feat(matching): add configuration property to disable 'matching-by-address-search'

8 files changed, 87 insertions, 13 deletions

diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 588ea912..9bb7055b 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -128,7 +128,10 @@ public class Constants {
   public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_COMMON_CLIENT
       + ".ssl.trustStore.name";
   
-    
+  /** Enable / Disable matching based on address search **/
+  public static final String CONFIG_PROP_MATCHING_BY_ADDRESS = CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.enable";
+ 
+  
   // ZMR Client configuration properties
   public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient";
   public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT
@@ -343,6 +346,7 @@ public class Constants {
 
 
   // UI options
+  public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
   public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = 
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
index 70904e4f..993c0924 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
@@ -1,5 +1,5 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
 
 public enum SelectedLoginMethod {
-  EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW
+  EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW, REQUESTING_NEW_ENTRY
 }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index a90c5929..94b29b8e 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -87,6 +87,11 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
         }       
       }
       
+      // inject flag for matching-by-address allowed 
+      config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+          Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, 
+          String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
+                        
       // inject request to create a new ERnP entry
       config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
           Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, 
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index 184ad499..3fc29c4e 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -37,6 +37,8 @@ import com.google.common.collect.Sets;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
 import lombok.extern.slf4j.Slf4j;
 
@@ -73,7 +75,7 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
   
   @Override
   public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
-                                HttpServletResponse response) {
+      HttpServletResponse response) throws TaskExecutionException {
     try {
       SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request));
       executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, false);
@@ -82,6 +84,9 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
       executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON);      
       transitionToNextTask(executionContext, selection);
 
+    } catch (TaskExecutionException e) {
+      throw e;
+      
     } catch (final Exception e) {
       log.error("Parsing selected login method FAILED.", e);
       executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
@@ -100,7 +105,8 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
     return null;
   }
 
-  private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) {
+  private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) 
+      throws TaskExecutionException {
     switch (selection) {
       case EIDAS_LOGIN:
         executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
@@ -111,9 +117,22 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
         return;
 
       case NO_OTHER_LOGIN:
+        if (!authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)) {
+          log.error("Matching by address was requested but it's disabled by configuration!");
+          throw new TaskExecutionException(pendingReq, 
+              "Matching by address was requested but it's disabled by configuration!", 
+              new EaafException("module.eidasauth.matching.98"));
+          
+        }
+        
         executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
         return;
 
+        
+      case REQUESTING_NEW_ENTRY:
+        executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
+        return;        
+        
       case ADD_ME_AS_NEW:
         executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
         return;
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index dfa8622c..e57f9ca6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -45,6 +45,8 @@
                   from="receiveOtherLoginMethodGuiResponseTask"     to="generateMobilePhoneSignatureRequestTask" />
   <pd:Transition  conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']"
                   from="receiveOtherLoginMethodGuiResponseTask"     to="generateAustrianResidenceGuiTask" />
+  <pd:Transition  conditionExpression="ctx['TASK_RequestingNewErnpEntryTask']"
+                  from="receiveOtherLoginMethodGuiResponseTask"     to="generateOtherLoginMethodGuiTask" />
   <pd:Transition  conditionExpression="ctx['TASK_CreateNewErnpEntryTask']"
                   from="receiveOtherLoginMethodGuiResponseTask"     to="createNewErnpEntryTask" />
 
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index 6d73c43a..dafa7ce3 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -30,5 +30,6 @@ module.eidasauth.matching.24=Matching be using Austrian Identity not possible. U
 module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data or use another method for matching.
 module.eidasauth.matching.26=Matching be using alternative eIDAS authentication not possible, because Name or Country not matched. Provide more or other data or use another method for matching.
 
+module.eidasauth.matching.98=Matching failed, because a method was selected that was not allowed.
 module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0}
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
index 496158fa..6d08a731 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
@@ -29,6 +29,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.json.JsonMapper;
 
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask;
@@ -53,6 +54,8 @@ public class GenerateOtherLoginMethodGuiTaskTest {
   private static final String TEST_PATTER_REQ_PARAM =
       "<input type=\"hidden\" name=\"loginSelection\" value=\"{0}\">";
 
+  @Autowired MsConnectorDummyConfigMap config;
+  
   @Autowired
   GenerateOtherLoginMethodGuiTask task;
   
@@ -86,6 +89,9 @@ public class GenerateOtherLoginMethodGuiTaskTest {
 
     executionContext = new ExecutionContextImpl();
     
+    config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
+    
+    
     LocaleContextHolder.resetLocaleContext();
   }
 
@@ -172,6 +178,10 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
     assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
     
+    assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
+    assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    
+    
     assertNotNull("pendingRequest not stored", 
         storage.getPendingRequest(pendingReq.getPendingRequestId()));
     
@@ -199,10 +209,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
   @Test
   public void advancedMatchingFailedMsg() throws TaskExecutionException, UnsupportedEncodingException {
     executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
-
+    config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "true");
+    
     task.execute(pendingReq, executionContext);
         
-    String html = doBasicValidation();
+    String html = doBasicValidation(true);
     Assert.assertFalse("Missing eIDAS infos",
         html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.ADD_ME_AS_NEW)));
     Assert.assertTrue("missing errorfield",
@@ -218,7 +229,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     
     task.execute(pendingReq, executionContext);
 
-    String html = doBasicValidation();
+    String html = doBasicValidation(false);
     Assert.assertTrue("missing errorfield",
         html.contains("<div id=\"matchingError\""));
     Assert.assertTrue("missing errorfield",
@@ -231,7 +242,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
 
     task.execute(pendingReq, executionContext);
 
-    doBasicValidation();
+    doBasicValidation(false);
 
   }
 
@@ -242,7 +253,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
 
     task.execute(pendingReq, executionContext);
 
-    doBasicValidation();
+    doBasicValidation(false);
 
   }
 
@@ -252,7 +263,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
 
     task.execute(pendingReq, executionContext);
 
-    doBasicValidation();
+    doBasicValidation(false);
 
   }
 
@@ -263,11 +274,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
 
     task.execute(pendingReq, executionContext);
 
-    doBasicValidation();
+    doBasicValidation(false);
 
   }
 
-  private String doBasicValidation() throws UnsupportedEncodingException {
+  private String doBasicValidation(boolean addressSearchAllowed) throws UnsupportedEncodingException {
     Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus());
     Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
 
@@ -278,7 +289,8 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     Assert.assertTrue("Missing IDA Login",
         html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN)));
     Assert.assertTrue("Missing residence infos",
-        html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.NO_OTHER_LOGIN)));
+        html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, 
+            addressSearchAllowed ? SelectedLoginMethod.NO_OTHER_LOGIN : SelectedLoginMethod.REQUESTING_NEW_ENTRY)));
     Assert.assertTrue("Missing eIDAS infos",
         html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.EIDAS_LOGIN)));
         
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
index 750a17ce..af7bf0bf 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
@@ -4,6 +4,7 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Before;
@@ -21,9 +22,11 @@ import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
@@ -37,6 +40,8 @@ import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 @WebAppConfiguration
 public class ReceiveOtherLoginMethodGuiResponseTaskTest {
 
+  @Autowired MsConnectorDummyConfigMap config;
+  
   @Autowired
   private ReceiveOtherLoginMethodGuiResponseTask task;
 
@@ -68,6 +73,8 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     pendingReq.setAuthUrl("https://localhost/ms_connector");
     pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
 
+    config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
+    
     LocaleContextHolder.resetLocaleContext();
   }
 
@@ -87,18 +94,40 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
 
   @Test
   public void withNoOtherLoginSelection() throws TaskExecutionException {
+    config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "true");
+    
     testTransition(SelectedLoginMethod.NO_OTHER_LOGIN, Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK);
     assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK));
     
   }
 
   @Test
+  public void withNoOtherLoginSelectionDisabled() throws TaskExecutionException {    
+    httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER,  SelectedLoginMethod.NO_OTHER_LOGIN.name());
+    
+    TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+    
+    assertEquals("wrong errorCode", "module.eidasauth.matching.98",  
+        ((EaafException) error.getOriginalException()).getErrorId());
+    
+  }
+  
+  @Test
   public void withAddMeAsNewSelection() throws TaskExecutionException {
     testTransition(SelectedLoginMethod.ADD_ME_AS_NEW, Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK);
     assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK));
     
   }
 
+  @Test
+  public void withRequestingNewEntrySelection() throws TaskExecutionException {
+    testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK);
+    assertEquals("return to selection", true, executionContext.get(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK));
+    assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK));
+    
+  }
+  
   public void testTransition(SelectedLoginMethod loginMethod, String expectedTransition) throws TaskExecutionException {
     httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, loginMethod.name());
     executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
@@ -109,6 +138,8 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
     assertNotNull("no login-selection found", executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER));
     assertEquals("Wrong login-selection found", loginMethod.name(), executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER));
+    
+    
     assertEquals("Next task", true, executionContext.get(expectedTransition));
     assertNull("find advancedMatchingError flag", executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED));