use of uk.gov.pay.api.model.publicauth.AuthResponse in project pay-publicapi by alphagov.
the class AccountAuthenticatorTest method shouldReturnValidAccount.
@Test
public void shouldReturnValidAccount() {
AuthResponse authResponse = new AuthResponse(accountId, "a-token-link", CARD);
when(mockResponse.getStatus()).thenReturn(OK.getStatusCode());
when(mockResponse.readEntity(AuthResponse.class)).thenReturn(authResponse);
Optional<Account> maybeAccount = accountAuthenticator.authenticate(bearerToken);
assertThat(maybeAccount.get().getName(), is(accountId));
assertThat(maybeAccount.get().getAccountId(), is(accountId));
assertThat(maybeAccount.get().getPaymentType(), is(CARD));
verify(mockAppender).doAppend(loggingEventArgumentCaptor.capture());
List<LoggingEvent> logEvents = loggingEventArgumentCaptor.getAllValues();
assertThat(logEvents, hasSize(1));
assertThat(logEvents.get(0).getFormattedMessage(), is("Successfully authenticated using API key with token_link a-token-link"));
}
use of uk.gov.pay.api.model.publicauth.AuthResponse in project pay-publicapi by alphagov.
the class AccountAuthenticator method authenticate.
@Override
public Optional<Account> authenticate(String bearerToken) {
Response response = client.target(publicAuthUrl).request().header(AUTHORIZATION, "Bearer " + bearerToken).accept(MediaType.APPLICATION_JSON).get();
if (response.getStatus() == OK.getStatusCode()) {
AuthResponse authResponse = response.readEntity(AuthResponse.class);
logger.info(format("Successfully authenticated using API key with token_link %s", authResponse.getTokenLink()), kv("token_link", authResponse.getTokenLink()));
return Optional.of(new Account(authResponse.getAccountId(), authResponse.getTokenType(), authResponse.getTokenLink()));
} else if (response.getStatus() == UNAUTHORIZED.getStatusCode()) {
JsonNode unauthorisedResponse = response.readEntity(JsonNode.class);
ErrorIdentifier errorIdentifier = ErrorIdentifier.valueOf(unauthorisedResponse.get("error_identifier").asText());
if (errorIdentifier == ErrorIdentifier.AUTH_TOKEN_REVOKED) {
String tokenLink = unauthorisedResponse.get("token_link").asText();
logger.warn(format("Attempt to authenticate using revoked API key with token_link %s", tokenLink), kv("token_link", tokenLink));
} else {
logger.warn("Attempt to authenticate using invalid API key with valid checksum");
}
response.close();
return Optional.empty();
} else {
response.close();
logger.warn("Unexpected status code " + response.getStatus() + " from auth.");
throw new ServiceUnavailableException();
}
}
Aggregations