[ES-937]Updated AuthChallengeFactorFormatValidator (mosip#661)

Signed-off-by: Balaji <[email protected]>

esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/AuthChallenge.java

@@ -7,22 +7,17 @@
 
 import io.mosip.esignet.api.util.ErrorConstants;
 import io.mosip.esignet.api.validator.AuthChallengeFactorFormat;
-import io.mosip.esignet.api.validator.AuthChallengeLength;
 import lombok.Data;
 
 import javax.validation.constraints.NotBlank;
 
 @Data
-@AuthChallengeLength
 @AuthChallengeFactorFormat
 public class AuthChallenge {
 
-    @NotBlank(message = ErrorConstants.INVALID_AUTH_FACTOR_TYPE)
     private String authFactorType;
 
-    @NotBlank(message = ErrorConstants.INVALID_CHALLENGE)
     private String challenge;
 
-    @NotBlank(message = ErrorConstants.INVALID_CHALLENGE_FORMAT)
     private String format;
 }

esignet-integration-api/src/main/java/io/mosip/esignet/api/validator/AuthChallengeFactorFormat.java

@@ -17,8 +17,8 @@
 @Constraint(validatedBy = AuthChallengeFactorFormatValidator.class)
 @Documented
 public @interface AuthChallengeFactorFormat {
-    String message() default ErrorConstants.INVALID_AUTH_FACTOR_TYPE_FORMAT;
-
+    String message() default ErrorConstants.INVALID_CHALLENGE;
+    
     Class<?>[] groups() default {};
 
     Class<? extends Payload>[] payload() default {};

esignet-integration-api/src/main/java/io/mosip/esignet/api/validator/AuthChallengeFactorFormatValidator.java

@@ -1,6 +1,9 @@
 package io.mosip.esignet.api.validator;
 
 import io.mosip.esignet.api.dto.AuthChallenge;
+import io.mosip.esignet.api.util.ErrorConstants;
+import io.mosip.esignet.api.validator.AuthChallengeFactorFormat;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.env.Environment;
@@ -15,17 +18,31 @@
 public class AuthChallengeFactorFormatValidator implements ConstraintValidator<AuthChallengeFactorFormat, AuthChallenge> {
 
     private final String FORMAT_KEY_PREFIX = "mosip.esignet.auth-challenge.%s.format";
-
+    private final String MIN_LENGTH_KEY_PREFIX = "mosip.esignet.auth-challenge.%s.min-length";
+    private final String MAX_LENGTH_KEY_PREFIX = "mosip.esignet.auth-challenge.%s.max-length";
+
     @Autowired
     private Environment environment;
 
     @Override
     public boolean isValid(AuthChallenge authChallenge, ConstraintValidatorContext context) {
-        if(StringUtils.hasText(authChallenge.getAuthFactorType()) && StringUtils.hasText(authChallenge.getFormat())) {
-            String format = environment.getProperty(String.format(FORMAT_KEY_PREFIX, authChallenge.getAuthFactorType()),
-                    String.class, "alpha-numeric");
-            return authChallenge.getFormat().equals(format);
+    	String authFactor = authChallenge.getAuthFactorType();
+        String format = environment.getProperty(String.format(FORMAT_KEY_PREFIX, authFactor),
+                String.class);
+        if( !StringUtils.hasText(authFactor) || !StringUtils.hasText(format)) {
+        	context.disableDefaultConstraintViolation();
+			context.buildConstraintViolationWithTemplate(ErrorConstants.INVALID_AUTH_FACTOR_TYPE).addConstraintViolation();
+			return false;
+        }
+        if( !StringUtils.hasText(authChallenge.getFormat()) || !authChallenge.getFormat().equals(format) ) {
+        	context.disableDefaultConstraintViolation();
+			context.buildConstraintViolationWithTemplate(ErrorConstants.INVALID_CHALLENGE_FORMAT).addConstraintViolation();
+        	return false;
         }
-        return false;
+        int min = environment.getProperty(String.format(MIN_LENGTH_KEY_PREFIX, authFactor), Integer.TYPE, 50);
+        int max = environment.getProperty(String.format(MAX_LENGTH_KEY_PREFIX, authFactor), Integer.TYPE, 50);
+        String challenge = authChallenge.getChallenge();
+        int length = StringUtils.hasText(challenge)? challenge.length():0 ;
+        return length>=min && length<=max;
     }
 }

esignet-service/src/test/java/io/mosip/esignet/controllers/AuthorizationControllerTest.java

@@ -816,7 +816,7 @@ public void authenticateEndUser_withInvalidFormat_returnErrorResponse() throws E
                         .contentType(MediaType.APPLICATION_JSON))
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$.errors").isNotEmpty())
-                .andExpect(jsonPath("$.errors[0].errorCode").value(INVALID_AUTH_FACTOR_TYPE_FORMAT));
+                .andExpect(jsonPath("$.errors[0].errorCode").value("invalid_challenge_format"));
     }
 
     @Test
@@ -846,10 +846,8 @@ public void authenticateEndUser_withNullAuthFactorType_returnErrorResponse() thr
 
         List<String> errorCodes = Arrays.asList(INVALID_AUTH_FACTOR_TYPE, INVALID_AUTH_FACTOR_TYPE_FORMAT, INVALID_CHALLENGE_LENGTH);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 3);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(2)).getErrorCode()));
     }
 
     @Test
@@ -881,11 +879,8 @@ public void authenticateEndUser_withNullAuthChallenge_returnErrorResponse() thro
         List<String> errorCodes = Arrays.asList(INVALID_AUTH_FACTOR_TYPE, INVALID_AUTH_FACTOR_TYPE_FORMAT,INVALID_CHALLENGE_FORMAT,
                 INVALID_CHALLENGE_LENGTH);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 4);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(2)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(3)).getErrorCode()));
     }
 
     @Test
@@ -914,9 +909,8 @@ public void authenticateEndUser_withBlankFormat_returnErrorResponse() throws Exc
                 .andExpect(status().isOk()).andReturn();
         List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT, INVALID_AUTH_FACTOR_TYPE_FORMAT);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 2);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
 
     }
 
@@ -946,9 +940,8 @@ public void authenticateEndUser_withNullFormat_returnErrorResponse() throws Exce
                 .andExpect(status().isOk()).andReturn();
         List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT, INVALID_AUTH_FACTOR_TYPE_FORMAT);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 2);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
     }
 
     @Test
@@ -1068,4 +1061,4 @@ public void getAuthorizationCode_withInValidPermittedAuthorizeScopes_thenErrorRe
                 .andExpect(jsonPath("$.errors[0].errorCode").value(ErrorConstants.INVALID_PERMITTED_SCOPE));
     }
 
-}
+}

esignet-service/src/test/java/io/mosip/esignet/controllers/KeyBindingControllerTest.java

@@ -278,12 +278,8 @@ public void bindWallet_withAuthChallengeEmptyFactorAndEmptyChallenge_thenFail()
 		List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT,INVALID_AUTH_FACTOR_TYPE, INVALID_AUTH_FACTOR_TYPE_FORMAT,
 				INVALID_CHALLENGE, INVALID_CHALLENGE_LENGTH);
 		ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-		Assert.assertTrue(responseWrapper.getErrors().size() == 5);
+		Assert.assertTrue(responseWrapper.getErrors().size() == 1);
 		Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-		Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
-		Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(2)).getErrorCode()));
-		Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(3)).getErrorCode()));
-		Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(4)).getErrorCode()));
 	}
 
 	/*@Test

esignet-service/src/test/java/io/mosip/esignet/controllers/LinkedAuthorizationControllerTest.java

@@ -405,12 +405,8 @@ public void authenticate_withInvalidChallengeList_thenFail() throws Exception {
         List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT,INVALID_AUTH_FACTOR_TYPE, INVALID_AUTH_FACTOR_TYPE_FORMAT,
                 INVALID_CHALLENGE, INVALID_CHALLENGE_LENGTH);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 5);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(2)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(3)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(4)).getErrorCode()));
     }
 
     @Test
@@ -775,12 +771,8 @@ public void authenticateV2_withInvalidChallengeList_thenFail() throws Exception
         List<String> errorCodes = Arrays.asList(INVALID_CHALLENGE_FORMAT,INVALID_AUTH_FACTOR_TYPE, INVALID_AUTH_FACTOR_TYPE_FORMAT,
                 INVALID_CHALLENGE, INVALID_CHALLENGE_LENGTH);
         ResponseWrapper responseWrapper = objectMapper.readValue(mvcResult.getResponse().getContentAsString(), ResponseWrapper.class);
-        Assert.assertTrue(responseWrapper.getErrors().size() == 5);
+        Assert.assertTrue(responseWrapper.getErrors().size() == 1);
         Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(0)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(1)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(2)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(3)).getErrorCode()));
-        Assert.assertTrue(errorCodes.contains(((Error)responseWrapper.getErrors().get(4)).getErrorCode()));
     }
 
     @Test
@@ -892,4 +884,4 @@ public void saveConsentV2_withInvalidSignatureFormat_thenFail() throws Exception
                 .andExpect(jsonPath("$.errors").isNotEmpty())
                 .andExpect(jsonPath("$.errors[0].errorCode").value(INVALID_SIGNATURE_FORMAT));
     }
-}
+}