pagopa · macacia · Oct 22, 2024 · Oct 21, 2024 · Oct 22, 2024 · Oct 22, 2024
@@ -20,5 +20,8 @@ public class IamUserInfoDTO {
 
   // field calculated upon registration
   private String innerUserId;
+
+  // field to check if it is a real user or a machine/system user
+  private boolean systemUser;
 }
 
@@ -0,0 +1,29 @@
+package it.gov.pagopa.payhub.auth.mapper;
+
+import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
+import it.gov.pagopa.payhub.auth.dto.IamUserOrganizationRolesDTO;
+import it.gov.pagopa.payhub.auth.utils.Constants;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.function.Function;
+
+@Service
+public class ClientDTO2UserInfoMapper implements Function<ClientDTO, IamUserInfoDTO> {
+	@Override
+	public IamUserInfoDTO apply(ClientDTO clientDTO) {
+		return IamUserInfoDTO.builder()
+			.systemUser(true)
+			.issuer(clientDTO.getOrganizationIpaCode())
+			.userId(clientDTO.getClientId())
+			.name(clientDTO.getClientName())
+			.familyName(clientDTO.getOrganizationIpaCode())
+			.fiscalCode(clientDTO.getOrganizationIpaCode())
+			.organizationAccess(IamUserOrganizationRolesDTO.builder()
+				.organizationIpaCode(clientDTO.getOrganizationIpaCode())
+				.roles(Collections.singletonList(Constants.ROLE_ADMIN))
+				.build())
+			.build();
+	}
+}
@@ -1,4 +1,4 @@
-package it.gov.pagopa.payhub.auth.service.exchange;
+package it.gov.pagopa.payhub.auth.service;
 
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;

@@ -3,7 +3,6 @@
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import it.gov.pagopa.payhub.auth.exception.custom.InvalidTokenException;
-import it.gov.pagopa.payhub.auth.service.exchange.AccessTokenBuilderService;
 import it.gov.pagopa.payhub.auth.utils.JWTValidator;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;

@@ -1,6 +1,11 @@
 package it.gov.pagopa.payhub.auth.service.a2a;
 
+import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
+import it.gov.pagopa.payhub.auth.mapper.ClientDTO2UserInfoMapper;
+import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService;
+import it.gov.pagopa.payhub.auth.service.TokenStoreService;
 import it.gov.pagopa.payhub.model.generated.AccessToken;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
@@ -10,17 +15,30 @@ public class ClientCredentialServiceImpl implements ClientCredentialService {
 
 	private final ValidateClientCredentialsService validateClientCredentialsService;
 	private final AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestService;
+	private final AccessTokenBuilderService accessTokenBuilderService;
+	private final TokenStoreService tokenStoreService;
+	private final ClientDTO2UserInfoMapper clientDTO2UserInfoMapper;
 
-	public ClientCredentialServiceImpl(ValidateClientCredentialsService validateClientCredentialsService, AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestService) {
+	public ClientCredentialServiceImpl(
+			ValidateClientCredentialsService validateClientCredentialsService,
+			AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestService,
+			AccessTokenBuilderService accessTokenBuilderService,
+			TokenStoreService tokenStoreService, ClientDTO2UserInfoMapper clientDTO2UserInfoMapper) {
 		this.validateClientCredentialsService = validateClientCredentialsService;
 		this.authorizeClientCredentialsRequestService = authorizeClientCredentialsRequestService;
+		this.accessTokenBuilderService = accessTokenBuilderService;
+		this.tokenStoreService = tokenStoreService;
+		this.clientDTO2UserInfoMapper = clientDTO2UserInfoMapper;
 	}
 
 	@Override
 	public AccessToken postToken(String clientId, String scope, String clientSecret) {
 		log.info("Client {} requested authentication with client_credentials grant type and scope {}", clientId, scope);
 		validateClientCredentialsService.validate(scope, clientSecret);
-		authorizeClientCredentialsRequestService.authorizeCredentials(clientId, clientSecret);
-		return AccessToken.builder().accessToken("accessToken").build();
+		ClientDTO authorizedClient = authorizeClientCredentialsRequestService.authorizeCredentials(clientId, clientSecret);
+		AccessToken accessToken = accessTokenBuilderService.build();
+		IamUserInfoDTO iamUser = clientDTO2UserInfoMapper.apply(authorizedClient);
+		tokenStoreService.save(accessToken.getAccessToken(), iamUser);
+		return accessToken;
 	}
 }
@@ -1,6 +1,5 @@
 package it.gov.pagopa.payhub.auth.service.a2a;
 
-import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
 import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
 import it.gov.pagopa.payhub.auth.model.Client;
 import it.gov.pagopa.payhub.auth.service.a2a.registration.ClientRegistrationService;

@@ -3,6 +3,7 @@
 import com.auth0.jwt.interfaces.Claim;
 import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
 import it.gov.pagopa.payhub.auth.model.User;
+import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService;
 import it.gov.pagopa.payhub.auth.service.TokenStoreService;
 import it.gov.pagopa.payhub.model.generated.AccessToken;
 import lombok.extern.slf4j.Slf4j;

@@ -0,0 +1,55 @@
+package it.gov.pagopa.payhub.auth.mapper;
+
+import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
+import it.gov.pagopa.payhub.auth.dto.IamUserOrganizationRolesDTO;
+import it.gov.pagopa.payhub.auth.utils.Constants;
+import it.gov.pagopa.payhub.auth.utils.TestUtils;
+import it.gov.pagopa.payhub.model.generated.ClientDTO;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Collections;
+import java.util.UUID;
+
+@ExtendWith(MockitoExtension.class)
+class ClientDTO2UserInfoMapperTest {
+
+	@InjectMocks
+	private ClientDTO2UserInfoMapper mapper;
+
+	@Test
+	void givenDTOWhenApplyTheOk() {
+		// Given
+		String plainClientSecret = UUID.randomUUID().toString();
+		String organizationIpaCode = "organizationIpaCode";
+		String clientName = "clientName";
+		String clientId = organizationIpaCode + clientName;
+
+		ClientDTO clientDTO = ClientDTO.builder()
+			.clientId(clientId)
+			.clientName(clientName)
+			.organizationIpaCode(organizationIpaCode)
+			.clientSecret(plainClientSecret)
+			.build();
+		IamUserInfoDTO iamUserInfoDTO = IamUserInfoDTO.builder()
+			.systemUser(true)
+			.issuer(clientDTO.getOrganizationIpaCode())
+			.userId(clientDTO.getClientId())
+			.name(clientDTO.getClientName())
+			.familyName(clientDTO.getOrganizationIpaCode())
+			.fiscalCode(clientDTO.getOrganizationIpaCode())
+			.organizationAccess(IamUserOrganizationRolesDTO.builder()
+				.organizationIpaCode(clientDTO.getOrganizationIpaCode())
+				.roles(Collections.singletonList(Constants.ROLE_ADMIN))
+				.build())
+			.build();
+		// When
+		IamUserInfoDTO result = mapper.apply(clientDTO);
+		//Then
+		Assertions.assertEquals(iamUserInfoDTO,	result);
+		TestUtils.checkNotNullFields(result, "innerUserId");
+	}
+}
@@ -1,4 +1,4 @@
-package it.gov.pagopa.payhub.auth.service.exchange;
+package it.gov.pagopa.payhub.auth.service;
 
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.interfaces.DecodedJWT;

@@ -3,7 +3,6 @@
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import it.gov.pagopa.payhub.auth.exception.custom.InvalidTokenException;
-import it.gov.pagopa.payhub.auth.service.exchange.AccessTokenBuilderService;
 import it.gov.pagopa.payhub.auth.utils.JWTValidator;
 import org.junit.jupiter.api.Assertions;
 

@@ -1,5 +1,9 @@
 package it.gov.pagopa.payhub.auth.service.a2a;
 
+import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
+import it.gov.pagopa.payhub.auth.mapper.ClientDTO2UserInfoMapper;
+import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService;
+import it.gov.pagopa.payhub.auth.service.TokenStoreService;
 import it.gov.pagopa.payhub.model.generated.AccessToken;
 import it.gov.pagopa.payhub.model.generated.ClientDTO;
 import org.junit.jupiter.api.Assertions;
@@ -17,12 +21,24 @@ class ClientCredentialsServiceTest {
 	private ValidateClientCredentialsService validateClientCredentialsServiceMock;
 	@Mock
 	private AuthorizeClientCredentialsRequestService authorizeClientCredentialsRequestServiceMock;
+	@Mock
+	private AccessTokenBuilderService accessTokenBuilderServiceMock;
+	@Mock
+	private TokenStoreService tokenStoreServiceMock;
+	@Mock
+	private ClientDTO2UserInfoMapper clientDTO2UserInfoMapperMock;
 
 	private ClientCredentialService service;
 
 	@BeforeEach
 	void init() {
-		service = new ClientCredentialServiceImpl(validateClientCredentialsServiceMock, authorizeClientCredentialsRequestServiceMock);
+		service = new ClientCredentialServiceImpl(
+			validateClientCredentialsServiceMock,
+			authorizeClientCredentialsRequestServiceMock,
+			accessTokenBuilderServiceMock,
+			tokenStoreServiceMock,
+			clientDTO2UserInfoMapperMock
+		);
 	}
 
 	@Test
@@ -33,12 +49,17 @@ void givenValidTokenWhenPostTokenThenSuccess(){
 		String clientSecret="CLIENT_SECRET";
 
 		Mockito.doNothing().when(validateClientCredentialsServiceMock).validate(scope, clientSecret);
-		Mockito.doReturn(new ClientDTO()).when(authorizeClientCredentialsRequestServiceMock).authorizeCredentials(clientId, clientSecret);
+		ClientDTO clientDTO = new ClientDTO();
+		Mockito.doReturn(clientDTO).when(authorizeClientCredentialsRequestServiceMock).authorizeCredentials(clientId, clientSecret);
 		AccessToken expectedAccessToken = AccessToken.builder().accessToken("accessToken").build();
+		Mockito.when(accessTokenBuilderServiceMock.build()).thenReturn(expectedAccessToken);
+		IamUserInfoDTO iamUserInfo = new IamUserInfoDTO();
+		Mockito.when(clientDTO2UserInfoMapperMock.apply(clientDTO)).thenReturn(iamUserInfo);
 		//When
 		AccessToken result = service.postToken(clientId, scope, clientSecret);
 		//Then
-		Assertions.assertEquals(expectedAccessToken, result);
+		Assertions.assertSame(expectedAccessToken, result);
+		Mockito.verify(tokenStoreServiceMock).save(Mockito.same(expectedAccessToken.getAccessToken()), Mockito.same(iamUserInfo));
 	}
 
 }
@@ -3,6 +3,7 @@
 import com.auth0.jwt.interfaces.Claim;
 import it.gov.pagopa.payhub.auth.dto.IamUserInfoDTO;
 import it.gov.pagopa.payhub.auth.model.User;
+import it.gov.pagopa.payhub.auth.service.AccessTokenBuilderService;
 import it.gov.pagopa.payhub.auth.service.TokenStoreService;
 import it.gov.pagopa.payhub.model.generated.AccessToken;
 import org.junit.jupiter.api.AfterEach;

@@ -0,0 +1,25 @@
+package it.gov.pagopa.payhub.auth.utils;
+
+import org.junit.jupiter.api.Assertions;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+public class TestUtils {
+    private TestUtils(){}
+
+    /**
+     * It will assert not null on all o's fields
+     */
+    public static void checkNotNullFields(Object o, String... excludedFields) {
+        Set<String> excludedFieldsSet = new HashSet<>(Arrays.asList(excludedFields));
+        org.springframework.util.ReflectionUtils.doWithFields(o.getClass(),
+                f -> {
+                    f.setAccessible(true);
+                    Assertions.assertNotNull(f.get(o), "The field "+f.getName()+" of the input object of type "+o.getClass()+" is null!");
+                },
+                f -> !excludedFieldsSet.contains(f.getName()));
+    }
+
+}