From 458c6f039654ba6ed3608f1523ba45f04f79bcd2 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 1 Dec 2022 13:12:23 +0100 Subject: feat(matching): disable UX option to create a new ERnP entry if it was prohibited by matching-process --- .../specific/modules/auth/eidas/v2/Constants.java | 4 +- .../v2/tasks/GenerateOtherLoginMethodGuiTask.java | 13 +++-- .../ReceiveOtherLoginMethodGuiResponseTask.java | 8 +++ .../tasks/GenerateOtherLoginMethodGuiTaskTest.java | 61 +++++++++++++++++++--- ...ReceiveOtherLoginMethodGuiResponseTaskTest.java | 25 ++++++++- 5 files changed, 98 insertions(+), 13 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index a9125849..5468cd56 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -334,7 +334,9 @@ public class Constants { // UI options public static final String HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH = "enableMatchingByAddressSearch"; - public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry"; + public static final String HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION = "createNewErnpEntryScreen"; + public static final String HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY = "disallowNewErnpEntry"; + public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed"; public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason"; diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 9d4f7152..e67805d6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -92,13 +92,20 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa Constants.HTML_FORM_ENABLE_MATCHING_BY_ADDRESS_SEARCH, String.valueOf(basicConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_MATCHING_BY_ADDRESS))); - // inject request to create a new ERnP entry + // inject flag to show screen for last manual matching step config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, - Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, + Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION, String.valueOf( MatchingTaskUtils.getExecutionContextFlag( executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK))); - + + // inject flag to disallow new ERnP entry in case of + config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, + Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY, + String.valueOf(!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq) + .getOperationStatus().isAllowErnpEntryByUser())); + + // reset executionContext parameters ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach( el -> executionContext.remove(el)); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index fb4e6e7b..0afe0ff6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -146,6 +146,14 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe return; case ADD_ME_AS_NEW: + if (!MatchingTaskUtils.getIntermediateMatchingResult(pendingReq) + .getOperationStatus().isAllowErnpEntryByUser()) { + log.error("Create new ERnP entry by user was requested but it's not allowed!"); + throw new TaskExecutionException(pendingReq, + "Create new ERnP entry by user was requested but it's not allowed!", + new EaafException("module.eidasauth.matching.98")); + + } log.info("User selects insert-into-ERnP option. Starting ERnP operation and complete prozess ... "); executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_BY_USER_TASK, true); executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false); diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java index 6d08a731..037c76a1 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java @@ -8,6 +8,7 @@ import static org.junit.Assert.assertTrue; import java.io.UnsupportedEncodingException; import java.text.MessageFormat; +import java.util.Collections; import java.util.Locale; import org.apache.commons.lang3.RandomStringUtils; @@ -32,9 +33,12 @@ import com.fasterxml.jackson.databind.json.JsonMapper; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -76,6 +80,7 @@ public class GenerateOtherLoginMethodGuiTaskTest { * jUnit test set-up. */ @Before + @SneakyThrows public void initialize() { httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); httpResp = new MockHttpServletResponse(); @@ -91,6 +96,10 @@ public class GenerateOtherLoginMethodGuiTaskTest { config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false"); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, + new RegisterStatusResults(new RegisterOperationStatus(null, true), + Collections.emptyList(), Collections.emptyList())); + LocaleContextHolder.resetLocaleContext(); } @@ -125,11 +134,44 @@ public class GenerateOtherLoginMethodGuiTaskTest { @Test @SneakyThrows - public void jsonResponseInsertErnp() throws TaskExecutionException, UnsupportedEncodingException { - String reason = RandomStringUtils.randomAlphabetic(5); + public void jsonResponseInsertErnpScreen() throws TaskExecutionException, UnsupportedEncodingException { + executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true); + httpReq.addHeader("Accept", "application/json"); + + task.execute(pendingReq, executionContext); + + //result validation + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + Assert.assertEquals("http ContentType", "application/json;charset=UTF-8", httpResp.getContentType()); + final String content = httpResp.getContentAsString(); + assertNotNull("response body is null", content); + Assert.assertFalse("response body is empty", content.isEmpty()); + final JsonNode json = new JsonMapper().readTree(content); + assertNotNull("response body is null", json); + assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED)); + assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION)); + assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean()); + + assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY)); + assertFalse("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean()); + + assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON)); + + assertNotNull("pendingRequest not stored", + storage.getPendingRequest(pendingReq.getPendingRequestId())); + + } + + @Test + @SneakyThrows + public void jsonResponseInsertErnpScreenButNotAllowed() throws TaskExecutionException, UnsupportedEncodingException { executionContext.put(Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true); httpReq.addHeader("Accept", "application/json"); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, + new RegisterStatusResults(new RegisterOperationStatus(null, false), + Collections.emptyList(), Collections.emptyList())); + task.execute(pendingReq, executionContext); //result validation @@ -141,8 +183,11 @@ public class GenerateOtherLoginMethodGuiTaskTest { final JsonNode json = new JsonMapper().readTree(content); assertNotNull("response body is null", json); assertNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED)); - assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY)); - assertTrue("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean()); + assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION)); + assertTrue("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean()); + + assertNotNull("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY)); + assertTrue("disallowNewErnpEntry", json.get(Constants.HTML_FORM_DISALLOW_CREATENEW_ERNP_ENTRY).asBoolean()); assertNull("advancedMatchingFailedReason", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON)); @@ -175,11 +220,11 @@ public class GenerateOtherLoginMethodGuiTaskTest { assertEquals("advancedMatchingFailedReason", reason, json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON).asText()); - assertNotNull("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY)); - assertFalse("createNewErnpEntry", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean()); + assertNotNull("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION)); + assertFalse("createNewErnpEntryScreen", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean()); - assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY)); - assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY).asBoolean()); + assertNotNull("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION)); + assertFalse("enableMatchingByAddressSearch", json.get(Constants.HTML_FORM_WITH_CREATE_NEW_ERNP_ENTRY_OPTION).asBoolean()); assertNotNull("pendingRequest not stored", diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java index dfd355de..db4f4fcb 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java @@ -29,7 +29,10 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; @@ -75,6 +78,7 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { * jUnit test set-up. */ @Before + @SneakyThrows public void initialize() { httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); httpResp = new MockHttpServletResponse(); @@ -89,6 +93,10 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { pendingReq.setSpConfig(spConfig); config.putConfigValue("auth.eIDAS.matching.byaddress.enable", "false"); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, + new RegisterStatusResults(new RegisterOperationStatus(null, true), + Collections.emptyList(), Collections.emptyList())); + LocaleContextHolder.resetLocaleContext(); } @@ -166,7 +174,22 @@ public class ReceiveOtherLoginMethodGuiResponseTaskTest { } - + + @Test + @SneakyThrows + public void withAddMeAsNewSelectionButNotAllowed() throws TaskExecutionException { + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, + new RegisterStatusResults(new RegisterOperationStatus(null, false), + Collections.emptyList(), Collections.emptyList())); + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, SelectedLoginMethod.ADD_ME_AS_NEW.name()); + + TaskExecutionException error = assertThrows("wrong exception", TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + assertEquals("wrong errorCode", "module.eidasauth.matching.98", + ((EaafException) error.getOriginalException()).getErrorId()); + + } + @Test public void withRequestingNewEntrySelection() throws TaskExecutionException { testTransition(SelectedLoginMethod.REQUESTING_NEW_ENTRY, Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK); -- cgit v1.2.3