AUT-1172 Unignore and update tests with legal person scope

e-gov · Mar 27, 2023 · 6fb7e8e · 6fb7e8e
1 parent 6bdcc61
commit 6fb7e8e
Show file tree

Hide file tree

Showing 14 changed files with 197 additions and 157 deletions.
diff --git a/src/main/groovy/ee/ria/tara/Flow.groovy b/src/main/groovy/ee/ria/tara/Flow.groovy
@@ -12,6 +12,7 @@ class Flow {
     LoginService loginService
     OidcClientPublic oidcClientPublic
     OidcClientPrivate oidcClientPrivate
+    OidcClientLegal oidcClientLegal
     SpecificProxyService specificProxyService
     ForeignIdpProvider foreignIdpProvider
     ForeignProxyService foreignProxyService
@@ -39,6 +40,7 @@ class Flow {
         this.oidcService = new OidcService(properties)
         this.oidcClientPublic = new OidcClientPublic(properties)
         this.oidcClientPrivate = new OidcClientPrivate(properties)
+        this.oidcClientLegal = new OidcClientLegal(properties)
         this.specificProxyService = new SpecificProxyService(properties)
         this.foreignIdpProvider = new ForeignIdpProvider(properties)
         this.foreignProxyService = new ForeignProxyService(properties)
@@ -148,34 +150,28 @@ class LoginService {
 @Canonical
 class OidcService {
     String host
-    String port
     String protocol
     String authenticationRequestUrl
+    String authorizationUrl
     String jwksUrl
     String configurationUrl
     HashMap <String, String> cookies
 
-    @Lazy fullAuthenticationRequestUrl = "${protocol}://${host}${portCheck()}${authenticationRequestUrl}"
-    @Lazy fullJwksUrl = "${protocol}://${host}${portCheck()}${jwksUrl}"
-    @Lazy fullConfigurationUrl = "${protocol}://${host}${portCheck()}${configurationUrl}"
-    @Lazy baseUrl = "${protocol}://${host}${portCheck()}"
+    @Lazy fullAuthenticationRequestUrl = "${protocol}://${host}${authenticationRequestUrl}"
+    @Lazy fullAuthorizationUrl = "${protocol}://${host}${authorizationUrl}"
+    @Lazy fullJwksUrl = "${protocol}://${host}${jwksUrl}"
+    @Lazy fullConfigurationUrl = "${protocol}://${host}${configurationUrl}"
+    @Lazy baseUrl = "${protocol}://${host}"
 
     OidcService(Properties properties) {
         this.host = properties."oidcservice.host"
-        this.port = properties."oidcservice.port"
         this.protocol = properties."oidcservice.protocol"
         this.authenticationRequestUrl = properties."oidcservice.authenticationRequestUrl"
+        this.authorizationUrl = properties."oidcservice.authorizationUrl"
         this.jwksUrl = properties."oidcservice.jwksUrl"
         this.configurationUrl = properties."oidcservice.configurationUrl"
         this.cookies = new HashMap<String, String>()
     }
-    private String portCheck() {
-        if (port != null && port.isInteger()) {
-            return ":${port}"
-        } else {
-            return ""
-        }
-    }
 }
 
 @Canonical
@@ -238,6 +234,36 @@ class OidcClientPrivate {
     }
 }
 
+@Canonical
+class OidcClientLegal {
+    String host
+    String port
+    String protocol
+    String responseUrl
+    String clientId
+    String clientSecret
+    HashMap <String, String> cookies
+
+    @Lazy fullResponseUrl = "${protocol}://${host}${portCheck()}${responseUrl}"
+
+    OidcClientLegal(Properties properties) {
+        this.host = properties."oidcclientlegal.host"
+        this.port = properties."oidcclientlegal.port"
+        this.protocol = properties."oidcclientlegal.protocol"
+        this.responseUrl = properties."oidcclientlegal.responseUrl"
+        this.clientId = properties."oidcclientlegal.clientId"
+        this.clientSecret = properties."oidcclientlegal.secret"
+        this.cookies = new HashMap<String, String>()
+    }
+    private String portCheck() {
+        if (port != null && port.isInteger()) {
+            return ":${port}"
+        } else {
+            return ""
+        }
+    }
+}
+
 @Canonical
 class SpecificProxyService {
     String host

diff --git a/src/main/groovy/ee/ria/tara/OpenIdUtils.groovy b/src/main/groovy/ee/ria/tara/OpenIdUtils.groovy
@@ -49,6 +49,20 @@ class OpenIdUtils {
         return queryParams
     }
 
+    static Map<String, String> getAuthorizationParametersForLegalPersonClient(Flow flow, String scope = "openid legalperson", String uiLocales = "et") {
+        Map<String, String> queryParams = new HashMap<>()
+        flow.setState(Base64.getEncoder().encodeToString(DigestUtils.sha256(RandomStringUtils.random(16))))
+        flow.setNonce(Base64.getEncoder().encodeToString(DigestUtils.sha256(RandomStringUtils.random(16))))
+        queryParams.put("ui_locales", uiLocales)
+        queryParams.put("response_type", "code")
+        queryParams.put("scope", scope)
+        queryParams.put("client_id",flow.getOidcClientLegal().getClientId())
+        queryParams.put("redirect_uri", flow.getOidcClientLegal().getFullResponseUrl().toString())
+        queryParams.put("state", flow.state)
+        queryParams.put("nonce", flow.nonce)
+        return queryParams
+    }
+
     static Map<String, String> getAuthorizationParametersForSpecificProxyService(Flow flow, String scope = "openid", String uiLocales = "et") {
         Map<String, String> queryParams = new HashMap<>()
         flow.setState(Base64.getEncoder().encodeToString(DigestUtils.sha256(RandomStringUtils.random(16))))

diff --git a/src/main/groovy/ee/ria/tara/Steps.groovy b/src/main/groovy/ee/ria/tara/Steps.groovy
@@ -85,6 +85,17 @@ class Steps {
         return initLoginSession
     }
 
+    @Step("Start authentication in TARA with legalperson client and follow redirects")
+    static Response startAuthenticationInTaraWithLegalPerson(Flow flow, String scopeList = "openid legalperson", boolean checkStatusCode = true) {
+        Map<String, String> paramsMap = OpenIdUtils.getAuthorizationParametersForLegalPersonClient(flow, scopeList)
+        Response initOIDCServiceSession = startAuthenticationInOidcWithParams(flow, paramsMap)
+        Response initLoginSession = createLoginSession(flow, initOIDCServiceSession)
+        if (checkStatusCode) {
+            assertEquals(200, initLoginSession.statusCode(), "Correct HTTP status code is returned")
+        }
+        return initLoginSession
+    }
+
     @Step("Start authentication in TARA with Specific Proxy Service and follow redirects")
     static Response startAuthenticationInTaraWithSpecificProxyService(Flow flow, String scopeList = "openid", String login_locale = "et", boolean checkStatusCode = true) {
         Map<String, String> paramsMap = OpenIdUtils.getAuthorizationParametersForSpecificProxyService(flow, scopeList, login_locale)
@@ -360,12 +371,12 @@ class Steps {
     static Response selectLegalPersonAndConfirmIt(Flow flow, String legalPersonIdentifier) {
         Response response = selectLegalPerson(flow, legalPersonIdentifier)
         String location = response.getHeader("location")
-        assertThat(location, containsString(flow.oidcService.fullAuthenticationRequestUrl))
+        assertThat(location, containsString(flow.oidcService.fullAuthorizationUrl))
         Response oidcServiceResponse = getOAuthCookies(flow, response)
         assertEquals(302, oidcServiceResponse.statusCode(), "Correct HTTP status code is returned")
 
         Response consentResponse = followRedirectWithSessionId(flow, oidcServiceResponse)
-        assertEquals(200, consentResponse.statusCode(), "Correct HTTP status code is returned")
+        assertEquals(302, consentResponse.statusCode(), "Correct HTTP status code is returned")
         return consentResponse
     }
 

diff --git a/src/test/groovy/ee/ria/tara/AuthConsentConfirmSpec.groovy b/src/test/groovy/ee/ria/tara/AuthConsentConfirmSpec.groovy
@@ -4,7 +4,6 @@ import io.qameta.allure.Feature
 import io.restassured.filter.cookie.CookieFilter
 import io.restassured.response.Response
 import org.apache.commons.lang3.RandomStringUtils
-import spock.lang.Ignore
 import spock.lang.Unroll
 
 import java.nio.charset.StandardCharsets
@@ -54,7 +53,7 @@ class AuthConsentConfirmSpec extends TaraSpecification {
         assertEquals("Teie seanssi ei leitud! Seanss aegus või on küpsiste kasutamine Teie brauseris piiratud.", response.body().jsonPath().get("message"), "Correct error message is returned")
     }
 
-    @Ignore // TARA2-76 , TARA2-165
+    //TODO: AUT-630
     @Unroll
     @Feature("USER_CONSENT_ENDPOINT")
     def "Consent with authentication results. Invalid method post"() {
@@ -66,9 +65,9 @@ class AuthConsentConfirmSpec extends TaraSpecification {
         Response oidcServiceResponse = Steps.getOAuthCookies(flow, acceptResponse)
         String location = oidcServiceResponse.getHeader("location")
         Response response = Requests.postRequestWithSessionId(flow, location)
-        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertEquals(500, response.statusCode(), "Correct HTTP status code is returned")
         assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
-        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Request method 'POST' not supported"))
+        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Autentimine ebaõnnestus teenuse tehnilise vea tõttu. Palun proovige mõne aja pärast uuesti."))
     }
 
     @Unroll
@@ -170,7 +169,7 @@ class AuthConsentConfirmSpec extends TaraSpecification {
         assertThat(response.body().jsonPath().get("message").toString(), equalTo(message))
     }
 
-    @Ignore // TARA2-76 , TARA2-165
+    //TODO: AUT-630
     @Unroll
     @Feature("USER_CONSENT_CONFIRM_ENDPOINT")
     def "Confirm consent with authentication results. Invalid method get"() {
@@ -180,9 +179,9 @@ class AuthConsentConfirmSpec extends TaraSpecification {
         HashMap<String, String> paramsMap = (HashMap) Collections.emptyMap()
         def map2 = Utils.setParameter(paramsMap, "consent_given", true)
         Response response = Requests.getRequestWithCookiesAndParams(flow, flow.loginService.fullConsentConfirmUrl, cookiesMap, paramsMap, Collections.emptyMap())
-        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertEquals(500, response.statusCode(), "Correct HTTP status code is returned")
         assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
-        assertEquals("Request method 'GET' not supported", response.body().jsonPath().get("message"), "Correct error message is returned")
+        assertEquals("Autentimine ebaõnnestus teenuse tehnilise vea tõttu. Palun proovige mõne aja pärast uuesti.", response.body().jsonPath().get("message"), "Request method GET not supported")
     }
 
     @Unroll

diff --git a/src/test/groovy/ee/ria/tara/AuthenticationSpec.groovy b/src/test/groovy/ee/ria/tara/AuthenticationSpec.groovy
@@ -6,7 +6,6 @@ import io.qameta.allure.Feature
 import io.restassured.filter.cookie.CookieFilter
 import io.restassured.response.Response
 import org.hamcrest.Matchers
-import spock.lang.Ignore
 import spock.lang.Unroll
 
 import static org.hamcrest.Matchers.equalTo
@@ -273,7 +272,7 @@ class AuthenticationSpec extends TaraSpecification {
         assertEquals(flow.oidcClientPublic.clientId, Utils.getParamValueFromResponseHeader(response, "client_id"), "Location field contains correct client_id value")
     }
 
-    @Ignore // TARA2-82 , TARA2-165
+    //TODO: AUT-630
     @Unroll
     @Feature("AUTH_ACCEPT_LOGIN_ENDPOINT")
     def "request accept authentication with invalid method get"() {
@@ -285,9 +284,9 @@ class AuthenticationSpec extends TaraSpecification {
         assertEquals(200, pollResponse.statusCode(), "Correct HTTP status code is returned")
         assertThat(pollResponse.body().jsonPath().get("status").toString(), Matchers.not(equalTo("PENDING")))
         Response response = Requests.getRequestWithSessionId(flow, flow.loginService.fullAuthAcceptUrl)
-        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertEquals(500, response.statusCode(), "Correct HTTP status code is returned")
         assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
-        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Request method 'GET' not supported"))
+        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Autentimine ebaõnnestus teenuse tehnilise vea tõttu. Palun proovige mõne aja pärast uuesti."))
     }
 
     @Unroll
@@ -404,9 +403,7 @@ class AuthenticationSpec extends TaraSpecification {
         assertEquals("Teie seanssi ei leitud! Seanss aegus või on küpsiste kasutamine Teie brauseris piiratud.", response.body().jsonPath().get("message"), "Correct error message is returned")
     }
 
-    @Ignore // TARA2-104 , TARA2-165
-    @Unroll
-    @Feature("AUTH_REJECT_LOGIN_ENDPOINT")
+    //TODO: AUT-630
     def "request reject authentication with invalid method post"() {
         expect:
         Steps.startAuthenticationInTara(flow)
@@ -421,9 +418,9 @@ class AuthenticationSpec extends TaraSpecification {
         HashMap<String, String> cookieMap = (HashMap) Collections.emptyMap()
         def map3 = Utils.setParameter(cookieMap, "SESSION", flow.sessionId)
         Response response = Requests.postRequestWithCookiesAndParams(flow, flow.loginService.fullAuthRejectUrl, cookieMap, paramsMap, Collections.emptyMap())
-        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
-        assertEquals("Correct Content-Type is returned", "application/json;charset=UTF-8", response.getContentType())
-        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Request method 'POST' not supported"))
+        assertEquals(500, response.statusCode(), "Correct HTTP status code is returned")
+        assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
+        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Autentimine ebaõnnestus teenuse tehnilise vea tõttu. Palun proovige mõne aja pärast uuesti."))
     }
 
     @Unroll

diff --git a/src/test/groovy/ee/ria/tara/EidasAuthSpec.groovy b/src/test/groovy/ee/ria/tara/EidasAuthSpec.groovy
@@ -5,7 +5,6 @@ import io.qameta.allure.Feature
 import io.restassured.filter.cookie.CookieFilter
 import io.restassured.response.Response
 import org.apache.commons.lang3.RandomStringUtils
-import spock.lang.Ignore
 import spock.lang.Unroll
 import org.hamcrest.Matchers
 
@@ -71,7 +70,7 @@ class EidasAuthSpec extends TaraSpecification {
         assertEquals("Keelatud päring. Päring esitati topelt, seanss aegus või on küpsiste kasutamine Teie brauseris piiratud.", response.body().jsonPath().get("message"), "Correct error message is returned")
     }
 
-    @Ignore //TARA2-165
+    //TODO: AUT-630
     @Unroll
     @Feature("EIDAS_AUTH_INIT_ENDPOINT")
     def "initialize Eidas authentication with invalid method get"() {
@@ -87,9 +86,9 @@ class EidasAuthSpec extends TaraSpecification {
                 cookiesMap,
                 paramsMap,
                 Collections.emptyMap())
-        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertEquals(500, response.statusCode(), "Correct HTTP status code is returned")
         assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
-        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Request method 'GET' not supported"))
+        assertThat(response.body().jsonPath().get("message").toString(), equalTo("Autentimine ebaõnnestus teenuse tehnilise vea tõttu. Palun proovige mõne aja pärast uuesti."))
     }
 
     @Unroll