From ed170e934703b541497df8956f79661d08f524c9 Mon Sep 17 00:00:00 2001 From: Neha2365 <110969715+Neha2365@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:49:50 +0530 Subject: [PATCH] Mosip 30687 otp controller changes and Mosip 31314 otp validation security fix (#1188) * MOSIP-30687 partner data changed Signed-off-by: Neha Farheen * MOSIP-30687 partner data changed Signed-off-by: Neha Farheen * MOSIP-30687 changes done for ondemand Signed-off-by: Neha Farheen * MOSIP-30687 changes done for exception Signed-off-by: Neha Farheen * Changes in error message Signed-off-by: Neha Farheen * Changes in error message Signed-off-by: Neha Farheen * REmoved the error message related changes Signed-off-by: Neha Farheen * MOSIP-31517 On demand changes error message removal Signed-off-by: Neha Farheen * Changes done Signed-off-by: Neha Farheen * otp controller changes Signed-off-by: Neha Farheen * OTP repo changes Signed-off-by: Neha Farheen * OTP repo changes Signed-off-by: Neha Farheen --------- Signed-off-by: Neha Farheen Co-authored-by: Neha Farheen Co-authored-by: 61092365 <61092365@DPQ7NM3> --- .../service/integration/OTPManager.java | 4 +- .../service/repository/OtpTxnRepository.java | 4 +- .../service/integration/OTPManagerTest.java | 52 +++++++++---------- .../otp/service/controller/OTPController.java | 3 +- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java index 3508889e87a..8da66c8f2cb 100644 --- a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java +++ b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java @@ -105,7 +105,7 @@ public boolean sendOtp(OtpRequestDTO otpRequestDTO, String idvid, String idvidTy throws IdAuthenticationBusinessException { String refIdHash = securityManager.hash(idvid); - Optional otpEntityOpt = otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES); + Optional otpEntityOpt = otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES); if(otpEntityOpt.isPresent()) { OtpTransaction otpEntity = otpEntityOpt.get(); @@ -210,7 +210,7 @@ private String generateOTP(String uin) throws IdAuthUncheckedException { */ public boolean validateOtp(String pinValue, String otpKey, String individualId) throws IdAuthenticationBusinessException { String refIdHash = securityManager.hash(individualId); - Optional otpEntityOpt = otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES); + Optional otpEntityOpt = otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(refIdHash, QUERIED_STATUS_CODES); if (otpEntityOpt.isEmpty()) { throw new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.OTP_REQUEST_REQUIRED); diff --git a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/repository/OtpTxnRepository.java b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/repository/OtpTxnRepository.java index 49792bdbc94..390da32c83b 100644 --- a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/repository/OtpTxnRepository.java +++ b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/repository/OtpTxnRepository.java @@ -14,11 +14,11 @@ public interface OtpTxnRepository extends BaseRepository { /** - * Find first element by ref_id ordered by generated_dtimes in descending order. + * Find first element by ref_id ordered by generated_dtimes in descending order and for the given status codes. * * @param refIdHash the ref id hash * @return the optional */ - Optional findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(String refIdHash, List statusCodes); + Optional findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(String refIdHash, List statusCodes); } diff --git a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/integration/OTPManagerTest.java b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/integration/OTPManagerTest.java index 21272227a00..f679e354765 100644 --- a/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/integration/OTPManagerTest.java +++ b/authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/integration/OTPManagerTest.java @@ -168,7 +168,7 @@ public void sendOtpTest_frozen_within30mins() throws RestServiceException, IdAut OtpTransaction entity = new OtpTransaction(); entity.setStatusCode(IdAuthCommonConstants.FROZEN); entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(30, ChronoUnit.MINUTES)); - when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); + when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); try { otpManager.sendOtp(otpRequestDTO, "426789089018", "UIN", valueMap, templateLanguages); } catch(IdAuthenticationBusinessException ex) { @@ -196,7 +196,7 @@ public void sendOtpTest_frozen_In31mins() throws RestServiceException, IdAuthent OtpTransaction entity = new OtpTransaction(); entity.setStatusCode(IdAuthCommonConstants.FROZEN); entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES)); - when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); + when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); try { when(otpRepo.save(Mockito.any())).thenAnswer(invocation -> { assertEquals(IdAuthCommonConstants.ACTIVE_STATUS, ((OtpTransaction)invocation.getArguments()[0]).getStatusCode()); @@ -228,7 +228,7 @@ public void sendOtpTest_USED_entry() throws RestServiceException, IdAuthenticati OtpTransaction entity = new OtpTransaction(); entity.setStatusCode(IdAuthCommonConstants.USED_STATUS); entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES)); - when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); + when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); try { when(otpRepo.save(Mockito.any())).thenAnswer(invocation -> { assertEquals(IdAuthCommonConstants.ACTIVE_STATUS, ((OtpTransaction)invocation.getArguments()[0]).getStatusCode()); @@ -260,7 +260,7 @@ public void sendOtpTest_frozen_within25mins() throws RestServiceException, IdAut OtpTransaction entity = new OtpTransaction(); entity.setStatusCode(IdAuthCommonConstants.FROZEN); entity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(25, ChronoUnit.MINUTES)); - when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); + when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(entity)); try { otpManager.sendOtp(otpRequestDTO, "426789089018", "UIN", valueMap, templateLanguages); } catch(IdAuthenticationBusinessException ex) { @@ -543,7 +543,7 @@ public void TestOtpAuthFailure() otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); boolean expactedOTP = otpManager.validateOtp("Test123", "123456", "426789089018"); assertFalse(expactedOTP); @@ -765,7 +765,7 @@ public void TestInvalidAttemptWith_UsedEntity() otpEntity.setStatusCode(IdAuthCommonConstants.USED_STATUS); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -786,7 +786,7 @@ public void TestInvalidAttemptWith_nullUpdateCount() otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -812,7 +812,7 @@ public void TestInvalidAttemptWith_1UpdateCount() otpEntity.setValidationRetryCount(1); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -838,7 +838,7 @@ public void TestInvalidAttemptWith_4UpdateCount() otpEntity.setValidationRetryCount(4); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -865,7 +865,7 @@ public void TestInvalidAttemptWith_FrozenStatus() otpEntity.setValidationRetryCount(5); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -893,7 +893,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin25Mins() otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(25, ChronoUnit.MINUTES)); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -921,7 +921,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin29Mins() otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(29, ChronoUnit.MINUTES)); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -949,7 +949,7 @@ public void TestInvalidAttemptWith_FrozenStatusWithin31Mins() otpEntity.setUpdDTimes(DateUtils.getUTCCurrentDateTime().minus(31, ChronoUnit.MINUTES)); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -975,7 +975,7 @@ public void TestValidAttemptWith_nullUpdateCount() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1001,7 +1001,7 @@ public void TestValidAttemptWith_1UpdateCount() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1027,7 +1027,7 @@ public void TestValidAttemptWith_4UpdateCount() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { boolean result = otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1054,7 +1054,7 @@ public void TestValidAttemptWith_FrozenStatus() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1083,7 +1083,7 @@ public void TestValidAttemptWith_FrozenStatusWithin25Mins() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1112,7 +1112,7 @@ public void TestValidAttemptWith_FrozenStatusWithin29Mins() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1141,7 +1141,7 @@ public void TestValidAttemptWith_FrozenStatusWithin31Mins() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().plus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1168,7 +1168,7 @@ public void TestValidAttemptWith_FrozenStatusWithin31Mins_expiredOtp() otpEntity.setOtpHash("313233343536234B45595F53504C49545445522354657374313233"); otpEntity.setExpiryDtimes(DateUtils.getUTCCurrentDateTime().minus(1, ChronoUnit.MINUTES)); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1201,7 +1201,7 @@ public void TestThrowOtpException_UINLocked() otpEntity.setOtpHash("otphash"); otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1229,7 +1229,7 @@ public void TestThrowOtpException_OtpExpired() throws RestServiceException, IdAu otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); @@ -1257,7 +1257,7 @@ public void TestThrowOtpException_ValidationUnsuccessful() otpEntity.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntity.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntity )); try { otpManager.validateOtp("Test123", "123456", "426789089018"); } catch (IdAuthenticationBusinessException ex) { @@ -1284,7 +1284,7 @@ public void TestThrowOtpException_OtpPresent_Expired() Mockito.when(securityManager.hash(Mockito.anyString())).thenReturn("hash"); otpEntry.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntry.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry)); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry)); try { otpManager.validateOtp("Test123", "123456", "426789089018"); } catch (IdAuthenticationBusinessException ex) { @@ -1311,7 +1311,7 @@ public void TestThrowOtpException_OtpPresent_NotExpired_Valid() Mockito.when(securityManager.hash(Mockito.anyString())).thenReturn("hash"); otpEntry.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS); otpEntry.setOtpHash("otphash"); - Mockito.when(otpRepo.findFirstByRefIdInStatusCodesOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry)); + Mockito.when(otpRepo.findFirstByRefIdAndStatusCodeInOrderByGeneratedDtimesDesc(Mockito.anyString(), Mockito.anyList())).thenReturn(Optional.of(otpEntry)); try { otpManager.validateOtp("Test123", "123456", "426789089018"); } catch (IdAuthenticationBusinessException ex) { diff --git a/authentication/authentication-otp-service/src/main/java/io/mosip/authentication/otp/service/controller/OTPController.java b/authentication/authentication-otp-service/src/main/java/io/mosip/authentication/otp/service/controller/OTPController.java index b0cb871ab94..847aca099f3 100644 --- a/authentication/authentication-otp-service/src/main/java/io/mosip/authentication/otp/service/controller/OTPController.java +++ b/authentication/authentication-otp-service/src/main/java/io/mosip/authentication/otp/service/controller/OTPController.java @@ -134,8 +134,9 @@ public OtpResponseDTO generateOTP(@Valid @RequestBody OtpRequestDTO otpRequestDt Optional partner = partnerService.getPartner(partnerId, otpRequestDto.getMetadata()); AuthTransactionBuilder authTxnBuilder = authTransactionHelper .createAndSetAuthTxnBuilderMetadataToRequest(otpRequestDto, !isPartnerReq, partner); - String idvidHash = securityManager.hash(otpRequestDto.getIndividualId()); + try { + String idvidHash = securityManager.hash(otpRequestDto.getIndividualId()); String idType = Objects.nonNull(otpRequestDto.getIndividualIdType()) ? otpRequestDto.getIndividualIdType() : idTypeUtil.getIdType(otpRequestDto.getIndividualId()).getType(); otpRequestDto.setIndividualIdType(idType);