From 847e3f5b52a7adc6baa463258087e562049ee89b Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 1 Jul 2022 14:27:19 +0200
Subject: feat(matching): add configuration property to disable
'matching-by-address-search'
---
basicConfig/templates/other_login_method.html | 15 ++++++++++-
.../src/main/resources/application.properties | 2 ++
.../main/resources/properties/messages.properties | 3 ---
.../resources/properties/messages_de.properties | 3 ---
.../specific/modules/auth/eidas/v2/Constants.java | 6 ++++-
.../auth/eidas/v2/dao/SelectedLoginMethod.java | 2 +-
.../v2/tasks/GenerateOtherLoginMethodGuiTask.java | 5 ++++
.../ReceiveOtherLoginMethodGuiResponseTask.java | 23 ++++++++++++++--
.../resources/eIDAS.Authentication.process.xml | 2 ++
.../messages/eidas_connector_message.properties | 1 +
.../tasks/GenerateOtherLoginMethodGuiTaskTest.java | 30 ++++++++++++++-------
...ReceiveOtherLoginMethodGuiResponseTaskTest.java | 31 ++++++++++++++++++++++
12 files changed, 103 insertions(+), 20 deletions(-)
diff --git a/basicConfig/templates/other_login_method.html b/basicConfig/templates/other_login_method.html
index 120b0ecd..c5bc9668 100644
--- a/basicConfig/templates/other_login_method.html
+++ b/basicConfig/templates/other_login_method.html
@@ -124,13 +124,26 @@
-
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index 99bfec6c..f6203805 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -105,6 +105,8 @@ eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false
#### matching######
+eidas.ms.auth.eIDAS.matching.byaddress.enable=true
+
# ZMR communication
#eidas.ms.auth.eIDAS.zmrclient.endpoint=http://localhost:1234/demozmr
#eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks
diff --git a/connector/src/main/resources/properties/messages.properties b/connector/src/main/resources/properties/messages.properties
index a2aaf95d..cc60cd6e 100644
--- a/connector/src/main/resources/properties/messages.properties
+++ b/connector/src/main/resources/properties/messages.properties
@@ -47,11 +47,8 @@ gui.countryselection.country.is=Iceland
gui.countryselection.country.is.logo.alt=Iceland-eID
gui.countryselection.country.it=Italy
gui.countryselection.country.it.logo.alt=Italy-eID
-<<<<<<< HEAD
gui.countryselection.country.li=Lichtenstein
gui.countryselection.country.li.logo.alt=Lichtensteinische-eID
-=======
->>>>>>> 1ad67c91820de1c7f2b2541f8e39752baac197d2
gui.countryselection.country.lt=Lithuania
gui.countryselection.country.lt.logo.alt=Lithuania-eID
gui.countryselection.country.lv=Latvia
diff --git a/connector/src/main/resources/properties/messages_de.properties b/connector/src/main/resources/properties/messages_de.properties
index 187b7b37..6f470ea0 100644
--- a/connector/src/main/resources/properties/messages_de.properties
+++ b/connector/src/main/resources/properties/messages_de.properties
@@ -48,11 +48,8 @@ gui.countryselection.country.is=Island
gui.countryselection.country.is.logo.alt=Isländische-eID
gui.countryselection.country.it=Italien
gui.countryselection.country.it.logo.alt=Italienische-eID
-<<<<<<< HEAD
gui.countryselection.country.li=Lichtenstein
gui.countryselection.country.li.logo.alt=Lichtensteinische-eID
-=======
->>>>>>> 1ad67c91820de1c7f2b2541f8e39752baac197d2
gui.countryselection.country.lt=Litauen
gui.countryselection.country.lt.logo.alt=Litauische-eID
gui.countryselection.country.lv=Lettland
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 588ea912..9bb7055b 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -128,7 +128,10 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_COMMON_CLIENT
+ ".ssl.trustStore.name";
-
+ /** Enable / Disable matching based on address search **/
+ public static final String CONFIG_PROP_MATCHING_BY_ADDRESS = CONIG_PROPS_EIDAS_PREFIX + ".matching.byaddress.enable";
+
+
// ZMR Client configuration properties
public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient";
public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT
@@ -343,6 +346,7 @@ public class Constants {
// UI options
+ public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON =
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
index 70904e4f..993c0924 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SelectedLoginMethod.java
@@ -1,5 +1,5 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
public enum SelectedLoginMethod {
- EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW
+ EIDAS_LOGIN, MOBILE_PHONE_SIGNATURE_LOGIN, NO_OTHER_LOGIN, ADD_ME_AS_NEW, REQUESTING_NEW_ENTRY
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index a90c5929..94b29b8e 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -87,6 +87,11 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
}
}
+ // inject flag for matching-by-address allowed
+ config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+ Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH,
+ String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
+
// inject request to create a new ERnP entry
config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY,
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index 184ad499..3fc29c4e 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -37,6 +37,8 @@ import com.google.common.collect.Sets;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
import lombok.extern.slf4j.Slf4j;
@@ -73,7 +75,7 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
@Override
public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
try {
SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request));
executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, false);
@@ -82,6 +84,9 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON);
transitionToNextTask(executionContext, selection);
+ } catch (TaskExecutionException e) {
+ throw e;
+
} catch (final Exception e) {
log.error("Parsing selected login method FAILED.", e);
executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
@@ -100,7 +105,8 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
return null;
}
- private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) {
+ private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection)
+ throws TaskExecutionException {
switch (selection) {
case EIDAS_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
@@ -111,9 +117,22 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
return;
case NO_OTHER_LOGIN:
+ if (!authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)) {
+ log.error("Matching by address was requested but it's disabled by configuration!");
+ throw new TaskExecutionException(pendingReq,
+ "Matching by address was requested but it's disabled by configuration!",
+ new EaafException("module.eidasauth.matching.98"));
+
+ }
+
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
+
+ case REQUESTING_NEW_ENTRY:
+ executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true);
+ return;
+
case ADD_ME_AS_NEW:
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
return;
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index dfa8622c..e57f9ca6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -45,6 +45,8 @@
from="receiveOtherLoginMethodGuiResponseTask" to="generateMobilePhoneSignatureRequestTask" />
+
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index 6d73c43a..dafa7ce3 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -30,5 +30,6 @@ module.eidasauth.matching.24=Matching be using Austrian Identity not possible. U
module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data or use another method for matching.
module.eidasauth.matching.26=Matching be using alternative eIDAS authentication not possible, because Name or Country not matched. Provide more or other data or use another method for matching.
+module.eidasauth.matching.98=Matching failed, because a method was selected that was not allowed.
module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
index 496158fa..6d08a731 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java
@@ -29,6 +29,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.json.JsonMapper;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask;
@@ -53,6 +54,8 @@ public class GenerateOtherLoginMethodGuiTaskTest {
private static final String TEST_PATTER_REQ_PARAM =
"
";
+ @Autowired MsConnectorDummyConfigMap config;
+
@Autowired
GenerateOtherLoginMethodGuiTask task;
@@ -86,6 +89,9 @@ public class GenerateOtherLoginMethodGuiTaskTest {
executionContext = new ExecutionContextImpl();
+ config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false");
+
+
LocaleContextHolder.resetLocaleContext();
}
@@ -172,6 +178,10 @@ public class GenerateOtherLoginMethodGuiTaskTest {
assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+ assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY));
+ assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean());
+
+
assertNotNull("pendingRequest not stored",
storage.getPendingRequest(pendingReq.getPendingRequestId()));
@@ -199,10 +209,11 @@ public class GenerateOtherLoginMethodGuiTaskTest {
@Test
public void advancedMatchingFailedMsg() throws TaskExecutionException, UnsupportedEncodingException {
executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
-
+ config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "true");
+
task.execute(pendingReq, executionContext);
- String html = doBasicValidation();
+ String html = doBasicValidation(true);
Assert.assertFalse("Missing eIDAS infos",
html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.ADD_ME_AS_NEW)));
Assert.assertTrue("missing errorfield",
@@ -218,7 +229,7 @@ public class GenerateOtherLoginMethodGuiTaskTest {
task.execute(pendingReq, executionContext);
- String html = doBasicValidation();
+ String html = doBasicValidation(false);
Assert.assertTrue("missing errorfield",
html.contains("
task.execute(pendingReq, executionContext));
+
+ assertEquals("wrong errorCode", "module.eidasauth.matching.98",
+ ((EaafException) error.getOriginalException()).getErrorId());
+
+ }
+
@Test
public void withAddMeAsNewSelection() throws TaskExecutionException {
testTransition(SelectedLoginMethod.ADD_ME_AS_NEW, Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK);
@@ -99,6 +120,14 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
}
+ @Test
+ public void withRequestingNewEntrySelection() throws TaskExecutionException {
+ testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK);
+ assertEquals("return to selection", true, executionContext.get(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK));
+ assertEquals("return to selection", false, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK));
+
+ }
+
public void testTransition(SelectedLoginMethod loginMethod, String expectedTransition) throws TaskExecutionException {
httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, loginMethod.name());
executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
@@ -109,6 +138,8 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest {
assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
assertNotNull("no login-selection found", executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER));
assertEquals("Wrong login-selection found", loginMethod.name(), executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER));
+
+
assertEquals("Next task", true, executionContext.get(expectedTransition));
assertNull("find advancedMatchingError flag", executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED));
--
cgit v1.2.3