Merge branch 'develop' of https://github.com/pagopa/p4pa-auth into P4…

…ADEV-1277-postman-test-activity

src/main/java/it/gov/pagopa/payhub/auth/exception/AuthExceptionHandler.java

@@ -24,7 +24,7 @@ public ResponseEntity<AuthErrorDTO> handleInvalidGrantError(RuntimeException ex,
         return handleAuthErrorException(ex, request, HttpStatus.UNAUTHORIZED, AuthErrorDTO.ErrorEnum.INVALID_GRANT);
     }
 
-    @ExceptionHandler(InvalidExchangeClientException.class)
+    @ExceptionHandler({InvalidExchangeClientException.class, ClientUnauthorizedException.class})
     public ResponseEntity<AuthErrorDTO> handleInvalidClientError(RuntimeException ex, HttpServletRequest request){
         return handleAuthErrorException(ex, request, HttpStatus.UNAUTHORIZED, AuthErrorDTO.ErrorEnum.INVALID_CLIENT);
     }

src/main/java/it/gov/pagopa/payhub/auth/exception/custom/ClientUnauthorizedException.java

@@ -0,0 +1,7 @@
+package it.gov.pagopa.payhub.auth.exception.custom;
+
+public class ClientUnauthorizedException extends RuntimeException {
+    public ClientUnauthorizedException(String message){
+        super(message);
+    }
+}

src/main/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestService.java

@@ -0,0 +1,26 @@
+package it.gov.pagopa.payhub.auth.service.a2a;
+
+import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
+import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+@Service
+@Slf4j
+public class AuthorizeClientCredentialsRequestService {
+	private final ClientService clientService;
+	private final ClientMapper clientMapper;
+
+	public AuthorizeClientCredentialsRequestService(ClientService clientService, ClientMapper clientMapper) {
+		this.clientService = clientService;
+		this.clientMapper = clientMapper;
+	}
+
+	public ClientDTO authorizeCredentials(String clientId, String clientSecret) {
+		return clientService.getClientByClientId(clientId)
+			.map(clientMapper::mapToDTO)
+			.filter(dto -> dto.getClientSecret().equals(clientSecret))
+			.orElseThrow(() -> new ClientUnauthorizedException("Unauthorized client for client-credentials"));
+	}
+}

src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialServiceImpl.java

@@ -9,15 +9,18 @@
 public class ClientCredentialServiceImpl implements ClientCredentialService {
 
 	private final ValidateClientCredentialsService validateClientCredentialsService;
+	private final AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestService;
 
-	public ClientCredentialServiceImpl(ValidateClientCredentialsService validateClientCredentialsService) {
+	public ClientCredentialServiceImpl(ValidateClientCredentialsService validateClientCredentialsService, AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestService) {
 		this.validateClientCredentialsService = validateClientCredentialsService;
+		this.authorizeClientCredentialsRequestService = authorizeClientCredentialsRequestService;
 	}
 
 	@Override
 	public AccessToken postToken(String clientId, String scope, String clientSecret) {
 		log.info("Client {} requested authentication with client_credentials grant type and scope {}", clientId, scope);
 		validateClientCredentialsService.validate(scope, clientSecret);
+		authorizeClientCredentialsRequestService.authorizeCredentials(clientId, clientSecret);
 		return AccessToken.builder().accessToken("accessToken").build();
 	}
 }

src/main/java/it/gov/pagopa/payhub/auth/service/a2a/ClientServiceImpl.java

@@ -1,5 +1,6 @@
 package it.gov.pagopa.payhub.auth.service.a2a;
 
+import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
 import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
 import it.gov.pagopa.payhub.auth.model.Client;
 import it.gov.pagopa.payhub.auth.service.a2a.registration.ClientRegistrationService;

src/test/java/it/gov/pagopa/payhub/auth/service/a2a/AuthorizeClientCredentialsRequestServiceTest.java

@@ -0,0 +1,89 @@
+package it.gov.pagopa.payhub.auth.service.a2a;
+
+import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
+import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
+import it.gov.pagopa.payhub.auth.model.Client;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Optional;
+import java.util.UUID;
+
+@ExtendWith(MockitoExtension.class)
+class AuthorizeClientCredentialsRequestServiceTest {
+
+	@Mock
+	private ClientService clientServiceMock;
+	@Mock
+	private ClientMapper clientMapperMock;
+	private AuthorizeClientCredentialsRequestService service;
+
+	@BeforeEach
+	void init() {
+		service = new AuthorizeClientCredentialsRequestService(clientServiceMock, clientMapperMock);
+	}
+
+	@Test
+	void givenRightCredentialsWhenAuthorizeCredentialsThenOk() {
+		// Given
+		String organizationIpaCode = "IPA_TEST_2";
+		String clientName = "SERVICE_001";
+		String clientId = organizationIpaCode + clientName;
+		String clientSecretMock = UUID.randomUUID().toString();
+
+		Client mockClient = new Client();
+		ClientDTO expectedClientDTO = ClientDTO.builder()
+			.clientId(clientId)
+			.clientName(clientName)
+			.organizationIpaCode(organizationIpaCode)
+			.clientSecret(clientSecretMock)
+			.build();
+
+		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
+		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
+		// When
+		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecretMock);
+		// Then
+		Assertions.assertEquals(expectedClientDTO, actualClientDTO);
+	}
+
+	@Test
+	void givenUnexpectedClientIdCredentialsWhenAuthorizeCredentialsThenClientUnauthorizedException() {
+		// Given
+		String clientId = "UNEXPECTED_CLIENT_ID";
+		String clientSecretMock = UUID.randomUUID().toString();
+
+		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenThrow(new ClientUnauthorizedException("error"));
+		// When, Then
+		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, clientSecretMock));
+	}
+
+	@Test
+	void givenUnexpectedClientSecretCredentialsWhenAuthorizeCredentialsThenClientUnauthorizedException() {
+		// Given
+		String organizationIpaCode = "IPA_TEST_2";
+		String clientName = "SERVICE_001";
+		String clientId = organizationIpaCode + clientName;
+		String clientSecret = UUID.randomUUID().toString();
+
+		Client mockClient = new Client();
+		ClientDTO expectedClientDTO = ClientDTO.builder()
+			.clientId(clientId)
+			.clientName(clientName)
+			.organizationIpaCode(organizationIpaCode)
+			.clientSecret(UUID.randomUUID().toString())
+			.build();
+
+		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
+		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
+
+		// When, Then
+		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, clientSecret));
+	}
+}

src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ClientCredentialsServiceTest.java

@@ -1,6 +1,7 @@
 package it.gov.pagopa.payhub.auth.service.a2a;
 
 import it.gov.pagopa.payhub.model.generated.AccessToken;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -14,11 +15,14 @@ class ClientCredentialsServiceTest {
 
 	@Mock
 	private ValidateClientCredentialsService validateClientCredentialsServiceMock;
+	@Mock
+	private AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestServiceMock;
+
 	private ClientCredentialService service;
 
 	@BeforeEach
 	void init() {
-		service = new ClientCredentialServiceImpl(validateClientCredentialsServiceMock);
+		service = new ClientCredentialServiceImpl(validateClientCredentialsServiceMock, authorizeClientCredentialsRequestServiceMock);
 	}
 
 	@Test
@@ -29,6 +33,7 @@ void givenValidTokenWhenPostTokenThenSuccess(){
 		String clientSecret="CLIENT_SECRET";
 
 		Mockito.doNothing().when(validateClientCredentialsServiceMock).validate(scope, clientSecret);
+		Mockito.doReturn(new ClientDTO()).when(authorizeClientCredentialsRequestServiceMock).authorizeCredentials(clientId, clientSecret);
 		AccessToken expectedAccessToken = AccessToken.builder().accessToken("accessToken").build();
 		//When
 		AccessToken result = service.postToken(clientId, scope, clientSecret);

src/test/java/it/gov/pagopa/payhub/auth/service/a2a/ValidateClientCredentialsServiceTest.java

@@ -12,6 +12,7 @@
 @ExtendWith(MockitoExtension.class)
 class ValidateClientCredentialsServiceTest {
 
+
 	@InjectMocks
 	private ValidateClientCredentialsService service;
 
@@ -26,7 +27,7 @@ void givenValidRequestThenOk() {
 	@Test
 	void givenInvalidScopeThenInvalidExchangeRequestException() {
 		assertThrows(InvalidExchangeRequestException.class, () ->
-			service.validate("UNEXPECTED_SCOPE", ALLOWED_CLIENT_SECRET));
+			service.validate( "UNEXPECTED_SCOPE", ALLOWED_CLIENT_SECRET));
 	}
 
 	@Test