use of uk.gov.ida.hub.policy.domain.FraudFromIdp in project verify-hub by alphagov.
the class AuthnResponseFromIdpService method handleFraudResponse.
private ResponseAction handleFraudResponse(InboundResponseFromIdpDto inboundResponseFromIdpDto, SessionId sessionId, String principalIPAddressAsSeenByHub, IdpSelectedStateController idpSelectedStateController) {
FraudFromIdp fraudFromIdp = new FraudFromIdp(inboundResponseFromIdpDto.getIssuer(), principalIPAddressAsSeenByHub, new PersistentId(inboundResponseFromIdpDto.getPersistentId().get()), new FraudDetectedDetails(inboundResponseFromIdpDto.getIdpFraudEventId().get(), inboundResponseFromIdpDto.getFraudIndicator().get()), inboundResponseFromIdpDto.getPrincipalIpAddressAsSeenByIdp());
idpSelectedStateController.handleFraudResponseFromIdp(fraudFromIdp);
return other(sessionId, idpSelectedStateController.isRegistrationContext());
}
use of uk.gov.ida.hub.policy.domain.FraudFromIdp in project verify-hub by alphagov.
the class AuthnResponseFromIdpServiceTest method verifyIdpStateControllerIsCalledWithRightDataOnFraud.
private void verifyIdpStateControllerIsCalledWithRightDataOnFraud(InboundResponseFromIdpDto fraudResponseFromIdp) {
ArgumentCaptor<FraudFromIdp> captor = ArgumentCaptor.forClass(FraudFromIdp.class);
String persistentIdName = fraudResponseFromIdp.getPersistentId().get();
FraudDetectedDetails expectedFraudDetectedDetails = new FraudDetectedDetails(fraudResponseFromIdp.getIdpFraudEventId().get(), fraudResponseFromIdp.getFraudIndicator().get());
FraudFromIdp fraudFromIdp = new FraudFromIdp(fraudResponseFromIdp.getIssuer(), samlAuthnResponseContainerDto.getPrincipalIPAddressAsSeenByHub(), new PersistentId(persistentIdName), expectedFraudDetectedDetails, fraudResponseFromIdp.getPrincipalIpAddressAsSeenByIdp());
verify(idpSelectedStateController).handleFraudResponseFromIdp(captor.capture());
FraudFromIdp actualFraudFromIdp = captor.getValue();
assertThat(actualFraudFromIdp).isEqualToIgnoringGivenFields(fraudFromIdp, "persistentId", "fraudDetectedDetails");
assertThat(actualFraudFromIdp.getPersistentId().getNameId()).isEqualTo(persistentIdName);
assertThat(actualFraudFromIdp.getFraudDetectedDetails()).isEqualToComparingFieldByField(expectedFraudDetectedDetails);
}
use of uk.gov.ida.hub.policy.domain.FraudFromIdp in project verify-hub by alphagov.
the class IdpSelectedStateControllerTest method handleResponseFromIfp_whenFraudHasOccurred_shouldSendFraudHubEvent.
@Test
public void handleResponseFromIfp_whenFraudHasOccurred_shouldSendFraudHubEvent() {
when(identityProvidersConfigProxy.getEnabledIdentityProviders(TRANSACTION_ENTITY_ID, controller.isRegistrationContext(), PROVIDED_LOA)).thenReturn(singletonList(IDP_ENTITY_ID));
FraudDetectedDetails idpFraudDetectedDetails = new FraudDetectedDetails("id", "IT01");
FraudFromIdp fraudFromIdp = aFraudFromIdp().withIssuerId(IDP_ENTITY_ID).withFraudDetectedDetails(idpFraudDetectedDetails).withPrincipalIpAddressSeenByIdp(PRINCIPAL_IP_ADDRESS_AS_SEEN_BY_IDP).withPrincipalIpAddressAsSeenByHub(PRINCIPAL_IP_ADDRESS_AS_SEEN_BY_HUB).build();
controller.handleFraudResponseFromIdp(fraudFromIdp);
verify(hubEventLogger).logIdpFraudEvent(NEW_SESSION_ID, IDP_ENTITY_ID, TRANSACTION_ENTITY_ID, fraudFromIdp.getPersistentId(), SESSION_EXPIRY_TIMESTAMP, idpFraudDetectedDetails, Optional.fromNullable(PRINCIPAL_IP_ADDRESS_AS_SEEN_BY_IDP), PRINCIPAL_IP_ADDRESS_AS_SEEN_BY_HUB, REQUEST_ID);
}
use of uk.gov.ida.hub.policy.domain.FraudFromIdp in project verify-hub by alphagov.
the class IdpSelectedStateControllerTest method handleFraudResponseFromIdp_shouldThrowExceptionWhenIdpIsDisabled.
@Test(expected = IdpDisabledException.class)
public void handleFraudResponseFromIdp_shouldThrowExceptionWhenIdpIsDisabled() {
FraudFromIdp fraudFromIdp = aFraudFromIdp().build();
when(identityProvidersConfigProxy.getEnabledIdentityProviders(TRANSACTION_ENTITY_ID, controller.isRegistrationContext(), PROVIDED_LOA)).thenReturn(emptyList());
controller.handleFraudResponseFromIdp(fraudFromIdp);
}
use of uk.gov.ida.hub.policy.domain.FraudFromIdp in project verify-hub by alphagov.
the class IdpSelectedStateControllerTest method handleResponseFromIdp_shouldTransitionToAuthnFailedStateWhenFraudHasOccurred.
@Test
public void handleResponseFromIdp_shouldTransitionToAuthnFailedStateWhenFraudHasOccurred() {
when(identityProvidersConfigProxy.getEnabledIdentityProviders(TRANSACTION_ENTITY_ID, controller.isRegistrationContext(), PROVIDED_LOA)).thenReturn(singletonList(IDP_ENTITY_ID));
FraudFromIdp fraudFromIdp = aFraudFromIdp().withIssuerId(IDP_ENTITY_ID).withFraudDetectedDetails(new FraudDetectedDetails("id", "IT01")).build();
controller.handleFraudResponseFromIdp(fraudFromIdp);
ArgumentCaptor<State> stateArgumentCaptor = ArgumentCaptor.forClass(State.class);
verify(stateTransitionAction).transitionTo(stateArgumentCaptor.capture());
assertThat(stateArgumentCaptor.getValue()).isInstanceOf(FraudEventDetectedState.class);
}
Aggregations