diff --git a/src/main/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallenge.kt b/src/main/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallenge.kt index fce11d46..03607d7b 100644 --- a/src/main/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallenge.kt +++ b/src/main/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallenge.kt @@ -26,7 +26,7 @@ class SendVerifyEMailChallenge( .map { account -> val verificationTicket = mfaMethodsEnrollment.enroll( - account, + account.email, MfaMethod.EMAIL_MFA_METHOD, account.email, ClientAppId.empty(), diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt index 36d3a76c..8e8cb0db 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt @@ -52,8 +52,9 @@ class MfaConfig { fun mfaMethodsEnrollment( mfaSender: OtpMfaSender, ticketCreator: TicketCreator, + accountRepository: AccountRepository, mfaAccountMethodsRepository: MfaAccountMethodsRepository - ) = MfaMethodsEnrollment(ticketCreator, mfaSender, mfaAccountMethodsRepository) + ) = MfaMethodsEnrollment(accountRepository, ticketCreator, mfaSender, mfaAccountMethodsRepository) @Bean fun otpMfa( @@ -79,7 +80,7 @@ class MfaConfig { fun otpMfaVerifier( otpMfa: OtpMfa, accountRepository: AccountRepository, - mfaAccountMethodsRepository : MfaAccountMethodsRepository, + mfaAccountMethodsRepository: MfaAccountMethodsRepository, ) = AccountAwareOtpMfaVerifier(accountRepository, otpMfa, mfaAccountMethodsRepository) @Bean diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt b/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt index 0eed1f57..a02f62d9 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/api/MfaMethodsEnrolmentEndPoint.kt @@ -50,17 +50,13 @@ class MfaEnrolmentAssociationEndPoint( authentication: Authentication, @RequestBody enrolling: MfaEnrollmentRequest ): ResponseEntity { - val ticketId = accountRepository.accountFor(authentication.name) - .map { account -> - mfaMethodsEnrollment.enroll( - account, - enrolling.mfaMethod, - enrolling.mfaChannel, - ClientAppId.empty(), //todo figure out how to detect the client app - true - ) - }.orElseThrow() - + val ticketId = mfaMethodsEnrollment.enroll( + authentication.name, + enrolling.mfaMethod, + enrolling.mfaChannel, + ClientAppId.empty(), //todo figure out how to detect the client app + true + ) return ok(ticketId.content) } diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt index dc7cd96e..6590c8f0 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt @@ -1,10 +1,12 @@ package com.vauthenticator.server.mfa.domain -import com.vauthenticator.server.account.Account +import com.vauthenticator.server.account.AccountNotFoundException +import com.vauthenticator.server.account.repository.AccountRepository import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository import com.vauthenticator.server.oauth2.clientapp.ClientAppId import com.vauthenticator.server.ticket.* import com.vauthenticator.server.ticket.Ticket.Companion.MFA_SELF_ASSOCIATION_CONTEXT_KEY +import org.slf4j.LoggerFactory typealias MfaAssociationVerifier = (ticket: Ticket) -> Unit @@ -58,39 +60,45 @@ class MfaMethodsEnrollmentAssociation( } class MfaMethodsEnrollment( + private val accountRepository: AccountRepository, private val ticketCreator: TicketCreator, private val mfaSender: OtpMfaSender, private val mfaAccountMethodsRepository: MfaAccountMethodsRepository ) { - //TODO to be improved ..... better to take the user_name instead of the account itself + private val logger = LoggerFactory.getLogger(MfaMethodsEnrollment::class.java) + fun enroll( - account: Account, + userName: String, mfaMethod: MfaMethod, mfaChannel: String, clientAppId: ClientAppId, sendChallengeCode: Boolean = true, ticketContextAdditionalProperties: Map = emptyMap() ): TicketId { - val email = account.email - - mfaAccountMethodsRepository.findOne(email, mfaMethod, mfaChannel) - .ifPresentOrElse({}, - { mfaAccountMethodsRepository.save(email, mfaMethod, mfaChannel, false) } - ) + return accountRepository.accountFor(userName) + .map { + mfaAccountMethodsRepository.findOne(userName, mfaMethod, mfaChannel) + .ifPresentOrElse({}, + { mfaAccountMethodsRepository.save(userName, mfaMethod, mfaChannel, false) } + ) - if (sendChallengeCode) { - mfaSender.sendMfaChallenge(email, mfaMethod, mfaChannel) - } + if (sendChallengeCode) { + mfaSender.sendMfaChallenge(userName, mfaMethod, mfaChannel) + } - return ticketCreator.createTicketFor( - account, - clientAppId, - TicketContext.mfaContextFor( - mfaMethod = mfaMethod, - mfaChannel = mfaChannel, - ticketContextAdditionalProperties = ticketContextAdditionalProperties - ) - ) + ticketCreator.createTicketFor( + it, + clientAppId, + TicketContext.mfaContextFor( + mfaMethod = mfaMethod, + mfaChannel = mfaChannel, + ticketContextAdditionalProperties = ticketContextAdditionalProperties + ) + ) + }.orElseThrow { + logger.warn("account not found") + AccountNotFoundException("account not found") + } } } \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallengeTest.kt b/src/test/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallengeTest.kt index 671785a4..89c47797 100644 --- a/src/test/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallengeTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/account/emailverification/SendVerifyEMailChallengeTest.kt @@ -64,7 +64,7 @@ internal class SendVerifyEMailChallengeTest { every { accountRepository.accountFor(account.email) } returns Optional.of(account) every { mfaMethodsEnrollment.enroll( - account, + account.email, MfaMethod.EMAIL_MFA_METHOD, account.email, ClientAppId.empty(), diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt index f8b84038..af496aef 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt @@ -1,5 +1,6 @@ package com.vauthenticator.server.mfa.domain +import com.vauthenticator.server.account.repository.AccountRepository import com.vauthenticator.server.clientapp.ClientAppFixture.aClientAppId import com.vauthenticator.server.keys.Kid import com.vauthenticator.server.mfa.domain.MfaMethod.EMAIL_MFA_METHOD @@ -28,6 +29,9 @@ class MfaMethodsEnrollmentTest { @MockK private lateinit var ticketCreator: TicketCreator + @MockK + private lateinit var accountRepository: AccountRepository + @MockK private lateinit var mfaSender: OtpMfaSender @@ -37,10 +41,12 @@ class MfaMethodsEnrollmentTest { private lateinit var uut: MfaMethodsEnrollment private val account = anAccount() + private val userName = account.email + private val clientAppId = aClientAppId() private val ticketId = TicketId("A_TICKET") private val emailMfaAccountMethod = MfaAccountMethod( - account.email, + userName, Kid("A_KID"), EMAIL_MFA_METHOD, emailMfaChannel, @@ -50,6 +56,7 @@ class MfaMethodsEnrollmentTest { @BeforeEach fun setUp() { uut = MfaMethodsEnrollment( + accountRepository, ticketCreator, mfaSender, mfaAccountMethodsRepository @@ -60,22 +67,24 @@ class MfaMethodsEnrollmentTest { fun `when the enrolment do not send the verification code together the verification ticket`() { every { mfaAccountMethodsRepository.findOne( - account.email, + userName, EMAIL_MFA_METHOD, emailMfaChannel ) } returns Optional.of(emailMfaAccountMethod) + every { accountRepository.accountFor(userName) } returns Optional.of(account) every { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } returns ticketId - val actual = uut.enroll(account, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, false) + val actual = uut.enroll(userName, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, false) verify { mfaAccountMethodsRepository.findOne( - account.email, + userName, EMAIL_MFA_METHOD, emailMfaChannel ) } + verify { accountRepository.accountFor(userName) } verify { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } assertEquals(ticketId, actual) @@ -85,25 +94,27 @@ class MfaMethodsEnrollmentTest { fun `when the enrolment send the verification code together the verification ticket`() { every { mfaAccountMethodsRepository.findOne( - account.email, + userName, EMAIL_MFA_METHOD, emailMfaChannel ) } returns Optional.of(emailMfaAccountMethod) + every { accountRepository.accountFor(userName) } returns Optional.of(account) every { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } returns ticketId - every { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) } just runs + every { mfaSender.sendMfaChallenge(userName, EMAIL_MFA_METHOD, emailMfaChannel) } just runs - val actual = uut.enroll(account, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, true) + val actual = uut.enroll(userName, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, true) verify { mfaAccountMethodsRepository.findOne( - account.email, + userName, EMAIL_MFA_METHOD, emailMfaChannel ) } + verify { accountRepository.accountFor(userName) } verify { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } - verify { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) } + verify { mfaSender.sendMfaChallenge(userName, EMAIL_MFA_METHOD, emailMfaChannel) } assertEquals(ticketId, actual) }