[MOSIP-25539] Updated validateotp method (mosip#720)

* [MOSIP-24670] Updated API correction id and version * [MOSIP-24670] Updated API body correction * [MOSIP-22640] Fixed Sonar Bugs * updated PR * updated PR * updated review code * [MOSIP-22640] Fixed sonar bugs * updated PR * updated PR * [MOSIP-22639] Resolved security hotspots in code * [MOSIP-24630] Fixed Security Vulnerability in code * added error for isValidUrl method * renamed vaildateURL method * updated PR * updated PR * [MOSIP-24670] Made corrections in id and version * resolved conflicts * updated PR * updated PR * [MOSIP-24670] Made corrections n API body, response code * updated PR * updated PR * updated dateTime * updated PR * [MOSIP-25539] Made corrections in API body, response code * [MOSIP-25539] made corrections in API body * updated error message * updated error code * updated trasactionid dto change * added equals * [MOSIP-25539] made corrections in api body * [MOSIP-25539] Corrected API response body Task 5 * resolved build failure * [MOSIP-25539] Task 2 Added error code for vaildateOtp API * updated PR * updated PR * updated PR * updated PR * [MOSIP-25539] Updated validateotp method * updated PR Signed-off-by: Ritik Jain <[email protected]>
RitikJain4108 · Oct 31, 2023 · 5bf87c7 · 5bf87c7
1 parent f7e6602
commit 5bf87c7
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 25 deletions.
diff --git a/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java b/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java
@@ -19,6 +19,12 @@ public boolean validateOtp(String transactionID, String individualId, String otp
 
 	public Tuple2<Boolean, String> validateOtpV1(String transactionId, String individualId, String otp)
 			throws OtpValidationFailedException;
+
+	public boolean validateOtpv2(String transactionId, String individualId, String otp) 
+			throws OtpValidationFailedException;
+
+	public Tuple2<Boolean, String> validateOtpV2(String transactionId, String individualId, String otp)
+			throws OtpValidationFailedException;
 
 	public boolean authTypeStatusUpdate(String individualId, List<String> authType,
 			AuthTypeStatus authTypeStatus, Long unlockForSeconds) throws ApisResourceAccessException;

diff --git a/...esident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java b/...esident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java
@@ -119,7 +119,7 @@ public Tuple2<byte[], String> getDownloadCardPDF(MainRequestDTO<DownloadCardRequ
         String eventId = utility.createEventId();
         byte[] pdfBytes = new byte[0];
         try {
-            if (idAuthService.validateOtp(downloadCardRequestDTOMainRequestDTO.getRequest().getTransactionId(),
+            if (idAuthService.validateOtpv2(downloadCardRequestDTOMainRequestDTO.getRequest().getTransactionId(),
                     getUINForIndividualId(downloadCardRequestDTOMainRequestDTO.getRequest().getIndividualId())
                     , downloadCardRequestDTOMainRequestDTO.getRequest().getOtp())) {
                 String individualId = downloadCardRequestDTOMainRequestDTO.getRequest().getIndividualId();

diff --git a/...dent/resident-service/src/main/java/io/mosip/resident/service/impl/IdAuthServiceImpl.java b/...dent/resident-service/src/main/java/io/mosip/resident/service/impl/IdAuthServiceImpl.java
@@ -124,24 +124,59 @@ public boolean validateOtp(String transactionId, String individualId, String otp
 			throws OtpValidationFailedException {
 		return validateOtpV1(transactionId, individualId, otp).getT1();
 	}
+
+	@Override
+	public Tuple2<Boolean, String> validateOtpV1(String transactionId, String individualId, String otp)
+			throws OtpValidationFailedException {
+		AuthResponseDTO response = null;
+		String eventId = ResidentConstants.NOT_AVAILABLE;
+		ResidentTransactionEntity residentTransactionEntity = null;
+		try {
+			response = internelOtpAuth(transactionId, individualId, otp);
+			residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId,
+					individualId);
+			if (residentTransactionEntity != null) {
+				eventId = residentTransactionEntity.getEventId();
+			}
+		} catch (ApisResourceAccessException | InvalidKeySpecException | NoSuchAlgorithmException | IOException
+				| JsonProcessingException | java.security.cert.CertificateException e) {
+			logger.error(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.USERID.toString(), null,
+					"IdAuthServiceImpl::validateOtp():: validate otp method call" + ExceptionUtils.getStackTrace(e));
+			throw new OtpValidationFailedException(e.getMessage(), Map.of(ResidentConstants.EVENT_ID, eventId));
+		}
+		if (response.getErrors() != null && !response.getErrors().isEmpty()) {
+			response.getErrors().stream().forEach(error -> logger.error(LoggerFileConstant.SESSIONID.toString(),
+					LoggerFileConstant.USERID.toString(), error.getErrorCode(), error.getErrorMessage()));
+			throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(),
+					Map.of(ResidentConstants.EVENT_ID, eventId));
+		}
+		return Tuples.of(response.getResponse().isAuthStatus(), eventId);
+	}
 
+	@Override
+	public boolean validateOtpv2(String transactionId, String individualId, String otp)
+			throws OtpValidationFailedException {
+		return validateOtpV2(transactionId, individualId, otp).getT1();
+	}
+
 	@SuppressWarnings("null")
 	@Override
-	public Tuple2<Boolean, String> validateOtpV1(String transactionId, String individualId, String otp)
+	public Tuple2<Boolean, String> validateOtpV2(String transactionId, String individualId, String otp)
 			throws OtpValidationFailedException {
 		AuthResponseDTO response = null;
 		String eventId = ResidentConstants.NOT_AVAILABLE;
 		ResidentTransactionEntity residentTransactionEntity = null;
 		String authType = null;
 		try {
-			residentTransactionEntity = residentTransactionRepository.
-					findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId, identityService.getIDAToken(individualId)
-					, EventStatusInProgress.OTP_REQUESTED.toString());
+			residentTransactionEntity = residentTransactionRepository
+					.findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId,
+							identityService.getIDAToken(individualId), EventStatusInProgress.OTP_REQUESTED.toString());
 			if (residentTransactionEntity != null) {
 				authType = residentTransactionEntity.getAuthTypeCode();
 			}
 			response = internelOtpAuth(transactionId, individualId, otp);
-			residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId, individualId);
+			residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId,
+					individualId);
 			if (residentTransactionEntity != null) {
 				eventId = residentTransactionEntity.getEventId();
 			}
@@ -155,38 +190,45 @@ public Tuple2<Boolean, String> validateOtpV1(String transactionId, String indivi
 			response.getErrors().stream().forEach(error -> logger.error(LoggerFileConstant.SESSIONID.toString(),
 					LoggerFileConstant.USERID.toString(), error.getErrorCode(), error.getErrorMessage()));
 			if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_EXPIRED_ERR_CODE)) {
-				throw new OtpValidationFailedException(ResidentErrorCode.OTP_EXPIRED.getErrorCode(), ResidentErrorCode.OTP_EXPIRED.getErrorMessage(),
-						Map.of(ResidentConstants.EVENT_ID, eventId));
+				throw new OtpValidationFailedException(ResidentErrorCode.OTP_EXPIRED.getErrorCode(),
+						ResidentErrorCode.OTP_EXPIRED.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId));
 			}
 			if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_INVALID_ERR_CODE)) {
-				throw new OtpValidationFailedException(ResidentErrorCode.OTP_INVALID.getErrorCode(), ResidentErrorCode.OTP_INVALID.getErrorMessage(),
-						Map.of(ResidentConstants.EVENT_ID, eventId));
+				throw new OtpValidationFailedException(ResidentErrorCode.OTP_INVALID.getErrorCode(),
+						ResidentErrorCode.OTP_INVALID.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId));
 			}
 			if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.INVALID_ID_ERR_CODE)) {
-				throw new OtpValidationFailedException(ResidentErrorCode.INVALID_TRANSACTION_ID.getErrorCode(), response.getErrors().get(0).getErrorMessage(),
-						Map.of(ResidentConstants.EVENT_ID, eventId));
-			} 
+				throw new OtpValidationFailedException(ResidentErrorCode.INVALID_TRANSACTION_ID.getErrorCode(),
+						response.getErrors().get(0).getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId));
+			}
 			if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_AUTH_LOCKED_ERR_CODE)) {
 				if (authType.equals(ResidentConstants.PHONE)) {
-					throw new OtpValidationFailedException(ResidentErrorCode.SMS_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.SMS_AUTH_LOCKED.getErrorMessage(),
+					throw new OtpValidationFailedException(ResidentErrorCode.SMS_AUTH_LOCKED.getErrorCode(),
+							ResidentErrorCode.SMS_AUTH_LOCKED.getErrorMessage(),
 							Map.of(ResidentConstants.EVENT_ID, eventId));
-				} if (authType.equals(ResidentConstants.EMAIL)) {
-					throw new OtpValidationFailedException(ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorMessage(),
+				}
+				if (authType.equals(ResidentConstants.EMAIL)) {
+					throw new OtpValidationFailedException(ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorCode(),
+							ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorMessage(),
 							Map.of(ResidentConstants.EVENT_ID, eventId));
-				} if (authType != null) {
+				}
+				if (authType != null) {
 					boolean containsPhone = authType.contains(ResidentConstants.PHONE);
 					boolean containsEmail = authType.contains(ResidentConstants.EMAIL);
 					if (containsPhone && containsEmail) {
-						throw new OtpValidationFailedException(ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorMessage(),
+						throw new OtpValidationFailedException(
+								ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorCode(),
+								ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorMessage(),
 								Map.of(ResidentConstants.EVENT_ID, eventId));
 					}
 				}
-			} else throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(),
-					Map.of(ResidentConstants.EVENT_ID, eventId));
+			} else
+				throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(),
+						Map.of(ResidentConstants.EVENT_ID, eventId));
 		}
 		return Tuples.of(response.getResponse().isAuthStatus(), eventId);
 	}
-
+		
 	private ResidentTransactionEntity updateResidentTransaction(boolean verified,String transactionId, String individualId) throws NoSuchAlgorithmException {
 		ResidentTransactionEntity residentTransactionEntity = residentTransactionRepository.
 				findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId, identityService.getIDAToken(individualId)

diff --git a/...esident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java b/...esident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java
@@ -119,7 +119,7 @@ public void setup() throws Exception {
         result = "result";
         pdfbytes = result.getBytes();
         Mockito.when(utility.signPdf(Mockito.any(), Mockito.any())).thenReturn(pdfbytes);
-        Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true);
+        Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true);
         Mockito.when(utilities.getRidByIndividualId(Mockito.anyString())).thenReturn("1234567890");
         Mockito.when(residentService.getUINCard(Mockito.anyString())).thenReturn(pdfbytes);
         Mockito.when(identityService.getIndividualIdType(Mockito.anyString())).thenReturn("UIN");
@@ -199,22 +199,22 @@ public void testGetDownloadCardPdfApisResourceAccessExceptionTest() throws Resid
 
     @Test(expected = ResidentServiceException.class)
     public void testGetDownloadCardPdfOtpValidationFailedTest() throws ResidentServiceCheckedException, ApisResourceAccessException, OtpValidationFailedException {
-        Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(false);
+        Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(false);
         Tuple2<byte[], String> actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO);
         assertEquals(pdfbytes, actualResult.getT1());
     }
 
     @Test(expected = ResidentServiceException.class)
     public void testGetDownloadCardPdfApiResourceException() throws OtpValidationFailedException, ApisResourceAccessException {
-        Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true);
+        Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true);
         Mockito.when(utilities.getRidByIndividualId(Mockito.anyString())).thenThrow(new ApisResourceAccessException());
         Tuple2<byte[], String> actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO);
         assertEquals(pdfbytes, actualResult.getT1());
     }
 
     @Test(expected = ResidentServiceException.class)
     public void testGetDownloadCardPdfOtpValidationException() throws OtpValidationFailedException, ApisResourceAccessException {
-        Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
+        Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
                 .thenThrow(new OtpValidationFailedException());
         Tuple2<byte[], String> actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO);
         assertEquals(pdfbytes, actualResult.getT1());