From 458c6f039654ba6ed3608f1523ba45f04f79bcd2 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 1 Dec 2022 13:12:23 +0100
Subject: feat(matching): disable UX option to create a new ERnP entry if it
 was prohibited by matching-process

---
 .../ms-connector/properties/messages.properties    |  4 ++
 .../ms-connector/properties/messages_de.properties |  6 +++
 .../ms-connector/templates/other_login_method.html | 59 +++++++++++++--------
 .../specific/modules/auth/eidas/v2/Constants.java  |  4 +-
 .../v2/tasks/GenerateOtherLoginMethodGuiTask.java  | 13 +++--
 .../ReceiveOtherLoginMethodGuiResponseTask.java    |  8 +++
 .../tasks/GenerateOtherLoginMethodGuiTaskTest.java | 61 +++++++++++++++++++---
 ...ReceiveOtherLoginMethodGuiResponseTaskTest.java | 25 ++++++++-
 8 files changed, 146 insertions(+), 34 deletions(-)

diff --git a/basicConfig/ms-connector/properties/messages.properties b/basicConfig/ms-connector/properties/messages.properties
index 55a27ab6..f6005ac6 100644
--- a/basicConfig/ms-connector/properties/messages.properties
+++ b/basicConfig/ms-connector/properties/messages.properties
@@ -170,6 +170,10 @@ gui.otherlogin.inserternp.second=Allow the registration of your personal data in
 gui.otherlogin.inserternp.third.prefix=Attention: If you think you already have an entry in the registers of the Austrian administration, it is recommended not to allow your data to be entered again at this point in order to avoid double entries. In this case, please contact 
 gui.otherlogin.inserternp.third.postfix=, to arrange a manual assignment of your personal data.
 
+gui.otherlogin.inserternp.disabled.header.selection=eIDAS-Login not possible
+gui.otherlogin.inserternp.disabled.prefix=If you have additional information that could enable an assignment, please log-in again and then use one of the preceding assignment options. If you do not have any further information, please contact 
+gui.otherlogin.inserternp.disabled.postfix=, to arrange a manual assignment of your personal data
+
 
 module.eidasauth.matching.00=Matching failed, because find more than one ZMR entries with one eIDAS personal-identifier
 module.eidasauth.matching.01=Matching failed, because of an ZMR communication error. Reason: {0}
diff --git a/basicConfig/ms-connector/properties/messages_de.properties b/basicConfig/ms-connector/properties/messages_de.properties
index cd6c85fd..8fde9fdd 100644
--- a/basicConfig/ms-connector/properties/messages_de.properties
+++ b/basicConfig/ms-connector/properties/messages_de.properties
@@ -123,6 +123,12 @@ gui.otherlogin.inserternp.second=Erlauben Sie die Neueintragung ihrer Personenda
 gui.otherlogin.inserternp.third.prefix=Achtung: Wenn Sie der Meinung sind, in den Registern der österreichischen Verwaltung bereits einen Eintrag zu haben, wird empfohlen, an dieser Stelle keine Neueintragung Ihrer Daten zu erlauben, um doppelte Einträge zu verhindern. Kontaktieren Sie in diesem Fall bitte 
 gui.otherlogin.inserternp.third.postfix=, um eine manuelle Zuordnung der Daten zu veranlassen.
 
+gui.otherlogin.inserternp.disabled.header.selection=Anmeldung nicht möglich
+gui.otherlogin.inserternp.disabled.prefix=Falls Sie über Informationen verfügen welche doch eine Zuordnung ermöglichen könnten, melden Sie sich bitte erneut an und verwenden Sie anschließend eine der vorgelagerten Zuordnungsmöglichkeiten. Falls Sie über keine weiteren Informationen verfügen kontaktieren Sie bitte
+gui.otherlogin.inserternp.disabled.postfix=, um eine manuelle Zuordnung der Daten zu veranlassen.
+
+
+
 module.eidasauth.matching.04=Während der Kommunikation mit einem offiziellen Register ist ein Fehler aufgetreten. Bitte kontaktieren Sie den Support.
 module.eidasauth.matching.21=Das Matching auf Basis eine Wohnanschrift in Österreich schlug fehl. Es wurden nicht alle erforderlichen Parameter für eine Suche mittels Wohnanschrift eingegeben.
 module.eidasauth.matching.22=Das Matching auf Basis eine Wohnanschrift in Österreich schlug fehl. Matching auf Basis einer bestanden oder bestehenden Wohnanschrift konnte nicht durchgeführt werden.
diff --git a/basicConfig/ms-connector/templates/other_login_method.html b/basicConfig/ms-connector/templates/other_login_method.html
index 478d6da5..6b6d4aa9 100644
--- a/basicConfig/ms-connector/templates/other_login_method.html
+++ b/basicConfig/ms-connector/templates/other_login_method.html
@@ -49,28 +49,45 @@
         <h2 th:text="#{gui.countryselection.header3}"> Betrieben durch das Bundesministerium für Inneres </h2>
     </div>
 
-    <div th:if="${createNewErnpEntry != null} and ${createNewErnpEntry}">
-
-      <div class="mainDescription">
-        <h3 th:text="#{gui.otherlogin.inserternp.header.selection}"> Generate new ERnP entry</h3>
-
-        <p th:text="#{gui.otherlogin.inserternp.first}"> Insert ERnP first block </p>
-        <p th:text="#{gui.otherlogin.inserternp.second}"> Insert ERnP second block </p>
-        <p>
-          <span th:text="#{gui.otherlogin.inserternp.third.prefix}"> Insert ERnP third block / part 1 </span>
-          <span>&nbsp;<a href="mailto:helpdesk@bmi.gv.at"> helpdesk@bmi.gv.at </a></span>
-          <span th:text="#{gui.otherlogin.inserternp.third.postfix}"> Insert ERnP third block / part 3 </span>
-        </p>
+    <div th:if="${createNewErnpEntryScreen != null} and ${createNewErnpEntryScreen}">
+
+      <!-- Create new ERnP entry is disabled because we found an existing ERnP entry that was closed by government -->
+      <div th:if="${disallowNewErnpEntry != null} and ${disallowNewErnpEntry}">
+        <div class="mainDescription">
+          <h3 th:text="#{gui.otherlogin.inserternp.disabled.header.selection}"> Disallow new ERnP entry</h3>
+
+          <p th:text="#{gui.otherlogin.inserternp.first}"> Disallow new ERnP first block </p>
+          <p>
+            <span th:text="#{gui.otherlogin.inserternp.disabled.prefix}"> Disallow new  ERnP third block / part 1 </span>
+            <span>&nbsp;<a href="mailto:helpdesk@bmi.gv.at"> helpdesk@bmi.gv.at </a></span>
+            <span th:text="#{gui.otherlogin.inserternp.disabled.postfix}"> Disallow new  ERnP third block / part 3 </span>
+          </p>
+        </div>
       </div>
 
-      <div  id="insertErnp" class="block">
-        <form class="block,singleButton" method="post" action="$contextPath$submitEndpoint" th:attr="action=@{${submitEndpoint}}">
-            <button type="submit" role="button" value="Keine weitere HS / eIDAS"
-                  th:text="#{gui.otherlogin.button.inserternp}">
-            </button>
-            <input type="hidden" name="loginSelection" value="ADD_ME_AS_NEW">
-            <input type="hidden" name="pendingid" value="$pendingid" th:attr="value=${pendingid}"/>
-        </form>
+      <!-- Show button to allow new ERnP entry and give some infos about that option -->
+      <div th:unless="${disallowNewErnpEntry != null} and ${disallowNewErnpEntry}">
+        <div class="mainDescription">
+          <h3 th:text="#{gui.otherlogin.inserternp.header.selection}"> Generate new ERnP entry</h3>
+
+          <p th:text="#{gui.otherlogin.inserternp.first}"> Insert ERnP first block </p>
+          <p th:text="#{gui.otherlogin.inserternp.second}"> Insert ERnP second block </p>
+          <p>
+            <span th:text="#{gui.otherlogin.inserternp.third.prefix}"> Insert ERnP third block / part 1 </span>
+            <span>&nbsp;<a href="mailto:helpdesk@bmi.gv.at"> helpdesk@bmi.gv.at </a></span>
+            <span th:text="#{gui.otherlogin.inserternp.third.postfix}"> Insert ERnP third block / part 3 </span>
+          </p>
+        </div>
+
+        <div  id="insertErnp" class="block">
+          <form class="block,singleButton" method="post" action="$contextPath$submitEndpoint" th:attr="action=@{${submitEndpoint}}">
+              <button type="submit" role="button" value="Keine weitere HS / eIDAS"
+                    th:text="#{gui.otherlogin.button.inserternp}">
+              </button>
+              <input type="hidden" name="loginSelection" value="ADD_ME_AS_NEW">
+              <input type="hidden" name="pendingid" value="$pendingid" th:attr="value=${pendingid}"/>
+          </form>
+        </div>
       </div>
 
       <div  id="stopMatching" class="block">
@@ -84,7 +101,7 @@
 
     </div>
 
-    <div th:unless="${createNewErnpEntry!= null} and ${createNewErnpEntry}">
+    <div th:unless="${createNewErnpEntryScreen!= null} and ${createNewErnpEntryScreen}">
 
       <div class="mainDescription">
         <h3 th:text="#{gui.otherlogin.header.selection}"> No person data found</h3>
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index a9125849..5468cd56 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -334,7 +334,9 @@ public class Constants {
 
   // UI options
   public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
-  public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
+  public static final String HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION = "createNewErnpEntryScreen";
+  public static final String HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY = "disallowNewErnpEntry";
+  
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = 
       HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason";
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index 9d4f7152..e67805d6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -92,13 +92,20 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
           Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, 
           String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
                         
-      // inject request to create a new ERnP entry
+      // inject flag to show screen for last manual matching step
       config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
-          Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, 
+          Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION, 
           String.valueOf(
               MatchingTaskUtils.getExecutionContextFlag(
                   executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK)));
-                        
+                          
+      // inject flag to disallow new ERnP entry in case of 
+      config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+          Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY, 
+          String.valueOf(!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+              .getOperationStatus().isAllowErnpEntryByUser()));
+      
+      
       // reset executionContext parameters
       ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach(
           el -> executionContext.remove(el));
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index fb4e6e7b..0afe0ff6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -146,6 +146,14 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
         return;        
         
       case ADD_ME_AS_NEW:
+        if (!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+            .getOperationStatus().isAllowErnpEntryByUser()) {
+          log.error("Create new ERnP entry by user was requested but it's not allowed!");
+          throw new TaskExecutionException(pendingReq, 
+              "Create new ERnP entry by user was requested but it's not allowed!", 
+              new EaafException("module.eidasauth.matching.98"));
+          
+        }
         log.info("User selects insert-into-ERnP option. Starting ERnP operation and complete prozess ... ");
         executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_BY_USER_TASK, true);
         executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false);
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
index 6d08a731..037c76a1 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
@@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue;
 
 import java.io.UnsupportedEncodingException;
 import java.text.MessageFormat;
+import java.util.Collections;
 import java.util.Locale;
 
 import org.apache.commons.lang3.RandomStringUtils;
@@ -32,9 +33,12 @@ import com.fasterxml.jackson.databind.json.JsonMapper;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -76,6 +80,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
    * jUnit test set-up.
    */
   @Before
+  @SneakyThrows
   public void initialize() {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
@@ -91,6 +96,10 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     
     config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
     
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, true), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     
     LocaleContextHolder.resetLocaleContext();
   }
@@ -125,11 +134,44 @@ public class GenerateOtherLoginMethodGuiTaskTest {
   
   @Test
   @SneakyThrows
-  public void jsonResponseInsertErnp() throws TaskExecutionException, UnsupportedEncodingException {
-    String reason = RandomStringUtils.randomAlphabetic(5);
+  public void jsonResponseInsertErnpScreen() throws TaskExecutionException, UnsupportedEncodingException {
+    executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
+    httpReq.addHeader("Accept", "application/json");
+
+    task.execute(pendingReq, executionContext);
+
+    //result validation
+    Assert.assertEquals("httpStausCode", 200, httpResp.getStatus());
+    Assert.assertEquals("http ContentType", "application/json;charset=UTF-8", httpResp.getContentType());
+    final String content = httpResp.getContentAsString();
+    assertNotNull("response body is null", content);
+    Assert.assertFalse("response body is empty", content.isEmpty());
+    final JsonNode json = new JsonMapper().readTree(content);
+    assertNotNull("response body is null", json);
+    assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));     
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());        
+    
+    assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+    assertFalse("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
+        
+    assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
+    
+    assertNotNull("pendingRequest not stored", 
+        storage.getPendingRequest(pendingReq.getPendingRequestId()));
+    
+  }
+  
+  @Test
+  @SneakyThrows
+  public void jsonResponseInsertErnpScreenButNotAllowed() throws TaskExecutionException, UnsupportedEncodingException {
     executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
     httpReq.addHeader("Accept", "application/json");
 
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, false), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     task.execute(pendingReq, executionContext);
 
     //result validation
@@ -141,8 +183,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     final JsonNode json = new JsonMapper().readTree(content);
     assertNotNull("response body is null", json);
     assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED));     
-    assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertTrue("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());        
+    
+    assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY));
+    assertTrue("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean());
         
     assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON));
     
@@ -175,11 +220,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
     assertEquals("advancedMatchingFailedReason", reason, 
         json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON).asText());
     
-    assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertFalse("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
     
-    assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
-    assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+    assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION));
+    assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean());
     
     
     assertNotNull("pendingRequest not stored", 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
index dfd355de..db4f4fcb 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java
@@ -29,7 +29,10 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
@@ -75,6 +78,7 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
    * jUnit test set-up.
    */
   @Before
+  @SneakyThrows
   public void initialize() {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
@@ -89,6 +93,10 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     pendingReq.setSpConfig(spConfig);    
     config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
     
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, true), 
+            Collections.emptyList(), Collections.emptyList()));
+    
     LocaleContextHolder.resetLocaleContext();
   }
 
@@ -166,7 +174,22 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
     
     
   }
-        
+   
+  @Test
+  @SneakyThrows
+  public void withAddMeAsNewSelectionButNotAllowed() throws TaskExecutionException {
+    MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, 
+        new RegisterStatusResults(new RegisterOperationStatus(null, false), 
+            Collections.emptyList(), Collections.emptyList()));    
+    httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER,  SelectedLoginMethod.ADD_ME_AS_NEW.name());
+    
+    TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
+    assertEquals("wrong errorCode", "module.eidasauth.matching.98",  
+        ((EaafException) error.getOriginalException()).getErrorId());
+       
+  }
+  
   @Test
   public void withRequestingNewEntrySelection() throws TaskExecutionException {
     testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK);
-- 
cgit v1.2.3