feat(matching): disable UX option to create a new ERnP entry if it was prohibited by matching-process

5 files changed, 98 insertions, 13 deletions

diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index a9125849..5468cd56 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -334,7 +334,9 @@ public class Constants {
 
   // UI options
   public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
-  public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
+  public static final String HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION = "createNewErnpEntryScreen";
+  public static final String HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY = "disallowNewErnpEntry";
+  
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = 
       HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason";
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index 9d4f7152..e67805d6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -92,13 +92,20 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
           Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, 
           String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
                         
-      // inject request to create a new ERnP entry
+      // inject flag to show screen for last manual matching step
       config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
-          Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, 
+          Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION, 
           String.valueOf(
               MatchingTaskUtils.getExecutionContextFlag(
                   executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK)));
-                        
+                          
+      // inject flag to disallow new ERnP entry in case of 
+      config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+          Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY, 
+          String.valueOf(!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+              .getOperationStatus().isAllowErnpEntryByUser()));
+      
+      
       // reset executionContext parameters
       ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach(
           el -> executionContext.remove(el));
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index fb4e6e7b..0afe0ff6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -146,6 +146,14 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
         return;        
         
       case ADD_ME_AS_NEW:
+        if (!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+            .getOperationStatus().isAllowErnpEntryByUser()) {
+          log.error("Create new ERnP entry by user was requested but it's not allowed!");
+          throw new TaskExecutionException(pendingReq, 
+              "Create new ERnP entry by user was requested but it's not allowed!", 
+              new EaafException("module.eidasauth.matching.98"));
+          
+        }
         log.info("User selects insert-into-ERnP option. Starting ERnP operation and complete prozess ... ");
         executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_BY_USER_TASK, true);
         executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false);
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
index 6d08a731..037c76a1 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
@@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue;
 
 import java.io.UnsupportedEncodingException;
 import java.text.MessageFormat;
+import java.util.Collections;
 import java.util.Locale;
 
 import org.apache.commons.lang3.RandomStringUtils;
@@ -32,9 +33,12 @@ import com.fasterxml.jackson.databind.json.JsonMapper;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -76,6 +80,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
    * jUnit test set-up.
    */
   @Before
+  @SneakyThrows
   public void initialize() {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
@@ -91,6 +96,10 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     
     config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
     
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, true), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     
     LocaleContextHolder.resetLocaleContext();
   }
@@ -125,11 +134,44 @@ public class GenerateOtherLoginMethodGuiTaskTest {
   
   @Test
   @SneakyThrows
-  public void jsonResponseInsertErnp() throws TaskExecutionException, UnsupportedEncodingException {
-    String reason = RandomStringUtils.randomAlphabetic(5);
+  public void jsonResponseInsertErnpScreen() throws TaskExecutionException, UnsupportedEncodingException {
+    executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
+    httpReq.addHeader("Accept", "application/json");
+
+    task.execute(pendingReq, executionContext);
+
+    //result validation
+    Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+    Assert.assertEquals("http ContentType", "application/json;charset=UTF-8", httpResp.getContentType());
+    final String content = httpResp.getContentAsString();
+    assertNotNull("response body is null", content);
+    Assert.assertFalse("response body is empty", content.isEmpty());
+    final JsonNode json = new JsonMapper().readTree(content);
+    assertNotNull("response body is null", json);
+    assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));     
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());        
+    
+    assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+    assertFalse("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
+        
+    assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
+    
+    assertNotNull("pendingRequest not stored", 
+        storage.getPendingRequest(pendingReq.getPendingRequestId()));
+    
+  }
+  
+  @Test
+  @SneakyThrows
+  public void jsonResponseInsertErnpScreenButNotAllowed() throws TaskExecutionException, UnsupportedEncodingException {
     executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
     httpReq.addHeader("Accept", "application/json");
 
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, false), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     task.execute(pendingReq, executionContext);
 
     //result validation
@@ -141,8 +183,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     final JsonNode json = new JsonMapper().readTree(content);
     assertNotNull("response body is null", json);
     assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));     
-    assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertTrue("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());        
+    
+    assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+    assertTrue("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
         
     assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
     
@@ -175,11 +220,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     assertEquals("advancedMatchingFailedReason", reason, 
         json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON).asText());
     
-    assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertFalse("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
     
-    assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
     
     
     assertNotNull("pendingRequest not stored", 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
index dfd355de..db4f4fcb 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
@@ -29,7 +29,10 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
@@ -75,6 +78,7 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
    * jUnit test set-up.
    */
   @Before
+  @SneakyThrows
   public void initialize() {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
@@ -89,6 +93,10 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     pendingReq.setSpConfig(spConfig);    
     config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
     
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, true), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     LocaleContextHolder.resetLocaleContext();
   }
 
@@ -166,7 +174,22 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     
     
   }
-        
+   
+  @Test
+  @SneakyThrows
+  public void withAddMeAsNewSelectionButNotAllowed() throws TaskExecutionException {
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, false), 
+            Collections.emptyList(), Collections.emptyList()));    
+    httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER,  SelectedLoginMethod.ADD_ME_AS_NEW.name());
+    
+    TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+    assertEquals("wrong errorCode", "module.eidasauth.matching.98",  
+        ((EaafException) error.getOriginalException()).getErrorId());
+       
+  }
+  
   @Test
   public void withRequestingNewEntrySelection() throws TaskExecutionException {
     testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK);