Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2.2 to master #431

Merged
merged 34 commits into from
Aug 6, 2020
Merged
Changes from 1 commit
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
e4e3f46
Adding support for multiple affinity cookies (#331)
nikola-naydenov-hmcts Mar 12, 2020
10c55e5
SIDM-2686 - Cross browser tests (#333)
henrydobson Mar 12, 2020
a8d7a0c
Welsh language (#334)
Mar 25, 2020
9373d04
Add locale passing interceptor.
Mar 27, 2020
39b5079
Inject LocalePassingInterceptor to the global REST Template.
Mar 17, 2020
38efe85
Ignore other local profiles.
Mar 27, 2020
7de33c7
Extend the locale cookie expiration.
Mar 27, 2020
985683d
Increase the cookie expiration to 10 years.
Mar 27, 2020
3a0d814
Merge branch 'preview' into SIDM-3932_idm_notifications
Mar 27, 2020
4c8a13e
Cleanup debug code.
Mar 30, 2020
57b3729
Don't overwrite the language header set in another thread in the inte…
Mar 30, 2020
e26b392
SIDM-3353 Create password - add additional guidance text. (#337)
dfourn Mar 31, 2020
07819f6
Improve test coverage. (#347)
Apr 1, 2020
f447d72
More test coverage for Welsh. (#348)
Apr 1, 2020
9ffe97d
SIDM-3977 Add test to check if activation link can be used after the …
dfourn Apr 6, 2020
a8c0c04
COVID-19 Contact Us pages changes (post Welsh) (#350)
Apr 9, 2020
572105a
Sidm 3831 externalise text (#342)
Apr 9, 2020
e4ee728
SIDM-3831 Fix Welsh translations. (#355)
Apr 15, 2020
b8aca08
SIDM-3582 SIDM-3404 Account Activation link expired screen (#354)
dfourn Apr 15, 2020
147db73
Welsh - fix AKS languages (#357)
Apr 16, 2020
15bb408
Sidm 4015 welsh functional tests (#352)
Apr 21, 2020
2767c79
Merge demo to preview after merging master to demo (#365)
Apr 29, 2020
7ca98bb
add login with pin test (#361)
shravanmechineni Apr 30, 2020
179fc13
Fix CVE-2020-9488 vulnerability. (#367)
May 13, 2020
3ada921
Make /activate POST request redirect to a GET endpoint that can have …
May 15, 2020
fdf66bc
Sidm 4120 welsh post requests (#368)
May 18, 2020
e55dffb
Sidm 4120 welsh post requests (#370)
May 18, 2020
47744ed
2.2rc1 update 2.2 from preview (#419)
henrydobson Jul 17, 2020
234030c
chore(redis): remove redis tf code for 2.2 release (#420)
Jul 20, 2020
acb6f5f
Force disable caching in web-public
Jul 29, 2020
4341c6d
Merge branch 'master' into 2.2
tbamido Aug 5, 2020
fe9bf8d
fix merge
tbamido Aug 5, 2020
2c9caec
chore(pitest): fix pitest gradle task
tbamido Aug 5, 2020
fcce636
SIDM-4704 Change of email address for FPL (#429)
dfourn Aug 5, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 33 additions & 16 deletions src/main/java/uk/gov/hmcts/reform/idam/web/UserController.java
Original file line number Diff line number Diff line change
@@ -16,11 +16,13 @@
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.servlet.ModelAndView;
import uk.gov.hmcts.reform.idam.api.internal.model.ActivationResult;
import uk.gov.hmcts.reform.idam.api.internal.model.ErrorResponse;
import uk.gov.hmcts.reform.idam.api.internal.model.Service;
@@ -32,6 +34,7 @@
import uk.gov.hmcts.reform.idam.web.strategic.ValidationService;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
@@ -46,9 +49,6 @@
import static uk.gov.hmcts.reform.idam.web.helper.MvcKeys.SELF_REGISTER_VIEW;
import static uk.gov.hmcts.reform.idam.web.helper.MvcKeys.STATE;

/**
* @author Ivano
*/
@Controller
@RequestMapping("/users")
@Slf4j
@@ -83,9 +83,9 @@ public String users(final Map<String, Object> model) {
* @should return expiredtoken view and have redirect_uri attribute in model if token expired
* @should return useractivation view and no redirect_uri attribute in model if the token is valid
* @should return errorpage view error message and no redirect_uri attribute in model if api returns server error
* @should return errorpage view error message for alredy activated account and no redirect_uri attribute in model if api returns status 409
* @should return errorpage view error message for already activated account and no redirect_uri attribute in model if api returns status 409
*/
@RequestMapping(path = "/register", method = RequestMethod.GET)
@GetMapping("/register")
public String userActivation(@RequestParam("token") String token, @RequestParam("code") String code, final Map<String, Object> model) {
ValidateRequest validateRequest = new ValidateRequest();
validateRequest.setCode(code);
@@ -253,25 +253,29 @@ public String selfRegisterUser(@ModelAttribute("selfRegisterCommand") @Validated
* @should return expiredtoken view if HttpClientErrorException occurs and http status is 400 and token is invalid
* @should return redirect expiredtoken page if selfRegisterUser service throws HttpClientErrorException and Http code is 404
*/
@RequestMapping(path = "/activate", method = RequestMethod.POST)
public String activateUser(@RequestParam("token") String token, @RequestParam("code") String code, @RequestParam("password1") String password1, @RequestParam("password2") String password2,
final Map<String, Object> model) throws IOException {
@PostMapping("/activate")
public ModelAndView activateUser(@RequestParam("token") String token, @RequestParam("code") String code,
@RequestParam("password1") String password1, @RequestParam("password2") String password2,
final Map<String, Object> model) throws IOException {
model.put("token", token);
model.put("code", code);
try {
if (validationService.validatePassword(password1, password2, model)) {
String activation = "{\"token\":\"" + token + "\",\"code\":\"" + code + "\",\"password\":\"" + password1 + "\"}";
ResponseEntity<String> response = spiService.activateUser(activation);
String redirectUri = getRedirectUri(response.getBody());
// don't expose parameters other than the url to a GET request
Map<String, Object> successModel = new HashMap<>();
if (redirectUri != null) {
model.put("redirectUri", redirectUri);
successModel.put("redirectUri", redirectUri);
}

return "useractivated";
return new ModelAndView("redirect:useractivated", successModel);
}
} catch (HttpClientErrorException e) {
if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
return "redirect:expiredtoken";
// don't expose the token in the error page
return new ModelAndView("redirect:expiredtoken", (Map<String, ?>) null);
}

if (e.getStatusCode() == HttpStatus.BAD_REQUEST) {
@@ -281,7 +285,7 @@ public String activateUser(@RequestParam("token") String token, @RequestParam("c
"public.common.error.blacklisted.password",
"public.common.error.enter.password",
model);
return "useractivation";
return new ModelAndView("useractivation");
}

if (validationService.isErrorInResponse(e.getResponseBodyAsString(), ErrorResponse.CodeEnum.PASSWORD_CONTAINS_PERSONAL_INFO)) {
@@ -290,11 +294,11 @@ public String activateUser(@RequestParam("token") String token, @RequestParam("c
"public.common.error.containspersonalinfo.password",
"public.common.error.enter.password",
model);
return "useractivation";
return new ModelAndView("useractivation");
}

if (validationService.isErrorInResponse(e.getResponseBodyAsString(), ErrorResponse.CodeEnum.TOKEN_INVALID)) {
return "expiredtoken";
return new ModelAndView("redirect:expiredtoken", model);
}
}

@@ -305,7 +309,20 @@ public String activateUser(@RequestParam("token") String token, @RequestParam("c
model);
}

return "useractivation";
return new ModelAndView("useractivation");
}

@GetMapping("/useractivated")
public String userActivated(@RequestParam(required = false) final String redirectUri, final Map<String, Object> model) {
if (redirectUri != null) {
model.put("redirectUri", redirectUri);
}
return "useractivated";
}

@GetMapping("/expiredtoken")
public String expiredToken(final Map<String, Object> model) {
return "expiredtoken";
}

private String getRedirectUri(String json) throws IOException {
@@ -319,4 +336,4 @@ private String getRedirectUri(String json) throws IOException {
return null;
}
}
}
}
Original file line number Diff line number Diff line change
@@ -1035,7 +1035,7 @@ public void resetPassword_shouldRedirectToExpiredTokenIfHttpClientErrorException
.param(TOKEN_PARAMETER, RESET_PASSWORD_TOKEN)
.param(CODE_PARAMETER, RESET_PASSWORD_CODE))
.andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(EXPIREDTOKEN_VIEW_NAME));
.andExpect(redirectedUrl(EXPIREDTOKEN_REDIRECTED_VIEW_NAME));

verify(spiService).resetPassword(eq(PASSWORD_ONE), eq(RESET_PASSWORD_TOKEN), eq(RESET_PASSWORD_CODE));
}
Original file line number Diff line number Diff line change
@@ -55,6 +55,7 @@
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.ERROR_MSG;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.ERROR_TITLE;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.ERROR_VIEW_NAME;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.EXPIREDTOKEN_REDIRECTED_VIEW_NAME;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.EXPIREDTOKEN_VIEW_NAME;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.EXPIRED_ACTIVATION_TOKEN_VIEW_NAME;
import static uk.gov.hmcts.reform.idam.web.util.TestConstants.FORM_DATA;
@@ -295,7 +296,7 @@ public void activateUser_shouldReturnUseractivatedViewAndRedirectUriInModelIfRet
given(spiService.activateUser(eq("{\"token\":\"" + USER_ACTIVATION_TOKEN + "\",\"code\":\"" + USER_ACTIVATION_CODE + "\",\"password\":\"" + USER_PASSWORD + "\"}"))).willReturn(ResponseEntity.ok("{\"redirectUri\":\"" + REDIRECT_URI + "\"}"));

mockMvc.perform(getActivateUserPostRequest(USER_ACTIVATION_TOKEN, USER_ACTIVATION_CODE, USER_PASSWORD, USER_PASSWORD))
.andExpect(status().isOk())
.andExpect(status().is3xxRedirection())
.andExpect(model().attribute(REDIRECTURI, REDIRECT_URI))
.andExpect(view().name(USER_ACTIVATED_VIEW_NAME));
}
@@ -350,7 +351,7 @@ public void activateUser_shouldReturnExpiredtokenViewIfHttpClientErrorExceptionO
given(spiService.activateUser(eq("{\"token\":\"" + USER_ACTIVATION_TOKEN + "\",\"code\":\"" + USER_ACTIVATION_CODE + "\",\"password\":\"" + USER_PASSWORD + "\"}"))).willThrow(new HttpClientErrorException(HttpStatus.BAD_REQUEST, "Bad Request", TOKEN_INVALID_RESPONSE.getBytes(), null));
given(validationService.isErrorInResponse(eq(TOKEN_INVALID_RESPONSE), eq(ErrorResponse.CodeEnum.TOKEN_INVALID))).willReturn(true);
mockMvc.perform(getActivateUserPostRequest(USER_ACTIVATION_TOKEN, USER_ACTIVATION_CODE, USER_PASSWORD, USER_PASSWORD))
.andExpect(status().isOk())
.andExpect(status().is3xxRedirection())
.andExpect(view().name(EXPIREDTOKEN_VIEW_NAME));
}

@@ -384,7 +385,7 @@ public void activateUser_shouldReturnRedirectExpiredtokenPageIfSelfRegisterUserS

mockMvc.perform(getActivateUserPostRequest(USER_ACTIVATION_TOKEN, USER_ACTIVATION_CODE, USER_PASSWORD, USER_PASSWORD))
.andExpect(status().is3xxRedirection())
.andExpect(redirectedUrl(EXPIREDTOKEN_VIEW_NAME));
.andExpect(redirectedUrl(EXPIREDTOKEN_REDIRECTED_VIEW_NAME));

}

Original file line number Diff line number Diff line change
@@ -63,11 +63,12 @@ public class TestConstants {
public static final String EXPIRED_PASSWORD_RESET_TOKEN_VIEW_NAME = "expiredPasswordResetLink";
public static final String EXPIRED_ACTIVATION_TOKEN_VIEW_NAME = "expiredActivationLink";
public static final String USER_ACTIVATION_VIEW_NAME = "useractivation";
public static final String USER_ACTIVATED_VIEW_NAME = "useractivated";
public static final String USER_ACTIVATED_VIEW_NAME = "redirect:useractivated";
public static final String ERROR_VIEW_NAME = "errorpage";
public static final String USER_CREATED_VIEW_NAME = "usercreated";
public static final String RESETPASSWORD_VIEW_NAME = "resetpassword";
public static final String EXPIREDTOKEN_VIEW_NAME = "expiredtoken";
public static final String EXPIREDTOKEN_VIEW_NAME = "redirect:expiredtoken";
public static final String EXPIREDTOKEN_REDIRECTED_VIEW_NAME = "expiredtoken";
public static final String FORGOT_PASSWORD_VIEW = "forgotpassword";
public static final String FORGOT_PASSWORD_SUCCESS_VIEW = "forgotpasswordsuccess";
public static final String RESET_PASSWORD_SUCCESS_VIEW = "resetpasswordsuccess";