Skip to content

Commit

Permalink
Merge pull request #1072 from LoganathanSekar7627/PSA-171-IDA-allow-a…
Browse files Browse the repository at this point in the history
…ny-one-channel-fix-release-1.2.0.1-B5

PSA-171 Fix to have case insensitive check for channel attribute
mahammedtaheer authored Aug 24, 2023
2 parents 1caf8d3 + 96fbe42 commit 301d42d
Showing 2 changed files with 207 additions and 6 deletions.
Original file line number Diff line number Diff line change
@@ -51,6 +51,7 @@
import io.mosip.kernel.core.exception.ParseException;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.core.util.StringUtils;

/**
* Service implementation of OtpTriggerService.
@@ -165,17 +166,21 @@ public OtpResponseDTO generateOtp(OtpRequestDTO otpRequestDto, String partnerId,

private void validateAllowedOtpChannles(String token, List<String> otpChannel) throws IdAuthenticationFilterException {

if(otpChannel.stream().anyMatch(channel -> OTP.equalsIgnoreCase(channel))) {
if(containsChannel(otpChannel, OTP)) {
checkAuthLock(token, OTP);
}
else if(otpChannel.stream().anyMatch(channel -> PHONE.equalsIgnoreCase(channel))) {
else if(containsChannel(otpChannel, PHONE)) {
checkAuthLock(token, OTP_SMS);
}
else if(otpChannel.stream().anyMatch(channel -> EMAIL.equalsIgnoreCase(channel))) {
else if(containsChannel(otpChannel, EMAIL)) {
checkAuthLock(token, OTP_EMAIL);
}
}

private static boolean containsChannel(List<String> otpChannel, String channel) {
return otpChannel.stream().anyMatch(channelItem -> channel.equalsIgnoreCase(channelItem));
}

private void checkAuthLock(String token, String authTypeCode) throws IdAuthenticationFilterException {
List<AuthtypeLock> authTypeLocks = authLockRepository.findByTokenAndAuthtypecode(token, authTypeCode);
for(AuthtypeLock authtypeLock : authTypeLocks) {
@@ -225,21 +230,21 @@ private OtpResponseDTO doGenerateOTP(OtpRequestDTO otpRequestDto, String partner
valueMap.put(IdAuthCommonConstants.EMAIL, email);

List<String> otpChannel = otpRequestDto.getOtpChannel();
if ((phoneNumber == null || phoneNumber.isEmpty()) && otpChannel.contains(PHONE) && !otpChannel.contains(EMAIL)) {
if (StringUtils.isBlank(phoneNumber) && containsChannel(otpChannel, PHONE) && !containsChannel(otpChannel, EMAIL)) {
throw new IdAuthenticationBusinessException(
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(),
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage()
+ ". Phone Number is not found in identity data.");
}

if ((email == null || email.isEmpty()) && otpChannel.contains(EMAIL) && !otpChannel.contains(PHONE)) {
if (StringUtils.isBlank(email) && containsChannel(otpChannel, EMAIL) && !containsChannel(otpChannel, PHONE)) {
throw new IdAuthenticationBusinessException(
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(),
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage()
+ ". Email ID is not found in identity data.");
}

if((phoneNumber == null || phoneNumber.isEmpty()) && (email == null || email.isEmpty()) && (otpChannel.contains(PHONE) && otpChannel.contains(EMAIL))) {
if(StringUtils.isBlank(phoneNumber) && StringUtils.isBlank(email) && (containsChannel(otpChannel, PHONE) && containsChannel(otpChannel, EMAIL))) {
throw new IdAuthenticationBusinessException(
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(),
IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage()
Original file line number Diff line number Diff line change
@@ -408,6 +408,202 @@ public void TestPhoneorEmailisNull_both_channels_provided() throws IdAuthenticat
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Both Phone Number and Email ID are not found in identity data.", ex.getErrorText());
}
}


@SuppressWarnings("rawtypes")
@Test
public void TestPhonenumberisNull_Phone_Channel_Alone_lowercase() throws IdAuthenticationBusinessException, RestServiceException {
OtpRequestDTO otpRequestDto = new OtpRequestDTO();
otpRequestDto.setId("id");
otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date()));
otpRequestDto.setTransactionID("1234567890");
List<String> channelList = List.of("phone");
otpRequestDto.setOtpChannel(channelList);
otpRequestDto.setIndividualId("2345678901234");
otpRequestDto.setIndividualIdType(IdType.UIN.getType());
otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30");
Map<String, Object> valueMap = new HashMap<>();
Map<String, Object> idInfo = new HashMap<>();
idInfo.put("email", "abc@test.com");
valueMap.put("response", idInfo);
Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234");
Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1);
Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344");
Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user");
RestRequestDTO value = getRestDto();
Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value);
ResponseWrapper<Map> response = new ResponseWrapper<>();
Map<String, Object> map = new HashMap<>();
map.put("otp", "123456");
response.setResponse(map);
Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response);
Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any())).thenReturn(true);
try {
otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata());
Assert.fail();
}
catch(IdAuthenticationBusinessException ex) {
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode());
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Phone Number is not found in identity data.", ex.getErrorText());
}
}

@SuppressWarnings("rawtypes")
@Test
public void TestPhonenumberisNull_bothChannels_lowercase() throws IdAuthenticationBusinessException, RestServiceException {
OtpRequestDTO otpRequestDto = new OtpRequestDTO();
otpRequestDto.setId("id");
otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date()));
otpRequestDto.setTransactionID("1234567890");
List<String> channelList = List.of("phone", "email");
otpRequestDto.setOtpChannel(channelList);
otpRequestDto.setIndividualId("2345678901234");
otpRequestDto.setIndividualIdType(IdType.UIN.getType());
otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30");
Map<String, Object> valueMap = new HashMap<>();
Map<String, Object> idInfo = new HashMap<>();
idInfo.put("email", "abc@test.com");
valueMap.put("response", idInfo);
Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234");
Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1);
Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344");
Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user");
RestRequestDTO value = getRestDto();
Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value);
ResponseWrapper<Map> response = new ResponseWrapper<>();
Map<String, Object> map = new HashMap<>();
map.put("otp", "123456");
response.setResponse(map);
Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response);
Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any())).thenReturn(true);
otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata());
}

@SuppressWarnings("rawtypes")
@Test
public void TestEmailIdisNull_Email_Channel_Alone_lowercase() throws IdAuthenticationBusinessException, RestServiceException {
OtpRequestDTO otpRequestDto = new OtpRequestDTO();
otpRequestDto.setId("id");
otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date()));
otpRequestDto.setTransactionID("1234567890");
List<String> channelList = List.of("email");
otpRequestDto.setOtpChannel(channelList);
otpRequestDto.setIndividualId("2345678901234");
otpRequestDto.setIndividualIdType(IdType.UIN.getType());
otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30");
Map<String, Object> valueMap = new HashMap<>();
Map<String, Object> idInfo = new HashMap<>();
idInfo.put("phone", "9292292934");
valueMap.put("response", idInfo);
Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234");
Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1);
Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344");
Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user");
RestRequestDTO value = getRestDto();
Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value);
ResponseWrapper<Map> response = new ResponseWrapper<>();
Map<String, Object> map = new HashMap<>();
map.put("otp", "123456");
response.setResponse(map);
Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response);
Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any())).thenReturn(true);
try {
otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata());
Assert.fail();
}
catch(IdAuthenticationBusinessException ex) {
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode());
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Email ID is not found in identity data.", ex.getErrorText());
}
}

@SuppressWarnings("rawtypes")
@Test
public void TestEmailIdisNull_bothChannels_lowercase() throws IdAuthenticationBusinessException, RestServiceException {
OtpRequestDTO otpRequestDto = new OtpRequestDTO();
otpRequestDto.setId("id");
otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date()));
otpRequestDto.setTransactionID("1234567890");
List<String> channelList = List.of("phone", "email");
otpRequestDto.setOtpChannel(channelList);
otpRequestDto.setIndividualId("2345678901234");
otpRequestDto.setIndividualIdType(IdType.UIN.getType());
otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30");
Map<String, Object> valueMap = new HashMap<>();
Map<String, Object> idInfo = new HashMap<>();
idInfo.put("phone", "9384848384");
valueMap.put("response", idInfo);
Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234");
Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1);
Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344");
Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user");
RestRequestDTO value = getRestDto();
Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value);
ResponseWrapper<Map> response = new ResponseWrapper<>();
Map<String, Object> map = new HashMap<>();
map.put("otp", "123456");
response.setResponse(map);
Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response);
Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any())).thenReturn(true);
otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata());
}

@Test
public void TestPhoneorEmailisNull_both_channels_provided_lowercase() throws IdAuthenticationBusinessException, RestServiceException {
OtpRequestDTO otpRequestDto = new OtpRequestDTO();
otpRequestDto.setId("id");
otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date()));
otpRequestDto.setTransactionID("1234567890");
List<String> channelList = List.of("phone", "email");
otpRequestDto.setOtpChannel(channelList);
String individualId = "2345678901234";
otpRequestDto.setIndividualId(individualId);
otpRequestDto.setIndividualIdType(IdType.UIN.getType());
otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30");
Map<String, Object> valueMap = new HashMap<>();
Map<String, List<IdentityInfoDTO>> idInfo = new HashMap<>();
valueMap.put("response", idInfo);
Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn(individualId);
Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1);
RestRequestDTO value = getRestDto();
Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value);
ResponseWrapper<OtpGeneratorResponseDto> response = new ResponseWrapper<>();
List<ServiceError> errors = new ArrayList<>();
ServiceError serviceError = new ServiceError();
serviceError.setErrorCode(OtpErrorConstants.EMAILPHONENOTREGISTERED.getErrorCode());
serviceError.setMessage(OtpErrorConstants.EMAILPHONENOTREGISTERED.getErrorMessage());
errors.add(serviceError);
response.setErrors(errors);

Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet()))
.thenReturn(valueMap);
Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344");
Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user");

Mockito.when(restHelper.requestSync(Mockito.any())).thenThrow(new RestServiceException(
IdRepoErrorConstants.CLIENT_ERROR, response.toString(), response));
try {
otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata());
Assert.fail();
} catch (IdAuthenticationBusinessException ex) {
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode());
assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Both Phone Number and Email ID are not found in identity data.", ex.getErrorText());
}
}

@Test(expected = IdAuthenticationBusinessException.class)
public void TestOtpFloodException() throws IdAuthenticationBusinessException {

0 comments on commit 301d42d

Please sign in to comment.