Merge pull request #1466 from govuk-one-login/PYIC-4181

PYIC-4181: Added IPV_CORE_VC_RESET audit event
govuk-one-login · Dec 14, 2023 · b325c16 · b325c16
2 parents e0f243a + e814af2
commit b325c16
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 3 deletions.
diff --git a/lambdas/reset-identity/build.gradle b/lambdas/reset-identity/build.gradle
@@ -17,7 +17,8 @@ dependencies {
 			project(":libs:common-services"),
 			project(":libs:journey-uris"),
 			project(":libs:cri-response-service"),
-			project(":libs:verifiable-credentials")
+			project(":libs:verifiable-credentials"),
+			project(":libs:audit-service")
 
 	aspect "software.amazon.lambda:powertools-logging:$rootProject.ext.dependencyVersions.powertoolsLogging",
 			"software.amazon.lambda:powertools-tracing:$rootProject.ext.dependencyVersions.powertoolsTracing"

diff --git a/...s/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java b/...s/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java
@@ -2,19 +2,27 @@
 
 import com.amazonaws.services.lambda.runtime.Context;
 import com.amazonaws.services.lambda.runtime.RequestHandler;
+import org.apache.http.HttpStatus;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import software.amazon.lambda.powertools.logging.Logging;
 import software.amazon.lambda.powertools.tracing.Tracing;
 import uk.gov.di.ipv.core.library.annotations.ExcludeFromGeneratedCoverageReport;
+import uk.gov.di.ipv.core.library.auditing.AuditEvent;
+import uk.gov.di.ipv.core.library.auditing.AuditEventTypes;
+import uk.gov.di.ipv.core.library.auditing.AuditEventUser;
+import uk.gov.di.ipv.core.library.config.ConfigurationVariable;
+import uk.gov.di.ipv.core.library.domain.ErrorResponse;
 import uk.gov.di.ipv.core.library.domain.JourneyErrorResponse;
 import uk.gov.di.ipv.core.library.domain.JourneyResponse;
 import uk.gov.di.ipv.core.library.domain.ProcessRequest;
 import uk.gov.di.ipv.core.library.exceptions.HttpResponseExceptionWithErrorBody;
+import uk.gov.di.ipv.core.library.exceptions.SqsException;
 import uk.gov.di.ipv.core.library.helpers.LogHelper;
 import uk.gov.di.ipv.core.library.helpers.RequestHelper;
 import uk.gov.di.ipv.core.library.persistence.item.ClientOAuthSessionItem;
 import uk.gov.di.ipv.core.library.persistence.item.IpvSessionItem;
+import uk.gov.di.ipv.core.library.service.AuditService;
 import uk.gov.di.ipv.core.library.service.ClientOAuthSessionDetailsService;
 import uk.gov.di.ipv.core.library.service.ConfigService;
 import uk.gov.di.ipv.core.library.service.CriResponseService;
@@ -24,6 +32,7 @@
 import java.util.Map;
 
 import static uk.gov.di.ipv.core.library.domain.CriConstants.F2F_CRI;
+import static uk.gov.di.ipv.core.library.helpers.RequestHelper.getIpAddress;
 import static uk.gov.di.ipv.core.library.helpers.RequestHelper.getIpvSessionId;
 import static uk.gov.di.ipv.core.library.journeyuris.JourneyUris.JOURNEY_ERROR_PATH;
 import static uk.gov.di.ipv.core.library.journeyuris.JourneyUris.JOURNEY_NEXT_PATH;
@@ -33,6 +42,7 @@ public class ResetIdentityHandler implements RequestHandler<ProcessRequest, Map<
     private static final Map<String, Object> JOURNEY_NEXT =
             new JourneyResponse(JOURNEY_NEXT_PATH).toObjectMap();
     private final ConfigService configService;
+    private final AuditService auditService;
     private final CriResponseService criResponseService;
     private final IpvSessionService ipvSessionService;
     private final ClientOAuthSessionDetailsService clientOAuthSessionDetailsService;
@@ -41,11 +51,13 @@ public class ResetIdentityHandler implements RequestHandler<ProcessRequest, Map<
     @SuppressWarnings("unused") // Used by AWS
     public ResetIdentityHandler(
             ConfigService configService,
+            AuditService auditService,
             IpvSessionService ipvSessionService,
             ClientOAuthSessionDetailsService clientOAuthSessionDetailsService,
             CriResponseService criResponseService,
             VerifiableCredentialService verifiableCredentialService) {
         this.configService = configService;
+        this.auditService = auditService;
         this.ipvSessionService = ipvSessionService;
         this.clientOAuthSessionDetailsService = clientOAuthSessionDetailsService;
         this.criResponseService = criResponseService;
@@ -56,6 +68,7 @@ public ResetIdentityHandler(
     @ExcludeFromGeneratedCoverageReport
     public ResetIdentityHandler() {
         this.configService = new ConfigService();
+        this.auditService = new AuditService(AuditService.getDefaultSqsClient(), configService);
         this.ipvSessionService = new IpvSessionService(configService);
         this.clientOAuthSessionDetailsService = new ClientOAuthSessionDetailsService(configService);
         this.criResponseService = new CriResponseService(configService);
@@ -85,12 +98,37 @@ public Map<String, Object> handleRequest(ProcessRequest event, Context context)
             verifiableCredentialService.deleteVcStoreItems(userId, isUserInitiated);
             criResponseService.deleteCriResponseItem(userId, F2F_CRI);
 
+            if (isUserInitiated) {
+                sendIpvVcResetAuditEvent(event, userId, govukSigninJourneyId);
+            }
+
             return JOURNEY_NEXT;
         } catch (HttpResponseExceptionWithErrorBody e) {
             LOGGER.error("HTTP response exception", e);
             return new JourneyErrorResponse(
                             JOURNEY_ERROR_PATH, e.getResponseCode(), e.getErrorResponse())
                     .toObjectMap();
+        } catch (SqsException e) {
+            LOGGER.error(ErrorResponse.FAILED_TO_SEND_AUDIT_EVENT.getMessage(), e);
+            return new JourneyErrorResponse(
+                            JOURNEY_ERROR_PATH,
+                            HttpStatus.SC_INTERNAL_SERVER_ERROR,
+                            ErrorResponse.FAILED_TO_SEND_AUDIT_EVENT)
+                    .toObjectMap();
         }
     }
+
+    private void sendIpvVcResetAuditEvent(
+            ProcessRequest event, String userId, String govukSigninJourneyId)
+            throws SqsException, HttpResponseExceptionWithErrorBody {
+        auditService.sendAuditEvent(
+                new AuditEvent(
+                        AuditEventTypes.IPV_CORE_VC_RESET,
+                        configService.getSsmParameter(ConfigurationVariable.COMPONENT_ID),
+                        new AuditEventUser(
+                                userId,
+                                getIpvSessionId(event),
+                                govukSigninJourneyId,
+                                getIpAddress(event))));
+    }
 }
diff --git a/...set-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java b/...set-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java
@@ -8,11 +8,14 @@
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import uk.gov.di.ipv.core.library.auditing.AuditEvent;
 import uk.gov.di.ipv.core.library.domain.JourneyResponse;
 import uk.gov.di.ipv.core.library.domain.ProcessRequest;
+import uk.gov.di.ipv.core.library.exceptions.SqsException;
 import uk.gov.di.ipv.core.library.helpers.SecureTokenHelper;
 import uk.gov.di.ipv.core.library.persistence.item.ClientOAuthSessionItem;
 import uk.gov.di.ipv.core.library.persistence.item.IpvSessionItem;
+import uk.gov.di.ipv.core.library.service.AuditService;
 import uk.gov.di.ipv.core.library.service.ClientOAuthSessionDetailsService;
 import uk.gov.di.ipv.core.library.service.ConfigService;
 import uk.gov.di.ipv.core.library.service.CriResponseService;
@@ -23,6 +26,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static uk.gov.di.ipv.core.library.domain.CriConstants.F2F_CRI;
@@ -51,6 +55,7 @@ public class ResetIdentityHandlerTest {
     @Mock private Context context;
     @Mock private VerifiableCredentialService verifiableCredentialService;
     @Mock private CriResponseService criResponseService;
+    @Mock private AuditService mockAuditService;
     @Mock private IpvSessionService ipvSessionService;
     @Mock private ConfigService configService;
     @Mock private ClientOAuthSessionDetailsService clientOAuthSessionDetailsService;
@@ -78,7 +83,7 @@ void setUpEach() {
     }
 
     @Test
-    void shouldDeleteUsersVcsAndReturnNext() {
+    void shouldDeleteUsersVcsAndReturnNext() throws SqsException {
         when(ipvSessionService.getIpvSession(TEST_SESSION_ID)).thenReturn(ipvSessionItem);
         when(clientOAuthSessionDetailsService.getClientOAuthSession(any()))
                 .thenReturn(clientOAuthSessionItem);
@@ -89,6 +94,7 @@ void shouldDeleteUsersVcsAndReturnNext() {
 
         verify(verifiableCredentialService).deleteVcStoreItems(TEST_USER_ID, true);
         verify(criResponseService).deleteCriResponseItem(TEST_USER_ID, F2F_CRI);
+        verify(mockAuditService, times(1)).sendAuditEvent((AuditEvent) any());
         assertEquals(JOURNEY_NEXT.getJourney(), journeyResponse.getJourney());
     }
 }
diff --git a/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java b/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java
@@ -20,5 +20,6 @@ public enum AuditEventTypes {
     IPV_F2F_PROFILE_NOT_MET_FAIL,
     IPV_CORE_CRI_RESOURCE_RETRIEVED,
     IPV_F2F_CRI_VC_ERROR,
-    IPV_MITIGATION_START
+    IPV_MITIGATION_START,
+    IPV_CORE_VC_RESET,
 }