diff --git a/common-lambdas b/common-lambdas index 96e05e63..748d31de 160000 --- a/common-lambdas +++ b/common-lambdas @@ -1 +1 @@ -Subproject commit 96e05e631ea844fd0279293caa11be69a5fb32f5 +Subproject commit 748d31de88ae36791642679c5d03dc75b228a74a diff --git a/common-lib b/common-lib index e3f20821..bafd4009 160000 --- a/common-lib +++ b/common-lib @@ -1 +1 @@ -Subproject commit e3f208218f4cdcf849336dd180b10472665083fe +Subproject commit bafd4009bfe1f1c3a271f42416f15d34d1af0d02 diff --git a/lambdas/address/src/main/java/uk/gov/di/ipv/cri/address/api/handler/AddressHandler.java b/lambdas/address/src/main/java/uk/gov/di/ipv/cri/address/api/handler/AddressHandler.java index e61efde4..e8de7f6f 100644 --- a/lambdas/address/src/main/java/uk/gov/di/ipv/cri/address/api/handler/AddressHandler.java +++ b/lambdas/address/src/main/java/uk/gov/di/ipv/cri/address/api/handler/AddressHandler.java @@ -7,6 +7,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.datatype.jdk8.Jdk8Module; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; +import com.nimbusds.oauth2.sdk.OAuth2Error; import org.apache.logging.log4j.Level; import software.amazon.awssdk.http.HttpStatusCode; import software.amazon.awssdk.services.sqs.SqsClient; @@ -105,11 +106,16 @@ public APIGatewayProxyResponseEvent handleRequest( } catch (SessionNotFoundException | SessionExpiredException e) { eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.BAD_REQUEST, e.getMessage()); + OAuth2Error.INVALID_REQUEST.getHTTPStatusCode(), + OAuth2Error.INVALID_REQUEST + .appendDescription(" - " + e.getMessage()) + .toJSONObject()); } catch (AddressProcessingException | SqsException e) { eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.INTERNAL_SERVER_ERROR, e.getMessage()); - } + OAuth2Error.SERVER_ERROR.getHTTPStatusCode(), + OAuth2Error.SERVER_ERROR + .appendDescription(" - " + e.getMessage()) + .toJSONObject()); } } } diff --git a/lambdas/issuecredential/src/main/java/uk/gov/di/ipv/cri/address/api/handler/IssueCredentialHandler.java b/lambdas/issuecredential/src/main/java/uk/gov/di/ipv/cri/address/api/handler/IssueCredentialHandler.java index 4b77a193..02600123 100644 --- a/lambdas/issuecredential/src/main/java/uk/gov/di/ipv/cri/address/api/handler/IssueCredentialHandler.java +++ b/lambdas/issuecredential/src/main/java/uk/gov/di/ipv/cri/address/api/handler/IssueCredentialHandler.java @@ -9,6 +9,7 @@ import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.nimbusds.jose.JOSEException; import com.nimbusds.jwt.SignedJWT; +import com.nimbusds.oauth2.sdk.OAuth2Error; import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.token.AccessToken; import com.nimbusds.oauth2.sdk.token.AccessTokenType; @@ -23,6 +24,9 @@ import uk.gov.di.ipv.cri.address.library.service.AddressService; import uk.gov.di.ipv.cri.common.library.domain.AuditEventType; import uk.gov.di.ipv.cri.common.library.error.ErrorResponse; +import uk.gov.di.ipv.cri.common.library.exception.AccessTokenExpiredException; +import uk.gov.di.ipv.cri.common.library.exception.SessionExpiredException; +import uk.gov.di.ipv.cri.common.library.exception.SessionNotFoundException; import uk.gov.di.ipv.cri.common.library.exception.SqsException; import uk.gov.di.ipv.cri.common.library.service.AuditService; import uk.gov.di.ipv.cri.common.library.service.ConfigurationService; @@ -44,7 +48,7 @@ public class IssueCredentialHandler private final VerifiableCredentialService verifiableCredentialService; private final AddressService addressService; private final SessionService sessionService; - private EventProbe eventProbe; + private final EventProbe eventProbe; private final AuditService auditService; public IssueCredentialHandler( @@ -86,7 +90,7 @@ public APIGatewayProxyResponseEvent handleRequest( try { var accessToken = validateInputHeaderBearerToken(input.getHeaders()); - var sessionItem = this.sessionService.getSessionByAccessToken(accessToken); + var sessionItem = sessionService.getSessionByAccessToken(accessToken); var addressItem = addressService.getAddressItem(sessionItem.getSessionId()); SignedJWT signedJWT = @@ -101,15 +105,43 @@ public APIGatewayProxyResponseEvent handleRequest( eventProbe.log(ERROR, ex).counterMetric(ADDRESS_CREDENTIAL_ISSUER, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.INTERNAL_SERVER_ERROR, ex.awsErrorDetails().errorMessage()); + OAuth2Error.SERVER_ERROR.getHTTPStatusCode(), + OAuth2Error.SERVER_ERROR.appendDescription(" - " + ex.awsErrorDetails().errorMessage())); } catch (CredentialRequestException | ParseException | JOSEException e) { eventProbe.log(ERROR, e).counterMetric(ADDRESS_CREDENTIAL_ISSUER, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.BAD_REQUEST, ErrorResponse.VERIFIABLE_CREDENTIAL_ERROR); + OAuth2Error.INVALID_REQUEST.getHTTPStatusCode(), + OAuth2Error.INVALID_REQUEST + .appendDescription(" - " + ErrorResponse.VERIFIABLE_CREDENTIAL_ERROR) + .toJSONObject()); } catch (SqsException sqsException) { return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.INTERNAL_SERVER_ERROR, sqsException.getMessage()); + OAuth2Error.SERVER_ERROR.getHTTPStatusCode(), + OAuth2Error.SERVER_ERROR + .appendDescription(" - " + sqsException.getMessage()) + .toJSONObject()); + } catch (AccessTokenExpiredException e) { + eventProbe.log(ERROR, e).counterMetric(ADDRESS_CREDENTIAL_ISSUER, 0d); + return ApiGatewayResponseGenerator.proxyJsonResponse( + OAuth2Error.ACCESS_DENIED.getHTTPStatusCode(), + OAuth2Error.ACCESS_DENIED + .appendDescription(" - " + ErrorResponse.ACCESS_TOKEN_EXPIRED) + .toJSONObject()); + } catch (SessionExpiredException e) { + eventProbe.log(ERROR, e).counterMetric(ADDRESS_CREDENTIAL_ISSUER, 0d); + return ApiGatewayResponseGenerator.proxyJsonResponse( + OAuth2Error.ACCESS_DENIED.getHTTPStatusCode(), + OAuth2Error.ACCESS_DENIED + .appendDescription(" - " + ErrorResponse.SESSION_EXPIRED) + .toJSONObject()); + } catch (SessionNotFoundException e) { + eventProbe.log(ERROR, e).counterMetric(ADDRESS_CREDENTIAL_ISSUER, 0d); + return ApiGatewayResponseGenerator.proxyJsonResponse( + OAuth2Error.ACCESS_DENIED.getHTTPStatusCode(), + OAuth2Error.ACCESS_DENIED + .appendDescription(" - " + ErrorResponse.SESSION_NOT_FOUND) + .toJSONObject()); } } diff --git a/lambdas/postcode-lookup/build.gradle b/lambdas/postcode-lookup/build.gradle index 30956d6d..826274c8 100644 --- a/lambdas/postcode-lookup/build.gradle +++ b/lambdas/postcode-lookup/build.gradle @@ -8,7 +8,8 @@ dependencies { implementation project(":common-lib"), configurations.aws, configurations.lambda, - configurations.gson + configurations.gson, + configurations.nimbus aspect configurations.powertools diff --git a/lambdas/postcode-lookup/src/main/java/uk/gov/di/ipv/cri/address/api/handler/PostcodeLookupHandler.java b/lambdas/postcode-lookup/src/main/java/uk/gov/di/ipv/cri/address/api/handler/PostcodeLookupHandler.java index 766fe05d..39ec9853 100644 --- a/lambdas/postcode-lookup/src/main/java/uk/gov/di/ipv/cri/address/api/handler/PostcodeLookupHandler.java +++ b/lambdas/postcode-lookup/src/main/java/uk/gov/di/ipv/cri/address/api/handler/PostcodeLookupHandler.java @@ -4,6 +4,7 @@ import com.amazonaws.services.lambda.runtime.RequestHandler; import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent; import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent; +import com.nimbusds.oauth2.sdk.OAuth2Error; import org.apache.logging.log4j.Level; import software.amazon.awssdk.http.HttpStatusCode; import software.amazon.lambda.powertools.logging.CorrelationIdPathConstants; @@ -67,15 +68,31 @@ public APIGatewayProxyResponseEvent handleRequest( } catch (PostcodeLookupValidationException e) { eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.BAD_REQUEST, ErrorResponse.INVALID_POSTCODE); - } catch (SessionExpiredException | SessionNotFoundException e) { + OAuth2Error.INVALID_REQUEST.getHTTPStatusCode(), + OAuth2Error.INVALID_REQUEST + .appendDescription(" - " + ErrorResponse.INVALID_POSTCODE) + .toJSONObject()); + } catch (SessionExpiredException e) { eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.BAD_REQUEST, e.getMessage()); + OAuth2Error.ACCESS_DENIED.getHTTPStatusCode(), + OAuth2Error.ACCESS_DENIED + .appendDescription(" - " + ErrorResponse.SESSION_EXPIRED) + .toJSONObject()); + } catch (SessionNotFoundException e) { + eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); + return ApiGatewayResponseGenerator.proxyJsonResponse( + OAuth2Error.ACCESS_DENIED.getHTTPStatusCode(), + OAuth2Error.ACCESS_DENIED + .appendDescription(" - " + ErrorResponse.SESSION_NOT_FOUND) + .toJSONObject()); } catch (Exception e) { eventProbe.log(Level.ERROR, e).counterMetric(LAMBDA_NAME, 0d); return ApiGatewayResponseGenerator.proxyJsonResponse( - HttpStatusCode.INTERNAL_SERVER_ERROR, ErrorResponse.SERVER_ERROR); + OAuth2Error.SERVER_ERROR.getHTTPStatusCode(), + OAuth2Error.SERVER_ERROR + .appendDescription(" - " + e.getMessage()) + .toJSONObject()); } } }