mosip · ase-101 · Apr 17, 2024 · Apr 4, 2024
diff --git a/esignet-service/src/test/resources/application-test.properties b/esignet-service/src/test/resources/application-test.properties
@@ -42,7 +42,7 @@ mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authoriza
 
 #This property is used for captcha validation and allowed values are send-otp and pwd.
 #captcha validation is enabled for send-otp and pwd.
-mosip.esignet.captcha.required=send-otp,pwd
+mosip.esignet.captcha.required=pwd
 
 ## ------------------------------------------ e-Signet binding ---------------------------------------------------------
 

diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java
@@ -98,10 +98,14 @@ public class AuthorizationHelperService {
     private List<String> credentialScopes;
 
     protected void validateSendOtpCaptchaToken(String captchaToken) {
-        if(captchaRequired.contains("send-otp")) {
+        if(!captchaRequired.contains("send-otp")) {
             log.warn("captcha validation is disabled for send-otp request!");
             return;
         }
+        if(!StringUtils.hasText(captchaToken)) {
+        	log.error("Captcha token is Null or Empty");
+        	throw new EsignetException(ErrorConstants.INVALID_CAPTCHA);
+        }
         validateCaptchaToken(captchaToken);
     }
 

diff --git a/...-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java b/...-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java
@@ -68,10 +68,39 @@ public class AuthorizationHelperServiceTest {
 
     @Mock
     private CaptchaValidator captchaValidator;
+
+    @Test
+    public void validateSendOtpCaptchaToken_withEmptyToken_thenFail() {
+        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
+        try {
+        	authorizationHelperService.validateSendOtpCaptchaToken("");
+        } catch(EsignetException e) {
+        	Assert.assertEquals(ErrorConstants.INVALID_CAPTCHA, e.getErrorCode());
+        }
+    }
+
+    @Test
+    public void validateSendOtpCaptchaToken_withValidToken_thenFail() {
+        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
+        ReflectionTestUtils.setField(authorizationHelperService, "captchaValidator", captchaValidator);
+        Mockito.when(captchaValidator.validateCaptcha(Mockito.anyString())).thenReturn(false);
+        try {
+        	authorizationHelperService.validateSendOtpCaptchaToken("captcha-token");
+        } catch(EsignetException e) {
+        	Assert.assertEquals(ErrorConstants.INVALID_CAPTCHA, e.getErrorCode());
+        }
+    }
+
+    @Test
+    public void validateSendOtpCaptchaToken_withValidToken_thenPass() {
+        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
+        ReflectionTestUtils.setField(authorizationHelperService, "captchaValidator", captchaValidator);
+        Mockito.when(captchaValidator.validateCaptcha(Mockito.anyString())).thenReturn(true);
+        authorizationHelperService.validateSendOtpCaptchaToken("captcha-token");
+    }
 
     @Test
     public void validateCaptchaToken_withNoValidator_thenFail() {
-        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
         ReflectionTestUtils.setField(authorizationHelperService, "captchaValidator", null);
         try {
             authorizationHelperService.validateCaptchaToken("captcha-token");
@@ -83,7 +112,6 @@ public void validateCaptchaToken_withNoValidator_thenFail() {
 
     @Test
     public void validateCaptchaToken_withInvalidToken_thenFail() {
-        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
         ReflectionTestUtils.setField(authorizationHelperService, "captchaValidator", captchaValidator);
         Mockito.when(captchaValidator.validateCaptcha(Mockito.anyString())).thenReturn(false);
         try {
@@ -93,10 +121,9 @@ public void validateCaptchaToken_withInvalidToken_thenFail() {
             Assert.assertEquals(ErrorConstants.INVALID_CAPTCHA, e.getErrorCode());
         }
     }
-
+    
     @Test
     public void validateCaptchaToken_withValidToken_thenPass() {
-        ReflectionTestUtils.setField(authorizationHelperService, "captchaRequired", List.of("send-otp"));
         ReflectionTestUtils.setField(authorizationHelperService, "captchaValidator", captchaValidator);
         Mockito.when(captchaValidator.validateCaptcha(Mockito.anyString())).thenReturn(true);
         authorizationHelperService.validateCaptchaToken("captcha-token");