Examples with SessionRequest uk.gov.di.ipv.cri.address.library.domain.SessionRequest used on opensource projects

Example 1 with SessionRequest

use of uk.gov.di.ipv.cri.address.library.domain.SessionRequest in project di-ipv-cri-address-api by alphagov.

the class AddressSessionServiceTest method shouldCallCreateOnAddressSessionDataStore.

@Test
void shouldCallCreateOnAddressSessionDataStore() {
    when(mockConfigurationService.getAddressSessionTtl()).thenReturn(1L);
    SessionRequest sessionRequest = mock(SessionRequest.class);
    when(sessionRequest.getClientId()).thenReturn("a client id");
    when(sessionRequest.getState()).thenReturn("state");
    when(sessionRequest.getRedirectUri()).thenReturn(URI.create("https://www.example.com/callback"));
    addressSessionService.createAndSaveAddressSession(sessionRequest);
    verify(mockDataStore).create(mockAddressSessionItem.capture());
    AddressSessionItem capturedValue = mockAddressSessionItem.getValue();
    assertNotNull(capturedValue.getSessionId());
    assertThat(capturedValue.getExpiryDate(), equalTo(fixedInstant.getEpochSecond() + 1));
    assertThat(capturedValue.getClientId(), equalTo("a client id"));
    assertThat(capturedValue.getState(), equalTo("state"));
    assertThat(capturedValue.getRedirectUri(), equalTo(URI.create("https://www.example.com/callback")));
}

Example 2 with SessionRequest

use of uk.gov.di.ipv.cri.address.library.domain.SessionRequest in project di-ipv-cri-address-api by alphagov.

the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenRequestClientIdIsInvalid.

@Test
void shouldThrowValidationExceptionWhenRequestClientIdIsInvalid() {
    SessionRequestBuilder sessionRequestBuilder = new SessionRequestBuilder().withClientId("bad-client-id");
    SessionRequestBuilder.SignedJWTBuilder signedJWTBuilder = new SessionRequestBuilder.SignedJWTBuilder();
    SessionRequest sessionRequest = sessionRequestBuilder.build(signedJWTBuilder);
    when(mockConfigurationService.getParametersForPath("/clients/bad-client-id/jwtAuthentication")).thenReturn(Map.of());
    SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
        addressSessionService.validateSessionRequest(marshallToJSON(sessionRequest));
    });
    assertThat(exception.getMessage(), containsString("no configuration for client id"));
    verify(mockConfigurationService).getParametersForPath("/clients/bad-client-id/jwtAuthentication");
}

Example 3 with SessionRequest

use of uk.gov.di.ipv.cri.address.library.domain.SessionRequest in project di-ipv-cri-address-api by alphagov.

the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenJWTIsInvalid.

@Test
void shouldThrowValidationExceptionWhenJWTIsInvalid() {
    SessionRequestBuilder sessionRequestBuilder = new SessionRequestBuilder();
    SessionRequestBuilder.SignedJWTBuilder signedJWTBuilder = new SessionRequestBuilder.SignedJWTBuilder();
    SessionRequest sessionRequest = sessionRequestBuilder.build(signedJWTBuilder);
    sessionRequest.setRequestJWT(Base64.getEncoder().encodeToString("not a jwt".getBytes(StandardCharsets.UTF_8)));
    when(mockConfigurationService.getParametersForPath("/clients/ipv-core/jwtAuthentication")).thenReturn(standardSSMConfigMap(signedJWTBuilder));
    SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
        addressSessionService.validateSessionRequest(marshallToJSON(sessionRequest));
    });
    assertThat(exception.getMessage(), containsString("Could not parse request JWT"));
}

Example 4 with SessionRequest

use of uk.gov.di.ipv.cri.address.library.domain.SessionRequest in project di-ipv-cri-address-api by alphagov.

the class SessionHandler method handleRequest.

@Override
@Logging(correlationIdPath = CorrelationIdPathConstants.API_GATEWAY_REST)
@Metrics(captureColdStart = true)
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent input, Context context) {
    try {
        SessionRequest sessionRequest = addressSessionService.validateSessionRequest(input.getBody());
        eventProbe.addDimensions(Map.of("issuer", sessionRequest.getClientId()));
        UUID sessionId = addressSessionService.createAndSaveAddressSession(sessionRequest);
        eventProbe.counterMetric(EVENT_SESSION_CREATED).auditEvent(sessionRequest);
        return ApiGatewayResponseGenerator.proxyJsonResponse(HttpStatus.SC_CREATED, Map.of(SESSION_ID, sessionId.toString()));
    } catch (SessionValidationException e) {
        eventProbe.log(INFO, e).counterMetric(EVENT_SESSION_CREATED, 0d);
        return ApiGatewayResponseGenerator.proxyJsonResponse(HttpStatus.SC_BAD_REQUEST, ErrorResponse.SESSION_VALIDATION_ERROR);
    } catch (ClientConfigurationException e) {
        eventProbe.log(ERROR, e).counterMetric(EVENT_SESSION_CREATED, 0d);
        return ApiGatewayResponseGenerator.proxyJsonResponse(HttpStatus.SC_INTERNAL_SERVER_ERROR, ErrorResponse.SERVER_CONFIG_ERROR);
    }
}

Example 5 with SessionRequest

use of uk.gov.di.ipv.cri.address.library.domain.SessionRequest in project di-ipv-cri-address-api by alphagov.

the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenClientX509CertDoesNotMatchPrivateKey.

@Test
void shouldThrowValidationExceptionWhenClientX509CertDoesNotMatchPrivateKey() {
    SessionRequestBuilder sessionRequestBuilder = new SessionRequestBuilder();
    SessionRequestBuilder.SignedJWTBuilder signedJWTBuilder = new SessionRequestBuilder.SignedJWTBuilder().setCertificateFile("wrong-cert.crt.pem");
    SessionRequest sessionRequest = sessionRequestBuilder.build(signedJWTBuilder);
    when(mockConfigurationService.getParametersForPath("/clients/ipv-core/jwtAuthentication")).thenReturn(standardSSMConfigMap(signedJWTBuilder));
    SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
        addressSessionService.validateSessionRequest(marshallToJSON(sessionRequest));
    });
    assertThat(exception.getMessage(), containsString("JWT signature verification failed"));
}