From 96fbe42750453c23384f4c02e5acfe61f80f7e16 Mon Sep 17 00:00:00 2001 From: Loganathan Sekar Date: Thu, 24 Aug 2023 19:19:46 +0530 Subject: [PATCH] Fix to have case insensitive check for channel attribute --- .../common/service/impl/OTPServiceImpl.java | 17 +- .../service/impl/OTPServiceImplTest.java | 196 ++++++++++++++++++ 2 files changed, 207 insertions(+), 6 deletions(-) diff --git a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/OTPServiceImpl.java b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/OTPServiceImpl.java index 69c057eda35..57fc40ffed2 100644 --- a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/OTPServiceImpl.java +++ b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/impl/OTPServiceImpl.java @@ -51,6 +51,7 @@ import io.mosip.kernel.core.exception.ParseException; import io.mosip.kernel.core.logger.spi.Logger; import io.mosip.kernel.core.util.DateUtils; +import io.mosip.kernel.core.util.StringUtils; /** * Service implementation of OtpTriggerService. @@ -165,17 +166,21 @@ public OtpResponseDTO generateOtp(OtpRequestDTO otpRequestDto, String partnerId, private void validateAllowedOtpChannles(String token, List otpChannel) throws IdAuthenticationFilterException { - if(otpChannel.stream().anyMatch(channel -> OTP.equalsIgnoreCase(channel))) { + if(containsChannel(otpChannel, OTP)) { checkAuthLock(token, OTP); } - else if(otpChannel.stream().anyMatch(channel -> PHONE.equalsIgnoreCase(channel))) { + else if(containsChannel(otpChannel, PHONE)) { checkAuthLock(token, OTP_SMS); } - else if(otpChannel.stream().anyMatch(channel -> EMAIL.equalsIgnoreCase(channel))) { + else if(containsChannel(otpChannel, EMAIL)) { checkAuthLock(token, OTP_EMAIL); } } + private static boolean containsChannel(List otpChannel, String channel) { + return otpChannel.stream().anyMatch(channelItem -> channel.equalsIgnoreCase(channelItem)); + } + private void checkAuthLock(String token, String authTypeCode) throws IdAuthenticationFilterException { List authTypeLocks = authLockRepository.findByTokenAndAuthtypecode(token, authTypeCode); for(AuthtypeLock authtypeLock : authTypeLocks) { @@ -225,21 +230,21 @@ private OtpResponseDTO doGenerateOTP(OtpRequestDTO otpRequestDto, String partner valueMap.put(IdAuthCommonConstants.EMAIL, email); List otpChannel = otpRequestDto.getOtpChannel(); - if ((phoneNumber == null || phoneNumber.isEmpty()) && otpChannel.contains(PHONE) && !otpChannel.contains(EMAIL)) { + if (StringUtils.isBlank(phoneNumber) && containsChannel(otpChannel, PHONE) && !containsChannel(otpChannel, EMAIL)) { throw new IdAuthenticationBusinessException( IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Phone Number is not found in identity data."); } - if ((email == null || email.isEmpty()) && otpChannel.contains(EMAIL) && !otpChannel.contains(PHONE)) { + if (StringUtils.isBlank(email) && containsChannel(otpChannel, EMAIL) && !containsChannel(otpChannel, PHONE)) { throw new IdAuthenticationBusinessException( IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Email ID is not found in identity data."); } - if((phoneNumber == null || phoneNumber.isEmpty()) && (email == null || email.isEmpty()) && (otpChannel.contains(PHONE) && otpChannel.contains(EMAIL))) { + if(StringUtils.isBlank(phoneNumber) && StringUtils.isBlank(email) && (containsChannel(otpChannel, PHONE) && containsChannel(otpChannel, EMAIL))) { throw new IdAuthenticationBusinessException( IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() diff --git a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/impl/OTPServiceImplTest.java b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/impl/OTPServiceImplTest.java index ceba1209f56..6fd9a568fa2 100644 --- a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/impl/OTPServiceImplTest.java +++ b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/impl/OTPServiceImplTest.java @@ -408,6 +408,202 @@ public void TestPhoneorEmailisNull_both_channels_provided() throws IdAuthenticat assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Both Phone Number and Email ID are not found in identity data.", ex.getErrorText()); } } + + + @SuppressWarnings("rawtypes") + @Test + public void TestPhonenumberisNull_Phone_Channel_Alone_lowercase() throws IdAuthenticationBusinessException, RestServiceException { + OtpRequestDTO otpRequestDto = new OtpRequestDTO(); + otpRequestDto.setId("id"); + otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date())); + otpRequestDto.setTransactionID("1234567890"); + List channelList = List.of("phone"); + otpRequestDto.setOtpChannel(channelList); + otpRequestDto.setIndividualId("2345678901234"); + otpRequestDto.setIndividualIdType(IdType.UIN.getType()); + otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30"); + Map valueMap = new HashMap<>(); + Map idInfo = new HashMap<>(); + idInfo.put("email", "abc@test.com"); + valueMap.put("response", idInfo); + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234"); + Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1); + Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344"); + Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user"); + RestRequestDTO value = getRestDto(); + Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value); + ResponseWrapper response = new ResponseWrapper<>(); + Map map = new HashMap<>(); + map.put("otp", "123456"); + response.setResponse(map); + Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response); + Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), + Mockito.any())).thenReturn(true); + try { + otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata()); + Assert.fail(); + } + catch(IdAuthenticationBusinessException ex) { + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode()); + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Phone Number is not found in identity data.", ex.getErrorText()); + } + } + + @SuppressWarnings("rawtypes") + @Test + public void TestPhonenumberisNull_bothChannels_lowercase() throws IdAuthenticationBusinessException, RestServiceException { + OtpRequestDTO otpRequestDto = new OtpRequestDTO(); + otpRequestDto.setId("id"); + otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date())); + otpRequestDto.setTransactionID("1234567890"); + List channelList = List.of("phone", "email"); + otpRequestDto.setOtpChannel(channelList); + otpRequestDto.setIndividualId("2345678901234"); + otpRequestDto.setIndividualIdType(IdType.UIN.getType()); + otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30"); + Map valueMap = new HashMap<>(); + Map idInfo = new HashMap<>(); + idInfo.put("email", "abc@test.com"); + valueMap.put("response", idInfo); + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234"); + Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1); + Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344"); + Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user"); + RestRequestDTO value = getRestDto(); + Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value); + ResponseWrapper response = new ResponseWrapper<>(); + Map map = new HashMap<>(); + map.put("otp", "123456"); + response.setResponse(map); + Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response); + Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), + Mockito.any())).thenReturn(true); + otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata()); + } + + @SuppressWarnings("rawtypes") + @Test + public void TestEmailIdisNull_Email_Channel_Alone_lowercase() throws IdAuthenticationBusinessException, RestServiceException { + OtpRequestDTO otpRequestDto = new OtpRequestDTO(); + otpRequestDto.setId("id"); + otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date())); + otpRequestDto.setTransactionID("1234567890"); + List channelList = List.of("email"); + otpRequestDto.setOtpChannel(channelList); + otpRequestDto.setIndividualId("2345678901234"); + otpRequestDto.setIndividualIdType(IdType.UIN.getType()); + otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30"); + Map valueMap = new HashMap<>(); + Map idInfo = new HashMap<>(); + idInfo.put("phone", "9292292934"); + valueMap.put("response", idInfo); + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234"); + Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1); + Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344"); + Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user"); + RestRequestDTO value = getRestDto(); + Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value); + ResponseWrapper response = new ResponseWrapper<>(); + Map map = new HashMap<>(); + map.put("otp", "123456"); + response.setResponse(map); + Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response); + Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), + Mockito.any())).thenReturn(true); + try { + otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata()); + Assert.fail(); + } + catch(IdAuthenticationBusinessException ex) { + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode()); + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Email ID is not found in identity data.", ex.getErrorText()); + } + } + + @SuppressWarnings("rawtypes") + @Test + public void TestEmailIdisNull_bothChannels_lowercase() throws IdAuthenticationBusinessException, RestServiceException { + OtpRequestDTO otpRequestDto = new OtpRequestDTO(); + otpRequestDto.setId("id"); + otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date())); + otpRequestDto.setTransactionID("1234567890"); + List channelList = List.of("phone", "email"); + otpRequestDto.setOtpChannel(channelList); + otpRequestDto.setIndividualId("2345678901234"); + otpRequestDto.setIndividualIdType(IdType.UIN.getType()); + otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30"); + Map valueMap = new HashMap<>(); + Map idInfo = new HashMap<>(); + idInfo.put("phone", "9384848384"); + valueMap.put("response", idInfo); + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn("2345678901234"); + Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1); + Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344"); + Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user"); + RestRequestDTO value = getRestDto(); + Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value); + ResponseWrapper response = new ResponseWrapper<>(); + Map map = new HashMap<>(); + map.put("otp", "123456"); + response.setResponse(map); + Mockito.when(restHelper.requestSync(Mockito.any())).thenReturn(response); + Mockito.when(otpManager.sendOtp(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), + Mockito.any())).thenReturn(true); + otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata()); + } + + @Test + public void TestPhoneorEmailisNull_both_channels_provided_lowercase() throws IdAuthenticationBusinessException, RestServiceException { + OtpRequestDTO otpRequestDto = new OtpRequestDTO(); + otpRequestDto.setId("id"); + otpRequestDto.setRequestTime(new SimpleDateFormat(EnvUtil.getDateTimePattern()).format(new Date())); + otpRequestDto.setTransactionID("1234567890"); + List channelList = List.of("phone", "email"); + otpRequestDto.setOtpChannel(channelList); + String individualId = "2345678901234"; + otpRequestDto.setIndividualId(individualId); + otpRequestDto.setIndividualIdType(IdType.UIN.getType()); + otpRequestDto.setRequestTime("2019-02-18T18:17:48.923+05:30"); + Map valueMap = new HashMap<>(); + Map> idInfo = new HashMap<>(); + valueMap.put("response", idInfo); + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(idAuthService.getToken(Mockito.any())).thenReturn(individualId); + Mockito.when(autntxnrepository.countRequestDTime(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(1); + RestRequestDTO value = getRestDto(); + Mockito.when(restRequestFactory.buildRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(value); + ResponseWrapper response = new ResponseWrapper<>(); + List errors = new ArrayList<>(); + ServiceError serviceError = new ServiceError(); + serviceError.setErrorCode(OtpErrorConstants.EMAILPHONENOTREGISTERED.getErrorCode()); + serviceError.setMessage(OtpErrorConstants.EMAILPHONENOTREGISTERED.getErrorMessage()); + errors.add(serviceError); + response.setErrors(errors); + + Mockito.when(idAuthService.processIdType(Mockito.any(), Mockito.any(), Mockito.anyBoolean(), Mockito.anyBoolean(), Mockito.anySet())) + .thenReturn(valueMap); + Mockito.when(uinHashSaltRepo.retrieveSaltById(Mockito.anyInt())).thenReturn("2344"); + Mockito.when(idAuthSecurityManager.getUser()).thenReturn("ida_app_user"); + + Mockito.when(restHelper.requestSync(Mockito.any())).thenThrow(new RestServiceException( + IdRepoErrorConstants.CLIENT_ERROR, response.toString(), response)); + try { + otpServiceImpl.generateOtp(otpRequestDto, "1234567890", new TestObjectWithMetadata()); + Assert.fail(); + } catch (IdAuthenticationBusinessException ex) { + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorCode(), ex.getErrorCode()); + assertEquals(IdAuthenticationErrorConstants.OTP_GENERATION_FAILED.getErrorMessage() + ". Both Phone Number and Email ID are not found in identity data.", ex.getErrorText()); + } + } @Test(expected = IdAuthenticationBusinessException.class) public void TestOtpFloodException() throws IdAuthenticationBusinessException {