From 5bf87c76f0548bb7a22c1bf8a7acfcb2fb46e537 Mon Sep 17 00:00:00 2001 From: Aiham Hasan <89243555+aihamh@users.noreply.github.com> Date: Tue, 31 Jan 2023 19:25:25 +0530 Subject: [PATCH] [MOSIP-25539] Updated validateotp method (#720) * [MOSIP-24670] Updated API correction id and version * [MOSIP-24670] Updated API body correction * [MOSIP-22640] Fixed Sonar Bugs * updated PR * updated PR * updated review code * [MOSIP-22640] Fixed sonar bugs * updated PR * updated PR * [MOSIP-22639] Resolved security hotspots in code * [MOSIP-24630] Fixed Security Vulnerability in code * added error for isValidUrl method * renamed vaildateURL method * updated PR * updated PR * [MOSIP-24670] Made corrections in id and version * resolved conflicts * updated PR * updated PR * [MOSIP-24670] Made corrections n API body, response code * updated PR * updated PR * updated dateTime * updated PR * [MOSIP-25539] Made corrections in API body, response code * [MOSIP-25539] made corrections in API body * updated error message * updated error code * updated trasactionid dto change * added equals * [MOSIP-25539] made corrections in api body * [MOSIP-25539] Corrected API response body Task 5 * resolved build failure * [MOSIP-25539] Task 2 Added error code for vaildateOtp API * updated PR * updated PR * updated PR * updated PR * [MOSIP-25539] Updated validateotp method * updated PR Signed-off-by: Ritik Jain --- .../mosip/resident/service/IdAuthService.java | 6 ++ .../service/impl/DownloadCardServiceImpl.java | 2 +- .../service/impl/IdAuthServiceImpl.java | 82 ++++++++++++++----- .../test/service/DownloadCardServiceTest.java | 8 +- 4 files changed, 73 insertions(+), 25 deletions(-) diff --git a/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java b/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java index 30c131efbb1..6b9ea32b7f2 100644 --- a/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java +++ b/resident/resident-service/src/main/java/io/mosip/resident/service/IdAuthService.java @@ -19,6 +19,12 @@ public boolean validateOtp(String transactionID, String individualId, String otp public Tuple2 validateOtpV1(String transactionId, String individualId, String otp) throws OtpValidationFailedException; + + public boolean validateOtpv2(String transactionId, String individualId, String otp) + throws OtpValidationFailedException; + + public Tuple2 validateOtpV2(String transactionId, String individualId, String otp) + throws OtpValidationFailedException; public boolean authTypeStatusUpdate(String individualId, List authType, AuthTypeStatus authTypeStatus, Long unlockForSeconds) throws ApisResourceAccessException; diff --git a/resident/resident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java b/resident/resident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java index 05039fbff59..4828cabf608 100644 --- a/resident/resident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java +++ b/resident/resident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java @@ -119,7 +119,7 @@ public Tuple2 getDownloadCardPDF(MainRequestDTO validateOtpV1(String transactionId, String individualId, String otp) + throws OtpValidationFailedException { + AuthResponseDTO response = null; + String eventId = ResidentConstants.NOT_AVAILABLE; + ResidentTransactionEntity residentTransactionEntity = null; + try { + response = internelOtpAuth(transactionId, individualId, otp); + residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId, + individualId); + if (residentTransactionEntity != null) { + eventId = residentTransactionEntity.getEventId(); + } + } catch (ApisResourceAccessException | InvalidKeySpecException | NoSuchAlgorithmException | IOException + | JsonProcessingException | java.security.cert.CertificateException e) { + logger.error(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.USERID.toString(), null, + "IdAuthServiceImpl::validateOtp():: validate otp method call" + ExceptionUtils.getStackTrace(e)); + throw new OtpValidationFailedException(e.getMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); + } + if (response.getErrors() != null && !response.getErrors().isEmpty()) { + response.getErrors().stream().forEach(error -> logger.error(LoggerFileConstant.SESSIONID.toString(), + LoggerFileConstant.USERID.toString(), error.getErrorCode(), error.getErrorMessage())); + throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(), + Map.of(ResidentConstants.EVENT_ID, eventId)); + } + return Tuples.of(response.getResponse().isAuthStatus(), eventId); + } + @Override + public boolean validateOtpv2(String transactionId, String individualId, String otp) + throws OtpValidationFailedException { + return validateOtpV2(transactionId, individualId, otp).getT1(); + } + @SuppressWarnings("null") @Override - public Tuple2 validateOtpV1(String transactionId, String individualId, String otp) + public Tuple2 validateOtpV2(String transactionId, String individualId, String otp) throws OtpValidationFailedException { AuthResponseDTO response = null; String eventId = ResidentConstants.NOT_AVAILABLE; ResidentTransactionEntity residentTransactionEntity = null; String authType = null; try { - residentTransactionEntity = residentTransactionRepository. - findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId, identityService.getIDAToken(individualId) - , EventStatusInProgress.OTP_REQUESTED.toString()); + residentTransactionEntity = residentTransactionRepository + .findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId, + identityService.getIDAToken(individualId), EventStatusInProgress.OTP_REQUESTED.toString()); if (residentTransactionEntity != null) { authType = residentTransactionEntity.getAuthTypeCode(); } response = internelOtpAuth(transactionId, individualId, otp); - residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId, individualId); + residentTransactionEntity = updateResidentTransaction(response.getResponse().isAuthStatus(), transactionId, + individualId); if (residentTransactionEntity != null) { eventId = residentTransactionEntity.getEventId(); } @@ -155,38 +190,45 @@ public Tuple2 validateOtpV1(String transactionId, String indivi response.getErrors().stream().forEach(error -> logger.error(LoggerFileConstant.SESSIONID.toString(), LoggerFileConstant.USERID.toString(), error.getErrorCode(), error.getErrorMessage())); if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_EXPIRED_ERR_CODE)) { - throw new OtpValidationFailedException(ResidentErrorCode.OTP_EXPIRED.getErrorCode(), ResidentErrorCode.OTP_EXPIRED.getErrorMessage(), - Map.of(ResidentConstants.EVENT_ID, eventId)); + throw new OtpValidationFailedException(ResidentErrorCode.OTP_EXPIRED.getErrorCode(), + ResidentErrorCode.OTP_EXPIRED.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); } if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_INVALID_ERR_CODE)) { - throw new OtpValidationFailedException(ResidentErrorCode.OTP_INVALID.getErrorCode(), ResidentErrorCode.OTP_INVALID.getErrorMessage(), - Map.of(ResidentConstants.EVENT_ID, eventId)); + throw new OtpValidationFailedException(ResidentErrorCode.OTP_INVALID.getErrorCode(), + ResidentErrorCode.OTP_INVALID.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); } if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.INVALID_ID_ERR_CODE)) { - throw new OtpValidationFailedException(ResidentErrorCode.INVALID_TRANSACTION_ID.getErrorCode(), response.getErrors().get(0).getErrorMessage(), - Map.of(ResidentConstants.EVENT_ID, eventId)); - } + throw new OtpValidationFailedException(ResidentErrorCode.INVALID_TRANSACTION_ID.getErrorCode(), + response.getErrors().get(0).getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); + } if (response.getErrors().get(0).getErrorCode().equals(ResidentConstants.OTP_AUTH_LOCKED_ERR_CODE)) { if (authType.equals(ResidentConstants.PHONE)) { - throw new OtpValidationFailedException(ResidentErrorCode.SMS_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.SMS_AUTH_LOCKED.getErrorMessage(), + throw new OtpValidationFailedException(ResidentErrorCode.SMS_AUTH_LOCKED.getErrorCode(), + ResidentErrorCode.SMS_AUTH_LOCKED.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); - } if (authType.equals(ResidentConstants.EMAIL)) { - throw new OtpValidationFailedException(ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorMessage(), + } + if (authType.equals(ResidentConstants.EMAIL)) { + throw new OtpValidationFailedException(ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorCode(), + ResidentErrorCode.EMAIL_AUTH_LOCKED.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); - } if (authType != null) { + } + if (authType != null) { boolean containsPhone = authType.contains(ResidentConstants.PHONE); boolean containsEmail = authType.contains(ResidentConstants.EMAIL); if (containsPhone && containsEmail) { - throw new OtpValidationFailedException(ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorCode(), ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorMessage(), + throw new OtpValidationFailedException( + ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorCode(), + ResidentErrorCode.SMS_AND_EMAIL_AUTH_LOCKED.getErrorMessage(), Map.of(ResidentConstants.EVENT_ID, eventId)); } } - } else throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(), - Map.of(ResidentConstants.EVENT_ID, eventId)); + } else + throw new OtpValidationFailedException(response.getErrors().get(0).getErrorMessage(), + Map.of(ResidentConstants.EVENT_ID, eventId)); } return Tuples.of(response.getResponse().isAuthStatus(), eventId); } - + private ResidentTransactionEntity updateResidentTransaction(boolean verified,String transactionId, String individualId) throws NoSuchAlgorithmException { ResidentTransactionEntity residentTransactionEntity = residentTransactionRepository. findTopByRequestTrnIdAndTokenIdAndStatusCodeOrderByCrDtimesDesc(transactionId, identityService.getIDAToken(individualId) diff --git a/resident/resident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java b/resident/resident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java index d62370a1ab9..1314fe3b0dd 100644 --- a/resident/resident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java +++ b/resident/resident-service/src/test/java/io/mosip/resident/test/service/DownloadCardServiceTest.java @@ -119,7 +119,7 @@ public void setup() throws Exception { result = "result"; pdfbytes = result.getBytes(); Mockito.when(utility.signPdf(Mockito.any(), Mockito.any())).thenReturn(pdfbytes); - Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true); + Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true); Mockito.when(utilities.getRidByIndividualId(Mockito.anyString())).thenReturn("1234567890"); Mockito.when(residentService.getUINCard(Mockito.anyString())).thenReturn(pdfbytes); Mockito.when(identityService.getIndividualIdType(Mockito.anyString())).thenReturn("UIN"); @@ -199,14 +199,14 @@ public void testGetDownloadCardPdfApisResourceAccessExceptionTest() throws Resid @Test(expected = ResidentServiceException.class) public void testGetDownloadCardPdfOtpValidationFailedTest() throws ResidentServiceCheckedException, ApisResourceAccessException, OtpValidationFailedException { - Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(false); + Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(false); Tuple2 actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO); assertEquals(pdfbytes, actualResult.getT1()); } @Test(expected = ResidentServiceException.class) public void testGetDownloadCardPdfApiResourceException() throws OtpValidationFailedException, ApisResourceAccessException { - Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true); + Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(true); Mockito.when(utilities.getRidByIndividualId(Mockito.anyString())).thenThrow(new ApisResourceAccessException()); Tuple2 actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO); assertEquals(pdfbytes, actualResult.getT1()); @@ -214,7 +214,7 @@ public void testGetDownloadCardPdfApiResourceException() throws OtpValidationFai @Test(expected = ResidentServiceException.class) public void testGetDownloadCardPdfOtpValidationException() throws OtpValidationFailedException, ApisResourceAccessException { - Mockito.when(idAuthService.validateOtp(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) + Mockito.when(idAuthService.validateOtpv2(Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) .thenThrow(new OtpValidationFailedException()); Tuple2 actualResult = downloadCardService.getDownloadCardPDF(downloadCardRequestDTOMainRequestDTO); assertEquals(pdfbytes, actualResult.getT1());