From fe519366c42b4ea5d44704dc5ba9fb23bec2f0c5 Mon Sep 17 00:00:00 2001 From: Roger V Date: Mon, 11 Dec 2023 15:50:18 +0000 Subject: [PATCH 1/3] PYIC-4181: Added IPV_VC_RESET audit event --- lambdas/reset-identity/build.gradle | 4 +- .../resetidentity/ResetIdentityHandler.java | 38 +++++++++++++++++++ .../library/auditing/AuditEventTypes.java | 3 +- 3 files changed, 43 insertions(+), 2 deletions(-) diff --git a/lambdas/reset-identity/build.gradle b/lambdas/reset-identity/build.gradle index 656b9e335a..b4d53a50b5 100644 --- a/lambdas/reset-identity/build.gradle +++ b/lambdas/reset-identity/build.gradle @@ -17,7 +17,9 @@ dependencies { project(":libs:common-services"), project(":libs:journey-uris"), project(":libs:cri-response-service"), - project(":libs:verifiable-credentials") + project(":libs:verifiable-credentials"), + project(":libs:user-identity-service"), + project(":libs:audit-service") aspect "software.amazon.lambda:powertools-logging:$rootProject.ext.dependencyVersions.powertoolsLogging", "software.amazon.lambda:powertools-tracing:$rootProject.ext.dependencyVersions.powertoolsTracing" diff --git a/lambdas/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java b/lambdas/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java index 226114d89c..603b860f27 100644 --- a/lambdas/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java +++ b/lambdas/reset-identity/src/main/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandler.java @@ -2,19 +2,27 @@ import com.amazonaws.services.lambda.runtime.Context; import com.amazonaws.services.lambda.runtime.RequestHandler; +import org.apache.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import software.amazon.lambda.powertools.logging.Logging; import software.amazon.lambda.powertools.tracing.Tracing; import uk.gov.di.ipv.core.library.annotations.ExcludeFromGeneratedCoverageReport; +import uk.gov.di.ipv.core.library.auditing.AuditEvent; +import uk.gov.di.ipv.core.library.auditing.AuditEventTypes; +import uk.gov.di.ipv.core.library.auditing.AuditEventUser; +import uk.gov.di.ipv.core.library.config.ConfigurationVariable; +import uk.gov.di.ipv.core.library.domain.ErrorResponse; import uk.gov.di.ipv.core.library.domain.JourneyErrorResponse; import uk.gov.di.ipv.core.library.domain.JourneyResponse; import uk.gov.di.ipv.core.library.domain.ProcessRequest; import uk.gov.di.ipv.core.library.exceptions.HttpResponseExceptionWithErrorBody; +import uk.gov.di.ipv.core.library.exceptions.SqsException; import uk.gov.di.ipv.core.library.helpers.LogHelper; import uk.gov.di.ipv.core.library.helpers.RequestHelper; import uk.gov.di.ipv.core.library.persistence.item.ClientOAuthSessionItem; import uk.gov.di.ipv.core.library.persistence.item.IpvSessionItem; +import uk.gov.di.ipv.core.library.service.AuditService; import uk.gov.di.ipv.core.library.service.ClientOAuthSessionDetailsService; import uk.gov.di.ipv.core.library.service.ConfigService; import uk.gov.di.ipv.core.library.service.CriResponseService; @@ -24,6 +32,7 @@ import java.util.Map; import static uk.gov.di.ipv.core.library.domain.CriConstants.F2F_CRI; +import static uk.gov.di.ipv.core.library.helpers.RequestHelper.getIpAddress; import static uk.gov.di.ipv.core.library.helpers.RequestHelper.getIpvSessionId; import static uk.gov.di.ipv.core.library.journeyuris.JourneyUris.JOURNEY_ERROR_PATH; import static uk.gov.di.ipv.core.library.journeyuris.JourneyUris.JOURNEY_NEXT_PATH; @@ -33,6 +42,7 @@ public class ResetIdentityHandler implements RequestHandler JOURNEY_NEXT = new JourneyResponse(JOURNEY_NEXT_PATH).toObjectMap(); private final ConfigService configService; + private final AuditService auditService; private final CriResponseService criResponseService; private final IpvSessionService ipvSessionService; private final ClientOAuthSessionDetailsService clientOAuthSessionDetailsService; @@ -41,11 +51,13 @@ public class ResetIdentityHandler implements RequestHandler handleRequest(ProcessRequest event, Context context) verifiableCredentialService.deleteVcStoreItems(userId, isUserInitiated); criResponseService.deleteCriResponseItem(userId, F2F_CRI); + if (isUserInitiated) { + sendIpvVcResetAuditEvent(event, userId, govukSigninJourneyId); + } + return JOURNEY_NEXT; } catch (HttpResponseExceptionWithErrorBody e) { LOGGER.error("HTTP response exception", e); return new JourneyErrorResponse( JOURNEY_ERROR_PATH, e.getResponseCode(), e.getErrorResponse()) .toObjectMap(); + } catch (SqsException e) { + LOGGER.error(ErrorResponse.FAILED_TO_SEND_AUDIT_EVENT.getMessage(), e); + return new JourneyErrorResponse( + JOURNEY_ERROR_PATH, + HttpStatus.SC_INTERNAL_SERVER_ERROR, + ErrorResponse.FAILED_TO_SEND_AUDIT_EVENT) + .toObjectMap(); } } + + private void sendIpvVcResetAuditEvent( + ProcessRequest event, String userId, String govukSigninJourneyId) + throws SqsException, HttpResponseExceptionWithErrorBody { + auditService.sendAuditEvent( + new AuditEvent( + AuditEventTypes.IPV_CORE_VC_RESET, + configService.getSsmParameter(ConfigurationVariable.COMPONENT_ID), + new AuditEventUser( + userId, + getIpvSessionId(event), + govukSigninJourneyId, + getIpAddress(event)))); + } } diff --git a/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java b/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java index 3c446fc73b..91e19a5370 100644 --- a/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java +++ b/libs/audit-service/src/main/java/uk/gov/di/ipv/core/library/auditing/AuditEventTypes.java @@ -20,5 +20,6 @@ public enum AuditEventTypes { IPV_F2F_PROFILE_NOT_MET_FAIL, IPV_CORE_CRI_RESOURCE_RETRIEVED, IPV_F2F_CRI_VC_ERROR, - IPV_MITIGATION_START + IPV_MITIGATION_START, + IPV_CORE_VC_RESET, } From 09a048e4c662fd7bd4683ac00316064cd035a2cd Mon Sep 17 00:00:00 2001 From: Roger V Date: Mon, 11 Dec 2023 16:30:19 +0000 Subject: [PATCH 2/3] PYIC-4181: Fixed unit test --- .../ipv/core/resetidentity/ResetIdentityHandlerTest.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lambdas/reset-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java b/lambdas/reset-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java index 82b130ac8e..03a5c98352 100644 --- a/lambdas/reset-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java +++ b/lambdas/reset-identity/src/test/java/uk/gov/di/ipv/core/resetidentity/ResetIdentityHandlerTest.java @@ -8,11 +8,14 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; +import uk.gov.di.ipv.core.library.auditing.AuditEvent; import uk.gov.di.ipv.core.library.domain.JourneyResponse; import uk.gov.di.ipv.core.library.domain.ProcessRequest; +import uk.gov.di.ipv.core.library.exceptions.SqsException; import uk.gov.di.ipv.core.library.helpers.SecureTokenHelper; import uk.gov.di.ipv.core.library.persistence.item.ClientOAuthSessionItem; import uk.gov.di.ipv.core.library.persistence.item.IpvSessionItem; +import uk.gov.di.ipv.core.library.service.AuditService; import uk.gov.di.ipv.core.library.service.ClientOAuthSessionDetailsService; import uk.gov.di.ipv.core.library.service.ConfigService; import uk.gov.di.ipv.core.library.service.CriResponseService; @@ -23,6 +26,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static uk.gov.di.ipv.core.library.domain.CriConstants.F2F_CRI; @@ -51,6 +55,7 @@ public class ResetIdentityHandlerTest { @Mock private Context context; @Mock private VerifiableCredentialService verifiableCredentialService; @Mock private CriResponseService criResponseService; + @Mock private AuditService mockAuditService; @Mock private IpvSessionService ipvSessionService; @Mock private ConfigService configService; @Mock private ClientOAuthSessionDetailsService clientOAuthSessionDetailsService; @@ -78,7 +83,7 @@ void setUpEach() { } @Test - void shouldDeleteUsersVcsAndReturnNext() { + void shouldDeleteUsersVcsAndReturnNext() throws SqsException { when(ipvSessionService.getIpvSession(TEST_SESSION_ID)).thenReturn(ipvSessionItem); when(clientOAuthSessionDetailsService.getClientOAuthSession(any())) .thenReturn(clientOAuthSessionItem); @@ -89,6 +94,7 @@ void shouldDeleteUsersVcsAndReturnNext() { verify(verifiableCredentialService).deleteVcStoreItems(TEST_USER_ID, true); verify(criResponseService).deleteCriResponseItem(TEST_USER_ID, F2F_CRI); + verify(mockAuditService, times(1)).sendAuditEvent((AuditEvent) any()); assertEquals(JOURNEY_NEXT.getJourney(), journeyResponse.getJourney()); } } From e814af264584d500b9c37e25e1d0b6c4c53c9941 Mon Sep 17 00:00:00 2001 From: Roger V Date: Thu, 14 Dec 2023 11:47:57 +0000 Subject: [PATCH 3/3] PYIC-4181: Removed redundant library dependency --- lambdas/reset-identity/build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/lambdas/reset-identity/build.gradle b/lambdas/reset-identity/build.gradle index b4d53a50b5..38831b6025 100644 --- a/lambdas/reset-identity/build.gradle +++ b/lambdas/reset-identity/build.gradle @@ -18,7 +18,6 @@ dependencies { project(":libs:journey-uris"), project(":libs:cri-response-service"), project(":libs:verifiable-credentials"), - project(":libs:user-identity-service"), project(":libs:audit-service") aspect "software.amazon.lambda:powertools-logging:$rootProject.ext.dependencyVersions.powertoolsLogging",