From 7af764928cbb3d1256f0f0261823962e7dbe05f9 Mon Sep 17 00:00:00 2001 From: gianmarcoplutino <119858159+gianmarcoplutino@users.noreply.github.com> Date: Thu, 5 Sep 2024 11:59:54 +0200 Subject: [PATCH] [SELC-5322] merge back (#466) Co-authored-by: pierpaolo.didato@emeal.nttdata.com --- ...thenticationPropagationHeadersFactory.java | 13 +++++--- .../service/JwtSessionServiceDefault.java | 33 +++++++++---------- ...ticationPropagationHeadersFactoryTest.java | 26 +++++++++++++++ .../service/JwtSessionServiceDefaultTest.java | 15 +++++++++ 4 files changed, 66 insertions(+), 21 deletions(-) diff --git a/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactory.java b/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactory.java index 4963d276a..ddc34b09e 100644 --- a/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactory.java +++ b/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactory.java @@ -7,22 +7,27 @@ import org.eclipse.microprofile.rest.client.ext.ClientHeadersFactory; import java.util.List; +import java.util.Objects; @ApplicationScoped public class AuthenticationPropagationHeadersFactory implements ClientHeadersFactory { + private static final String USER_ID_HEADER = "user-uuid"; + private static final String JWT_BEARER_TOKEN_ENV = "JWT_BEARER_TOKEN"; + @Inject JwtSessionService tokenService; @Override public MultivaluedMap update(MultivaluedMap incomingHeaders, MultivaluedMap clientOutgoingHeaders) { String bearerToken; - if (!clientOutgoingHeaders.isEmpty() && clientOutgoingHeaders.containsKey("user-uuid")) { - final String uuid = clientOutgoingHeaders.get("user-uuid").get(0); - bearerToken = tokenService.createJwt(uuid); + if (!clientOutgoingHeaders.isEmpty() && clientOutgoingHeaders.containsKey(USER_ID_HEADER)) { + final String uuid = clientOutgoingHeaders.get(USER_ID_HEADER).get(0); + final String jwt = tokenService.createJwt(uuid); + bearerToken = Objects.nonNull(jwt) ? jwt : System.getenv(JWT_BEARER_TOKEN_ENV); } else { - bearerToken = System.getenv("JWT_BEARER_TOKEN"); + bearerToken = System.getenv(JWT_BEARER_TOKEN_ENV); } clientOutgoingHeaders.put("Authorization", List.of("Bearer " + bearerToken)); return clientOutgoingHeaders; diff --git a/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefault.java b/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefault.java index 526a17101..5c752b8cc 100644 --- a/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefault.java +++ b/apps/onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefault.java @@ -43,27 +43,26 @@ public class JwtSessionServiceDefault implements JwtSessionService { @Override public String createJwt(String userId) { - PrivateKey privateKey; try { - privateKey = getPrivateKey(tokenConfig.signingKey()); + PrivateKey privateKey = getPrivateKey(tokenConfig.signingKey()); + UserResource userResource = userRegistryApi.findByIdUsingGET(USERS_FIELD_LIST, userId); + return Jwts.builder() + .setId(UUID.randomUUID().toString()) + .setIssuedAt(new Date()) + .setIssuer(tokenConfig.issuer()) + .setExpiration(Date.from(new Date().toInstant().plus(Duration.parse(tokenConfig.duration())))) + .claim("family_name", userResource.getFamilyName().getValue()) + .claim("fiscal_number", userResource.getFiscalCode()) + .claim("name", userResource.getName().getValue()) + .claim("uid", userId) + .signWith(SignatureAlgorithm.RS256, privateKey) + .setHeaderParam(JwsHeader.KEY_ID, tokenConfig.kid()) + .setHeaderParam(Header.TYPE, Header.JWT_TYPE) + .compact(); } catch (Exception e) { - logger.error("Impossible to get private key. Error: {}", e.getMessage(), e); + logger.error("Impossible to create jwt token. Error: {}", e.getMessage(), e); return null; } - UserResource userResource = userRegistryApi.findByIdUsingGET(USERS_FIELD_LIST, userId); - return Jwts.builder() - .setId(UUID.randomUUID().toString()) - .setIssuedAt(new Date()) - .setIssuer(tokenConfig.issuer()) - .setExpiration(Date.from(new Date().toInstant().plus(Duration.parse(tokenConfig.duration())))) - .claim("family_name", userResource.getFamilyName().getValue()) - .claim("fiscal_number", userResource.getFiscalCode()) - .claim("name", userResource.getName().getValue()) - .claim("uid", userId) - .signWith(SignatureAlgorithm.RS256, privateKey) - .setHeaderParam(JwsHeader.KEY_ID, tokenConfig.kid()) - .setHeaderParam(Header.TYPE, Header.JWT_TYPE) - .compact(); } private PrivateKey getPrivateKey(String signingKey) throws NoSuchAlgorithmException, InvalidKeySpecException { diff --git a/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactoryTest.java b/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactoryTest.java index 8404b1e9b..ccd569584 100644 --- a/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactoryTest.java +++ b/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactoryTest.java @@ -1,6 +1,8 @@ package it.pagopa.selfcare.onboarding.client.auth; +import io.quarkus.test.InjectMock; import io.quarkus.test.junit.QuarkusTest; +import it.pagopa.selfcare.onboarding.service.JwtSessionService; import jakarta.inject.Inject; import jakarta.ws.rs.core.MultivaluedHashMap; import org.junit.jupiter.api.Test; @@ -9,6 +11,8 @@ import java.util.UUID; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; @QuarkusTest class AuthenticationPropagationHeadersFactoryTest { @@ -16,6 +20,9 @@ class AuthenticationPropagationHeadersFactoryTest { @Inject AuthenticationPropagationHeadersFactory authenticationPropagationHeadersFactory; + @InjectMock + JwtSessionService jwtSessionService; + @Test void update() { MultivaluedHashMap incomingHeaders = new MultivaluedHashMap<>(); @@ -24,4 +31,23 @@ void update() { authenticationPropagationHeadersFactory.update(incomingHeaders, outgoingHeaders); assertTrue(outgoingHeaders.containsKey("Authorization")); } + + @Test + void updateWithNullJwt() { + MultivaluedHashMap incomingHeaders = new MultivaluedHashMap<>(); + MultivaluedHashMap outgoingHeaders = new MultivaluedHashMap<>(); + outgoingHeaders.put("user-uuid", List.of(UUID.randomUUID().toString())); + when(jwtSessionService.createJwt(any())).thenReturn(null); + authenticationPropagationHeadersFactory.update(incomingHeaders, outgoingHeaders); + assertTrue(outgoingHeaders.containsKey("Authorization")); + } + + @Test + void emptyHeader() { + MultivaluedHashMap incomingHeaders = new MultivaluedHashMap<>(); + MultivaluedHashMap outgoingHeaders = new MultivaluedHashMap<>(); + authenticationPropagationHeadersFactory.update(incomingHeaders, outgoingHeaders); + assertTrue(outgoingHeaders.containsKey("Authorization")); + } + } diff --git a/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefaultTest.java b/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefaultTest.java index 717de8287..96155a3f1 100644 --- a/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefaultTest.java +++ b/apps/onboarding-functions/src/test/java/it/pagopa/selfcare/onboarding/service/JwtSessionServiceDefaultTest.java @@ -4,6 +4,7 @@ import io.quarkus.test.junit.QuarkusTest; import io.quarkus.test.junit.QuarkusTestProfile; import io.quarkus.test.junit.TestProfile; +import it.pagopa.selfcare.onboarding.exception.ResourceNotFoundException; import jakarta.inject.Inject; import org.eclipse.microprofile.rest.client.inject.RestClient; import org.junit.jupiter.api.Test; @@ -62,4 +63,18 @@ void createJwt() { assertTrue(Objects.nonNull(jwt)); } + @Test + void createNullJwt() { + final String userId = "userId"; + UserResource userResource = new UserResource(); + userResource.setFiscalCode("fiscalCode"); + CertifiableFieldResourceOfstring certifiedField = new CertifiableFieldResourceOfstring(); + certifiedField.setValue("name"); + userResource.setName(certifiedField); + userResource.setFamilyName(certifiedField); + when(userRegistryApi.findByIdUsingGET(any(), any())).thenThrow(new ResourceNotFoundException("An error occurred", "Code")); + String jwt = tokenService.createJwt(userId); + assertTrue(Objects.isNull(jwt)); + } + }