pagopa · BurnedMarshal · Jan 17, 2020 · Jan 20, 2020 · gunzip · Jan 17, 2020
@@ -443,6 +443,29 @@ describe("AuthenticationController#acs", () => {
       detail: "Redis error"
     });
   });
+
+  it("should return a forbidden error response if user isn't adult", async () => {
+    const res = mockRes();
+
+    const todayDate = new Date();
+    const notAdultUser = {
+      ...validUserPayload,
+      dateOfBirth: `${todayDate.getFullYear() - 17}-01-01`
+    };
+    const response = await controller.acs(notAdultUser);
+    response.apply(res);
+
+    expect(controller).toBeTruthy();
+    expect(res.status).toHaveBeenCalledWith(403);
+
+    const expectedForbiddenResponse = {
+      detail: expect.any(String),
+      status: 403,
+      title: "Forbidden",
+      type: undefined
+    };
+    expect(res.json).toHaveBeenCalledWith(expectedForbiddenResponse);
+  });
 });
 
 describe("AuthenticationController#getUserIdentity", () => {

@@ -38,7 +38,13 @@ import {
   withUserFromRequest
 } from "../types/user";
 import { log } from "../utils/logger";
-import { withCatchAsInternalError } from "../utils/responses";
+import {
+  IResponseErrorForbidden,
+  ResponseErrorForbidden,
+  withCatchAsInternalError
+} from "../utils/responses";
+
+import { isAdult } from "../utils/date";
 
 export default class AuthenticationController {
   constructor(
@@ -62,6 +68,7 @@ export default class AuthenticationController {
     // tslint:disable-next-line: max-union-size
     | IResponseErrorInternal
     | IResponseErrorValidation
+    | IResponseErrorForbidden
     | IResponseErrorTooManyRequests
     | IResponseErrorNotFound
     | IResponsePermanentRedirect
@@ -78,6 +85,15 @@ export default class AuthenticationController {
     }
 
     const spidUser = errorOrUser.value;
+
+    // If the user isn't an adult a forbidden response will be provided
+    if (
+      !fromNullable(spidUser.dateOfBirth)
+        .map(isAdult)
+        .getOrElse(true)
+    ) {
+      return ResponseErrorForbidden("Forbidden", "The user must be an adult");
+    }
     const sessionToken = this.tokenService.getNewToken() as SessionToken;
     const walletToken = this.tokenService.getNewToken() as WalletToken;
     const user = toAppUser(spidUser, sessionToken, walletToken);

@@ -0,0 +1,34 @@
+import { isAdult } from "../date";
+
+const today = new Date();
+
+describe("Check if a birthdate is for an adult user", () => {
+  it("should return true if the user has more than 18 years old", () => {
+    const validAdultBirthdate = `${today.getFullYear() - 19}-01-01`;
+    expect(isAdult(validAdultBirthdate)).toBeTruthy();
+  });
+
+  it("should return true if the user has exactly 18 years old", () => {
+    const currentMount =
+      today.getMonth() + 1 < 10
+        ? `0${today.getMonth() + 1}`
+        : today.getMonth() + 1;
+    const validAdultBirthdate = `${today.getFullYear() -
+      18}-${currentMount}-${today.getDate()}`;
+    expect(isAdult(validAdultBirthdate)).toBeTruthy();
+  });
+
+  it("should return false if the the user has less than 18 years old", () => {
+    const currentMount =
+      today.getMonth() + 1 < 10
+        ? `0${today.getMonth() + 1}`
+        : today.getMonth() + 1;
+    const validNotAdultBirthdate = `${today.getFullYear() -
+      18}-${currentMount}-${today.getDate() - 1}`;
+    expect(isAdult(validNotAdultBirthdate)).toBeFalsy();
+  });
+
+  it("should return false if the birthdate is invalid", () => {
+    expect(isAdult("2000-13-32")).toBeFalsy();
+  });
+});
@@ -0,0 +1,34 @@
+import { isRight } from "fp-ts/lib/Either";
+import * as t from "io-ts";
+
+export const dateRegex = /^(?<year>[12]\d{3})-(?<month>0[1-9]|1[0-2])-(?<day>0[1-9]|[12]\d|3[01])$/;
+const dateRegexGroups = t.interface({
+  day: t.string,
+  month: t.string,
+  year: t.string
+});
+
+export const isAdult = (dateOfBirth: string): boolean => {
+  const result = dateRegex.exec(dateOfBirth);
+  const date = dateRegexGroups.decode(result?.groups);
+  if (isRight(date)) {
+    const year = Number(date.value.year);
+    const currentDate = new Date();
+    const currentYear = currentDate.getFullYear();
+    const currentMonth = currentDate.getMonth() + 1;
+    const month = Number(date.value.month);
+    const dayNumber = Number(date.value.day);
+    const currentDayNumber = currentDate.getDate();
+    if (
+      year + 18 > currentYear ||
+      (year + 18 === currentYear &&
+        (currentMonth > month ||
+          (currentMonth === month && currentDayNumber > dayNumber)))
+    ) {
+      return false;
+    } else {
+      return true;
+    }
+  }
+  return false;
+};
@@ -2,7 +2,9 @@ import * as express from "express";
 import * as t from "io-ts";
 import { errorsToReadableMessages } from "italia-ts-commons/lib/reporters";
 import {
+  HttpStatusCodeEnum,
   IResponse,
+  ResponseErrorGeneric,
   ResponseErrorInternal,
   ResponseErrorValidation
 } from "italia-ts-commons/lib/responses";
@@ -24,6 +26,26 @@ export function ResponseNoContent(): IResponseNoContent {
   };
 }
 
+/**
+ * Interface for a forbidden error response.
+ */
+export interface IResponseErrorForbidden
+  extends IResponse<"IResponseErrorForbidden"> {
+  readonly detail: string;
+}
+/**
+ * Returns a forbidden error response with status code 403.
+ */
+export function ResponseErrorForbidden(
+  title: string,
+  detail: string
+): IResponseErrorForbidden {
+  return {
+    ...ResponseErrorGeneric(HttpStatusCodeEnum.HTTP_STATUS_403, title, detail),
+    ...{ detail: `${title}: ${detail}`, kind: "IResponseErrorForbidden" }
+  };
+}
+
 /**
  * Transforms async failures into internal errors
  */