let to use take only the user name to the enroll method

src/main/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallenge.kt

@@ -26,7 +26,7 @@ class SendVerifyEMailChallenge(
         .map { account ->
             val verificationTicket =
                 mfaMethodsEnrollment.enroll(
-                    account,
+                    account.email,
                     MfaMethod.EMAIL_MFA_METHOD,
                     account.email,
                     ClientAppId.empty(),

src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt

@@ -52,8 +52,9 @@ class MfaConfig {
     fun mfaMethodsEnrollment(
         mfaSender: OtpMfaSender,
         ticketCreator: TicketCreator,
+        accountRepository: AccountRepository,
         mfaAccountMethodsRepository: MfaAccountMethodsRepository
-    ) = MfaMethodsEnrollment(ticketCreator, mfaSender, mfaAccountMethodsRepository)
+    ) = MfaMethodsEnrollment(accountRepository, ticketCreator, mfaSender, mfaAccountMethodsRepository)
 
     @Bean
     fun otpMfa(
@@ -79,7 +80,7 @@ class MfaConfig {
     fun otpMfaVerifier(
         otpMfa: OtpMfa,
         accountRepository: AccountRepository,
-        mfaAccountMethodsRepository : MfaAccountMethodsRepository,
+        mfaAccountMethodsRepository: MfaAccountMethodsRepository,
     ) = AccountAwareOtpMfaVerifier(accountRepository, otpMfa, mfaAccountMethodsRepository)
 
     @Bean

src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt

@@ -50,17 +50,13 @@ class MfaEnrolmentAssociationEndPoint(
         authentication: Authentication,
         @RequestBody enrolling: MfaEnrollmentRequest
     ): ResponseEntity<String> {
-        val ticketId = accountRepository.accountFor(authentication.name)
-            .map { account ->
-                mfaMethodsEnrollment.enroll(
-                    account,
-                    enrolling.mfaMethod,
-                    enrolling.mfaChannel,
-                    ClientAppId.empty(), //todo figure out how to detect the client app
-                    true
-                )
-            }.orElseThrow()
-
+        val ticketId = mfaMethodsEnrollment.enroll(
+            authentication.name,
+            enrolling.mfaMethod,
+            enrolling.mfaChannel,
+            ClientAppId.empty(), //todo figure out how to detect the client app
+            true
+        )
         return ok(ticketId.content)
     }
 

src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt

@@ -1,10 +1,12 @@
 package com.vauthenticator.server.mfa.domain
 
-import com.vauthenticator.server.account.Account
+import com.vauthenticator.server.account.AccountNotFoundException
+import com.vauthenticator.server.account.repository.AccountRepository
 import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository
 import com.vauthenticator.server.oauth2.clientapp.ClientAppId
 import com.vauthenticator.server.ticket.*
 import com.vauthenticator.server.ticket.Ticket.Companion.MFA_SELF_ASSOCIATION_CONTEXT_KEY
+import org.slf4j.LoggerFactory
 
 typealias MfaAssociationVerifier = (ticket: Ticket) -> Unit
 
@@ -58,39 +60,45 @@ class MfaMethodsEnrollmentAssociation(
 }
 
 class MfaMethodsEnrollment(
+    private val accountRepository: AccountRepository,
     private val ticketCreator: TicketCreator,
     private val mfaSender: OtpMfaSender,
     private val mfaAccountMethodsRepository: MfaAccountMethodsRepository
 ) {
 
-    //TODO to be improved ..... better to take the user_name instead of the account itself
+    private val logger = LoggerFactory.getLogger(MfaMethodsEnrollment::class.java)
+
     fun enroll(
-        account: Account,
+        userName: String,
         mfaMethod: MfaMethod,
         mfaChannel: String,
         clientAppId: ClientAppId,
         sendChallengeCode: Boolean = true,
         ticketContextAdditionalProperties: Map<String, String> = emptyMap()
     ): TicketId {
-        val email = account.email
-
-        mfaAccountMethodsRepository.findOne(email, mfaMethod, mfaChannel)
-            .ifPresentOrElse({},
-                { mfaAccountMethodsRepository.save(email, mfaMethod, mfaChannel, false) }
-            )
+        return accountRepository.accountFor(userName)
+            .map {
+                mfaAccountMethodsRepository.findOne(userName, mfaMethod, mfaChannel)
+                    .ifPresentOrElse({},
+                        { mfaAccountMethodsRepository.save(userName, mfaMethod, mfaChannel, false) }
+                    )
 
-        if (sendChallengeCode) {
-            mfaSender.sendMfaChallenge(email, mfaMethod, mfaChannel)
-        }
+                if (sendChallengeCode) {
+                    mfaSender.sendMfaChallenge(userName, mfaMethod, mfaChannel)
+                }
 
-        return ticketCreator.createTicketFor(
-            account,
-            clientAppId,
-            TicketContext.mfaContextFor(
-                mfaMethod = mfaMethod,
-                mfaChannel = mfaChannel,
-                ticketContextAdditionalProperties = ticketContextAdditionalProperties
-            )
-        )
+                ticketCreator.createTicketFor(
+                    it,
+                    clientAppId,
+                    TicketContext.mfaContextFor(
+                        mfaMethod = mfaMethod,
+                        mfaChannel = mfaChannel,
+                        ticketContextAdditionalProperties = ticketContextAdditionalProperties
+                    )
+                )
+            }.orElseThrow {
+                logger.warn("account not found")
+                AccountNotFoundException("account not found")
+            }
     }
 }

src/test/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallengeTest.kt

@@ -64,7 +64,7 @@ internal class SendVerifyEMailChallengeTest {
         every { accountRepository.accountFor(account.email) } returns Optional.of(account)
         every {
             mfaMethodsEnrollment.enroll(
-                account,
+                account.email,
                 MfaMethod.EMAIL_MFA_METHOD,
                 account.email,
                 ClientAppId.empty(),

src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt

@@ -1,5 +1,6 @@
 package com.vauthenticator.server.mfa.domain
 
+import com.vauthenticator.server.account.repository.AccountRepository
 import com.vauthenticator.server.clientapp.ClientAppFixture.aClientAppId
 import com.vauthenticator.server.keys.Kid
 import com.vauthenticator.server.mfa.domain.MfaMethod.EMAIL_MFA_METHOD
@@ -28,6 +29,9 @@ class MfaMethodsEnrollmentTest {
     @MockK
     private lateinit var ticketCreator: TicketCreator
 
+    @MockK
+    private lateinit var accountRepository: AccountRepository
+
     @MockK
     private lateinit var mfaSender: OtpMfaSender
 
@@ -37,10 +41,12 @@ class MfaMethodsEnrollmentTest {
     private lateinit var uut: MfaMethodsEnrollment
 
     private val account = anAccount()
+    private val userName = account.email
+
     private val clientAppId = aClientAppId()
     private val ticketId = TicketId("A_TICKET")
     private val emailMfaAccountMethod = MfaAccountMethod(
-        account.email,
+        userName,
         Kid("A_KID"),
         EMAIL_MFA_METHOD,
         emailMfaChannel,
@@ -50,6 +56,7 @@ class MfaMethodsEnrollmentTest {
     @BeforeEach
     fun setUp() {
         uut = MfaMethodsEnrollment(
+            accountRepository,
             ticketCreator,
             mfaSender,
             mfaAccountMethodsRepository
@@ -60,22 +67,24 @@ class MfaMethodsEnrollmentTest {
     fun `when the enrolment do not send the verification code together the verification ticket`() {
         every {
             mfaAccountMethodsRepository.findOne(
-                account.email,
+                userName,
                 EMAIL_MFA_METHOD,
                 emailMfaChannel
             )
         } returns Optional.of(emailMfaAccountMethod)
+        every { accountRepository.accountFor(userName) } returns Optional.of(account)
         every { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } returns ticketId
 
-        val actual = uut.enroll(account, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, false)
+        val actual = uut.enroll(userName, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, false)
 
         verify {
             mfaAccountMethodsRepository.findOne(
-                account.email,
+                userName,
                 EMAIL_MFA_METHOD,
                 emailMfaChannel
             )
         }
+        verify { accountRepository.accountFor(userName) }
         verify { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) }
 
         assertEquals(ticketId, actual)
@@ -85,25 +94,27 @@ class MfaMethodsEnrollmentTest {
     fun `when the enrolment send the verification code together the verification ticket`() {
         every {
             mfaAccountMethodsRepository.findOne(
-                account.email,
+                userName,
                 EMAIL_MFA_METHOD,
                 emailMfaChannel
             )
         } returns Optional.of(emailMfaAccountMethod)
+        every { accountRepository.accountFor(userName) } returns Optional.of(account)
         every { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } returns ticketId
-        every { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) } just runs
+        every { mfaSender.sendMfaChallenge(userName, EMAIL_MFA_METHOD, emailMfaChannel) } just runs
 
-        val actual = uut.enroll(account, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, true)
+        val actual = uut.enroll(userName, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, true)
 
         verify {
             mfaAccountMethodsRepository.findOne(
-                account.email,
+                userName,
                 EMAIL_MFA_METHOD,
                 emailMfaChannel
             )
         }
+        verify { accountRepository.accountFor(userName) }
         verify { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) }
-        verify { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) }
+        verify { mfaSender.sendMfaChallenge(userName, EMAIL_MFA_METHOD, emailMfaChannel) }
 
         assertEquals(ticketId, actual)
     }