Handling contact verifications

2025-07-30 14:36:22 +02:00 · 2024-10-09 11:57:32 +03:00 · 2024-10-09 11:57:32 +03:00 · 637cabf95f
commit 637cabf95f
parent 44e42dd0fb
19 changed files with 612 additions and 5 deletions
--- a/test/integration/eeid/identification_requests_webhook_test.rb
+++ b/test/integration/eeid/identification_requests_webhook_test.rb
@ -0,0 +1,63 @@
+require 'test_helper'
+
+class Eeid::IdentificationRequestsWebhookTest < ActionDispatch::IntegrationTest
+  setup do
+    @contact = contacts(:john)
+    @secret = 'valid_secret'
+    ENV['ident_service_client_secret'] = @secret
+    payload = {
+      identification_request_id: '123',
+      reference: @contact.code
+    }
+    @valid_hmac_signature = OpenSSL::HMAC.hexdigest('SHA256', @secret, payload.to_json)
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  test 'should verify contact with valid signature and parameters' do
+    @contact.update!(ident_request_sent_at: Time.zone.now - 1.day)
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :ok
+    assert_equal({ 'status' => 'success' }, JSON.parse(response.body))
+    assert_not_nil @contact.reload.verified_at
+  end
+
+  test 'should return unauthorized for invalid HMAC signature' do
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => 'invalid_signature' }
+
+    assert_response :unauthorized
+    assert_equal({ 'error' => 'Invalid HMAC signature' }, JSON.parse(response.body))
+  end
+
+  test 'should return unauthorized for missing parameters' do
+    post '/eeid/webhooks/identification_requests', params: { reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :unauthorized
+    assert_equal({ 'error' => 'Invalid HMAC signature'  }, JSON.parse(response.body))
+  end
+
+  test 'should handle internal server error gracefully' do
+    # Simulate an error in the verify_contact method
+    Contact.stub :find_by_code, ->(_) { raise StandardError, 'Simulated error' } do
+      post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+      assert_response :internal_server_error
+      assert_equal({ 'error' => 'Internal Server Error' }, JSON.parse(response.body))
+    end
+  end
+
+  test 'returns error response if throttled' do
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :bad_request
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end
--- a/test/integration/repp/v1/contacts/verify_test.rb
+++ b/test/integration/repp/v1/contacts/verify_test.rb
@ -0,0 +1,71 @@
+require 'test_helper'
+
+class ReppV1ContactsVerifyTest < ActionDispatch::IntegrationTest
+  def setup
+    @contact = contacts(:john)
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+
+    stub_request(:post, %r{api/auth/v1/token}).to_return(status: 200, body: { access_token: 'token', token_type: 'Bearer', expires_in: 100 }.to_json, headers: {})
+    stub_request(:post, %r{api/ident/v1/identification_requests})
+      .with(
+        body: {
+          claims_required: [{ type: 'sub', value: "#{@contact.ident_country_code}#{@contact.ident}" }],
+          reference: @contact.code
+        }
+      ).to_return(status: 200, body: { id: '123' }.to_json, headers: {})
+  end
+
+  def test_returns_error_when_not_found
+    post '/repp/v1/contacts/verify/nonexistant:code', headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :not_found
+    assert_equal 2303, json[:code]
+    assert_equal 'Object does not exist', json[:message]
+  end
+
+  def test_verifies_contact
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    contact = Contact.find_by(code: json[:data][:contact][:code])
+    assert contact.present?
+    assert contact.ident_request_sent_at
+    assert_nil contact.verified_at
+  end
+
+  def test_does_not_verify_already_verified_contact
+    @contact.update!(verified_at: Time.zone.now - 1.day)
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal 'Contact already verified', json[:message]
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end
--- a/test/services/identification_service_test.rb
+++ b/test/services/identification_service_test.rb
@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class IdentificationServiceTest < ActiveSupport::TestCase
+  def setup
+    @service = Eeid::IdentificationService.new
+  end
+
+  def test_create_identification_request_success
+    request_params = {
+      claims_required: [{
+        type: 'sub',
+        value: 'EE1234567'
+      }],
+      reference: '111:111'
+    }
+    response_body = { id: '123', status: 'created' }.to_json
+
+    stub_request(:post, %r{api/auth/v1/token})
+      .to_return(status: 200, body: { access_token: 'mock_token' }.to_json)
+
+    stub_request(:post, %r{api/ident/v1/identification_requests})
+      .with(
+        headers: { 'Authorization' => 'Bearer mock_token' },
+        body: request_params.to_json
+      )
+      .to_return(status: 201, body: response_body)
+
+    result = @service.create_identification_request(request_params)
+    assert_equal JSON.parse(response_body), result
+    assert_equal 'mock_token', @service.instance_variable_get(:@token)
+  end
+
+  def test_create_identification_request_failure
+    request_params = {
+      claims_required: [{
+        type: 'sub',
+        value: 'EE1234567'
+      }],
+      reference: '111:111'
+    }
+
+    stub_request(:post, %r{api/auth/v1/token})
+      .to_return(status: 200, body: { access_token: 'mock_token' }.to_json)
+
+    stub_request(:post, %r{api/ident/v1/identification_requests})
+      .with(
+        headers: { 'Authorization' => 'Bearer mock_token' },
+        body: request_params.to_json
+      )
+      .to_return(status: 400, body: { error: 'Bad Request' }.to_json)
+
+    assert_raises(Eeid::IdentError, 'Bad Request') do
+      @service.create_identification_request(request_params)
+    end
+  end
+
+  def test_get_identification_request_success
+    id = '123'
+    response_body = { id: id, status: 'completed' }.to_json
+
+    stub_request(:post, %r{api/auth/v1/token})
+      .to_return(status: 200, body: { access_token: 'mock_token' }.to_json)
+
+    stub_request(:get, %r{api/ident/v1/identification_requests/#{id}})
+      .with(headers: { 'Authorization' => 'Bearer mock_token' })
+      .to_return(status: 200, body: response_body)
+
+    result = @service.get_identification_request(id)
+    assert_equal JSON.parse(response_body), result
+    assert_equal 'mock_token', @service.instance_variable_get(:@token)
+  end
+
+  def test_get_identification_request_failure
+    id = '123'
+
+    stub_request(:post, %r{api/auth/v1/token})
+      .to_return(status: 200, body: { access_token: 'mock_token' }.to_json)
+
+    stub_request(:get, %r{api/ident/v1/identification_requests/#{id}})
+      .with(headers: { 'Authorization' => 'Bearer mock_token' })
+      .to_return(status: 404, body: { error: 'Not Found' }.to_json)
+
+    assert_raises(Eeid::IdentError, 'Not Found') do
+      @service.get_identification_request(id)
+    end
+  end
+
+  def test_authentication_needed_for_requests
+    stub_request(:post, %r{api/auth/v1/token})
+      .to_return(status: 401, body: { error: 'Invalid credentials' }.to_json)
+
+    assert_raises(Eeid::IdentError) do
+      @service.create_identification_request({ key: 'value' })
+    end
+
+    assert_raises(Eeid::IdentError) do
+      @service.get_identification_request('123')
+    end
+
+    assert_equal nil, @service.instance_variable_get(:@token)
+  end
+end