Mosip 30687 otp controller changes and Mosip 31314 otp validation sec…

…urity fix (#1188)

* MOSIP-30687 partner data changed

Signed-off-by: Neha Farheen <[email protected]>

* MOSIP-30687 partner data changed

Signed-off-by: Neha Farheen <[email protected]>

* MOSIP-30687 changes done for ondemand

Signed-off-by: Neha Farheen <[email protected]>

* MOSIP-30687 changes done  for exception

Signed-off-by: Neha Farheen <[email protected]>

* Changes in error message

Signed-off-by: Neha Farheen <[email protected]>

* Changes in error message

Signed-off-by: Neha Farheen <[email protected]>

* REmoved the error message related changes

Signed-off-by: Neha Farheen <[email protected]>

* MOSIP-31517 On demand changes error message removal

Signed-off-by: Neha Farheen <[email protected]>

* Changes done

Signed-off-by: Neha Farheen <[email protected]>

* otp controller changes

Signed-off-by: Neha Farheen <[email protected]>

* OTP repo changes

Signed-off-by: Neha Farheen <[email protected]>

* OTP repo changes

Signed-off-by: Neha Farheen <[email protected]>

---------

Signed-off-by: Neha Farheen <[email protected]>
Co-authored-by: Neha Farheen <[email protected]>
Co-authored-by: 61092365 <61092365@DPQ7NM3>

authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java

@@ -105,7 +105,7 @@ public boolean sendOtp(OtpRequestDTO otpRequestDTO, String idvid, String idvidTy
 			throws IdAuthenticationBusinessException {
 
 		String refIdHash = securityManager.hash(idvid);
-		Optional<OtpTransaction> otpEntityOpt = otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES);
+		Optional<OtpTransaction> otpEntityOpt = otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES);
 
 		if(otpEntityOpt.isPresent()) {
 			OtpTransaction otpEntity = otpEntityOpt.get();
@@ -210,7 +210,7 @@ private String generateOTP(String uin) throws IdAuthUncheckedException {
 	 */
 	public boolean validateOtp(String pinValue, String otpKey, String individualId) throws IdAuthenticationBusinessException {
 		String refIdHash = securityManager.hash(individualId);
-		Optional<OtpTransaction> otpEntityOpt = otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES);
+		Optional<OtpTransaction> otpEntityOpt = otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES);
 
 		if (otpEntityOpt.isEmpty()) {
 			throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.OTP_REQUEST_REQUIRED);

authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/repository/OtpTxnRepository.java

@@ -14,11 +14,11 @@
 public interface OtpTxnRepository extends BaseRepository<OtpTransaction, String> {
 
 	/**
-	 * Find first element by ref_id ordered by generated_dtimes in descending order.
+	 * Find first element by ref_id ordered by generated_dtimes in descending order and for the given status codes.
 	 *
 	 * @param refIdHash the ref id hash
 	 * @return the optional
 	 */
-	Optional<OtpTransaction> findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(String refIdHash, List<String> statusCodes);
+	Optional<OtpTransaction> findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(String refIdHash, List<String> statusCodes);
 
 }

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/integration/OTPManagerTest.java

@@ -168,7 +168,7 @@ public void sendOtpTest_frozen_within30mins() throws RestServiceException, IdAut
 		OtpTransaction entity = new OtpTransaction();
 		entity.setStatusCode(IdAuthCommonConstants.FROZEN);
 		entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(30, ChronoUnit.MINUTES));
-		when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
+		when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
 		try {
 			otpManager.sendOtp(otpRequestDTO, "426789089018", "UIN", valueMap, templateLanguages);
 		} catch(IdAuthenticationBusinessException ex) {
@@ -196,7 +196,7 @@ public void sendOtpTest_frozen_In31mins() throws RestServiceException, IdAuthent
 		OtpTransaction entity = new OtpTransaction();
 		entity.setStatusCode(IdAuthCommonConstants.FROZEN);
 		entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES));
-		when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
+		when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
 		try {
 			when(otpRepo.save(Mockito.any())).thenAnswer(invocation -> {
 				assertEquals(IdAuthCommonConstants.ACTIVE_STATUS, ((OtpTransaction)invocation.getArguments()[0]).getStatusCode());
@@ -228,7 +228,7 @@ public void sendOtpTest_USED_entry() throws RestServiceException, IdAuthenticati
 		OtpTransaction entity = new OtpTransaction();
 		entity.setStatusCode(IdAuthCommonConstants.USED_STATUS);
 		entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES));
-		when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
+		when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
 		try {
 			when(otpRepo.save(Mockito.any())).thenAnswer(invocation -> {
 				assertEquals(IdAuthCommonConstants.ACTIVE_STATUS, ((OtpTransaction)invocation.getArguments()[0]).getStatusCode());
@@ -260,7 +260,7 @@ public void sendOtpTest_frozen_within25mins() throws RestServiceException, IdAut
 		OtpTransaction entity = new OtpTransaction();
 		entity.setStatusCode(IdAuthCommonConstants.FROZEN);
 		entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(25, ChronoUnit.MINUTES));
-		when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
+		when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity));
 		try {
 			otpManager.sendOtp(otpRequestDTO, "426789089018", "UIN", valueMap, templateLanguages);
 		} catch(IdAuthenticationBusinessException ex) {
@@ -543,7 +543,7 @@ public void TestOtpAuthFailure()
 		otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		boolean expactedOTP = otpManager.validateOtp("Test123", "123456", "426789089018");
 		assertFalse(expactedOTP);
@@ -765,7 +765,7 @@ public void TestInvalidAttemptWith_UsedEntity()
 		otpEntity.setStatusCode(IdAuthCommonConstants.USED_STATUS);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -786,7 +786,7 @@ public void TestInvalidAttemptWith_nullUpdateCount()
 		otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -812,7 +812,7 @@ public void TestInvalidAttemptWith_1UpdateCount()
 		otpEntity.setValidationRetryCount(1);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -838,7 +838,7 @@ public void TestInvalidAttemptWith_4UpdateCount()
 		otpEntity.setValidationRetryCount(4);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -865,7 +865,7 @@ public void TestInvalidAttemptWith_FrozenStatus()
 		otpEntity.setValidationRetryCount(5);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -893,7 +893,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin25Mins()
 		otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(25, ChronoUnit.MINUTES));
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -921,7 +921,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin29Mins()
 		otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(29, ChronoUnit.MINUTES));
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -949,7 +949,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin31Mins()
 		otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES));
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -975,7 +975,7 @@ public void TestValidAttemptWith_nullUpdateCount()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1001,7 +1001,7 @@ public void TestValidAttemptWith_1UpdateCount()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1027,7 +1027,7 @@ public void TestValidAttemptWith_4UpdateCount()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			boolean result = otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1054,7 +1054,7 @@ public void TestValidAttemptWith_FrozenStatus()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1083,7 +1083,7 @@ public void TestValidAttemptWith_FrozenStatusWithin25Mins()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1112,7 +1112,7 @@ public void TestValidAttemptWith_FrozenStatusWithin29Mins()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1141,7 +1141,7 @@ public void TestValidAttemptWith_FrozenStatusWithin31Mins()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1168,7 +1168,7 @@ public void TestValidAttemptWith_FrozenStatusWithin31Mins_expiredOtp()
 		otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233");
 		otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().minus(1, ChronoUnit.MINUTES));
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1201,7 +1201,7 @@ public void TestThrowOtpException_UINLocked()
 		otpEntity.setOtpHash("otphash");
 		otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1229,7 +1229,7 @@ public void TestThrowOtpException_OtpExpired() throws RestServiceException, IdAu
 		otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
@@ -1257,7 +1257,7 @@ public void TestThrowOtpException_ValidationUnsuccessful()
 		otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntity.setOtpHash("otphash");
 
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity ));
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
 		} catch (IdAuthenticationBusinessException ex) {
@@ -1284,7 +1284,7 @@ public void TestThrowOtpException_OtpPresent_Expired()
 		Mockito.when(securityManager.hash(Mockito.anyString())).thenReturn("hash");
 		otpEntry.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntry.setOtpHash("otphash");
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry));
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
 		} catch (IdAuthenticationBusinessException ex) {
@@ -1311,7 +1311,7 @@ public void TestThrowOtpException_OtpPresent_NotExpired_Valid()
 		Mockito.when(securityManager.hash(Mockito.anyString())).thenReturn("hash");
 		otpEntry.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
 		otpEntry.setOtpHash("otphash");
-		Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry));
+		Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry));
 		try {
 			otpManager.validateOtp("Test123", "123456", "426789089018");
 		} catch (IdAuthenticationBusinessException ex) {

authentication/authentication-otp-service/src/main/java/io/mosip/authentication/otp/service/controller/OTPController.java

@@ -134,8 +134,9 @@ public OtpResponseDTO generateOTP(@Valid @RequestBody OtpRequestDTO otpRequestDt
 			Optional<PartnerDTO> partner = partnerService.getPartner(partnerId, otpRequestDto.getMetadata());
 			AuthTransactionBuilder authTxnBuilder = authTransactionHelper
 					.createAndSetAuthTxnBuilderMetadataToRequest(otpRequestDto, !isPartnerReq, partner);
-			String idvidHash = securityManager.hash(otpRequestDto.getIndividualId());
+
 			try {
+				String idvidHash = securityManager.hash(otpRequestDto.getIndividualId());
 				String idType = Objects.nonNull(otpRequestDto.getIndividualIdType()) ? otpRequestDto.getIndividualIdType()
 						: idTypeUtil.getIdType(otpRequestDto.getIndividualId()).getType();
 				otpRequestDto.setIndividualIdType(idType);