Use syslumenn api to verify delegation.

island-is · Sep 17, 2024 · 81a229e · 81a229e
1 parent e8480d9
commit 81a229e
Show file tree

Hide file tree

Showing 13 changed files with 1,187 additions and 256 deletions.
diff --git a/apps/services/auth/delegation-api/src/app/app.module.ts b/apps/services/auth/delegation-api/src/app/app.module.ts
@@ -7,9 +7,10 @@ import {
   SequelizeConfigService,
 } from '@island.is/auth-api-lib'
 import { AuthModule } from '@island.is/auth-nest-tools'
+import { RskRelationshipsClientConfig } from '@island.is/clients-rsk-relationships'
 import { NationalRegistryClientConfig } from '@island.is/clients/national-registry-v2'
 import { CompanyRegistryConfig } from '@island.is/clients/rsk/company-registry'
-import { RskRelationshipsClientConfig } from '@island.is/clients-rsk-relationships'
+import { SyslumennClientConfig } from '@island.is/clients/syslumenn'
 import { AuditModule } from '@island.is/nest/audit'
 import {
   ConfigModule,
@@ -50,6 +51,7 @@ import { ScopesModule } from './scopes/scopes.module'
         CompanyRegistryConfig,
         XRoadConfig,
         DelegationApiUserSystemNotificationConfig,
+        SyslumennClientConfig,
       ],
     }),
   ],

diff --git a/apps/services/auth/ids-api/src/app/app.module.ts b/apps/services/auth/ids-api/src/app/app.module.ts
@@ -11,6 +11,7 @@ import { RskRelationshipsClientConfig } from '@island.is/clients-rsk-relationshi
 import { NationalRegistryClientConfig } from '@island.is/clients/national-registry-v2'
 import { NationalRegistryV3ClientConfig } from '@island.is/clients/national-registry-v3'
 import { CompanyRegistryConfig } from '@island.is/clients/rsk/company-registry'
+import { SyslumennClientConfig } from '@island.is/clients/syslumenn'
 import { UserProfileClientConfig } from '@island.is/clients/user-profile'
 import { AuditModule } from '@island.is/nest/audit'
 import {
@@ -28,12 +29,12 @@ import { DelegationsModule } from './delegations/delegations.module'
 import { GrantsModule } from './grants/grants.module'
 import { LoginRestrictionsModule } from './login-restrictions/login-restrictions.module'
 import { NotificationsModule } from './notifications/notifications.module'
+import { PasskeysModule } from './passkeys/passkeys.module'
 import { PermissionsModule } from './permissions/permissions.module'
 import { ResourcesModule } from './resources/resources.module'
 import { TranslationModule } from './translation/translation.module'
 import { UserProfileModule } from './user-profile/user-profile.module'
 import { UsersModule } from './users/users.module'
-import { PasskeysModule } from './passkeys/passkeys.module'
 
 @Module({
   imports: [
@@ -68,6 +69,7 @@ import { PasskeysModule } from './passkeys/passkeys.module'
         PasskeysCoreConfig,
         NationalRegistryV3ClientConfig,
         smsModuleConfig,
+        SyslumennClientConfig,
       ],
     }),
   ],

diff --git a/apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts b/apps/services/auth/ids-api/src/app/delegations/delegation-verification-result.dto.ts
@@ -0,0 +1,8 @@
+import { ApiProperty } from '@nestjs/swagger'
+import { IsBoolean } from 'class-validator'
+
+export class DelegationVerificationResult {
+  @IsBoolean()
+  @ApiProperty()
+  verified!: boolean
+}
diff --git a/apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts b/apps/services/auth/ids-api/src/app/delegations/delegations.controller.ts
@@ -1,6 +1,7 @@
 import {
   Controller,
   Get,
+  Headers,
   Inject,
   ParseArrayPipe,
   Query,
@@ -27,6 +28,8 @@ import {
 import { LOGGER_PROVIDER } from '@island.is/logging'
 import { AuthDelegationType } from '@island.is/shared/types'
 
+import { DelegationVerificationResult } from './delegation-verification-result.dto'
+
 import type { Logger } from '@island.is/logging'
 import type { User } from '@island.is/auth-nest-tools'
 
@@ -110,4 +113,26 @@ export class DelegationsController {
       delegationType,
     )
   }
+
+  @Scopes('@identityserver.api/authentication')
+  @Get('verify')
+  @ApiOkResponse({ type: DelegationVerificationResult })
+  async verify(
+    @CurrentUser() user: User,
+    @Headers('X-Query-From-National-Id')
+    fromNationalId: string,
+    @Query('delegationType')
+    delegationType: AuthDelegationType[],
+  ): Promise<DelegationVerificationResult> {
+    if (!Array.isArray(delegationType)) delegationType = [delegationType]
+
+    const verified =
+      await this.delegationsIncomingService.verifyDelegationAtProvider(
+        user,
+        fromNationalId,
+        delegationType,
+      )
+
+    return { verified }
+  }
 }
diff --git a/apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts b/apps/services/auth/ids-api/src/app/delegations/test/delegations-filters.spec.ts
@@ -15,7 +15,10 @@ import {
 import { createNationalRegistryUser } from '@island.is/testing/fixtures'
 import { TestApp, truncate } from '@island.is/testing/nest'
 
-import { setupWithAuth } from '../../../../test/setup'
+import {
+  nonExistingLegalRepresentativeNationalId,
+  setupWithAuth,
+} from '../../../../test/setup'
 import { testCases } from './delegations-filters-test-cases'
 import { user } from './delegations-filters-types'
 
@@ -128,4 +131,59 @@ describe('DelegationsController', () => {
       })
     },
   )
+
+  describe('verify', () => {
+    const testCase = testCases['legalRepresentative1']
+    testCase.user = user
+    const path = '/v1/delegations/verify'
+
+    beforeAll(async () => {
+      await truncate(sequelize)
+
+      await Promise.all(
+        testCase.domains.map((domain) => factory.createDomain(domain)),
+      )
+
+      await factory.createClient(testCase.client)
+
+      await Promise.all(
+        testCase.clientAllowedScopes.map((scope) =>
+          factory.createClientAllowedScope(scope),
+        ),
+      )
+
+      await Promise.all(
+        testCase.apiScopes.map((scope) => factory.createApiScope(scope)),
+      )
+
+      await factory.createDelegationIndexRecord({
+        fromNationalId: nonExistingLegalRepresentativeNationalId,
+        toNationalId: testCase.user.nationalId,
+        type: AuthDelegationType.LegalRepresentative,
+        provider: AuthDelegationProvider.DistrictCommissionersRegistry,
+      })
+    })
+
+    let res: request.Response
+    it(`GET ${path} returns verified response`, async () => {
+      res = await server
+        .get(path + `?delegationType=${AuthDelegationType.LegalRepresentative}`)
+        .set('X-Query-From-National-Id', testCase.fromLegalRepresentative[0])
+
+      expect(res.status).toEqual(200)
+      expect(res.body.verified).toEqual(true)
+    })
+
+    it(`GET ${path} returns non-verified response`, async () => {
+      res = await server
+        .get(path + `?delegationType=${AuthDelegationType.LegalRepresentative}`)
+        .set(
+          'X-Query-From-National-Id',
+          nonExistingLegalRepresentativeNationalId,
+        )
+
+      expect(res.status).toEqual(200)
+      expect(res.body.verified).toEqual(false)
+    })
+  })
 })
diff --git a/apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts b/apps/services/auth/ids-api/src/app/delegations/test/delegations-scopes.spec.ts
@@ -22,12 +22,14 @@ const legalGuardianScopes = ['lg1', 'lg2']
 const procurationHolderScopes = ['ph1', 'ph2']
 const customScopes1 = ['cu1', 'cu2']
 const customScopes2 = ['cu3', 'cu4']
+const legalRepresantativeScopes = ['lr1', 'lr2']
 
 const apiScopes = [
   ...legalGuardianScopes,
   ...procurationHolderScopes,
   ...customScopes1,
   ...customScopes2,
+  ...legalRepresantativeScopes,
 ]
 
 const fromCustom = [
@@ -48,6 +50,9 @@ const supportedDelegationTypes = (scopeName: string): AuthDelegationType[] => {
   if (customScopes1.includes(scopeName) || customScopes2.includes(scopeName)) {
     result.push(AuthDelegationType.Custom)
   }
+  if (legalRepresantativeScopes.includes(scopeName)) {
+    result.push(AuthDelegationType.LegalRepresentative)
+  }
   return result
 }
 
@@ -98,6 +103,11 @@ const testCases: Record<string, TestCase> = {
     ],
     expected: [...legalGuardianScopes, ...identityResources],
   },
+  '7': {
+    fromNationalId: createNationalId('person'),
+    delegationType: [AuthDelegationType.LegalRepresentative],
+    expected: [...legalRepresantativeScopes, ...identityResources],
+  },
 }
 
 const user = createCurrentUser({

diff --git a/apps/services/auth/ids-api/test/setup.ts b/apps/services/auth/ids-api/test/setup.ts
@@ -12,6 +12,7 @@ import { RskRelationshipsClient } from '@island.is/clients-rsk-relationships'
 import { NationalRegistryClientService } from '@island.is/clients/national-registry-v2'
 import { NationalRegistryV3ClientService } from '@island.is/clients/national-registry-v3'
 import { CompanyRegistryClientService } from '@island.is/clients/rsk/company-registry'
+import { SyslumennService } from '@island.is/clients/syslumenn'
 import { V2MeApi } from '@island.is/clients/user-profile'
 import { FeatureFlagService, Features } from '@island.is/nest/feature-flags'
 import {
@@ -21,6 +22,7 @@ import {
 } from '@island.is/services/auth/testing'
 import {
   createCurrentUser,
+  createNationalId,
   createUniqueWords,
 } from '@island.is/testing/fixtures'
 import {
@@ -67,6 +69,8 @@ export const defaultScopes: Scopes = {
   },
 }
 
+export const nonExistingLegalRepresentativeNationalId = createNationalId()
+
 class MockNationalRegistryClientService
   implements Partial<NationalRegistryClientService>
 {
@@ -125,6 +129,13 @@ export const setupWithAuth = async ({
         .useValue({
           getIndividualRelationships: jest.fn().mockResolvedValue(null),
         })
+        .overrideProvider(SyslumennService)
+        .useValue({
+          checkIfDelegationExists: (
+            _toNationalId: string,
+            fromNationalId: string,
+          ) => fromNationalId !== nonExistingLegalRepresentativeNationalId,
+        })
         .overrideProvider(FeatureFlagService)
         .useValue({
           getValue: (feature: Features) =>

diff --git a/apps/services/auth/public-api/src/app/app.module.ts b/apps/services/auth/public-api/src/app/app.module.ts
@@ -2,11 +2,15 @@ import { Module } from '@nestjs/common'
 import { SequelizeModule } from '@nestjs/sequelize'
 
 import {
-  SequelizeConfigService,
   DelegationConfig,
   PasskeysCoreConfig,
+  SequelizeConfigService,
 } from '@island.is/auth-api-lib'
 import { AuthModule } from '@island.is/auth-nest-tools'
+import { RskRelationshipsClientConfig } from '@island.is/clients-rsk-relationships'
+import { NationalRegistryClientConfig } from '@island.is/clients/national-registry-v2'
+import { CompanyRegistryConfig } from '@island.is/clients/rsk/company-registry'
+import { SyslumennClientConfig } from '@island.is/clients/syslumenn'
 import { AuditModule } from '@island.is/nest/audit'
 import {
   ConfigModule,
@@ -15,9 +19,6 @@ import {
 } from '@island.is/nest/config'
 import { FeatureFlagConfig } from '@island.is/nest/feature-flags'
 import { ProblemModule } from '@island.is/nest/problem'
-import { NationalRegistryClientConfig } from '@island.is/clients/national-registry-v2'
-import { CompanyRegistryConfig } from '@island.is/clients/rsk/company-registry'
-import { RskRelationshipsClientConfig } from '@island.is/clients-rsk-relationships'
 
 import { environment } from '../environments'
 import { DelegationsModule } from './modules/delegations/delegations.module'
@@ -44,6 +45,7 @@ import { PasskeysModule } from './modules/passkeys/passkeys.module'
         CompanyRegistryConfig,
         XRoadConfig,
         PasskeysCoreConfig,
+        SyslumennClientConfig,
       ],
     }),
   ],