aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas <>2022-12-01 13:12:23 +0100
committerThomas <>2022-12-01 13:12:23 +0100
commit458c6f039654ba6ed3608f1523ba45f04f79bcd2 (patch)
treec18102383ec141e77f6a0963d60397fe52939b63 /modules/authmodule-eIDAS-v2
parent1923066ca9db0eacb8c1776b657705ef9b173448 (diff)
downloadNational_eIDAS_Gateway-458c6f039654ba6ed3608f1523ba45f04f79bcd2.tar.gz
National_eIDAS_Gateway-458c6f039654ba6ed3608f1523ba45f04f79bcd2.tar.bz2
National_eIDAS_Gateway-458c6f039654ba6ed3608f1523ba45f04f79bcd2.zip
feat(matching): disable UX option to create a new ERnP entry if it was prohibited by matching-process
Diffstat (limited to 'modules/authmodule-eIDAS-v2')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java4
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java13
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java8
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java61
-rw-r--r--modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java25
5 files changed, 98 insertions, 13 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index a9125849..5468cd56 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -334,7 +334,9 @@ public class Constants {
// UI options
public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
- public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
+ public static final String HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION = "createNewErnpEntryScreen";
+ public static final String HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY = "disallowNewErnpEntry";
+
public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON =
HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason";
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index 9d4f7152..e67805d6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -92,13 +92,20 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH,
String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
- // inject request to create a new ERnP entry
+ // inject flag to show screen for last manual matching step
config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
- Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY,
+ Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION,
String.valueOf(
MatchingTaskUtils.getExecutionContextFlag(
executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK)));
-
+
+ // inject flag to disallow new ERnP entry in case of
+ config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+ Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY,
+ String.valueOf(!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+ .getOperationStatus().isAllowErnpEntryByUser()));
+
+
// reset executionContext parameters
ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach(
el -> executionContext.remove(el));
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index fb4e6e7b..0afe0ff6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -146,6 +146,14 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
return;
case ADD_ME_AS_NEW:
+ if (!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+ .getOperationStatus().isAllowErnpEntryByUser()) {
+ log.error("Create new ERnP entry by user was requested but it's not allowed!");
+ throw new TaskExecutionException(pendingReq,
+ "Create new ERnP entry by user was requested but it's not allowed!",
+ new EaafException("module.eidasauth.matching.98"));
+
+ }
log.info("User selects insert-into-ERnP option. Starting ERnP operation and complete prozess ... ");
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_BY_USER_TASK, true);
executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false);
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
index 6d08a731..037c76a1 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
@@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue;
import java.io.UnsupportedEncodingException;
import java.text.MessageFormat;
+import java.util.Collections;
import java.util.Locale;
import org.apache.commons.lang3.RandomStringUtils;
@@ -32,9 +33,12 @@ import com.fasterxml.jackson.databind.json.JsonMapper;
import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -76,6 +80,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
* jUnit test set-up.
*/
@Before
+ @SneakyThrows
public void initialize() {
httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
httpResp = new MockHttpServletResponse();
@@ -91,6 +96,10 @@ public class GenerateOtherLoginMethodGuiTaskTest {
config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
+ MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq,
+ new RegisterStatusResults(new RegisterOperationStatus(null, true),
+ Collections.emptyList(), Collections.emptyList()));
+
LocaleContextHolder.resetLocaleContext();
}
@@ -125,11 +134,44 @@ public class GenerateOtherLoginMethodGuiTaskTest {
@Test
@SneakyThrows
- public void jsonResponseInsertErnp() throws TaskExecutionException, UnsupportedEncodingException {
- String reason = RandomStringUtils.randomAlphabetic(5);
+ public void jsonResponseInsertErnpScreen() throws TaskExecutionException, UnsupportedEncodingException {
+ executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
+ httpReq.addHeader("Accept", "application/json");
+
+ task.execute(pendingReq, executionContext);
+
+ //result validation
+ Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+ Assert.assertEquals("http ContentType", "application/json;charset=UTF-8", httpResp.getContentType());
+ final String content = httpResp.getContentAsString();
+ assertNotNull("response body is null", content);
+ Assert.assertFalse("response body is empty", content.isEmpty());
+ final JsonNode json = new JsonMapper().readTree(content);
+ assertNotNull("response body is null", json);
+ assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));
+ assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+ assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
+
+ assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+ assertFalse("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
+
+ assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
+
+ assertNotNull("pendingRequest not stored",
+ storage.getPendingRequest(pendingReq.getPendingRequestId()));
+
+ }
+
+ @Test
+ @SneakyThrows
+ public void jsonResponseInsertErnpScreenButNotAllowed() throws TaskExecutionException, UnsupportedEncodingException {
executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
httpReq.addHeader("Accept", "application/json");
+ MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq,
+ new RegisterStatusResults(new RegisterOperationStatus(null, false),
+ Collections.emptyList(), Collections.emptyList()));
+
task.execute(pendingReq, executionContext);
//result validation
@@ -141,8 +183,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
final JsonNode json = new JsonMapper().readTree(content);
assertNotNull("response body is null", json);
assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));
- assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
- assertTrue("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+ assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+ assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
+
+ assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+ assertTrue("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
@@ -175,11 +220,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
assertEquals("advancedMatchingFailedReason", reason,
json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON).asText());
- assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
- assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+ assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+ assertFalse("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
- assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
- assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+ assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+ assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
assertNotNull("pendingRequest not stored",
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
index dfd355de..db4f4fcb 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
@@ -29,7 +29,10 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
@@ -75,6 +78,7 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
* jUnit test set-up.
*/
@Before
+ @SneakyThrows
public void initialize() {
httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
httpResp = new MockHttpServletResponse();
@@ -89,6 +93,10 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
pendingReq.setSpConfig(spConfig);
config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
+ MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq,
+ new RegisterStatusResults(new RegisterOperationStatus(null, true),
+ Collections.emptyList(), Collections.emptyList()));
+
LocaleContextHolder.resetLocaleContext();
}
@@ -166,7 +174,22 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
}
-
+
+ @Test
+ @SneakyThrows
+ public void withAddMeAsNewSelectionButNotAllowed() throws TaskExecutionException {
+ MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq,
+ new RegisterStatusResults(new RegisterOperationStatus(null, false),
+ Collections.emptyList(), Collections.emptyList()));
+ httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, SelectedLoginMethod.ADD_ME_AS_NEW.name());
+
+ TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+ assertEquals("wrong errorCode", "module.eidasauth.matching.98",
+ ((EaafException) error.getOriginalException()).getErrorId());
+
+ }
+
@Test
public void withRequestingNewEntrySelection() throws TaskExecutionException {
testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK);