Handling contact verifications

test/integration/eeid/identification_requests_webhook_test.rb

@@ -0,0 +1,63 @@
+require 'test_helper'
+
+class Eeid::IdentificationRequestsWebhookTest < ActionDispatch::IntegrationTest
+  setup do
+    @contact = contacts(:john)
+    @secret = 'valid_secret'
+    ENV['ident_service_client_secret'] = @secret
+    payload = {
+      identification_request_id: '123',
+      reference: @contact.code
+    }
+    @valid_hmac_signature = OpenSSL::HMAC.hexdigest('SHA256', @secret, payload.to_json)
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+  end
+
+  test 'should verify contact with valid signature and parameters' do
+    @contact.update!(ident_request_sent_at: Time.zone.now - 1.day)
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :ok
+    assert_equal({ 'status' => 'success' }, JSON.parse(response.body))
+    assert_not_nil @contact.reload.verified_at
+  end
+
+  test 'should return unauthorized for invalid HMAC signature' do
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => 'invalid_signature' }
+
+    assert_response :unauthorized
+    assert_equal({ 'error' => 'Invalid HMAC signature' }, JSON.parse(response.body))
+  end
+
+  test 'should return unauthorized for missing parameters' do
+    post '/eeid/webhooks/identification_requests', params: { reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :unauthorized
+    assert_equal({ 'error' => 'Invalid HMAC signature'  }, JSON.parse(response.body))
+  end
+
+  test 'should handle internal server error gracefully' do
+    # Simulate an error in the verify_contact method
+    Contact.stub :find_by_code, ->(_) { raise StandardError, 'Simulated error' } do
+      post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+      assert_response :internal_server_error
+      assert_equal({ 'error' => 'Internal Server Error' }, JSON.parse(response.body))
+    end
+  end
+
+  test 'returns error response if throttled' do
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+    post '/eeid/webhooks/identification_requests', params: { identification_request_id: '123', reference: @contact.code }, as: :json, headers: { 'X-HMAC-Signature' => @valid_hmac_signature }
+
+    assert_response :bad_request
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end

test/integration/repp/v1/contacts/verify_test.rb

@@ -0,0 +1,71 @@
+require 'test_helper'
+
+class ReppV1ContactsVerifyTest < ActionDispatch::IntegrationTest
+  def setup
+    @contact = contacts(:john)
+    @user = users(:api_bestnames)
+    token = Base64.encode64("#{@user.username}:#{@user.plain_text_password}")
+    token = "Basic #{token}"
+
+    @auth_headers = { 'Authorization' => token }
+
+    adapter = ENV['shunter_default_adapter'].constantize.new
+    adapter&.clear!
+
+    stub_request(:post, %r{api/auth/v1/token}).to_return(status: 200, body: { access_token: 'token', token_type: 'Bearer', expires_in: 100 }.to_json, headers: {})
+    stub_request(:post, %r{api/ident/v1/identification_requests})
+      .with(
+        body: {
+          claims_required: [{ type: 'sub', value: "#{@contact.ident_country_code}#{@contact.ident}" }],
+          reference: @contact.code
+        }
+      ).to_return(status: 200, body: { id: '123' }.to_json, headers: {})
+  end
+
+  def test_returns_error_when_not_found
+    post '/repp/v1/contacts/verify/nonexistant:code', headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :not_found
+    assert_equal 2303, json[:code]
+    assert_equal 'Object does not exist', json[:message]
+  end
+
+  def test_verifies_contact
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :ok
+    assert_equal 1000, json[:code]
+    assert_equal 'Command completed successfully', json[:message]
+
+    contact = Contact.find_by(code: json[:data][:contact][:code])
+    assert contact.present?
+    assert contact.ident_request_sent_at
+    assert_nil contact.verified_at
+  end
+
+  def test_does_not_verify_already_verified_contact
+    @contact.update!(verified_at: Time.zone.now - 1.day)
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal 'Contact already verified', json[:message]
+  end
+
+  def test_returns_error_response_if_throttled
+    ENV['shunter_default_threshold'] = '1'
+    ENV['shunter_enabled'] = 'true'
+
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    post "/repp/v1/contacts/verify/#{@contact.code}", headers: @auth_headers
+    json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :bad_request
+    assert_equal json[:code], 2502
+    assert response.body.include?(Shunter.default_error_message)
+    ENV['shunter_default_threshold'] = '10000'
+    ENV['shunter_enabled'] = 'false'
+  end
+end