Display invalid user input instead of terminating the process

Fixes #18
author: Christian Kollmann <christian.kollmann@a-sit.at> 2021-11-30 16:15:56 +0100
committer: Christian Kollmann <christian.kollmann@a-sit.at> 2021-12-01 09:30:06 +0100
commit: 6d1b4d942fdf1c6bcfd673149026cc0d2391064b (patch)
tree: 1892c3a94177ae7bfedf801b9537e57a25c2d882 /eidas_modules/authmodule-eIDAS-v2/src/main
parent: 17e4921691dd51705e110d0ec5a8635699c510b8 (diff)
download: National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.tar.gz
National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.tar.bz2
National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.zip
5 files changed, 30 insertions, 79 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
deleted file mode 100644
index c7df56d0..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright 2020 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
-
-public class InvalidUserInputException extends EidasSAuthenticationException {
-  private static final long serialVersionUID = 1L;
-
-  public InvalidUserInputException(String errorCode) {
-    super(errorCode, null);
-    
-  }
-
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
index b9a55df4..acf469d3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
@@ -35,7 +35,6 @@ import org.springframework.stereotype.Component;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
@@ -50,6 +49,9 @@ import lombok.Data;
 import lombok.NoArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK;
+
 
 /**
  * Task receives the response of {@link GenerateAustrianResidenceGuiTask} and handles it.
@@ -68,6 +70,7 @@ import lombok.extern.slf4j.Slf4j;
  *   <li>{@link CreateNewErnpEntryTask} if no results from search with residency data in registers</li>
  *   <li>{@link CreateIdentityLinkTask} if one exact match between initial register search (with MDS) and results
  *   from search with residency data in registers exists</li>
+ *   <li>{@link GenerateOtherLoginMethodGuiTask} if a user input error has happened</li>
  * </ul>
  *
  * @author amarsalek
@@ -110,20 +113,14 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
 
     }
 
-    //TODO: Here, we need an error handling an can not stop full process if form input was invalid
-    //TODO: check minimum form elements
-    /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature.
-     *      Binding element can be add as attribute to this request
-     */
     if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) {
       // HTML form should ensure that mandatory fields are set => this should never happen
-      throw new TaskExecutionException(pendingReq, "Invalid user input",
-          new InvalidUserInputException("module.eidasauth.matching.06"));
+      executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+      executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+      return;
 
     }
 
-
-
     try {
       SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
       RegisterStatusResults initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 03cf5858..4655d7ab 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -23,6 +23,8 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK;
 import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING;
 
 import java.io.IOException;
@@ -49,7 +51,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
@@ -98,6 +99,7 @@ import lombok.extern.slf4j.Slf4j;
  *     <li>{@link GenerateAustrianResidenceGuiTask} if no results in registers were found</li>
  *     <li>{@link CreateIdentityLinkTask} if one exact match between initial register search (with MDS) data and
  *     register search with MPS data exists</li>
+ *     <li>{@link GenerateOtherLoginMethodGuiTask} if a user input error has happened</li>
  * </ul>
  *
  * @author tlenz
@@ -169,8 +171,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
 
       // check if MDS from ID Austria authentication matchs to eIDAS authentication
       if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
-        // user has cheated!?
-        throw new InvalidUserInputException("module.eidasauth.matching.05");
+        executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+        executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+        return;
 
       }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index 812e534c..f4419c1c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -23,21 +23,17 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
-import java.util.Enumeration;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.stereotype.Component;
-
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Enumeration;
 
 /**
  * Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}.
@@ -52,6 +48,7 @@ import lombok.extern.slf4j.Slf4j;
  *     <li>{@link GenerateMobilePhoneSignatureRequestTask} if selected by user</li>
  *     <li>{@link GenerateAustrianResidenceGuiTask} if selected by user</li>
  *     <li>{@link GenerateAuthnRequestTask} if selected by user</li>
+ *     <li>{@link GenerateOtherLoginMethodGuiTask} if a user input error has happened</li>
  * </ul>
  *
  * @author amarsalek
@@ -63,41 +60,32 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
 
   @Override
   public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
-      HttpServletResponse response) throws TaskExecutionException {
+                                HttpServletResponse response) {
     try {
       SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request));
       executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection);
       executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED);
       transitionToNextTask(executionContext, selection);
 
-    } catch (final IllegalArgumentException e) {
-      log.error("Parsing selected login method FAILED.", e);
-      throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.",
-          new InvalidUserInputException("module.eidasauth.matching.98"));
-
     } catch (final Exception e) {
       log.error("Parsing selected login method FAILED.", e);
-      throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);
-
+      executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+      executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
     }
   }
 
-  private String extractUserSelection(HttpServletRequest request) throws InvalidUserInputException {
+  private String extractUserSelection(HttpServletRequest request) {
     Enumeration<String> paramNames = request.getParameterNames();
     while (paramNames.hasMoreElements()) {
       String paramName = paramNames.nextElement();
       if (Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) {
         return StringEscapeUtils.escapeHtml(request.getParameter(paramName));
-
       }
     }
-
-    throw new InvalidUserInputException("module.eidasauth.matching.98");
-
+    return null;
   }
 
-  private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection)
-      throws InvalidUserInputException {
+  private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) {
     switch (selection) {
       case EIDAS_LOGIN:
         executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
@@ -116,8 +104,9 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
         return;
 
       default:
-        throw new InvalidUserInputException("module.eidasauth.matching.98");
-
+        executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+        executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+        return;
     }
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index cfb48d57..f47d0f30 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -19,9 +19,5 @@ module.eidasauth.matching.01=Matching failed, because of an ZMR communication er
 module.eidasauth.matching.02=Matching failed, because ZMR response contains historic information which is not supported.
 module.eidasauth.matching.03=Matching failed in workflow step: {0} with error: {1}
 module.eidasauth.matching.04=An error occurred while loading your data from official registers. Please contact the support.  
-module.eidasauth.matching.05=Matching failed, because result from alternative authentication-method does not match to eIDAS authentication  
-module.eidasauth.matching.06=Matching failed, because GUI form for matching by residence was invalid filled  
-  
-  
-module.eidasauth.matching.98=Matching failed, because of an invalid or unknown request parameter.  
+
 module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0}
 \ No newline at end of file
author	Christian Kollmann <christian.kollmann@a-sit.at>	2021-11-30 16:15:56 +0100
committer	Christian Kollmann <christian.kollmann@a-sit.at>	2021-12-01 09:30:06 +0100
commit	6d1b4d942fdf1c6bcfd673149026cc0d2391064b (patch)
tree	1892c3a94177ae7bfedf801b9537e57a25c2d882 /eidas_modules/authmodule-eIDAS-v2/src/main
parent	17e4921691dd51705e110d0ec5a8635699c510b8 (diff)
download	National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.tar.gz National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.tar.bz2 National_eIDAS_Gateway-6d1b4d942fdf1c6bcfd673149026cc0d2391064b.zip