Merge pull request #6 from companieshouse/PCI-707-return-bad-request

return 400 bad request when posting to /basket/checkout and added userId

Author: nabeelamirch

src/main/java/uk/gov/companieshouse/orders/api/controller/BasketController.java

@@ -83,10 +83,15 @@ public ResponseEntity<AddToBasketResponseDTO> addItemToBasket(final @Valid @Requ
     }
 
     @PostMapping("${uk.gov.companieshouse.orders.api.basket.checkout}")
-    public ResponseEntity<?> checkoutBasket(HttpServletRequest request,
+    public ResponseEntity<?> checkoutBasket(@RequestBody(required = false) String json,
+                                            HttpServletRequest request,
                                             final @RequestHeader(REQUEST_ID_HEADER_NAME) String requestId) {
         trace("Entering checkoutBasket", requestId);
 
+        if(json!=null) {
+            return ResponseEntity.status(BAD_REQUEST).body(new ApiError(BAD_REQUEST, "The body must be empty"));
+        }
+
         final Basket retrievedBasket = basketService.getBasketById(EricHeaderHelper.getIdentity(request))
                 .orElseThrow(ConflictException::new);
 
@@ -105,7 +110,7 @@ public ResponseEntity<?> checkoutBasket(HttpServletRequest request,
             return ResponseEntity.status(BAD_REQUEST).body(new ApiError(BAD_REQUEST, "Failed to retrieve item"));
         }
 
-        Checkout checkout = checkoutService.createCheckout(item);
+        Checkout checkout = checkoutService.createCheckout(item, EricHeaderHelper.getIdentity(request));
         trace("Successfully created checkout with id "+checkout.getId(), requestId);
 
         return ResponseEntity.status(HttpStatus.OK).body(null);

src/main/java/uk/gov/companieshouse/orders/api/model/BasketData.java

@@ -10,7 +10,7 @@ public class BasketData {
 
     private String etag;
 
-    private List<BasketItem> items = new ArrayList<BasketItem>();
+    private List<BasketItem> items = new ArrayList<>();
 
     private String kind;
 

src/main/java/uk/gov/companieshouse/orders/api/model/Checkout.java

@@ -16,6 +16,8 @@ public class Checkout {
 
     private CheckoutData data = new CheckoutData();
 
+    private String userId;
+
     public String getId() {
         return id;
     }
@@ -47,4 +49,12 @@ public CheckoutData getData() {
     public void setData(CheckoutData data) {
         this.data = data;
     }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
 }

src/main/java/uk/gov/companieshouse/orders/api/model/CheckoutData.java

@@ -13,7 +13,7 @@ public class CheckoutData {
 
     private DeliveryDetails deliveryDetails = new DeliveryDetails();
 
-    private List<Item> items = new ArrayList<Item>();
+    private List<Item> items = new ArrayList<>();
 
     private String kind;
 

src/main/java/uk/gov/companieshouse/orders/api/model/DirectorOrSecretaryDetails.java

@@ -2,8 +2,6 @@
 
 import com.google.gson.Gson;
 
-import java.util.Objects;
-
 public class DirectorOrSecretaryDetails {
     private Boolean includeAddress;
     private Boolean includeAppointmentDate;

src/main/java/uk/gov/companieshouse/orders/api/model/RegisteredOfficeAddressDetails.java

@@ -2,8 +2,6 @@
 
 import com.google.gson.Gson;
 
-import java.util.Objects;
-
 public class RegisteredOfficeAddressDetails {
     private IncludeAddressRecordsType includeAddressRecordsType;
 

src/main/java/uk/gov/companieshouse/orders/api/service/CheckoutService.java

@@ -1,7 +1,6 @@
 package uk.gov.companieshouse.orders.api.service;
 
 import org.springframework.stereotype.Service;
-import uk.gov.companieshouse.orders.api.mapper.ApiToCertificateMapper;
 import uk.gov.companieshouse.orders.api.model.Checkout;
 import uk.gov.companieshouse.orders.api.model.Item;
 import uk.gov.companieshouse.orders.api.repository.CheckoutRepository;
@@ -11,24 +10,16 @@
 @Service
 public class CheckoutService {
 
-    private final BasketService basketService;
-
     private final CheckoutRepository checkoutRepository;
 
-    private final ApiClientService apiClientService;
-
-    private final ApiToCertificateMapper apiToCertificateMapper;
-
-    public CheckoutService(BasketService basketService, CheckoutRepository checkoutRepository, ApiClientService apiClientService, ApiToCertificateMapper apiToCertificateMapper) {
-        this.basketService = basketService;
+    public CheckoutService(CheckoutRepository checkoutRepository) {
         this.checkoutRepository = checkoutRepository;
-        this.apiClientService = apiClientService;
-        this.apiToCertificateMapper = apiToCertificateMapper;
     }
 
-    public Checkout createCheckout(Item item) {
+    public Checkout createCheckout(Item item, String userId) {
         final LocalDateTime now = LocalDateTime.now();
         Checkout checkout = new Checkout();
+        checkout.setUserId(userId);
         checkout.setCreatedAt(now);
         checkout.setUpdatedAt(now);
         checkout.getData().getItems().add(item);

src/test/java/uk/gov/companieshouse/orders/api/controller/BasketControllerIntegrationTest.java

@@ -68,8 +68,8 @@ void tearDown() {
     }
 
     @Test
-    @DisplayName("Successfully adds an item to the basket if it does not exist")
-    public void successfullyAddsItemToBasketIfItDoesNotExists() throws Exception {
+    @DisplayName("Add Item successfully adds an item to the basket, if the basket does not exist")
+    public void addItemSuccessfullyAddsItemToBasketIfBasketDoesNotExist() throws Exception {
         AddToBasketRequestDTO addToBasketRequestDTO = new AddToBasketRequestDTO();
         addToBasketRequestDTO.setItemUri(ITEM_URI);
 
@@ -81,13 +81,13 @@ public void successfullyAddsItemToBasketIfItDoesNotExists() throws Exception {
                 .andExpect(status().isOk());
 
         final Optional<Basket> retrievedBasket = basketRepository.findById(ERIC_IDENTITY_VALUE);
-        assertEquals(retrievedBasket.get().getData().getItems().get(0).getItemUri(), ITEM_URI);
-        assertEquals(retrievedBasket.get().getData().getItems().size(), 1);
+        assertEquals(ITEM_URI, retrievedBasket.get().getData().getItems().get(0).getItemUri());
+        assertEquals(1, retrievedBasket.get().getData().getItems().size());
     }
 
     @Test
-    @DisplayName("Successfully adds an item to the basket if it exists")
-    public void successfullyAddsAnItemToBasketIfItAlreadyExists() throws Exception {
+    @DisplayName("Add item successfully adds an item to the basket, if the basket exists")
+    public void addItemSuccessfullyAddsAnItemToBasketIfBasketAlreadyExists() throws Exception {
         Basket basket = new Basket();
         basketRepository.save(basket);
 
@@ -102,13 +102,13 @@ public void successfullyAddsAnItemToBasketIfItAlreadyExists() throws Exception {
                 .andExpect(status().isOk());
 
         final Optional<Basket> retrievedBasket = basketRepository.findById(ERIC_IDENTITY_VALUE);
-        assertEquals(retrievedBasket.get().getData().getItems().get(0).getItemUri(), ITEM_URI);
+        assertEquals(ITEM_URI, retrievedBasket.get().getData().getItems().get(0).getItemUri());
 
     }
 
     @Test
-    @DisplayName("Successfully replaces an item in the basket")
-    public void successfullyReplacesAnItemInTheBasket() throws Exception {
+    @DisplayName("Add item successfully replaces an item in the basket")
+    public void addItemSuccessfullyReplacesAnItemInTheBasket() throws Exception {
         BasketItem item = new BasketItem();
         item.setItemUri(ITEM_URI_OLD);
         BasketData basketData = new BasketData();
@@ -128,13 +128,13 @@ public void successfullyReplacesAnItemInTheBasket() throws Exception {
                 .andExpect(status().isOk());
 
         final Optional<Basket> retrievedBasket = basketRepository.findById(ERIC_IDENTITY_VALUE);
-        assertEquals(retrievedBasket.get().getData().getItems().get(0).getItemUri(), ITEM_URI);
+        assertEquals(ITEM_URI, retrievedBasket.get().getData().getItems().get(0).getItemUri());
 
     }
 
     @Test
-    @DisplayName("Fails to add item to basket that fails validation")
-    public void failsToAddItemToBasketIfFailsValidation() throws Exception {
+    @DisplayName("Add item fails to add item to basket that fails validation")
+    public void addItemFailsToAddItemToBasketIfFailsValidation() throws Exception {
         mockMvc.perform(post("/basket/items")
                 .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
                 .header(ERIC_IDENTITY_HEADER_NAME, ERIC_IDENTITY_VALUE)
@@ -147,8 +147,8 @@ public void failsToAddItemToBasketIfFailsValidation() throws Exception {
     }
 
     @Test
-    @DisplayName("Successfully creates checkout when basket contains a valid certificate uri")
-    public void successfullyCreatesCheckoutWhenBasketIsValid() throws Exception {
+    @DisplayName("Checkout basket successfully creates checkout, when basket contains a valid certificate uri")
+    public void checkoutBasketSuccessfullyCreatesCheckoutWhenBasketIsValid() throws Exception {
         Basket basket = new Basket();
         basket.setId(ERIC_IDENTITY_VALUE);
         BasketItem basketItem = new BasketItem();
@@ -161,7 +161,7 @@ public void successfullyCreatesCheckoutWhenBasketIsValid() throws Exception {
         when(apiClientService.getItem(ITEM_URI)).thenReturn(certificate);
 
         ResultCaptor<Checkout> resultCaptor = new ResultCaptor<>();
-        doAnswer(resultCaptor).when(checkoutService).createCheckout(any(Certificate.class));
+        doAnswer(resultCaptor).when(checkoutService).createCheckout(any(Certificate.class), any(String.class));
 
         mockMvc.perform(post("/basket/checkout")
                 .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
@@ -170,13 +170,14 @@ public void successfullyCreatesCheckoutWhenBasketIsValid() throws Exception {
 
         final Optional<Checkout> retrievedCheckout = checkoutRepository.findById(resultCaptor.getResult().getId());
         assertTrue(retrievedCheckout.isPresent());
+        assertEquals(ERIC_IDENTITY_VALUE, retrievedCheckout.get().getUserId());
         final Item item = retrievedCheckout.get().getData().getItems().get(0);
         assertEquals(COMPANY_NUMBER, item.getCompanyNumber());
     }
 
     @Test
-    @DisplayName("Fails to create checkout and returns 409 conflict, when basket is empty")
-    public void failsToCreateCheckoutIfBasketIsEmpty() throws Exception {
+    @DisplayName("Checkout basket fails to create checkout and returns 409 conflict, when basket is empty")
+    public void checkoutBasketfFailsToCreateCheckoutIfBasketIsEmpty() throws Exception {
         Basket basket = new Basket();
         basket.setId(ERIC_IDENTITY_VALUE);
         basketRepository.save(basket);
@@ -190,8 +191,8 @@ public void failsToCreateCheckoutIfBasketIsEmpty() throws Exception {
     }
 
     @Test
-    @DisplayName("Fails to create checkout and returns 409, when basket does not exist")
-    public void failsToCreateCheckoutIfBasketDoesNotExist() throws Exception {
+    @DisplayName("Checkout Basket fails to create checkout and returns 409, when basket does not exist")
+    public void checkoutBasketFailsToCreateCheckoutIfBasketDoesNotExist() throws Exception {
 
         mockMvc.perform(post("/basket/checkout")
                 .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
@@ -202,8 +203,8 @@ public void failsToCreateCheckoutIfBasketDoesNotExist() throws Exception {
     }
 
     @Test
-    @DisplayName("Fails to create checkout and returns 400, when there is a failure getting the item")
-    public void failsToCreateCheckoutWhenItFailsToGetAnItem() throws Exception {
+    @DisplayName("Checkout Basket fails to create checkout and returns 400, when there is a failure getting the item")
+    public void checkoutBasketFailsToCreateCheckoutWhenItFailsToGetAnItem() throws Exception {
         Basket basket = new Basket();
         basket.setId(ERIC_IDENTITY_VALUE);
         BasketItem basketItem = new BasketItem();
@@ -220,5 +221,19 @@ public void failsToCreateCheckoutWhenItFailsToGetAnItem() throws Exception {
 
         assertEquals(0, checkoutRepository.count());
     }
-}
 
+    @Test
+    @DisplayName("Check out basket returns 403 if body is present")
+    public void checkoutBasketReturnsBadRequestIfBodyIsPresent() throws Exception {
+
+        mockMvc.perform(post("/basket/checkout")
+                .header(REQUEST_ID_HEADER_NAME, TOKEN_REQUEST_ID_VALUE)
+                .header(ERIC_IDENTITY_HEADER_NAME, ERIC_IDENTITY_VALUE)
+                .contentType(MediaType.APPLICATION_JSON)
+                .content("{\"gibberish\":\"gibberish\"}"))
+                .andExpect(status().isBadRequest());
+
+        assertEquals(0, checkoutRepository.count());
+    }
+
+}

src/test/java/uk/gov/companieshouse/orders/api/service/CheckoutServiceTest.java

@@ -19,6 +19,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
+import static uk.gov.companieshouse.orders.api.util.TestConstants.ERIC_IDENTITY_VALUE;
 
 @ExtendWith(MockitoExtension.class)
 public class CheckoutServiceTest {
@@ -42,7 +43,7 @@ void createCheckoutPopulatesCreatedAndUpdated() {
 
         final LocalDateTime intervalStart = LocalDateTime.now();
 
-        serviceUnderTest.createCheckout(certificate);
+        serviceUnderTest.createCheckout(certificate, ERIC_IDENTITY_VALUE);
         verify(checkoutRepository).save(argCaptor.capture());
 
         final LocalDateTime intervalEnd = LocalDateTime.now();
@@ -56,10 +57,11 @@ void createCheckoutPopulatesAndSavesItem() {
         certificate.setCompanyNumber(COMPANY_NUMBER);
         when(checkoutRepository.save(any(Checkout.class))).thenReturn(new Checkout());
 
-        serviceUnderTest.createCheckout(certificate);
+        serviceUnderTest.createCheckout(certificate, ERIC_IDENTITY_VALUE);
         verify(checkoutRepository).save(argCaptor.capture());
 
         assertEquals(1, argCaptor.getValue().getData().getItems().size());
+        assertEquals(ERIC_IDENTITY_VALUE, argCaptor.getValue().getUserId());
         assertEquals(COMPANY_NUMBER, argCaptor.getValue().getData().getItems().get(0).getCompanyNumber());
     }