Merge pull request #1756 from kekey1/OCD-4772

OCD-4772: Use generic error message if invitation token is invalid
chpladmin · Dec 16, 2024 · 0f6bddc · 0f6bddc
2 parents 18f914d + b6a390c
commit 0f6bddc
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 12 deletions.
diff --git a/chpl/chpl-api/src/main/java/gov/healthit/chpl/web/controller/UserManagementController.java b/chpl/chpl-api/src/main/java/gov/healthit/chpl/web/controller/UserManagementController.java
@@ -200,21 +200,40 @@ public CognitoUserInvitation inviteUser(@RequestBody CognitoUserInvitation invit
             })
     @RequestMapping(value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE,
             produces = "application/json; charset=utf-8")
-    public void addUser(@RequestBody CreateUserFromInvitationRequest userInfo) throws ValidationException, EmailNotSentException,
-        UserRetrievalException, UserCreationException, ActivityException {
+    public void addUser(@RequestBody CreateUserFromInvitationRequest userInfo) throws InvalidArgumentsException,
+        ValidationException, EmailNotSentException, UserRetrievalException, UserCreationException, ActivityException {
         if (!ff4j.check(FeatureList.SSO)) {
             throw new NotImplementedException("This method has not been implemented");
         }
+        UUID token = null;
 
         try {
-            CognitoUserInvitation invitation = cognitoInvitationManager.getByToken(UUID.fromString(userInfo.getHash()));
+            token = UUID.fromString(userInfo.getHash());
+        } catch (IllegalArgumentException ex) {
+            LOGGER.error("Attempting to create a user from a invalid invitation token: " + userInfo.getHash(), ex);
+            throw new InvalidArgumentsException(msgUtil.getMessage("user.invitation.invalid",
+                    authorizationLengthInDays + "",
+                    authorizationLengthInDays == 1 ? "" : "s"));
+        }
+
+        try {
+            CognitoUserInvitation invitation = cognitoInvitationManager.getByToken(token);
             if (invitation != null) {
                 cognitoUserManager.createUser(userInfo);
+            } else {
+                throw new InvalidArgumentsException(msgUtil.getMessage("user.invitation.invalid",
+                        authorizationLengthInDays + "",
+                        authorizationLengthInDays == 1 ? "" : "s"));
             }
         } catch (ValidationException ex) {
             throw ex;
         } catch (Exception ex) {
             LOGGER.error("Error creating user from invitation.", ex);
+            throw new InvalidArgumentsException(msgUtil.getMessage("user.invitation.invalid",
+                    authorizationLengthInDays + "",
+                    authorizationLengthInDays == 1 ? "" : "s"));
+        } finally {
+            SecurityContextHolder.getContext().setAuthentication(null);
         }
     }
 
@@ -275,7 +294,7 @@ public User updateUserDetails(@RequestBody User userInfo, @PathVariable("cognito
 
         UserInvitation invitation = invitationManager.getByInvitationHash(userInfo.getHash());
         if (invitation == null || invitation.isOlderThan(invitationLengthInDays)) {
-            throw new ValidationException(msgUtil.getMessage("user.invitation.expired",
+            throw new ValidationException(msgUtil.getMessage("user.invitation.invalid",
                     invitationLengthInDays + "",
                     invitationLengthInDays == 1 ? "" : "s"));
         }
@@ -378,7 +397,7 @@ public String authorizeUser(@RequestBody AuthorizeCredentials credentials)
 
         UserInvitation invitation = invitationManager.getByInvitationHash(credentials.getHash());
         if (invitation == null || invitation.isOlderThan(authorizationLengthInDays)) {
-            throw new InvalidArgumentsException(msgUtil.getMessage("user.invitation.expired",
+            throw new InvalidArgumentsException(msgUtil.getMessage("user.invitation.invalid",
                     authorizationLengthInDays + "",
                     authorizationLengthInDays == 1 ? "" : "s"));
         }

diff --git a/chpl/chpl-resources/src/main/resources/errors.properties b/chpl/chpl-resources/src/main/resources/errors.properties
@@ -852,7 +852,7 @@ search.questionableActivity.activityDate.invalid=Could not parse '%s' as an acti
 search.questionableActivity.invalidTrigger=The trigger ID %s is not valid.
 
 #invitation errors
-user.invitation.expired=The provided invitation key is not valid. The key is valid for up to %s day%s from when it is assigned.
+user.invitation.invalid=The provided invitation key is not valid. The key is valid for up to %s day%s from when it is assigned.
 user.confirmation.expired=The provided confirmation key is not valid. The key is valid for up to %s day%s from when it is assigned.
 user.invitation.emailRequired=Email is required to create invitation
 user.invitation.emailNotValid='%s' is not a valid email address

diff --git a/chpl/chpl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoApiWrapper.java b/chpl/chpl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoApiWrapper.java
@@ -257,9 +257,7 @@ public AuthenticationResultType refreshToken(String refreshToken, UUID cognitoId
             AdminInitiateAuthResponse authResult = cognitoClient.adminInitiateAuth(authRequest);
             return authResult.authenticationResult();
         } catch (Exception e) {
-            //This is cluttering the logs when the SSO flag is on, and the user logs in using CHPL creds
-            //We might want to uncomment it when we move to only using Cognito creds
-            //LOGGER.error("Error refreshing token", e);
+            LOGGER.error("Error refreshing token", e);
             return null;
         }
     }

diff --git a/...pl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoUserCreationValidator.java b/...pl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoUserCreationValidator.java
@@ -41,7 +41,7 @@ public Set<String> validate(CreateUserFromInvitationRequest userInfo) {
         Set<String> messages = new HashSet<String>();
 
         if (isInvitationExpired(UUID.fromString(userInfo.getHash()))) {
-            messages.add(msgUtil.getMessage("user.invitation.expired",
+            messages.add(msgUtil.getMessage("user.invitation.invalid",
                     invitationLengthInDays + "",
                     invitationLengthInDays == 1 ? "" : "s"));
         }

diff --git a/chpl/chpl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoUserManager.java b/chpl/chpl-service/src/main/java/gov/healthit/chpl/user/cognito/CognitoUserManager.java
@@ -193,7 +193,7 @@ public User addOrganizationToUser(UUID invitationToken, String accessToken) thro
         User originalUser = cognitoApiWrapper.getUserInfo(AuthUtil.getCurrentUser().getCognitoId());
         CognitoUserInvitation invitation = cognitoInvitationManager.getByToken(invitationToken);
         if (invitation == null || invitation.isOlderThan(invitationLengthDays)) {
-            throw new InvalidArgumentsException(errorMessageUtil.getMessage("user.invitation.expired",
+            throw new InvalidArgumentsException(errorMessageUtil.getMessage("user.invitation.invalid",
                     invitationLengthDays + "",
                     invitationLengthDays == 1 ? "" : "s"));
         }

diff --git a/...ice/src/main/java/gov/healthit/chpl/user/cognito/invitation/CognitoUserInvitationDAO.java b/...ice/src/main/java/gov/healthit/chpl/user/cognito/invitation/CognitoUserInvitationDAO.java
@@ -45,7 +45,11 @@ public CognitoUserInvitation getByToken(UUID token) {
     }
 
     public CognitoUserInvitation getById(Long id) {
-        return getEntityById(id).toDomain();
+        CognitoUserInvitationEntity invitation = getEntityById(id);
+        if (invitation != null) {
+            return invitation.toDomain();
+        }
+        return null;
     }