pagopa · macacia · Oct 25, 2024 · Oct 23, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -3,53 +3,49 @@
 import it.gov.pagopa.payhub.auth.exception.custom.ClientUnauthorizedException;
 import it.gov.pagopa.payhub.auth.mapper.ClientMapper;
 import it.gov.pagopa.payhub.model.generated.ClientDTO;
-import org.springframework.beans.factory.annotation.Value;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
 @Service
 @Slf4j
 public class AuthorizeClientCredentialsRequestService {
-	private static final String ERROR = "Unauthorized client for client-credentials";
-	private static final String REGEX = "^(\\w+\\s*)(piattaforma-unitaria\\b)$";
+	private static final String PIATTAFORMA_UNITARIA_CLIENT_ID_PREFIX = "piattaforma-unitaria_";
 	private final ClientService clientService;
 	private final ClientMapper clientMapper;
-	private final String clientSecretEnv;
+	private final String piattaformaUnitariaClientSecret;
 
 	public AuthorizeClientCredentialsRequestService(
-			@Value("${piattaforma-unitaria-client-secret}") String clientSecretEnv,
 			ClientService clientService,
-			ClientMapper clientMapper) {
+			ClientMapper clientMapper,
+			@Value("${m2m.piattaforma-unitaria-client-secret}") String piattaformaUnitariaClientSecret) {
 		this.clientService = clientService;
 		this.clientMapper = clientMapper;
-		this.clientSecretEnv = clientSecretEnv;
+		this.piattaformaUnitariaClientSecret = piattaformaUnitariaClientSecret;
 	}
 
 	public ClientDTO authorizeCredentials(String clientId, String clientSecret) {
-		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
-		if (matcher.matches()) {
-			return retrieveByEnvProperties(clientId, matcher.group(1), matcher.group(2), clientSecret);
+		if (clientId.startsWith(PIATTAFORMA_UNITARIA_CLIENT_ID_PREFIX)) {
+			return authorizePiattaformaUnitariaCredentials(clientId, clientSecret);
 		}
-		return retrieveByCollection(clientId, clientSecret);
+		return authorizeSilCredentials(clientId, clientSecret);
 	}
 
-	private ClientDTO retrieveByCollection(String clientId, String clientSecret) {
+	private ClientDTO authorizeSilCredentials(String clientId, String clientSecret) {
 		return clientService.getClientByClientId(clientId)
 			.map(clientMapper::mapToDTO)
 			.filter(dto -> dto.getClientSecret().equals(clientSecret))
-			.orElseThrow(() -> new ClientUnauthorizedException(ERROR));
+			.orElseThrow(() -> new ClientUnauthorizedException("Unauthorized client with client-credentials grant type"));
 	}
 
-	private ClientDTO retrieveByEnvProperties(String clientId, String organizationIpaCode, String clientName, String clientSecret) {
-		if (!clientSecret.equals(clientSecretEnv))
-			throw new ClientUnauthorizedException(ERROR);
+	private ClientDTO authorizePiattaformaUnitariaCredentials(String clientId, String clientSecret) {
+		if (!clientSecret.equals(piattaformaUnitariaClientSecret))
+			throw new ClientUnauthorizedException("Unauthorized client for piattaforma-unitaria client-credentials");
+		String[] splittedClientId = clientId.split("_");
 		return ClientDTO.builder()
 			.clientId(clientId)
-			.clientName(clientName)
-			.organizationIpaCode(organizationIpaCode)
+			.clientName(splittedClientId[0])
+			.organizationIpaCode(splittedClientId[1])
 			.clientSecret(clientSecret)
 			.build();
 	}

@@ -68,4 +68,5 @@ data-chiper:
     p4pa-auth-hash-key: "\${DATA_CIPHER_P4PA_AUTH_HASH_KEY:PEPPER}"
     p4pa-auth-encrypt-psw: "\${DATA_CIPHER_P4PA_AUTH_ENCRYPT_PSW:PSW}"
 
-piattaforma-unitaria-client-secret: "\${PIATTAFORMA_UNITARIA_CLIENT_SECRET:SECRET}"
+m2m:
+    piattaforma-unitaria-client-secret: "\${PIATTAFORMA_UNITARIA_CLIENT_SECRET:SECRET}"
@@ -14,8 +14,6 @@
 
 import java.util.Optional;
 import java.util.UUID;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 @ExtendWith(MockitoExtension.class)
 class AuthorizeClientCredentialsRequestServiceTest {
@@ -26,11 +24,9 @@ class AuthorizeClientCredentialsRequestServiceTest {
 	private ClientMapper clientMapperMock;
 	private AuthorizeClientCredentialsRequestService service;
 
-	private static final String REGEX = "^(\\w+\\s*)(piattaforma-unitaria\\b)$";
-
 	@BeforeEach
 	void init() {
-		service = new AuthorizeClientCredentialsRequestService("SECRET", clientServiceMock, clientMapperMock);
+		service = new AuthorizeClientCredentialsRequestService(clientServiceMock, clientMapperMock, "SECRET");
 	}
 
 	@Test
@@ -51,7 +47,7 @@ void givenRightCredentialsWhenAuthorizeCredentialsThenOk() {
 
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
 		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
-		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
+
 		// When
 		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecretMock);
 		// Then
@@ -64,7 +60,6 @@ void givenUnexpectedClientIdCredentialsWhenAuthorizeCredentialsThenClientUnautho
 		String clientId = "UNEXPECTED_CLIENT_ID";
 		String clientSecretMock = UUID.randomUUID().toString();
 
-		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenThrow(new ClientUnauthorizedException("error"));
 		// When, Then
 		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, clientSecretMock));
@@ -86,7 +81,6 @@ void givenUnexpectedClientSecretCredentialsWhenAuthorizeCredentialsThenClientUna
 			.clientSecret(UUID.randomUUID().toString())
 			.build();
 
-		Assertions.assertFalse(Pattern.compile(REGEX).matcher(clientId).matches());
 		Mockito.when(clientServiceMock.getClientByClientId(clientId)).thenReturn(Optional.of(mockClient));
 		Mockito.when(clientMapperMock.mapToDTO(mockClient)).thenReturn(expectedClientDTO);
 
@@ -97,32 +91,26 @@ void givenUnexpectedClientSecretCredentialsWhenAuthorizeCredentialsThenClientUna
 	@Test
 	void givenSystemUserWhenMatcherThenAssertionOk() {
 		// Given
-		String clientId = "IPA_TEST_2piattaforma-unitaria";
-		String clientSecretEnv = "SECRET";
-		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
+		String clientId = "piattaforma-unitaria_IPA_TEST";
+		String clientSecret = "SECRET";
+		String[] splitted = clientId.split("_");
 
 		// When
-		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecretEnv);
-		Assertions.assertTrue(matcher.matches());
+		ClientDTO actualClientDTO = service.authorizeCredentials(clientId, clientSecret);
 		// Then
 		Assertions.assertEquals(
-			ClientDTO.builder()
-				.clientId(clientId)
-				.organizationIpaCode(matcher.group(1))
-				.clientName(matcher.group(2))
-				.clientSecret(clientSecretEnv)
-				.build()
-			, actualClientDTO);
+		ClientDTO.builder()
+			.clientId(clientId)
+			.clientName(splitted[0])
+			.organizationIpaCode(splitted[1])
+			.clientSecret(clientSecret)
+			.build(), actualClientDTO);
 	}
 
 	@Test
 	void givenSystemUserWhenMatcherThenClientUnauthorizedException() {
-		// Given
-		String clientId = "IPA_TEST_2piattaforma-unitaria";
-		Matcher matcher = Pattern.compile(REGEX).matcher(clientId);
-
-		// When, Then
-		Assertions.assertTrue(matcher.matches());
-		Assertions.assertThrows(ClientUnauthorizedException.class, () -> service.authorizeCredentials(clientId, "UNEXPECTED_SECRET"));
+		// Given, When, Then
+		Assertions.assertThrows(ClientUnauthorizedException.class,
+			() -> service.authorizeCredentials("piattaforma-unitaria_IPA_TEST", "UNEXPECTED_SECRET"));
 	}
 }