From c64f3852f7c57bd07591bc0b90676fcfc9feceba Mon Sep 17 00:00:00 2001 From: "antonio.torre" Date: Thu, 6 Feb 2025 15:36:33 +0100 Subject: [PATCH 1/3] P4ADEV-1906 caching --- build.gradle.kts | 3 + gradle.lockfile | 3 + .../payhub/auth/config/CacheConfig.java | 57 +++++++++++++++++++ .../connector/organization/BrokerService.java | 7 +++ .../organization/BrokerServiceImpl.java | 24 ++++++++ .../organization/OrganizationService.java | 7 +++ .../organization/OrganizationServiceImpl.java | 23 ++++++++ .../organization/client/BrokerClient.java | 34 +++++++++++ .../client/OrganizationSearchClient.java | 21 +------ .../config/OrganizationApisHolder.java | 2 +- .../auth/exception/AuthExceptionHandler.java | 3 + .../A2ALegacyClaims2UserInfoMapper.java | 18 +++++- .../security/JwtAuthenticationFilter.java | 2 +- .../payhub/auth/service/AuthnServiceImpl.java | 4 +- .../payhub/auth/service/AuthzServiceImpl.java | 2 +- .../auth/service/TokenStoreServiceImpl.java | 2 +- ...horizeClientCredentialsRequestService.java | 2 +- .../{a2a => m2m}/ClientCredentialService.java | 2 +- .../ClientCredentialServiceImpl.java | 2 +- .../service/{a2a => m2m}/ClientService.java | 2 +- .../{a2a => m2m}/ClientServiceImpl.java | 8 +-- .../ValidateClientCredentialsService.java | 2 +- .../legacy/A2AClientLegacyPropConfig.java | 2 +- .../legacy/JWTLegacyHandlerService.java | 2 +- .../legacy/ValidateJWTLegacyService.java | 2 +- .../ClientRegistrationService.java | 2 +- .../retrieve/ClientRetrieverService.java | 2 +- .../revoke/ClientRemovalService.java | 2 +- .../user/IamUserInfoDTO2UserInfoMapper.java | 29 ++++++---- .../retrieve/UserInfoRetrieverService.java | 7 ++- .../payhub/auth/utils/JWTValidator.java | 28 ++++++--- src/main/resources/application.yml | 13 ++++- .../organization/BrokerServiceTest.java | 51 +++++++++++++++++ .../organization/OrganizationServiceTest.java | 51 +++++++++++++++++ .../client/OrganizationSearchClientTest.java | 4 +- .../config/OrganizationApiHolderTest.java | 2 +- .../auth/controller/AuthnControllerTest.java | 2 +- ...ntrollerNoOrganizzationAccessModeTest.java | 2 +- .../auth/controller/AuthzControllerTest.java | 2 +- .../A2ALegacyClaims2UserInfoMapperTest.java | 6 +- .../payhub/auth/service/AuthnServiceTest.java | 4 +- .../payhub/auth/service/AuthzServiceTest.java | 2 +- ...zeClientCredentialsRequestServiceTest.java | 2 +- .../ClientCredentialsServiceTest.java | 2 +- .../{a2a => m2m}/ClientServiceTest.java | 8 +-- .../ValidateClientCredentialsServiceTest.java | 2 +- .../legacy/A2AClientLegacyPropConfigTest.java | 2 +- .../legacy/JWTLegacyHandlerServiceTest.java | 2 +- .../legacy/ValidateJWTLegacyServiceTest.java | 2 +- .../ClientRegistrationServiceTest.java | 2 +- .../retrieve/ClientRetrieverServiceTest.java | 2 +- .../revoke/ClientRemovalServiceTest.java | 2 +- .../IamUserInfoDTO2UserInfoMapperTest.java | 35 +++++++----- .../UserInfoRetrieverServiceTest.java | 24 ++++++++ .../payhub/auth/utils/JWTValidatorTest.java | 18 ++++-- 55 files changed, 443 insertions(+), 105 deletions(-) create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/config/CacheConfig.java create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerService.java create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceImpl.java create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationService.java create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceImpl.java create mode 100644 src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/BrokerClient.java rename src/main/java/it/gov/pagopa/payhub/auth/connector/{ => organization}/client/OrganizationSearchClient.java (61%) rename src/main/java/it/gov/pagopa/payhub/auth/connector/{ => organization}/config/OrganizationApisHolder.java (94%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/AuthorizeClientCredentialsRequestService.java (98%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientCredentialService.java (79%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientCredentialServiceImpl.java (97%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientService.java (92%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientServiceImpl.java (89%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ValidateClientCredentialsService.java (95%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/A2AClientLegacyPropConfig.java (95%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/JWTLegacyHandlerService.java (94%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/ValidateJWTLegacyService.java (97%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/registration/ClientRegistrationService.java (96%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/retrieve/ClientRetrieverService.java (96%) rename src/main/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/revoke/ClientRemovalService.java (90%) create mode 100644 src/test/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceTest.java create mode 100644 src/test/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceTest.java rename src/test/java/it/gov/pagopa/payhub/auth/connector/{ => organization}/client/OrganizationSearchClientTest.java (96%) rename src/test/java/it/gov/pagopa/payhub/auth/connector/{ => organization}/config/OrganizationApiHolderTest.java (97%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/AuthorizeClientCredentialsRequestServiceTest.java (98%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientCredentialsServiceTest.java (98%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ClientServiceTest.java (94%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/ValidateClientCredentialsServiceTest.java (96%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/A2AClientLegacyPropConfigTest.java (97%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/JWTLegacyHandlerServiceTest.java (97%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/legacy/ValidateJWTLegacyServiceTest.java (98%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/registration/ClientRegistrationServiceTest.java (97%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/retrieve/ClientRetrieverServiceTest.java (98%) rename src/test/java/it/gov/pagopa/payhub/auth/service/{a2a => m2m}/revoke/ClientRemovalServiceTest.java (93%) diff --git a/build.gradle.kts b/build.gradle.kts index 872a9e8f..5401484c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -40,6 +40,7 @@ val jjwtVersion = "0.12.6" val wiremockVersion = "3.10.0" val bouncycastleVersion = "1.79" val micrometerVersion = "1.4.1" +val caffeineVersion = "3.2.0" dependencies { implementation("org.springframework.boot:spring-boot-starter") @@ -50,6 +51,8 @@ dependencies { implementation("io.micrometer:micrometer-registry-prometheus") implementation("org.springframework.boot:spring-boot-starter-data-redis") implementation("org.springframework.boot:spring-boot-starter-data-mongodb") + implementation("org.springframework.boot:spring-boot-starter-cache") + implementation("com.github.ben-manes.caffeine:caffeine:$caffeineVersion") implementation("org.springframework.boot:spring-boot-starter-security") implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:$springDocOpenApiVersion") implementation("org.codehaus.janino:janino:$janinoVersion") diff --git a/gradle.lockfile b/gradle.lockfile index a72d361b..cae3e456 100644 --- a/gradle.lockfile +++ b/gradle.lockfile @@ -15,6 +15,8 @@ com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.2=compileClasspath com.fasterxml.jackson.module:jackson-module-parameter-names:2.18.2=compileClasspath com.fasterxml.jackson:jackson-bom:2.18.2=compileClasspath com.fasterxml:classmate:1.7.0=compileClasspath +com.github.ben-manes.caffeine:caffeine:3.2.0=compileClasspath +com.google.errorprone:error_prone_annotations:2.36.0=compileClasspath com.nimbusds:nimbus-jose-jwt:9.48=compileClasspath io.jsonwebtoken:jjwt-api:0.12.6=compileClasspath io.jsonwebtoken:jjwt:0.12.6=compileClasspath @@ -84,6 +86,7 @@ org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.1=compileClasspa org.springframework.boot:spring-boot-actuator:3.4.1=compileClasspath org.springframework.boot:spring-boot-autoconfigure:3.4.1=compileClasspath org.springframework.boot:spring-boot-starter-actuator:3.4.1=compileClasspath +org.springframework.boot:spring-boot-starter-cache:3.4.1=compileClasspath org.springframework.boot:spring-boot-starter-data-mongodb:3.4.1=compileClasspath org.springframework.boot:spring-boot-starter-data-redis:3.4.1=compileClasspath org.springframework.boot:spring-boot-starter-json:3.4.1=compileClasspath diff --git a/src/main/java/it/gov/pagopa/payhub/auth/config/CacheConfig.java b/src/main/java/it/gov/pagopa/payhub/auth/config/CacheConfig.java new file mode 100644 index 00000000..e6a4cdf4 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/config/CacheConfig.java @@ -0,0 +1,57 @@ +package it.gov.pagopa.payhub.auth.config; + +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; +import lombok.experimental.FieldNameConstants; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.NestedConfigurationProperty; +import org.springframework.cache.CacheManager; +import org.springframework.cache.annotation.EnableCaching; +import org.springframework.cache.caffeine.CaffeineCacheManager; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; + +import java.util.concurrent.TimeUnit; + +@Configuration +@ConfigurationProperties(prefix = "cache") +@EnableCaching +@Data +@FieldNameConstants +public class CacheConfig { + + @NestedConfigurationProperty + private CacheConfigurationProperties jwks; + @NestedConfigurationProperty + private CacheConfigurationProperties organization; + @NestedConfigurationProperty + private CacheConfigurationProperties broker; + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class CacheConfigurationProperties { + private long size; + private long expireIn; + } + + @Bean + @Primary + public CacheManager localCacheManager() { + CaffeineCacheManager cacheManager = new CaffeineCacheManager(); + cacheManager.registerCustomCache(Fields.organization, buildCache(organization)); + cacheManager.registerCustomCache(Fields.broker, buildCache(broker)); + return cacheManager; + } + + private Cache buildCache(CacheConfigurationProperties cacheConfig) { + return Caffeine.newBuilder() + .maximumSize(cacheConfig.size) + .expireAfterAccess(cacheConfig.expireIn, TimeUnit.MINUTES) + .build(); + } +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerService.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerService.java new file mode 100644 index 00000000..59e9584a --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerService.java @@ -0,0 +1,7 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Broker; + +public interface BrokerService { + Broker getBrokerById(Long id, String accessToken); +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceImpl.java new file mode 100644 index 00000000..044af688 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceImpl.java @@ -0,0 +1,24 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.payhub.auth.connector.organization.client.BrokerClient; +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Broker; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.stereotype.Service; + +@Service +@CacheConfig(cacheNames = it.gov.pagopa.payhub.auth.config.CacheConfig.Fields.broker) +public class BrokerServiceImpl implements BrokerService { + + private final BrokerClient entityClient; + + public BrokerServiceImpl(BrokerClient entityClient) { + this.entityClient = entityClient; + } + + @Override + @Cacheable(key = "#id", unless="#result == null") + public Broker getBrokerById(Long id, String accessToken) { + return entityClient.getBrokerById(id, accessToken); + } +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationService.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationService.java new file mode 100644 index 00000000..c016f217 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationService.java @@ -0,0 +1,7 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Organization; + +public interface OrganizationService { + Organization getOrganizationByIpaCode(String ipaCode, String accessToken); +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceImpl.java new file mode 100644 index 00000000..ec94e713 --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceImpl.java @@ -0,0 +1,23 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.payhub.auth.connector.organization.client.OrganizationSearchClient; +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Organization; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.stereotype.Service; + +@Service +@CacheConfig(cacheNames = it.gov.pagopa.payhub.auth.config.CacheConfig.Fields.organization) +public class OrganizationServiceImpl implements OrganizationService { + private final OrganizationSearchClient searchClient; + + public OrganizationServiceImpl(OrganizationSearchClient searchClient) { + this.searchClient = searchClient; + } + + @Override + @Cacheable(key = "#ipaCode", unless="#result == null") + public Organization getOrganizationByIpaCode(String ipaCode, String accessToken) { + return searchClient.getOrganizationByIpaCode(ipaCode, accessToken); + } +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/BrokerClient.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/BrokerClient.java new file mode 100644 index 00000000..37dc5dac --- /dev/null +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/BrokerClient.java @@ -0,0 +1,34 @@ +package it.gov.pagopa.payhub.auth.connector.organization.client; + +import it.gov.pagopa.payhub.auth.connector.organization.config.OrganizationApisHolder; +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Broker; +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpStatus; +import org.springframework.stereotype.Service; +import org.springframework.web.client.HttpClientErrorException; + +@Service +@Slf4j +public class BrokerClient { + + private final OrganizationApisHolder organizationApisHolder; + + public BrokerClient(OrganizationApisHolder organizationApisHolder) { + this.organizationApisHolder = organizationApisHolder; + } + + public Broker getBrokerById(Long id, String accessToken) { + try { + return organizationApisHolder.getBrokerEntityControllerApi(accessToken).crudGetBroker(String.valueOf(id)); + } catch (HttpClientErrorException e) { + if (e.getStatusCode() == HttpStatus.NOT_FOUND) { + log.info("Broker with ID {} not found.", id); + return null; + } + throw e; + } catch (Exception e) { + log.error("An unexpected error occurred: {}", e.getMessage(), e); + throw e; + } + } +} diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClient.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClient.java similarity index 61% rename from src/main/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClient.java rename to src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClient.java index 5c478bd4..dbc45af7 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClient.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClient.java @@ -1,7 +1,6 @@ -package it.gov.pagopa.payhub.auth.connector.client; +package it.gov.pagopa.payhub.auth.connector.organization.client; -import it.gov.pagopa.payhub.auth.connector.config.OrganizationApisHolder; -import it.gov.pagopa.pu.p4pa_organization.dto.generated.Broker; +import it.gov.pagopa.payhub.auth.connector.organization.config.OrganizationApisHolder; import it.gov.pagopa.pu.p4pa_organization.dto.generated.Organization; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; @@ -18,22 +17,6 @@ public OrganizationSearchClient(OrganizationApisHolder organizationApisHolder) { this.organizationApisHolder = organizationApisHolder; } - - public Broker getBrokerById(Long id, String accessToken) { - try { - return organizationApisHolder.getBrokerEntityControllerApi(accessToken).crudGetBroker(String.valueOf(id)); - } catch (HttpClientErrorException e) { - if (e.getStatusCode() == HttpStatus.NOT_FOUND) { - log.info("Broker with ID {} not found.", id); - return null; - } - throw e; - } catch (Exception e) { - log.error("An unexpected error occurred: {}", e.getMessage(), e); - throw e; - } - } - public Organization getOrganizationByIpaCode(String ipaCode, String accessToken) { try { return organizationApisHolder.getOrganizationSearchControllerApi(accessToken) diff --git a/src/main/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApisHolder.java b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApisHolder.java similarity index 94% rename from src/main/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApisHolder.java rename to src/main/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApisHolder.java index 6388f4d2..1e68b005 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApisHolder.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApisHolder.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.connector.config; +package it.gov.pagopa.payhub.auth.connector.organization.config; import it.gov.pagopa.pu.p4pa_organization.controller.ApiClient; import it.gov.pagopa.pu.p4pa_organization.controller.BaseApi; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java b/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java index 51ac8db9..7394a9b2 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java @@ -102,6 +102,9 @@ private static void logException(Exception ex, HttpServletRequest request, HttpS getRequestDetails(request), httpStatus.value(), ex.getMessage()); + if(log.isDebugEnabled() && ex.getCause()!=null){ + log.debug("CausedBy: ", ex.getCause()); + } } private static String buildReturnedMessage(Exception ex) { diff --git a/src/main/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapper.java b/src/main/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapper.java index 7cb8dece..b3880cc2 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapper.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapper.java @@ -14,15 +14,29 @@ public class A2ALegacyClaims2UserInfoMapper { public UserInfo map(String ipaCode) { return UserInfo.builder() + .systemUser(true) .issuer(ipaCode) .userId(A2A_PREFIX + ipaCode) - .name(ipaCode) + .mappedExternalUserId(buildA2AMappedExternalUserId(ipaCode)) + .name("A2A") .familyName(ipaCode) - .fiscalCode(A2A_PREFIX + ipaCode) + .fiscalCode(ipaCode) .organizations(Collections.singletonList(UserOrganizationRoles.builder() .organizationIpaCode(ipaCode) .roles(Collections.singletonList(Constants.ROLE_ADMIN)) .build())) .build(); } + + private String buildA2AMappedExternalUserId(String orgIpaCode) { + return A2A_PREFIX + orgIpaCode; + } + + public static boolean isA2AMappedUser(String mappedExternalUserId){ + return mappedExternalUserId.startsWith(A2A_PREFIX); + } + + public static String extractOrgIpaCode(String mappedExternalUserId){ + return mappedExternalUserId.substring(A2A_PREFIX.length()); + } } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/security/JwtAuthenticationFilter.java b/src/main/java/it/gov/pagopa/payhub/auth/security/JwtAuthenticationFilter.java index 08519e90..4c230d46 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/security/JwtAuthenticationFilter.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/security/JwtAuthenticationFilter.java @@ -4,7 +4,7 @@ import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService; import it.gov.pagopa.payhub.auth.service.AuthnService; import it.gov.pagopa.payhub.auth.service.ValidateTokenService; -import it.gov.pagopa.payhub.auth.service.a2a.legacy.JWTLegacyHandlerService; +import it.gov.pagopa.payhub.auth.service.m2m.legacy.JWTLegacyHandlerService; import it.gov.pagopa.payhub.dto.generated.UserInfo; import jakarta.annotation.Nonnull; import jakarta.servlet.FilterChain; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java index e7592608..0c712348 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthnServiceImpl.java @@ -1,8 +1,8 @@ package it.gov.pagopa.payhub.auth.service; import it.gov.pagopa.payhub.auth.exception.custom.InvalidGrantTypeException; -import it.gov.pagopa.payhub.auth.service.a2a.ClientCredentialService; -import it.gov.pagopa.payhub.auth.service.a2a.ValidateClientCredentialsService; +import it.gov.pagopa.payhub.auth.service.m2m.ClientCredentialService; +import it.gov.pagopa.payhub.auth.service.m2m.ValidateClientCredentialsService; import it.gov.pagopa.payhub.auth.service.exchange.ExchangeTokenService; import it.gov.pagopa.payhub.auth.service.exchange.ValidateExternalTokenService; import it.gov.pagopa.payhub.auth.service.logout.LogoutService; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthzServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthzServiceImpl.java index bf2045ce..3a7b5b25 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/AuthzServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/AuthzServiceImpl.java @@ -6,7 +6,7 @@ import it.gov.pagopa.payhub.auth.model.User; import it.gov.pagopa.payhub.auth.repository.OperatorsRepository; import it.gov.pagopa.payhub.auth.repository.UsersRepository; -import it.gov.pagopa.payhub.auth.service.a2a.ClientService; +import it.gov.pagopa.payhub.auth.service.m2m.ClientService; import it.gov.pagopa.payhub.auth.service.user.UserService; import it.gov.pagopa.payhub.auth.service.user.retrieve.OperatorDTOMapper; import it.gov.pagopa.payhub.auth.service.user.retrieve.UserDTOMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/TokenStoreServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/TokenStoreServiceImpl.java index 2e4d817f..505b10c8 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/TokenStoreServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/TokenStoreServiceImpl.java @@ -9,7 +9,7 @@ import org.springframework.stereotype.Service; @Service -@CacheConfig(cacheNames = RedisConfig.CACHE_NAME_ACCESS_TOKEN) +@CacheConfig(cacheNames = RedisConfig.CACHE_NAME_ACCESS_TOKEN, cacheManager = "redisCacheManager") class TokenStoreServiceImpl implements TokenStoreService{ @Override @CachePut(key = "#accessToken") diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestService.java similarity index 98% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestService.java index 99d2cc79..a5cb0fab 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialService.java similarity index 79% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialService.java index bf322841..76eddfb9 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.dto.generated.AccessToken; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialServiceImpl.java similarity index 97% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialServiceImpl.java index 00c84613..085cda19 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialServiceImpl.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.mapper.Client2UserInfoMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientService.java similarity index 92% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientService.java index 4cdec44b..cd38f8cb 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.model.Client; import it.gov.pagopa.payhub.dto.generated.ClientDTO; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceImpl.java similarity index 89% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceImpl.java index 3c1fdc32..75eab9bc 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceImpl.java @@ -1,10 +1,10 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; import it.gov.pagopa.payhub.auth.model.Client; -import it.gov.pagopa.payhub.auth.service.a2a.registration.ClientRegistrationService; -import it.gov.pagopa.payhub.auth.service.a2a.retrieve.ClientRetrieverService; -import it.gov.pagopa.payhub.auth.service.a2a.revoke.ClientRemovalService; +import it.gov.pagopa.payhub.auth.service.m2m.registration.ClientRegistrationService; +import it.gov.pagopa.payhub.auth.service.m2m.retrieve.ClientRetrieverService; +import it.gov.pagopa.payhub.auth.service.m2m.revoke.ClientRemovalService; import it.gov.pagopa.payhub.dto.generated.ClientDTO; import it.gov.pagopa.payhub.dto.generated.ClientNoSecretDTO; import lombok.extern.slf4j.Slf4j; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsService.java similarity index 95% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsService.java index fd6960c0..aaaf369a 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.exception.custom.InvalidExchangeRequestException; import lombok.extern.slf4j.Slf4j; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfig.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfig.java similarity index 95% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfig.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfig.java index d03ef198..35bc53a2 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfig.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfig.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import it.gov.pagopa.payhub.auth.exception.custom.InvalidTokenException; import lombok.Data; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerService.java similarity index 94% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerService.java index 3275c06c..0236567a 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import com.auth0.jwt.interfaces.Claim; import it.gov.pagopa.payhub.auth.mapper.A2ALegacyClaims2UserInfoMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyService.java similarity index 97% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyService.java index c7fcab44..b312a183 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import com.auth0.jwt.RegisteredClaims; import com.auth0.jwt.interfaces.Claim; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationService.java similarity index 96% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationService.java index 32727992..cae0ce4c 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.registration; +package it.gov.pagopa.payhub.auth.service.m2m.registration; import it.gov.pagopa.payhub.auth.exception.custom.M2MClientConflictException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverService.java similarity index 96% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverService.java index 64203e74..e57cc2eb 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.retrieve; +package it.gov.pagopa.payhub.auth.service.m2m.retrieve; import it.gov.pagopa.payhub.auth.exception.custom.ClientNotFoundException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalService.java similarity index 90% rename from src/main/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalService.java rename to src/main/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalService.java index 6ec8c952..014106d8 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalService.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.revoke; +package it.gov.pagopa.payhub.auth.service.m2m.revoke; import it.gov.pagopa.payhub.auth.repository.ClientRepository; import lombok.extern.slf4j.Slf4j; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapper.java b/src/main/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapper.java index 3078a0ae..c6be8dae 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapper.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapper.java @@ -1,7 +1,8 @@ package it.gov.pagopa.payhub.auth.service.user; import io.micrometer.common.util.StringUtils; -import it.gov.pagopa.payhub.auth.connector.client.OrganizationSearchClient; +import it.gov.pagopa.payhub.auth.connector.organization.BrokerService; +import it.gov.pagopa.payhub.auth.connector.organization.OrganizationService; import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.dto.IamUserOrganizationRolesDTO; import it.gov.pagopa.payhub.auth.model.Operator; @@ -23,14 +24,20 @@ public class IamUserInfoDTO2UserInfoMapper { private final OperatorsRepository operatorsRepository; - private final OrganizationSearchClient organizationSearchClient; + private final OrganizationService organizationService; + private final BrokerService brokerService; private final boolean organizationAccessMode; - public IamUserInfoDTO2UserInfoMapper(@Value("${app.enable-access-organization-mode}") boolean organizationAccessMode, - OperatorsRepository operatorsRepository, - OrganizationSearchClient organizationSearchClient) { + public IamUserInfoDTO2UserInfoMapper( + @Value("${app.enable-access-organization-mode}") boolean organizationAccessMode, + + OperatorsRepository operatorsRepository, + OrganizationService organizationService, + BrokerService brokerService + ) { this.operatorsRepository = operatorsRepository; - this.organizationSearchClient = organizationSearchClient; + this.organizationService = organizationService; + this.brokerService = brokerService; this.organizationAccessMode = organizationAccessMode; } @@ -73,14 +80,14 @@ private UserInfo userInfoMapper(IamUserInfoDTO iamUserInfoDTO, String accessToke .name(iamUserInfoDTO.getName()) .issuer(iamUserInfoDTO.getIssuer()) .organizations(userRoles.stream() - .map(r -> (UserOrganizationRoles)UserOrganizationRoles.builder() + .map(r -> (UserOrganizationRoles) UserOrganizationRoles.builder() .operatorId(r.getOperatorId()) .organizationIpaCode(r.getOrganizationIpaCode()) .roles(new ArrayList<>(r.getRoles())) .email(r.getEmail()) .organizationId(retrieveOrganizationId(r.getOrganizationIpaCode(), accessToken)) .build()) - . toList()) + .toList()) .build(); if (iamUserInfoDTO.getOrganizationAccess() != null) { @@ -93,7 +100,7 @@ private UserInfo userInfoMapper(IamUserInfoDTO iamUserInfoDTO, String accessToke private Long retrieveOrganizationId(String organizationIpaCode, String accessToken) { if (StringUtils.isNotBlank(organizationIpaCode)) { - Organization organization = organizationSearchClient.getOrganizationByIpaCode(organizationIpaCode, accessToken); + Organization organization = organizationService.getOrganizationByIpaCode(organizationIpaCode, accessToken); if (organization != null) { return organization.getOrganizationId(); } @@ -107,9 +114,9 @@ private Broker getSessionBroker(IamUserInfoDTO iamUserInfoDTO, List userOrganizations.isEmpty() ? null : userOrganizations.getFirst().getOrganizationIpaCode()); if (orgIpaCode != null) { - Organization organization = organizationSearchClient.getOrganizationByIpaCode(orgIpaCode, accessToken); + Organization organization = organizationService.getOrganizationByIpaCode(orgIpaCode, accessToken); if (organization != null && organization.getBrokerId() != null) { - return organizationSearchClient.getBrokerById(organization.getBrokerId(), accessToken); + return brokerService.getBrokerById(organization.getBrokerId(), accessToken); } } return null; diff --git a/src/main/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverService.java b/src/main/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverService.java index ccded531..9645d25b 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverService.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverService.java @@ -2,6 +2,7 @@ import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.exception.custom.UserNotFoundException; +import it.gov.pagopa.payhub.auth.mapper.A2ALegacyClaims2UserInfoMapper; import it.gov.pagopa.payhub.auth.mapper.Client2UserInfoMapper; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; import it.gov.pagopa.payhub.auth.model.User; @@ -18,13 +19,15 @@ public class UserInfoRetrieverService { private final ClientRepository clientRepository; private final ClientMapper clientMapper; private final Client2UserInfoMapper client2UserInfoMapper; + private final A2ALegacyClaims2UserInfoMapper a2aLegacy2UserInfoMapper; private final IamUserInfoDTO2UserInfoMapper iamUserInfoMapper; - public UserInfoRetrieverService(UsersRepository usersRepository, ClientRepository clientRepository, ClientMapper clientMapper, Client2UserInfoMapper client2UserInfoMapper, IamUserInfoDTO2UserInfoMapper iamUserInfoMapper) { + public UserInfoRetrieverService(UsersRepository usersRepository, ClientRepository clientRepository, ClientMapper clientMapper, Client2UserInfoMapper client2UserInfoMapper, A2ALegacyClaims2UserInfoMapper a2aLegacy2UserInfoMapper, IamUserInfoDTO2UserInfoMapper iamUserInfoMapper) { this.usersRepository = usersRepository; this.clientRepository = clientRepository; this.clientMapper = clientMapper; this.client2UserInfoMapper = client2UserInfoMapper; + this.a2aLegacy2UserInfoMapper = a2aLegacy2UserInfoMapper; this.iamUserInfoMapper = iamUserInfoMapper; } @@ -32,6 +35,8 @@ public UserInfo findByMappedExternalUserId(String mappedExternalUserId, String a IamUserInfoDTO iamUserInfo; if(Client2UserInfoMapper.isSystemMappedUser(mappedExternalUserId)) { iamUserInfo = findSystemIamUser(mappedExternalUserId); + } else if(A2ALegacyClaims2UserInfoMapper.isA2AMappedUser(mappedExternalUserId)) { + return a2aLegacy2UserInfoMapper.map(A2ALegacyClaims2UserInfoMapper.extractOrgIpaCode(mappedExternalUserId)); } else { iamUserInfo = findIamUser(mappedExternalUserId); } diff --git a/src/main/java/it/gov/pagopa/payhub/auth/utils/JWTValidator.java b/src/main/java/it/gov/pagopa/payhub/auth/utils/JWTValidator.java index fdc6c73c..68a0de2b 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/utils/JWTValidator.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/utils/JWTValidator.java @@ -1,17 +1,16 @@ package it.gov.pagopa.payhub.auth.utils; -import com.auth0.jwk.Jwk; -import com.auth0.jwk.JwkException; -import com.auth0.jwk.JwkProvider; -import com.auth0.jwk.UrlJwkProvider; +import com.auth0.jwk.*; import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTVerificationException; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; +import it.gov.pagopa.payhub.auth.config.CacheConfig; import it.gov.pagopa.payhub.auth.exception.custom.InvalidTokenException; import it.gov.pagopa.payhub.auth.exception.custom.TokenExpiredException; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -20,6 +19,8 @@ import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; +import java.time.Duration; +import java.time.temporal.ChronoUnit; import java.util.Map; @@ -28,15 +29,26 @@ * This class uses Auth0's JWT and JWK libraries to decode, verify, and extract claims from a JWT. */ @Component +@Slf4j public class JWTValidator { private final JWTVerifier jwtVerifier; - public JWTValidator(@Value("${jwt.access-token.public-key}") String publicKey) - throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { + private final long jwksCacheMaxSize; + private final Duration jwksCacheDuration; + + public JWTValidator( + @Value("${jwt.access-token.public-key}") String publicKey, + + CacheConfig cacheConfig) + throws NoSuchAlgorithmException, InvalidKeySpecException, IOException + { RSAPublicKey rsaPublicKey = CertUtils.pemPub2PublicKey(publicKey); Algorithm algorithm = Algorithm.RSA512(rsaPublicKey); jwtVerifier = JWT.require(algorithm).build(); + + jwksCacheMaxSize = cacheConfig.getJwks().getSize(); + jwksCacheDuration = Duration.of(cacheConfig.getJwks().getExpireIn(), ChronoUnit.MINUTES); } /** @@ -53,7 +65,7 @@ public Map validate(String token, String urlJwkProvider) { try { DecodedJWT jwt = JWT.decode(token); - JwkProvider provider = new UrlJwkProvider(urlJwkProvider); + JwkProvider provider = new GuavaCachedJwkProvider(new UrlJwkProvider(urlJwkProvider), jwksCacheMaxSize, jwksCacheDuration); Jwk jwk = provider.get(jwt.getKeyId()); Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); JWTVerifier verifier = JWT.require(algorithm).build(); @@ -64,7 +76,7 @@ public Map validate(String token, String urlJwkProvider) { } catch (com.auth0.jwt.exceptions.TokenExpiredException e){ throw new TokenExpiredException(e.getMessage()); } catch (JwkException | JWTVerificationException ex) { - throw new InvalidTokenException("The token is not valid"); + throw new InvalidTokenException("The token is not valid: " + ex.getMessage(), ex); } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index d045894b..782c016d 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -82,10 +82,21 @@ logging: app: # If true, it will expect the presence of the access organization inside the ID Token. - # Thus it will register te relation between the operator and the relation with the provided roles. + # Thus, it will register te relation between the operator and the relation with the provided roles. # If disabled, the admin should register the associations using the provided API (otherwise they will be disabled) enable-access-organization-mode: "\${ACCESS_ORGANIZATION_MODE_ENABLED:true}" +cache: + jwks: + size: "\${CACHE_JWKS_SIZE:10}" + expire-in: "\${CACHE_JWKS_MINUTES:60}" + organization: + size: "\${CACHE_ORGANIZATION_SIZE:100}" + expire-in: "\${CACHE_ORGANIZATION_MINUTES:60}" + broker: + size: "\${CACHE_BROKER_MAXIMUM_SIZE:100}" + expire-in: "\${CACHE_BROKER_MINUTES:60}" + rest: default-timeout: connect-millis: "\${DEFAULT_REST_CONNECT_TIMEOUT_MILLIS:120000}" diff --git a/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceTest.java new file mode 100644 index 00000000..cb33d455 --- /dev/null +++ b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/BrokerServiceTest.java @@ -0,0 +1,51 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.payhub.auth.connector.organization.client.BrokerClient; +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Broker; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; + +@ExtendWith(MockitoExtension.class) +class BrokerServiceTest { + + @Mock + private BrokerClient brokerClientMock; + + private BrokerService service; + + @BeforeEach + void init(){ + service = new BrokerServiceImpl(brokerClientMock); + } + + @AfterEach + void verifyNoMoreInteractions(){ + Mockito.verifyNoMoreInteractions( + brokerClientMock + ); + } + + @Test + void whenGetBrokerByIdThenInvokeClient(){ + // Given + String accessToken = "ACCESSTOKEN"; + long brokerId = 1L; + Broker expectedResult = new Broker(); + + Mockito.when(brokerClientMock.getBrokerById(brokerId, accessToken)) + .thenReturn(expectedResult); + + // When + Broker result = service.getBrokerById(brokerId, accessToken); + + // Then + Assertions.assertSame(expectedResult, result); + } + +} diff --git a/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceTest.java new file mode 100644 index 00000000..e1b72b22 --- /dev/null +++ b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/OrganizationServiceTest.java @@ -0,0 +1,51 @@ +package it.gov.pagopa.payhub.auth.connector.organization; + +import it.gov.pagopa.payhub.auth.connector.organization.client.OrganizationSearchClient; +import it.gov.pagopa.pu.p4pa_organization.dto.generated.Organization; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; + +@ExtendWith(MockitoExtension.class) +class OrganizationServiceTest { + + @Mock + private OrganizationSearchClient organizationSearchClientMock; + + private OrganizationService service; + + @BeforeEach + void init(){ + service = new OrganizationServiceImpl(organizationSearchClientMock); + } + + @AfterEach + void verifyNoMoreInteractions(){ + Mockito.verifyNoMoreInteractions( + organizationSearchClientMock + ); + } + + @Test + void whenGetOrganizationByIpaCodeByIdThenInvokeClient(){ + // Given + String accessToken = "ACCESSTOKEN"; + String orgIpaCode = "ORGIPACODE"; + Organization expectedResult = new Organization(); + + Mockito.when(organizationSearchClientMock.getOrganizationByIpaCode(orgIpaCode, accessToken)) + .thenReturn(expectedResult); + + // When + Organization result = service.getOrganizationByIpaCode(orgIpaCode, accessToken); + + // Then + Assertions.assertSame(expectedResult, result); + } + +} diff --git a/src/test/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClientTest.java b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClientTest.java similarity index 96% rename from src/test/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClientTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClientTest.java index 1c7609dc..9a954342 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/connector/client/OrganizationSearchClientTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/client/OrganizationSearchClientTest.java @@ -1,6 +1,6 @@ -package it.gov.pagopa.payhub.auth.connector.client; +package it.gov.pagopa.payhub.auth.connector.organization.client; -import it.gov.pagopa.payhub.auth.connector.config.OrganizationApisHolder; +import it.gov.pagopa.payhub.auth.connector.organization.config.OrganizationApisHolder; import it.gov.pagopa.pu.p4pa_organization.controller.generated.OrganizationSearchControllerApi; import it.gov.pagopa.pu.p4pa_organization.dto.generated.Organization; import org.junit.jupiter.api.AfterEach; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApiHolderTest.java b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApiHolderTest.java similarity index 97% rename from src/test/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApiHolderTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApiHolderTest.java index f96fd0af..4c43d7f2 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/connector/config/OrganizationApiHolderTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/connector/organization/config/OrganizationApiHolderTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.connector.config; +package it.gov.pagopa.payhub.auth.connector.organization.config; import it.gov.pagopa.payhub.auth.connector.BaseApiHolderTest; import it.gov.pagopa.pu.p4pa_organization.controller.ApiClient; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthnControllerTest.java b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthnControllerTest.java index 620c1927..db5b762c 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthnControllerTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthnControllerTest.java @@ -8,7 +8,7 @@ import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService; import it.gov.pagopa.payhub.auth.service.AuthnService; import it.gov.pagopa.payhub.auth.service.ValidateTokenService; -import it.gov.pagopa.payhub.auth.service.a2a.legacy.JWTLegacyHandlerService; +import it.gov.pagopa.payhub.auth.service.m2m.legacy.JWTLegacyHandlerService; import it.gov.pagopa.payhub.dto.generated.AccessToken; import it.gov.pagopa.payhub.dto.generated.AuthErrorDTO; import it.gov.pagopa.payhub.dto.generated.UserInfo; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerNoOrganizzationAccessModeTest.java b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerNoOrganizzationAccessModeTest.java index 2c455303..f1339ea7 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerNoOrganizzationAccessModeTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerNoOrganizzationAccessModeTest.java @@ -8,7 +8,7 @@ import it.gov.pagopa.payhub.auth.service.AuthnService; import it.gov.pagopa.payhub.auth.service.AuthzService; import it.gov.pagopa.payhub.auth.service.ValidateTokenService; -import it.gov.pagopa.payhub.auth.service.a2a.legacy.JWTLegacyHandlerService; +import it.gov.pagopa.payhub.auth.service.m2m.legacy.JWTLegacyHandlerService; import it.gov.pagopa.payhub.auth.utils.Constants; import it.gov.pagopa.payhub.dto.generated.*; import org.junit.jupiter.api.Assertions; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerTest.java b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerTest.java index 2ef8130a..60009caf 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/controller/AuthzControllerTest.java @@ -11,7 +11,7 @@ import it.gov.pagopa.payhub.auth.service.AuthnService; import it.gov.pagopa.payhub.auth.service.AuthzService; import it.gov.pagopa.payhub.auth.service.ValidateTokenService; -import it.gov.pagopa.payhub.auth.service.a2a.legacy.JWTLegacyHandlerService; +import it.gov.pagopa.payhub.auth.service.m2m.legacy.JWTLegacyHandlerService; import it.gov.pagopa.payhub.auth.utils.Constants; import it.gov.pagopa.payhub.dto.generated.*; import org.junit.jupiter.api.Assertions; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapperTest.java b/src/test/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapperTest.java index bcaccf98..1587e880 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapperTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/mapper/A2ALegacyClaims2UserInfoMapperTest.java @@ -18,11 +18,13 @@ void WhenMapThenGetUserInfoMapped() { String prefix = "A2A-"; String ipaCode = "ipaCode"; UserInfo expected = UserInfo.builder() + .systemUser(true) .issuer(ipaCode) .userId(prefix + ipaCode) - .name(ipaCode) + .mappedExternalUserId(prefix + ipaCode) + .name("A2A") .familyName(ipaCode) - .fiscalCode(prefix + ipaCode) + .fiscalCode(ipaCode) .organizations(Collections.singletonList(UserOrganizationRoles.builder() .organizationIpaCode(ipaCode) .roles(Collections.singletonList(Constants.ROLE_ADMIN)) diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java index eccc150c..4e39c19a 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthnServiceTest.java @@ -1,8 +1,8 @@ package it.gov.pagopa.payhub.auth.service; import it.gov.pagopa.payhub.auth.exception.custom.InvalidGrantTypeException; -import it.gov.pagopa.payhub.auth.service.a2a.ClientCredentialService; -import it.gov.pagopa.payhub.auth.service.a2a.ValidateClientCredentialsService; +import it.gov.pagopa.payhub.auth.service.m2m.ClientCredentialService; +import it.gov.pagopa.payhub.auth.service.m2m.ValidateClientCredentialsService; import it.gov.pagopa.payhub.auth.service.exchange.ExchangeTokenService; import it.gov.pagopa.payhub.auth.service.exchange.ValidateExternalTokenService; import it.gov.pagopa.payhub.auth.service.logout.LogoutService; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthzServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthzServiceTest.java index 6be9e3f3..8431b249 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/AuthzServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/AuthzServiceTest.java @@ -5,7 +5,7 @@ import it.gov.pagopa.payhub.auth.model.User; import it.gov.pagopa.payhub.auth.repository.OperatorsRepository; import it.gov.pagopa.payhub.auth.repository.UsersRepository; -import it.gov.pagopa.payhub.auth.service.a2a.ClientService; +import it.gov.pagopa.payhub.auth.service.m2m.ClientService; import it.gov.pagopa.payhub.auth.service.user.UserService; import it.gov.pagopa.payhub.auth.service.user.retrieve.OperatorDTOMapper; import it.gov.pagopa.payhub.auth.service.user.retrieve.UserDTOMapper; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestServiceTest.java similarity index 98% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestServiceTest.java index 3b6f899d..34b450a0 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/AuthorizeClientCredentialsRequestServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialsServiceTest.java similarity index 98% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialsServiceTest.java index fb243099..b9cc2c95 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientCredentialsServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.mapper.Client2UserInfoMapper; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceTest.java similarity index 94% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceTest.java index d286284d..3754179f 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ClientServiceTest.java @@ -1,10 +1,10 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; import it.gov.pagopa.payhub.auth.model.Client; -import it.gov.pagopa.payhub.auth.service.a2a.registration.ClientRegistrationService; -import it.gov.pagopa.payhub.auth.service.a2a.retrieve.ClientRetrieverService; -import it.gov.pagopa.payhub.auth.service.a2a.revoke.ClientRemovalService; +import it.gov.pagopa.payhub.auth.service.m2m.registration.ClientRegistrationService; +import it.gov.pagopa.payhub.auth.service.m2m.retrieve.ClientRetrieverService; +import it.gov.pagopa.payhub.auth.service.m2m.revoke.ClientRemovalService; import it.gov.pagopa.payhub.dto.generated.ClientDTO; import it.gov.pagopa.payhub.dto.generated.ClientNoSecretDTO; import org.junit.jupiter.api.AfterEach; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsServiceTest.java similarity index 96% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsServiceTest.java index e9fb7727..a1a5c202 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/ValidateClientCredentialsServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a; +package it.gov.pagopa.payhub.auth.service.m2m; import it.gov.pagopa.payhub.auth.exception.custom.InvalidExchangeRequestException; import org.junit.jupiter.api.Test; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfigTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfigTest.java similarity index 97% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfigTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfigTest.java index f09a3f3c..1c69faaf 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/A2AClientLegacyPropConfigTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/A2AClientLegacyPropConfigTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerServiceTest.java similarity index 97% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerServiceTest.java index a1001b95..3e0409b3 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/JWTLegacyHandlerServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/JWTLegacyHandlerServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyServiceTest.java similarity index 98% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyServiceTest.java index 14b11b7b..e6cf709b 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/legacy/ValidateJWTLegacyServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/legacy/ValidateJWTLegacyServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.legacy; +package it.gov.pagopa.payhub.auth.service.m2m.legacy; import com.auth0.jwt.JWT; import com.auth0.jwt.interfaces.Claim; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationServiceTest.java similarity index 97% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationServiceTest.java index ad4de2eb..bc429cbd 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/registration/ClientRegistrationServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/registration/ClientRegistrationServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.registration; +package it.gov.pagopa.payhub.auth.service.m2m.registration; import it.gov.pagopa.payhub.auth.exception.custom.M2MClientConflictException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverServiceTest.java similarity index 98% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverServiceTest.java index 7f72c1c8..4e3b879a 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/retrieve/ClientRetrieverServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/retrieve/ClientRetrieverServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.retrieve; +package it.gov.pagopa.payhub.auth.service.m2m.retrieve; import it.gov.pagopa.payhub.auth.exception.custom.ClientNotFoundException; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalServiceTest.java similarity index 93% rename from src/test/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalServiceTest.java rename to src/test/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalServiceTest.java index 9955fced..c5d55a8c 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/a2a/revoke/ClientRemovalServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/m2m/revoke/ClientRemovalServiceTest.java @@ -1,4 +1,4 @@ -package it.gov.pagopa.payhub.auth.service.a2a.revoke; +package it.gov.pagopa.payhub.auth.service.m2m.revoke; import it.gov.pagopa.payhub.auth.repository.ClientRepository; import org.junit.jupiter.api.Test; diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapperTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapperTest.java index a84aa701..cf00feaa 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapperTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/user/IamUserInfoDTO2UserInfoMapperTest.java @@ -1,6 +1,7 @@ package it.gov.pagopa.payhub.auth.service.user; -import it.gov.pagopa.payhub.auth.connector.client.OrganizationSearchClient; +import it.gov.pagopa.payhub.auth.connector.organization.BrokerService; +import it.gov.pagopa.payhub.auth.connector.organization.OrganizationService; import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.dto.IamUserOrganizationRolesDTO; import it.gov.pagopa.payhub.auth.model.Operator; @@ -28,9 +29,10 @@ class IamUserInfoDTO2UserInfoMapperTest { @Mock private OperatorsRepository operatorsRepositoryMock; - @Mock - private OrganizationSearchClient organizationSearchClientMock; + private OrganizationService organizationServiceMock; + @Mock + private BrokerService brokerServiceMock; private IamUserInfoDTO2UserInfoMapper mapper; @@ -38,12 +40,19 @@ class IamUserInfoDTO2UserInfoMapperTest { @BeforeEach void init() { - mapper = new IamUserInfoDTO2UserInfoMapper(organizationAccessMode, operatorsRepositoryMock, organizationSearchClientMock); + mapper = new IamUserInfoDTO2UserInfoMapper( + organizationAccessMode, + operatorsRepositoryMock, + organizationServiceMock, + brokerServiceMock); } @AfterEach void verifyNotMoreInteractions() { - Mockito.verifyNoMoreInteractions(operatorsRepositoryMock, organizationSearchClientMock); + Mockito.verifyNoMoreInteractions( + operatorsRepositoryMock, + organizationServiceMock, + brokerServiceMock); } @Test @@ -96,12 +105,12 @@ void givenCompleteDataWhenApplyThenOk() { Organization mockOrganization = new Organization(); mockOrganization.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) + Mockito.when(organizationServiceMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) .thenReturn(mockOrganization); Broker mockBroker = new Broker(); mockBroker.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) + Mockito.when(brokerServiceMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) .thenReturn(mockBroker); UserInfo result = mapper.apply(iamUserInfo, accessToken); @@ -147,12 +156,12 @@ void givenNotOperatorsWhenApplyThenOk() { Organization mockOrganization = new Organization(); mockOrganization.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) + Mockito.when(organizationServiceMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) .thenReturn(mockOrganization); Broker mockBroker = new Broker(); mockBroker.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) + Mockito.when(brokerServiceMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) .thenReturn(mockBroker); UserInfo result = mapper.apply(iamUserInfo, accessToken); @@ -205,12 +214,12 @@ void givenNoOrganizationAccessWhenApplyThenOk() { Organization mockOrganization = new Organization(); mockOrganization.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) + Mockito.when(organizationServiceMock.getOrganizationByIpaCode(Mockito.eq("ORG"), Mockito.anyString())) .thenReturn(mockOrganization); Broker mockBroker = new Broker(); mockBroker.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) + Mockito.when(brokerServiceMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) .thenReturn(mockBroker); UserInfo result = mapper.apply(iamUserInfo, accessToken); @@ -255,12 +264,12 @@ void givenSystemUserWhenApplyThenOk() { Organization mockOrganization = new Organization(); mockOrganization.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getOrganizationByIpaCode(Mockito.eq("IPA_CODE"), Mockito.anyString())) + Mockito.when(organizationServiceMock.getOrganizationByIpaCode(Mockito.eq("IPA_CODE"), Mockito.anyString())) .thenReturn(mockOrganization); Broker mockBroker = new Broker(); mockBroker.setBrokerId(1L); - Mockito.when(organizationSearchClientMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) + Mockito.when(brokerServiceMock.getBrokerById(Mockito.anyLong(), Mockito.anyString())) .thenReturn(mockBroker); UserInfo result = mapper.apply(iamUserInfo, accessToken); diff --git a/src/test/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverServiceTest.java b/src/test/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverServiceTest.java index 3f4510fb..e8356e92 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverServiceTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/service/user/retrieve/UserInfoRetrieverServiceTest.java @@ -2,6 +2,7 @@ import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; import it.gov.pagopa.payhub.auth.exception.custom.UserNotFoundException; +import it.gov.pagopa.payhub.auth.mapper.A2ALegacyClaims2UserInfoMapper; import it.gov.pagopa.payhub.auth.mapper.Client2UserInfoMapper; import it.gov.pagopa.payhub.auth.mapper.ClientMapper; import it.gov.pagopa.payhub.auth.model.Client; @@ -34,6 +35,8 @@ class UserInfoRetrieverServiceTest { @Mock private Client2UserInfoMapper client2UserInfoMapperMock; @Mock + private A2ALegacyClaims2UserInfoMapper a2ALegacyClaims2UserInfoMapperMock; + @Mock private IamUserInfoDTO2UserInfoMapper iamUserInfoMapperMock; private UserInfoRetrieverService service; @@ -45,6 +48,7 @@ void init() { clientRepositoryMock, clientMapperMock, client2UserInfoMapperMock, + a2ALegacyClaims2UserInfoMapperMock, iamUserInfoMapperMock); } @@ -55,6 +59,7 @@ void verifyNoMoreInteractions() { clientRepositoryMock, clientMapperMock, client2UserInfoMapperMock, + a2ALegacyClaims2UserInfoMapperMock, iamUserInfoMapperMock); } @@ -100,6 +105,25 @@ void givenNotExistentSystemUserWhenFindByMappedExternalUserIdThenUserNotFoundExc } //endregion + //region A2A legacy user + @Test + void givenA2ALegacyUserWhenFindByMappedExternalUserIdThenOk() { + // Given + String orgIpaCode = "ORGIPACODE"; + String accessToken = "ACCESSTOKEN"; + UserInfo expectedResult = new UserInfo(); + + Mockito.when(a2ALegacyClaims2UserInfoMapperMock.map(orgIpaCode)) + .thenReturn(expectedResult); + + // When + UserInfo result = service.findByMappedExternalUserId("A2A-" + orgIpaCode, accessToken); + + // Then + Assertions.assertSame(expectedResult, result); + } + //endregion + //region regular user @Test void givenRegularUserWhenFindByMappedExternalUserIdThenOk() { diff --git a/src/test/java/it/gov/pagopa/payhub/auth/utils/JWTValidatorTest.java b/src/test/java/it/gov/pagopa/payhub/auth/utils/JWTValidatorTest.java index e08da2f5..d07e08b4 100644 --- a/src/test/java/it/gov/pagopa/payhub/auth/utils/JWTValidatorTest.java +++ b/src/test/java/it/gov/pagopa/payhub/auth/utils/JWTValidatorTest.java @@ -2,9 +2,9 @@ import com.auth0.jwt.interfaces.Claim; import com.github.tomakehurst.wiremock.WireMockServer; +import it.gov.pagopa.payhub.auth.config.CacheConfig; import it.gov.pagopa.payhub.auth.exception.custom.InvalidTokenException; import it.gov.pagopa.payhub.auth.exception.custom.TokenExpiredException; -import java.security.KeyPair; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; @@ -12,13 +12,15 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.test.context.junit.jupiter.SpringExtension; +import java.security.KeyPair; import java.security.PublicKey; import java.time.Instant; import java.util.Date; import java.util.Map; import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; @ExtendWith(SpringExtension.class) class JWTValidatorTest { @@ -32,10 +34,16 @@ class JWTValidatorTest { void setup() throws Exception { wireMockServer = new WireMockServer(wireMockConfig().dynamicPort()); wireMockServer.start(); + utils = new JWTValidatorUtils(wireMockServer); + keyPair = JWTValidatorUtils.generateKeyPair(); String publicKey = JWTValidatorUtils.getPublicKey(keyPair); - jwtValidator = new JWTValidator(publicKey); + + CacheConfig cacheConfig = new CacheConfig(); + cacheConfig.setJwks(new CacheConfig.CacheConfigurationProperties(0, 10)); + + jwtValidator = new JWTValidator(publicKey, cacheConfig); } @AfterEach @@ -93,7 +101,7 @@ void givenTokenExpiredThenTokenExpiredException() { @Test void givenValidLegacyJWTThenOk() { - String validToken = utils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().plusSeconds(3_600_000L), "jwtId"); + String validToken = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().plusSeconds(3_600_000L), "jwtId"); Assertions.assertDoesNotThrow(() -> jwtValidator.validate(validToken, keyPair.getPublic())); } @@ -106,7 +114,7 @@ void givenInvalidTokenWhenValidateLegacyTokenThenThrowInvalidTokenException() { @Test void givenInvalidTokenWhenValidateLegacyTokenThenThrowTokenExpiredException() { - String invalidToken = utils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().minusSeconds(3_600_000L), "jwtId"); + String invalidToken = JWTValidatorUtils.generateLegacyToken(keyPair, "a2a", Instant.now(), Instant.now().minusSeconds(3_600_000L), "jwtId"); PublicKey publicKey = keyPair.getPublic(); assertThrows(TokenExpiredException.class, () ->jwtValidator.validate(invalidToken, publicKey)); } From 4b7b05c7145ee10ccff99367d29dc75219edb0f1 Mon Sep 17 00:00:00 2001 From: "antonio.torre" Date: Thu, 6 Feb 2025 19:06:52 +0100 Subject: [PATCH 2/3] fix: uploadIngestionFlowFile return dto --- .../gov/pagopa/payhub/auth/config/RedisConfig.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/main/java/it/gov/pagopa/payhub/auth/config/RedisConfig.java b/src/main/java/it/gov/pagopa/payhub/auth/config/RedisConfig.java index 426cd560..a6c75fcd 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/config/RedisConfig.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/config/RedisConfig.java @@ -2,12 +2,15 @@ import com.fasterxml.jackson.databind.ObjectMapper; import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO; +import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.cache.RedisCacheManagerBuilderCustomizer; import org.springframework.cache.annotation.EnableCaching; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.cache.RedisCacheConfiguration; +import org.springframework.data.redis.cache.RedisCacheManager; +import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.RedisSerializationContext; @@ -19,6 +22,16 @@ public class RedisConfig { public static final String CACHE_NAME_ACCESS_TOKEN = "ACCESS_TOKEN"; + @Bean + public RedisCacheManager redisCacheManager( + ObjectProvider redisCacheManagerBuilderCustomizers, + RedisConnectionFactory redisConnectionFactory) { + RedisCacheManager.RedisCacheManagerBuilder builder = RedisCacheManager.builder(redisConnectionFactory); + builder.enableStatistics(); + redisCacheManagerBuilderCustomizers.orderedStream().forEach(customizer -> customizer.customize(builder)); + return builder.build(); + } + @Bean public RedisCacheManagerBuilderCustomizer redisCacheManagerBuilderCustomizer( ObjectMapper objectMapper, From 12533bd33985b343ca22af73c5462e2e8123083c Mon Sep 17 00:00:00 2001 From: "antonio.torre" Date: Thu, 6 Feb 2025 19:09:51 +0100 Subject: [PATCH 3/3] P4ADEV-1906 caching --- openapi/p4pa-auth.openapi.yaml | 1 + .../payhub/auth/exception/AuthExceptionHandler.java | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/openapi/p4pa-auth.openapi.yaml b/openapi/p4pa-auth.openapi.yaml index a051382e..77ab0ea1 100644 --- a/openapi/p4pa-auth.openapi.yaml +++ b/openapi/p4pa-auth.openapi.yaml @@ -698,6 +698,7 @@ components: type: string enum: - AUTH_GENERIC_ERROR + - AUTH_NOT_FOUND - AUTH_USER_UNAUTHORIZED - invalid_request - invalid_client diff --git a/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java b/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java index 7394a9b2..e395c382 100644 --- a/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java +++ b/src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java @@ -13,9 +13,11 @@ import org.springframework.http.converter.HttpMessageNotReadableException; import org.springframework.validation.FieldError; import org.springframework.web.ErrorResponse; +import org.springframework.web.ErrorResponseException; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestControllerAdvice; +import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException; import java.util.stream.Collectors; @@ -63,18 +65,20 @@ public ResponseEntity handleConflictException(RuntimeException ex, HttpS return ResponseEntity.status(httpStatus).body(null); } - @ExceptionHandler({ValidationException.class, HttpMessageNotReadableException.class, MethodArgumentNotValidException.class}) + @ExceptionHandler({ValidationException.class, HttpMessageNotReadableException.class, MethodArgumentNotValidException.class, MethodArgumentTypeMismatchException.class}) public ResponseEntity handleViolationException(Exception ex, HttpServletRequest request) { return handleException(ex, request, HttpStatus.BAD_REQUEST, AuthErrorDTO.ErrorEnum.INVALID_REQUEST); } - @ExceptionHandler({ServletException.class}) - public ResponseEntity handleServletException(ServletException ex, HttpServletRequest request) { + @ExceptionHandler({ServletException.class, ErrorResponseException.class}) + public ResponseEntity handleServletException(Exception ex, HttpServletRequest request) { HttpStatusCode httpStatus = HttpStatus.INTERNAL_SERVER_ERROR; AuthErrorDTO.ErrorEnum errorCode = AuthErrorDTO.ErrorEnum.AUTH_GENERIC_ERROR; if (ex instanceof ErrorResponse errorResponse) { httpStatus = errorResponse.getStatusCode(); - if (httpStatus.is4xxClientError()) { + if(httpStatus.isSameCodeAs(HttpStatus.NOT_FOUND)) { + errorCode = AuthErrorDTO.ErrorEnum.AUTH_NOT_FOUND; + } else if (httpStatus.is4xxClientError()) { errorCode = AuthErrorDTO.ErrorEnum.INVALID_REQUEST; } }