Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ES-541 #577

Merged
merged 8 commits into from
Mar 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -84,4 +84,5 @@ public class ErrorConstants {
public static final String PROOF_HEADER_INVALID_ALG = "proof_header_invalid_alg";
public static final String PROOF_HEADER_INVALID_KEY = "proof_header_invalid_key";
public static final String PROOF_HEADER_AMBIGUOUS_KEY = "proof_header_ambiguous_key";
public static final String INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE = "invalid_challenge_format_for_auth_factor_type";
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
package io.mosip.esignet.core.dto;

import io.mosip.esignet.core.constants.ErrorConstants;
import io.mosip.esignet.core.validator.ClientNameLang;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
Expand All @@ -22,7 +23,7 @@
public class ClientDetailCreateRequestV2 extends ClientDetailCreateRequest {

@NotEmpty(message = ErrorConstants.INVALID_CLIENT_NAME)
private Map<@Size(message= ErrorConstants.INVALID_CLIENT_NAME_MAP_KEY, min=3, max=3) String,
private Map<@ClientNameLang String,
@NotBlank(message = ErrorConstants.INVALID_CLIENT_NAME_MAP_VALUE) String> clientNameLangMap;

public ClientDetailCreateRequestV2(String clientId, String clientName, Map<String, Object> publicKey, String relyingPartyId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
package io.mosip.esignet.core.dto;

import io.mosip.esignet.core.constants.ErrorConstants;
import io.mosip.esignet.core.validator.ClientNameLang;
import lombok.Data;
import lombok.NoArgsConstructor;

Expand All @@ -18,7 +19,7 @@
public class ClientDetailUpdateRequestV2 extends ClientDetailUpdateRequest {

@NotEmpty(message = ErrorConstants.INVALID_CLIENT_NAME)
private Map<@Size(message = ErrorConstants.INVALID_CLIENT_NAME_MAP_KEY, min = 3, max = 3) String,
private Map<@ClientNameLang String,
@NotBlank(message = ErrorConstants.INVALID_CLIENT_NAME_MAP_VALUE) String> clientNameLangMap;

public ClientDetailUpdateRequestV2(String logUri, List<String> redirectUris, List<String> userClaims, List<String> authContextRefs, String status, List<String> grantTypes, String clientName, List<String> clientAuthMethods, Map<String,String> clientNameLangMap){
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package io.mosip.esignet.core.validator;

import io.mosip.esignet.core.constants.ErrorConstants;

import javax.validation.Constraint;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.TYPE_USE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

@Target({FIELD, TYPE_USE})
@Retention(RUNTIME)
@Constraint(validatedBy = ClientNameLangValidator.class)
@Documented
public @interface ClientNameLang {
String message() default ErrorConstants.INVALID_CLIENT_NAME_MAP_KEY;

Class<?>[] groups() default {};

Class<?>[] payload() default {};
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package io.mosip.esignet.core.validator;

import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import java.util.Arrays;
import java.util.Locale;

public class ClientNameLangValidator implements ConstraintValidator<ClientNameLang, String> {

private static final Locale[] availableLocales = Locale.getAvailableLocales();

@Override
public void initialize(ClientNameLang constraintAnnotation) {
}

@Override
public boolean isValid(String value, ConstraintValidatorContext context) {
boolean isValid = Arrays.stream(availableLocales)
.anyMatch(locale -> value.equals(locale.getISO3Language()));
return isValid;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,13 @@
package io.mosip.esignet.api.dto;

import io.mosip.esignet.api.util.ErrorConstants;
import io.mosip.esignet.api.validator.TypeFormatMapping;
import lombok.Data;

import javax.validation.constraints.NotBlank;

@Data
@TypeFormatMapping
public class AuthChallenge {

@NotBlank(message = ErrorConstants.INVALID_AUTH_FACTOR_TYPE)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ public class ErrorConstants {
public static final String INVALID_AUTH_FACTOR_TYPE="invalid_auth_factor_type";
public static final String INVALID_CHALLENGE="invalid_challenge";
public static final String INVALID_CHALLENGE_FORMAT = "invalid_challenge_format";
public static final String INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE = "invalid_challenge_format_for_auth_factor_type";
ase-101 marked this conversation as resolved.
Show resolved Hide resolved
public static final String BINDING_AUTH_FAILED = "binding_auth_failed";
public static final String VCI_EXCHANGE_FAILED = "vci_exchange_failed";
public static final String NOT_IMPLEMENTED = "not_implemented";
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package io.mosip.esignet.api.validator;

import io.mosip.esignet.api.util.ErrorConstants;

import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.TYPE_USE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

@Target({FIELD, TYPE_USE})
@Retention(RUNTIME)
@Constraint(validatedBy = TypeFormatMappingValidator.class)
@Documented
public @interface TypeFormatMapping {
String message() default ErrorConstants.INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE;

Class<?>[] groups() default {};

Class<? extends Payload>[] payload() default {};
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package io.mosip.esignet.api.validator;

import io.mosip.esignet.api.dto.AuthChallenge;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import java.util.Map;

@Component
public class TypeFormatMappingValidator implements ConstraintValidator<TypeFormatMapping, AuthChallenge> {

@Value("#{${mosip.esignet.supported-formats}}")
private Map<String, Object> supportedFormats;

@Override
public void initialize(TypeFormatMapping constraintAnnotation) {
}

@Override
public boolean isValid(AuthChallenge authChallenge, ConstraintValidatorContext context) {
Object supportedFormatType = supportedFormats.get(authChallenge.getAuthFactorType());
if (supportedFormatType != null ) {
String supportedFormat = (String) supportedFormatType;
return supportedFormat.equals(authChallenge.getFormat());
}
return false;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ mosip.esignet.access-token-expire-seconds=3600
mosip.esignet.link-code-expire-in-secs=60
mosip.esignet.authentication-expire-in-secs=60
mosip.esignet.cnonce-expire-seconds=20
mosip.esignet.supported-formats={'OTP': 'alpha-numeric', 'PWD': 'alpha-numeric', 'BIO': 'encoded-json', 'WLA': 'jwt', 'PIN': 'number', 'KBA': 'base64url-encoded-json'}

mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \
'${server.servlet.path}/authorization/authenticate', \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import io.mosip.esignet.api.dto.AuthChallenge;
import io.mosip.esignet.api.spi.AuditPlugin;
import io.mosip.esignet.core.dto.*;
import io.mosip.esignet.core.dto.Error;
import io.mosip.esignet.core.dto.vci.ParsedAccessToken;
import io.mosip.esignet.core.exception.EsignetException;
import io.mosip.esignet.core.spi.AuthorizationService;
Expand All @@ -18,6 +19,7 @@
import io.mosip.esignet.services.AuthorizationHelperService;
import io.mosip.esignet.services.CacheUtilService;
import io.mosip.esignet.vci.services.VCICacheService;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand All @@ -27,6 +29,7 @@
import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
Expand All @@ -37,6 +40,7 @@
import java.util.List;

import static io.mosip.esignet.core.constants.Constants.UTC_DATETIME_PATTERN;
import static io.mosip.esignet.core.constants.ErrorConstants.*;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
Expand Down Expand Up @@ -733,7 +737,7 @@ public void authenticateEndUser_withValidDetails_returnSuccessResponse() throws
AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("12345");
authChallenge.setAuthFactorType("OTP");
authChallenge.setFormat("numeric");
authChallenge.setFormat("alpha-numeric");

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);
Expand Down Expand Up @@ -786,7 +790,165 @@ public void authenticateEndUser_withInvalidTimestamp_returnErrorResponse() throw
}

@Test
public void authenticateEndUser_withInvalidTransectionId_returnErrorResponse() throws Exception {
public void authenticateEndUser_withInvalidFormat_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");
authRequest.setTransactionId("1234567890");

AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("1234567890");
authChallenge.setAuthFactorType("OTP");
authChallenge.setFormat("jwt");

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);

authRequest.setChallengeList(authChallengeList);

RequestWrapper wrapper = new RequestWrapper<>();
wrapper.setRequestTime(IdentityProviderUtil.getUTCDateTime());
wrapper.setRequest(authRequest);
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
mockMvc.perform(post("/authorization/v2/authenticate")
.content(objectMapper.writeValueAsString(wrapper))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk())
.andExpect(jsonPath("$.errors").isNotEmpty())
.andExpect(jsonPath("$.errors[0].errorCode").value(ErrorConstants.INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE))
.andExpect(jsonPath("$.errors[0].errorMessage").value("request.challengeList[0]: invalid_challenge_format_for_auth_factor_type"));
}

@Test
public void authenticateEndUser_withNullAuthFactorType_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");
authRequest.setTransactionId("1234567890");

AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("1234567890");
authChallenge.setAuthFactorType(null);
authChallenge.setFormat("jwt");

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);

authRequest.setChallengeList(authChallengeList);

RequestWrapper wrapper = new RequestWrapper<>();
wrapper.setRequestTime(IdentityProviderUtil.getUTCDateTime());
wrapper.setRequest(authRequest);
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
MvcResult mvcResult=mockMvc.perform(post("/authorization/v2/authenticate")
.content(objectMapper.writeValueAsString(wrapper))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk()).andReturn();

List<String> errorCodes = Arrays.asList(INVALID_AUTH_FACTOR_TYPE, INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE);
ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
Assert.assertTrue(responseWrapper.getErrors().size() == 2);
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
}

@Test
public void authenticateEndUser_withNullAuthChallenge_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");
authRequest.setTransactionId("1234567890");

AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("1234567890");
authChallenge.setAuthFactorType(null);
authChallenge.setFormat(null);

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);

authRequest.setChallengeList(authChallengeList);

RequestWrapper wrapper = new RequestWrapper<>();
wrapper.setRequestTime(IdentityProviderUtil.getUTCDateTime());
wrapper.setRequest(authRequest);
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
MvcResult mvcResult=mockMvc.perform(post("/authorization/v2/authenticate")
.content(objectMapper.writeValueAsString(wrapper))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk()).andReturn();

List<String> errorCodes = Arrays.asList(INVALID_AUTH_FACTOR_TYPE, INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE,INVALID_CHALLENGE_FORMAT);
ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
Assert.assertTrue(responseWrapper.getErrors().size() == 3);
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
}

@Test
public void authenticateEndUser_withBlankFormat_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");
authRequest.setTransactionId("1234567890");

AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("1234567890");
authChallenge.setAuthFactorType("OTP");
authChallenge.setFormat("");

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);

authRequest.setChallengeList(authChallengeList);

RequestWrapper wrapper = new RequestWrapper<>();
wrapper.setRequestTime(IdentityProviderUtil.getUTCDateTime());
wrapper.setRequest(authRequest);
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
MvcResult mvcResult=mockMvc.perform(post("/authorization/v2/authenticate")
.content(objectMapper.writeValueAsString(wrapper))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk()).andReturn();
List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT, INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE);
ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
Assert.assertTrue(responseWrapper.getErrors().size() == 2);
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));

}

@Test
public void authenticateEndUser_withNullFormat_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");
authRequest.setTransactionId("1234567890");

AuthChallenge authChallenge = new AuthChallenge();
authChallenge.setChallenge("1234567890");
authChallenge.setAuthFactorType("OTP");
authChallenge.setFormat(null);
ase-101 marked this conversation as resolved.
Show resolved Hide resolved

List<AuthChallenge> authChallengeList = new ArrayList<>();
authChallengeList.add(authChallenge);

authRequest.setChallengeList(authChallengeList);

RequestWrapper wrapper = new RequestWrapper<>();
wrapper.setRequestTime(IdentityProviderUtil.getUTCDateTime());
wrapper.setRequest(authRequest);
when(authorizationService.authenticateUserV2(authRequest)).thenReturn(new AuthResponseV2());
MvcResult mvcResult=mockMvc.perform(post("/authorization/v2/authenticate")
.content(objectMapper.writeValueAsString(wrapper))
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isOk()).andReturn();
List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT, INVALID_CHALLENGE_FORMAT_FOR_AUTH_FACTOR_TYPE);
ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
Assert.assertTrue(responseWrapper.getErrors().size() == 2);
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
}

@Test
public void authenticateEndUser_withInvalidTransactionId_returnErrorResponse() throws Exception {
AuthRequest authRequest = new AuthRequest();
authRequest.setIndividualId("1234567890");

Expand Down Expand Up @@ -857,7 +1019,7 @@ public void getAuthorizationCode_withValidDetails_thenSuccessResposne() throws E
}

@Test
public void getAuthorizationCode_withInValidAcceptedClaim_thenErrorResposne() throws Exception {
public void getAuthorizationCode_withInValidAcceptedClaim_thenErrorResponse() throws Exception {
AuthCodeRequest authCodeRequest = new AuthCodeRequest();
authCodeRequest.setTransactionId("1234567890");
authCodeRequest.setAcceptedClaims(Arrays.asList("name",""));
Expand Down
Loading
Loading