authentication.shared.services.ClientService) Subject(com.nimbusds.oauth2.sdk.id.Subject) RegisterExtension(org.junit.jupiter.api.extension.RegisterExtension) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) LoginResponse(uk.gov.di.authentication.frontendapi.entity.LoginResponse) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Scope(com.nimbusds.oauth2.sdk.Scope) State(com.nimbusds.oauth2.sdk.id.State) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) Mockito.when(org.mockito.Mockito.when) RedactPhoneNumberHelper(uk.gov.di.authentication.frontendapi.helpers.RedactPhoneNumberHelper) VectorOfTrust(uk.gov.di.authentication.shared.entity.VectorOfTrust) ErrorResponse(uk.gov.di.authentication.shared.entity.ErrorResponse) Mockito.verify(org.mockito.Mockito.verify) AfterEach(org.junit.jupiter.api.AfterEach) CaptureLoggingExtension(uk.gov.di.authentication.sharedtest.logging.CaptureLoggingExtension) Matchers.hasItem(org.hamcrest.Matchers.hasItem) APIGatewayProxyResponseEventMatcher.hasStatus(uk.gov.di.authentication.sharedtest.matchers.APIGatewayProxyResponseEventMatcher.hasStatus) PersistentIdHelper(uk.gov.di.authentication.shared.helpers.PersistentIdHelper) Collections(java.util.Collections) TermsAndConditions(uk.gov.di.authentication.shared.entity.TermsAndConditions) JsonArrayHelper.jsonArrayOf(uk.gov.di.authentication.sharedtest.helper.JsonArrayHelper.jsonArrayOf) LoginResponse(uk.gov.di.authentication.frontendapi.entity.LoginResponse) UserProfile(uk.gov.di.authentication.shared.entity.UserProfile) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Test(org.junit.jupiter.api.Test)

Example 2 with AuthenticationService

use of uk.gov.di.authentication.shared.services.AuthenticationService in project di-authentication-api by alphagov.

the class SignUpHandlerTest method shouldReturn200IfSignUpIsSuccessful.

@ParameterizedTest
@MethodSource("consentValues")
void shouldReturn200IfSignUpIsSuccessful(boolean consentRequired) throws JsonProcessingException, Json.JsonException {
    String email = "joe.bloggs@test.com";
    String password = "computer-1";
    String persistentId = "some-persistent-id-value";
    Map<String, String> headers = new HashMap<>();
    headers.put(PersistentIdHelper.PERSISTENT_ID_HEADER_NAME, persistentId);
    headers.put("Session-Id", session.getSessionId());
    when(authenticationService.userExists(eq("joe.bloggs@test.com"))).thenReturn(false);
    when(clientService.getClient(CLIENT_ID.getValue())).thenReturn(Optional.of(generateClientRegistry(consentRequired)));
    when(clientSessionService.getClientSessionFromRequestHeaders(anyMap())).thenReturn(Optional.of(clientSession));
    usingValidSession();
    usingValidClientSession();
    APIGatewayProxyRequestEvent event = new APIGatewayProxyRequestEvent();
    event.setRequestContext(contextWithSourceIp("123.123.123.123"));
    event.setHeaders(headers);
    event.setBody(format("{ \"password\": \"computer-1\", \"email\": \"%s\" }", email.toUpperCase()));
    APIGatewayProxyResponseEvent result = handler.handleRequest(event, context);
    verify(authenticationService).signUp(eq("joe.bloggs@test.com"), eq(password), any(Subject.class), any(TermsAndConditions.class));
    verify(sessionService).save(argThat((session) -> session.getEmailAddress().equals("joe.bloggs@test.com")));
    assertThat(result, hasStatus(200));
    SignUpResponse signUpResponse = objectMapper.readValue(result.getBody(), SignUpResponse.class);
    assertThat(signUpResponse.isConsentRequired(), equalTo(consentRequired));
    verify(authenticationService).signUp(eq(email), eq("computer-1"), any(Subject.class), any(TermsAndConditions.class));
    verify(auditService).submitAuditEvent(FrontendAuditableEvent.CREATE_ACCOUNT, context.getAwsRequestId(), session.getSessionId(), CLIENT_ID.getValue(), AuditService.UNKNOWN, "joe.bloggs@test.com", "123.123.123.123", AuditService.UNKNOWN, persistentId);
    verify(sessionService).save(argThat(session -> session.isNewAccount() == Session.AccountState.NEW));
}
Also used : ClientRegistry(uk.gov.di.authentication.shared.entity.ClientRegistry) BeforeEach(org.junit.jupiter.api.BeforeEach) Json(uk.gov.di.authentication.shared.serialization.Json) ArgumentMatchers.argThat(org.mockito.ArgumentMatchers.argThat) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Matchers.not(org.hamcrest.Matchers.not) Context(com.amazonaws.services.lambda.runtime.Context) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) Session(uk.gov.di.authentication.shared.entity.Session) ResponseType(com.nimbusds.oauth2.sdk.ResponseType) LogEventMatcher.withMessageContaining(uk.gov.di.authentication.sharedtest.logging.LogEventMatcher.withMessageContaining) Map(java.util.Map) URI(java.net.URI) MethodSource(org.junit.jupiter.params.provider.MethodSource) FrontendAuditableEvent(uk.gov.di.authentication.frontendapi.domain.FrontendAuditableEvent) ClientSession(uk.gov.di.authentication.shared.entity.ClientSession) AuditService(uk.gov.di.authentication.shared.services.AuditService) OIDCScopeValue(com.nimbusds.openid.connect.sdk.OIDCScopeValue) APIGatewayProxyResponseEventMatcher.hasJsonBody(uk.gov.di.authentication.sharedtest.matchers.APIGatewayProxyResponseEventMatcher.hasJsonBody) String.format(java.lang.String.format) ClientSessionService(uk.gov.di.authentication.shared.services.ClientSessionService) Test(org.junit.jupiter.api.Test) Stream(java.util.stream.Stream) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) Matchers.equalTo(org.hamcrest.Matchers.equalTo) SerializationService(uk.gov.di.authentication.shared.services.SerializationService) Optional(java.util.Optional) Nonce(com.nimbusds.openid.connect.sdk.Nonce) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IdGenerator(uk.gov.di.authentication.shared.helpers.IdGenerator) SessionService(uk.gov.di.authentication.shared.services.SessionService) ConfigurationService(uk.gov.di.authentication.shared.services.ConfigurationService) HashMap(java.util.HashMap) ArgumentMatchers.anyMap(org.mockito.ArgumentMatchers.anyMap) AuthenticationService(uk.gov.di.authentication.shared.services.AuthenticationService) SignUpResponse(uk.gov.di.authentication.frontendapi.entity.SignUpResponse) RequestEventHelper.contextWithSourceIp(uk.gov.di.authentication.sharedtest.helper.RequestEventHelper.contextWithSourceIp) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ClientService(uk.gov.di.authentication.shared.services.ClientService) Subject(com.nimbusds.oauth2.sdk.id.Subject) RegisterExtension(org.junit.jupiter.api.extension.RegisterExtension) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Scope(com.nimbusds.oauth2.sdk.Scope) State(com.nimbusds.oauth2.sdk.id.State) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) Mockito.when(org.mockito.Mockito.when) ErrorResponse(uk.gov.di.authentication.shared.entity.ErrorResponse) Mockito.verify(org.mockito.Mockito.verify) AfterEach(org.junit.jupiter.api.AfterEach) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) CaptureLoggingExtension(uk.gov.di.authentication.sharedtest.logging.CaptureLoggingExtension) Matchers.hasItem(org.hamcrest.Matchers.hasItem) APIGatewayProxyResponseEventMatcher.hasStatus(uk.gov.di.authentication.sharedtest.matchers.APIGatewayProxyResponseEventMatcher.hasStatus) PersistentIdHelper(uk.gov.di.authentication.shared.helpers.PersistentIdHelper) TermsAndConditions(uk.gov.di.authentication.shared.entity.TermsAndConditions) SignUpResponse(uk.gov.di.authentication.frontendapi.entity.SignUpResponse) TermsAndConditions(uk.gov.di.authentication.shared.entity.TermsAndConditions) APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) HashMap(java.util.HashMap) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) Subject(com.nimbusds.oauth2.sdk.id.Subject) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Aggregations

Context (com.amazonaws.services.lambda.runtime.Context)2 APIGatewayProxyRequestEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent)2 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 ResponseType (com.nimbusds.oauth2.sdk.ResponseType)2 Scope (com.nimbusds.oauth2.sdk.Scope)2 ClientID (com.nimbusds.oauth2.sdk.id.ClientID)2 State (com.nimbusds.oauth2.sdk.id.State)2 Subject (com.nimbusds.oauth2.sdk.id.Subject)2 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)2 Nonce (com.nimbusds.openid.connect.sdk.Nonce)2 OIDCScopeValue (com.nimbusds.openid.connect.sdk.OIDCScopeValue)2 String.format (java.lang.String.format)2 URI (java.net.URI)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Optional (java.util.Optional)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Matchers.equalTo (org.hamcrest.Matchers.equalTo)2 Matchers.hasItem (org.hamcrest.Matchers.hasItem)2