From 458c6f039654ba6ed3608f1523ba45f04f79bcd2 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 1 Dec 2022 13:12:23 +0100
Subject: feat(matching): disable UX option to create a new ERnP entry if it
 was prohibited by matching-process

---
 .../eidas/specific/modules/auth/eidas/v2/Constants.java     |  4 +++-
 .../eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java     | 13 ++++++++++---
 .../v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java    |  8 ++++++++
 3 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'modules/authmodule-eIDAS-v2/src/main/java')

diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index a9125849..5468cd56 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -334,7 +334,9 @@ public class Constants {
 
   // UI options
   public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch";
-  public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry";
+  public static final String HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION = "createNewErnpEntryScreen";
+  public static final String HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY = "disallowNewErnpEntry";
+  
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
   public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = 
       HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason";
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index 9d4f7152..e67805d6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -92,13 +92,20 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa
           Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, 
           String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS)));
                         
-      // inject request to create a new ERnP entry
+      // inject flag to show screen for last manual matching step
       config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
-          Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, 
+          Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION, 
           String.valueOf(
               MatchingTaskUtils.getExecutionContextFlag(
                   executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK)));
-                        
+                          
+      // inject flag to disallow new ERnP entry in case of 
+      config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS,
+          Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY, 
+          String.valueOf(!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+              .getOperationStatus().isAllowErnpEntryByUser()));
+      
+      
       // reset executionContext parameters
       ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach(
           el -> executionContext.remove(el));
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index fb4e6e7b..0afe0ff6 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -146,6 +146,14 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
         return;        
         
       case ADD_ME_AS_NEW:
+        if (!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)
+            .getOperationStatus().isAllowErnpEntryByUser()) {
+          log.error("Create new ERnP entry by user was requested but it's not allowed!");
+          throw new TaskExecutionException(pendingReq, 
+              "Create new ERnP entry by user was requested but it's not allowed!", 
+              new EaafException("module.eidasauth.matching.98"));
+          
+        }
         log.info("User selects insert-into-ERnP option. Starting ERnP operation and complete prozess ... ");
         executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_BY_USER_TASK, true);
         executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false);
-- 
cgit v1.2.3