diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2')
8 files changed, 87 insertions, 13 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 588ea912..9bb7055b 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -128,7 +128,10 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_COMMON_CLIENT + ".ssl.trustStore.name"; - + /** Enable / Disable matching based on address search **/ + public static final String CONFIG_PROP_MATCHING_BY_ADDRESS = CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.enable"; + + // ZMR Client configuration properties public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT @@ -343,6 +346,7 @@ public class Constants { // UI options + public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch"; public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry"; public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed"; public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java index 70904e4f..993c0924 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java @@ -1,5 +1,5 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; public enum SelectedLoginMethod { - EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW + EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW, REQUESTING_NEW_ENTRY } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index a90c5929..94b29b8e 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -87,6 +87,11 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa } } + // inject flag for matching-by-address allowed + config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, + Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, + String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS))); + // inject request to create a new ERnP entry config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 184ad499..3fc29c4e 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -37,6 +37,8 @@ import com.google.common.collect.Sets; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; import lombok.extern.slf4j.Slf4j; @@ -73,7 +75,7 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe @Override public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response) throws TaskExecutionException { try { SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, false); @@ -82,6 +84,9 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON); transitionToNextTask(executionContext, selection); + } catch (TaskExecutionException e) { + throw e; + } catch (final Exception e) { log.error("Parsing selected login method FAILED.", e); executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); @@ -100,7 +105,8 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe return null; } - private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) { + private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) + throws TaskExecutionException { switch (selection) { case EIDAS_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); @@ -111,9 +117,22 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe return; case NO_OTHER_LOGIN: + if (!authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)) { + log.error("Matching by address was requested but it's disabled by configuration!"); + throw new TaskExecutionException(pendingReq, + "Matching by address was requested but it's disabled by configuration!", + new EaafException("module.eidasauth.matching.98")); + + } + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; + + case REQUESTING_NEW_ENTRY: + executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true); + return; + case ADD_ME_AS_NEW: executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); return; diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index dfa8622c..e57f9ca6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -45,6 +45,8 @@ from="receiveOtherLoginMethodGuiResponseTask" to="generateMobilePhoneSignatureRequestTask" /> <pd:Transition conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']" from="receiveOtherLoginMethodGuiResponseTask" to="generateAustrianResidenceGuiTask" /> + <pd:Transition conditionExpression="ctx['TASK_RequestingNewErnpEntryTask']" + from="receiveOtherLoginMethodGuiResponseTask" to="generateOtherLoginMethodGuiTask" /> <pd:Transition conditionExpression="ctx['TASK_CreateNewErnpEntryTask']" from="receiveOtherLoginMethodGuiResponseTask" to="createNewErnpEntryTask" /> diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties index 6d73c43a..dafa7ce3 100644 --- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties +++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties @@ -30,5 +30,6 @@ module.eidasauth.matching.24=Matching be using Austrian Identity not possible. U module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data or use another method for matching. module.eidasauth.matching.26=Matching be using alternative eIDAS authentication not possible, because Name or Country not matched. Provide more or other data or use another method for matching. +module.eidasauth.matching.98=Matching failed, because a method was selected that was not allowed. module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0} diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java index 496158fa..6d08a731 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java @@ -29,6 +29,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.json.JsonMapper; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask; @@ -53,6 +54,8 @@ public class GenerateOtherLoginMethodGuiTaskTest { private static final String TEST_PATTER_REQ_PARAM = "<input type=\"hidden\" name=\"loginSelection\" value=\"{0}\">"; + @Autowired MsConnectorDummyConfigMap config; + @Autowired GenerateOtherLoginMethodGuiTask task; @@ -86,6 +89,9 @@ public class GenerateOtherLoginMethodGuiTaskTest { executionContext = new ExecutionContextImpl(); + config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false"); + + LocaleContextHolder.resetLocaleContext(); } @@ -172,6 +178,10 @@ public class GenerateOtherLoginMethodGuiTaskTest { assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY)); assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean()); + assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY)); + assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean()); + + assertNotNull("pendingRequest not stored", storage.getPendingRequest(pendingReq.getPendingRequestId())); @@ -199,10 +209,11 @@ public class GenerateOtherLoginMethodGuiTaskTest { @Test public void advancedMatchingFailedMsg() throws TaskExecutionException, UnsupportedEncodingException { executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); - + config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "true"); + task.execute(pendingReq, executionContext); - String html = doBasicValidation(); + String html = doBasicValidation(true); Assert.assertFalse("Missing eIDAS infos", html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.ADD_ME_AS_NEW))); Assert.assertTrue("missing errorfield", @@ -218,7 +229,7 @@ public class GenerateOtherLoginMethodGuiTaskTest { task.execute(pendingReq, executionContext); - String html = doBasicValidation(); + String html = doBasicValidation(false); Assert.assertTrue("missing errorfield", html.contains("<div id=\"matchingError\"")); Assert.assertTrue("missing errorfield", @@ -231,7 +242,7 @@ public class GenerateOtherLoginMethodGuiTaskTest { task.execute(pendingReq, executionContext); - doBasicValidation(); + doBasicValidation(false); } @@ -242,7 +253,7 @@ public class GenerateOtherLoginMethodGuiTaskTest { task.execute(pendingReq, executionContext); - doBasicValidation(); + doBasicValidation(false); } @@ -252,7 +263,7 @@ public class GenerateOtherLoginMethodGuiTaskTest { task.execute(pendingReq, executionContext); - doBasicValidation(); + doBasicValidation(false); } @@ -263,11 +274,11 @@ public class GenerateOtherLoginMethodGuiTaskTest { task.execute(pendingReq, executionContext); - doBasicValidation(); + doBasicValidation(false); } - private String doBasicValidation() throws UnsupportedEncodingException { + private String doBasicValidation(boolean addressSearchAllowed) throws UnsupportedEncodingException { Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus()); Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); @@ -278,7 +289,8 @@ public class GenerateOtherLoginMethodGuiTaskTest { Assert.assertTrue("Missing IDA Login", html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN))); Assert.assertTrue("Missing residence infos", - html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.NO_OTHER_LOGIN))); + html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, + addressSearchAllowed ? SelectedLoginMethod.NO_OTHER_LOGIN : SelectedLoginMethod.REQUESTING_NEW_ENTRY))); Assert.assertTrue("Missing eIDAS infos", html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.EIDAS_LOGIN))); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java index 750a17ce..af7bf0bf 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java @@ -4,6 +4,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Before; @@ -21,9 +22,11 @@ import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask; +import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @@ -37,6 +40,8 @@ import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; @WebAppConfiguration public class ReceiveOtherLoginMethodGuiResponseTaskTest { + @Autowired MsConnectorDummyConfigMap config; + @Autowired private ReceiveOtherLoginMethodGuiResponseTask task; @@ -68,6 +73,8 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { pendingReq.setAuthUrl("https://localhost/ms_connector"); pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false"); + LocaleContextHolder.resetLocaleContext(); } @@ -87,18 +94,40 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { @Test public void withNoOtherLoginSelection() throws TaskExecutionException { + config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "true"); + testTransition(SelectedLoginMethod.NO_OTHER_LOGIN, Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK); assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); } @Test + public void withNoOtherLoginSelectionDisabled() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, SelectedLoginMethod.NO_OTHER_LOGIN.name()); + + TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.98", + ((EaafException) error.getOriginalException()).getErrorId()); + + } + + @Test public void withAddMeAsNewSelection() throws TaskExecutionException { testTransition(SelectedLoginMethod.ADD_ME_AS_NEW, Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); } + @Test + public void withRequestingNewEntrySelection() throws TaskExecutionException { + testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK); + assertEquals("return to selection", true, executionContext.get(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK)); + assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + + } + public void testTransition(SelectedLoginMethod loginMethod, String expectedTransition) throws TaskExecutionException { httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, loginMethod.name()); executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); @@ -109,6 +138,8 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled()); assertNotNull("no login-selection found", executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); assertEquals("Wrong login-selection found", loginMethod.name(), executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); + + assertEquals("Next task", true, executionContext.get(expectedTransition)); assertNull("find advancedMatchingError flag", executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); |