feat: Enable token validation in report

robert-server-ws-rest/src/main/java/fr/gouv/stopc/robertserver/ws/controller/impl/ReportControllerImpl.java

 package fr.gouv.stopc.robertserver.ws.controller.impl;
 
+import java.util.Objects;
+
 import javax.inject.Inject;
 
 import org.springframework.beans.factory.annotation.Value;
@@ -9,11 +11,13 @@ import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
+import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import fr.gouv.stopc.robertserver.ws.controller.IReportController;
 import fr.gouv.stopc.robertserver.ws.dto.ReportBatchResponseDto;
+import fr.gouv.stopc.robertserver.ws.dto.VerifyResponseDto;
 import fr.gouv.stopc.robertserver.ws.exception.RobertServerBadRequestException;
 import fr.gouv.stopc.robertserver.ws.exception.RobertServerException;
 import fr.gouv.stopc.robertserver.ws.exception.RobertServerUnauthorizedException;
@@ -30,118 +34,111 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 public class ReportControllerImpl implements IReportController {
 
-	private ContactDtoService contactDtoService;
-
-	private RestTemplate restTemplate;
-
-	@Value("${submission.code.server.host}")
-	private String serverCodeHost;
-
-	@Value("${submission.code.server.port}")
-	private String serverCodePort;
-
-	@Value("${submission.code.server.verify.path}")
-	private String serverCodeVerificationUri;
-
-	@Inject
-	public ReportControllerImpl(ContactDtoService contactDtoService, RestTemplate restTemplate) {
-
-		this.contactDtoService = contactDtoService;
-		this.restTemplate = restTemplate;
-	}
+    private ContactDtoService contactDtoService;
 
-	private boolean areBothFieldsPresent(ReportBatchRequestVo reportBatchRequestVo) {
-		return !CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())
-				&& StringUtils.isNotEmpty(reportBatchRequestVo.getContactsAsBinary());
-	}
+    private RestTemplate restTemplate;
 
-	private boolean areBothFieldsAbsent(ReportBatchRequestVo reportBatchRequestVo) {
-		return CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())
-				&& StringUtils.isEmpty(reportBatchRequestVo.getContactsAsBinary());
-	}
+    @Value("${submission.code.server.host}")
+    private String serverCodeHost;
 
-	@Override
-	public ResponseEntity<ReportBatchResponseDto> reportContactHistory(ReportBatchRequestVo reportBatchRequestVo) throws RobertServerException {
+    @Value("${submission.code.server.port}")
+    private String serverCodePort;
 
-		if (CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())) {
-			log.warn("No contacts in request");
-			return ResponseEntity.badRequest().build();
-		}
+    @Value("${submission.code.server.verify.path}")
+    private String serverCodeVerificationUri;
 
-		if (areBothFieldsPresent(reportBatchRequestVo)) {
-			log.warn("Contacts and ContactsAsBinary are both present");
-			return ResponseEntity.badRequest().build();
-		} else if (areBothFieldsAbsent(reportBatchRequestVo)) {
-			log.warn("Contacts and ContactsAsBinary are absent");
-			return ResponseEntity.badRequest().build();
-		}
+    @Inject
+    public ReportControllerImpl(ContactDtoService contactDtoService, RestTemplate restTemplate) {
 
-		checkValidityToken(reportBatchRequestVo.getToken());
+        this.contactDtoService = contactDtoService;
+        this.restTemplate = restTemplate;
+    }
 
-		contactDtoService.saveContacts(reportBatchRequestVo.getContacts());
+    private boolean areBothFieldsPresent(ReportBatchRequestVo reportBatchRequestVo) {
+        return !CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())
+                && StringUtils.isNotEmpty(reportBatchRequestVo.getContactsAsBinary());
+    }
 
-		ReportBatchResponseDto reportBatchResponseDto = ReportBatchResponseDto.builder().message(MessageConstants.SUCCESSFUL_OPERATION.getValue()).success(Boolean.TRUE).build();
-		return ResponseEntity.ok(reportBatchResponseDto);
-	}
+    private boolean areBothFieldsAbsent(ReportBatchRequestVo reportBatchRequestVo) {
+        return CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())
+                && StringUtils.isEmpty(reportBatchRequestVo.getContactsAsBinary());
+    }
 
-	private void checkValidityToken(String token) throws RobertServerException {
+    @Override
+    public ResponseEntity<ReportBatchResponseDto> reportContactHistory(ReportBatchRequestVo reportBatchRequestVo) throws RobertServerException {
 
-		if (StringUtils.isEmpty(token)) {
-			log.warn("No token provided");
-			throw new RobertServerBadRequestException(MessageConstants.INVALID_DATA.getValue());
-		}
+        if (CollectionUtils.isEmpty(reportBatchRequestVo.getContacts())) {
+            log.warn("No contacts in request");
+            return ResponseEntity.badRequest().build();
+        }
 
-		if (token.length() != 6 && token.length() != 36) {
-			log.warn("Token size is incorrect");
-			throw new RobertServerBadRequestException(MessageConstants.INVALID_DATA.getValue());
-		}
-		// TODO: Enable this when the token validation service is available
-		// ResponseEntity<VerifyResponseDto> response = restTemplate.getForEntity(constructUri(), VerifyResponseDto.class, initHttpEntity(token));
+        if (areBothFieldsPresent(reportBatchRequestVo)) {
+            log.warn("Contacts and ContactsAsBinary are both present");
+            return ResponseEntity.badRequest().build();
+        } else if (areBothFieldsAbsent(reportBatchRequestVo)) {
+            log.warn("Contacts and ContactsAsBinary are absent");
+            return ResponseEntity.badRequest().build();
+        }
 
-		//		boolean isValid = Optional.ofNullable(response).map(ResponseEntity::getBody).map(VerifyResponseDto::isValid).orElse(false);
+        checkValidityToken(reportBatchRequestVo.getToken());
 
-		// TODO: If isValid == false, then throw exception (when token validation is enabled).
-		if (false) {
-			throw new RobertServerUnauthorizedException(MessageConstants.INVALID_AUTHENTICATION.getValue());
-		}
-	}
+        contactDtoService.saveContacts(reportBatchRequestVo.getContacts());
 
-	private String getCodeType(String token) {
+        ReportBatchResponseDto reportBatchResponseDto = ReportBatchResponseDto.builder().message(MessageConstants.SUCCESSFUL_OPERATION.getValue()).success(Boolean.TRUE).build();
+        return ResponseEntity.ok(reportBatchResponseDto);
+    }
 
-		return token.length() == 6 ? "6-alphanum" : "UUIDv4";
-	}
+    private void checkValidityToken(String token) throws RobertServerException {
 
-	private HttpEntity<VerifyRequestVo> initHttpEntity(String token) {
+        if (StringUtils.isEmpty(token)) {
+            log.warn("No token provided");
+            throw new RobertServerBadRequestException(MessageConstants.INVALID_DATA.getValue());
+        }
 
-		HttpHeaders headers = new HttpHeaders();
-		headers.setContentType(MediaType.APPLICATION_JSON);
+        if (token.length() != 6 && token.length() != 36) {
+            log.warn("Token size is incorrect");
+            throw new RobertServerBadRequestException(MessageConstants.INVALID_DATA.getValue());
+        }
 
-		return new HttpEntity(new VerifyRequestVo(token, getCodeType(token)), headers);
-	}
+        ResponseEntity<VerifyResponseDto> response = null;
+        try {
+            response = restTemplate.getForEntity(constructUri(token), VerifyResponseDto.class);
+        } catch (RestClientException e) {
+            log.error("Unable to verify the token due to {}", e.getMessage());
+            throw new RobertServerBadRequestException(MessageConstants.ERROR_OCCURED.getValue());
+        }
 
-	private String constructUri() {
+        if (Objects.isNull(response) ||  !response.getBody().isValid()) {
+            log.warn("Verifying the token failed");
+            throw new RobertServerUnauthorizedException(MessageConstants.INVALID_AUTHENTICATION.getValue());
+        }
+        
+        log.info("Verifying the token succeeded");
+    }
 
-		return UriComponentsBuilder.newInstance().scheme("http").host(serverCodeHost).port(serverCodePort).path(serverCodeVerificationUri).build().toString();
-	}
+    private String getCodeType(String token) {
 
-	@NoArgsConstructor
-	@AllArgsConstructor
-	@Data
-	class VerifyRequestVo {
+        return token.length() == 6 ? "2" : "1";
+    }
 
-		private String code;
+    private String constructUri(String token) {
 
-		private String type;
+        return UriComponentsBuilder.newInstance().scheme("http").host(serverCodeHost).port(serverCodePort)
+                .path(serverCodeVerificationUri)
+                .queryParam("code", token)
+                .queryParam("type", getCodeType(token))
+                .build().toString();
+    }
 
-	}
+    @NoArgsConstructor
+    @AllArgsConstructor
+    @Data
+    class VerifyRequestVo {
 
-	@NoArgsConstructor
-	@AllArgsConstructor
-	@Data
-	class VerifyResponseDto {
+        private String code;
 
-		private boolean valid;
+        private String type;
 
-	}
+    }
 
 }

robert-server-ws-rest/src/test/java/test/fr/gouv/stopc/robertserver/ws/ReportControllerWsRestTest.java

@@ -10,16 +10,16 @@ import static org.mockito.Mockito.atLeast;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
 
 import java.net.URI;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.inject.Inject;
-
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
@@ -39,6 +39,7 @@ import org.springframework.web.util.UriComponentsBuilder;
 
 import fr.gouv.stopc.robertserver.ws.RobertServerWsRestApplication;
 import fr.gouv.stopc.robertserver.ws.dto.ReportBatchResponseDto;
+import fr.gouv.stopc.robertserver.ws.dto.VerifyResponseDto;
 import fr.gouv.stopc.robertserver.ws.exception.ApiError;
 import fr.gouv.stopc.robertserver.ws.exception.RobertServerException;
 import fr.gouv.stopc.robertserver.ws.service.ContactDtoService;
@@ -54,7 +55,7 @@ import fr.gouv.stopc.robertserver.ws.vo.ReportBatchRequestVo;
 @TestPropertySource("classpath:application.properties")
 public class ReportControllerWsRestTest {
 
-	@Inject
+	@Autowired
 	private TestRestTemplate testRestTemplate;
 
 	private HttpEntity<ReportBatchRequestVo> requestEntity;
@@ -186,6 +187,8 @@ public class ReportControllerWsRestTest {
 			this.reportBatchRequestVo = ReportBatchRequestVo.builder().token("23DC4B32-7552-44C1-B98A-DDE5F75B1729").contacts(this.contacts).build();
 
 			this.requestEntity = new HttpEntity<>(this.reportBatchRequestVo, this.headers);
+			
+			when(this.restTemplate.getForEntity(any(), any())).thenReturn(ResponseEntity.ok(VerifyResponseDto.builder().valid(true).build()));
 
 			ResponseEntity<ReportBatchResponseDto> response = this.testRestTemplate.exchange(targetUrl, HttpMethod.POST, this.requestEntity, ReportBatchResponseDto.class);
 
@@ -209,6 +212,8 @@ public class ReportControllerWsRestTest {
 			// Given
 			this.requestEntity = new HttpEntity<>(this.reportBatchRequestVo, this.headers);
 
+			when(this.restTemplate.getForEntity(any(), any())).thenReturn(ResponseEntity.ok(VerifyResponseDto.builder().valid(true).build()));
+
 			// When
 			ResponseEntity<ReportBatchResponseDto> response = this.testRestTemplate.exchange(targetUrl, HttpMethod.POST, this.requestEntity, ReportBatchResponseDto.class);
 
@@ -314,6 +319,8 @@ public class ReportControllerWsRestTest {
 
 		// Given
 		this.requestEntity = new HttpEntity<>(this.reportBatchRequestVo, this.headers);
+		
+		when(this.restTemplate.getForEntity(any(), any())).thenReturn(ResponseEntity.ok(VerifyResponseDto.builder().valid(true).build()));
 
 		doThrow(new RobertServerException(MessageConstants.ERROR_OCCURED)).when(this.contactDtoService).saveContacts(any());