[SELC-7991] feat: added API to upload signed contract to COMPLETED onboarding (#940)

gianmarcoplutino · web-flow · commit a9479362b2f6 · 2025-11-26T16:18:04.000+01:00
diff --git a/apps/onboarding-ms/src/main/docs/openapi.json b/apps/onboarding-ms/src/main/docs/openapi.json
@@ -1788,6 +1788,55 @@
         } ]
       }
     },
+    "/v1/onboarding/{onboardingId}/upload-contract-signed" : {
+      "put" : {
+        "tags" : [ "internal-v1" ],
+        "summary" : "Update COMPELTED onboarding uploading signed contract",
+        "description" : "Uploading signed contract given onboardingId, updating related token",
+        "operationId" : "uploadContractSigned",
+        "parameters" : [ {
+          "name" : "onboardingId",
+          "in" : "path",
+          "required" : true,
+          "schema" : {
+            "type" : "string"
+          }
+        } ],
+        "requestBody" : {
+          "content" : {
+            "multipart/form-data" : {
+              "schema" : {
+                "required" : [ "contract" ],
+                "type" : "object",
+                "properties" : {
+                  "contract" : {
+                    "format" : "binary",
+                    "type" : "string"
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses" : {
+          "200" : {
+            "description" : "OK",
+            "content" : {
+              "application/json" : { }
+            }
+          },
+          "401" : {
+            "description" : "Not Authorized"
+          },
+          "403" : {
+            "description" : "Not Allowed"
+          }
+        },
+        "security" : [ {
+          "SecurityScheme" : [ ]
+        } ]
+      }
+    },
     "/v1/onboarding/{onboardingId}/withUserInfo" : {
       "get" : {
         "tags" : [ "Onboarding Controller" ],
diff --git a/apps/onboarding-ms/src/main/docs/openapi.yaml b/apps/onboarding-ms/src/main/docs/openapi.yaml
@@ -1312,6 +1312,42 @@ paths:
           description: Not Allowed
       security:
       - SecurityScheme: []
+  /v1/onboarding/{onboardingId}/upload-contract-signed:
+    put:
+      tags:
+      - internal-v1
+      summary: Update COMPELTED onboarding uploading signed contract
+      description: "Uploading signed contract given onboardingId, updating related\
+        \ token"
+      operationId: uploadContractSigned
+      parameters:
+      - name: onboardingId
+        in: path
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              required:
+              - contract
+              type: object
+              properties:
+                contract:
+                  format: binary
+                  type: string
+      responses:
+        "200":
+          description: OK
+          content:
+            application/json: {}
+        "401":
+          description: Not Authorized
+        "403":
+          description: Not Allowed
+      security:
+      - SecurityScheme: []
   /v1/onboarding/{onboardingId}/withUserInfo:
     get:
       tags:
diff --git a/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/controller/OnboardingController.java b/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/controller/OnboardingController.java
@@ -662,4 +662,19 @@ public Uni<OnboardingGet> getOnboardingProduct(@PathParam(value = "institutionId
         return onboardingService.retrieveOnboardingByInstitutionId(institutionId, productId);
     }
 
+    @Operation(
+            summary = "Update COMPELTED onboarding uploading signed contract",
+            description = "Uploading signed contract given onboardingId, updating related token",
+            operationId = "uploadContractSigned"
+    )
+    @PUT
+    @Path("/{onboardingId}/upload-contract-signed")
+    @Tag(name = "internal-v1")
+    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    public Uni<Response> uploadContractSigned(@PathParam(value = "onboardingId") String onboardingId, @NotNull @RestForm("contract") File file, @Context ResteasyReactiveRequestContext ctx) {
+        return onboardingService.uploadContractSigned(onboardingId, retrieveContractFromFormData(ctx.getFormData(), file))
+                .map(ignore -> Response
+                        .status(HttpStatus.SC_NO_CONTENT)
+                        .build());
+    }
 }
diff --git a/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/controller/TokenController.java b/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/controller/TokenController.java
@@ -21,7 +21,6 @@
 import java.util.List;
 
 import lombok.AllArgsConstructor;
-import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.openapi.annotations.tags.Tag;
 import org.jboss.resteasy.reactive.RestResponse;
diff --git a/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/service/OnboardingService.java b/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/service/OnboardingService.java
@@ -58,6 +58,8 @@ Uni<OnboardingResponse> onboardingAggregationImport(
 
     Uni<Onboarding> completeWithoutSignatureVerification(String tokenId, FormItem formItem);
 
+    Uni<Onboarding> uploadContractSigned(String tokenId, FormItem formItem);
+
     Uni<OnboardingGetResponse> onboardingGet(OnboardingGetFilters filters);
 
     Uni<Long> rejectOnboarding(String onboardingId, String reasonForReject);
diff --git a/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/service/impl/OnboardingServiceDefault.java b/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/service/impl/OnboardingServiceDefault.java
@@ -1370,6 +1370,28 @@ public Uni<Onboarding> completeWithoutSignatureVerification(
         return complete(onboardingId, formItem, verification);
     }
 
+    @Override
+    public Uni<Onboarding> uploadContractSigned(
+            String onboardingId, FormItem formItem) {
+
+        return retrieveOnboarding(onboardingId)
+                .onItem()
+                .transformToUni(this::checkIfCompleted)
+                .onItem()
+                .transformToUni(onboarding ->
+                        uploadSignedContractAndUpdateToken(onboarding, formItem)
+                                .onItem()
+                                .transform(ignore -> {
+                                    onboarding.setUpdatedAt(LocalDateTime.now());
+                                    return onboarding;
+                                }))
+                .onItem()
+                .transformToUni(onboarding -> updateOnboarding(onboardingId, onboarding)
+                        .onItem()
+                        .transformToUni(ignore -> updateTokenUpdatedAt(onboardingId))
+                        .replaceWith(onboarding));
+    }
+
     private Uni<Onboarding> complete(
             String onboardingId,
             FormItem formItem,
@@ -1482,6 +1504,34 @@ private Uni<String> updateTokenWithFilePath(String filepath, Token token) {
                 .replaceWith(filepath);
     }
 
+    private Uni<Void> updateTokenUpdatedAt(String onboardingId) {
+        return Token.update("updatedAt", LocalDateTime.now())
+                .where("onboardingId", onboardingId)
+                .onItem()
+                .transform(ignore -> null);
+    }
+
+    private Uni<Onboarding> retrieveOnboarding(String onboardingId) {
+        // Retrieve Onboarding if exists
+        return Onboarding.findByIdOptional(onboardingId)
+                .onItem()
+                .transformToUni(
+                        opt ->
+                                opt
+                                        // I must cast to Onboarding because findByIdOptional return a generic
+                                        // ReactiveEntity
+                                        .map(Onboarding.class::cast)
+                                        .map(onboarding -> Uni.createFrom().item(onboarding))
+                                        .orElse(
+                                                Uni.createFrom()
+                                                        .failure(
+                                                                new InvalidRequestException(
+                                                                        String.format(
+                                                                                "Onboarding with id '%s' not found",
+                                                                                onboardingId)))));
+    }
+
+
     private Uni<Onboarding> retrieveOnboardingAndCheckIfExpired(String onboardingId) {
         // Retrieve Onboarding if exists
         return Onboarding.findByIdOptional(onboardingId)
@@ -1517,6 +1567,19 @@ private Uni<Onboarding> checkIfToBeValidated(Onboarding onboarding) {
                                         ONBOARDING_NOT_TO_BE_VALIDATED.getCode())));
     }
 
+    private Uni<Onboarding> checkIfCompleted(Onboarding onboarding) {
+        return COMPLETED.equals(onboarding.getStatus())
+                ? Uni.createFrom().item(onboarding)
+                : Uni.createFrom()
+                .failure(
+                        new InvalidRequestException(
+                                String.format(
+                                        ONBOARDING_NOT_COMPLETED.getMessage(),
+                                        onboarding.getId(),
+                                        onboarding.getStatus(),
+                                        ONBOARDING_NOT_COMPLETED.getCode())));
+    }
+
     public static boolean isOnboardingExpired(LocalDateTime dateTime) {
         LocalDateTime now = LocalDateTime.now();
         return Objects.nonNull(dateTime) && (now.isEqual(dateTime) || now.isAfter(dateTime));
diff --git a/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/util/ErrorMessage.java b/apps/onboarding-ms/src/main/java/it/pagopa/selfcare/onboarding/util/ErrorMessage.java
@@ -64,6 +64,7 @@ public enum ErrorMessage {
 
     ONBOARDING_EXPIRED("0040", "Onboarding with id %s not found or it is expired!"),
     ONBOARDING_NOT_TO_BE_VALIDATED("0043", "Onboarding with id %s has not TO_BE_VALIDATED status!"),
+    ONBOARDING_NOT_COMPLETED("0044", "Onboarding with id %s must be in COMPLETED status but it is in %s status!"),
     GET_INSTITUTION_BY_GEOTAXONOMY_ERROR("0053", "Error while searching institutions related to given geoTaxonomies"),
     GET_INSTITUTION_BY_PRODUCTID_ERROR("0053", "Error while searching institutions related to given productId"),
     GET_INSTITUTIONS_REQUEST_ERROR("0054", "Invalid request parameters sent. Allowed filters combinations taxCode and subunit or origin and originId"),
diff --git a/apps/onboarding-ms/src/test/java/it/pagopa/selfcare/onboarding/controller/OnboardingControllerTest.java b/apps/onboarding-ms/src/test/java/it/pagopa/selfcare/onboarding/controller/OnboardingControllerTest.java
@@ -36,6 +36,7 @@
 import it.pagopa.selfcare.onboarding.entity.*;
 import it.pagopa.selfcare.onboarding.exception.InvalidRequestException;
 import it.pagopa.selfcare.onboarding.exception.ResourceNotFoundException;
+import it.pagopa.selfcare.onboarding.model.FormItem;
 import it.pagopa.selfcare.onboarding.model.OnboardingGetFilters;
 import it.pagopa.selfcare.onboarding.model.RecipientCodeStatus;
 import it.pagopa.selfcare.onboarding.service.OnboardingService;
@@ -1595,4 +1596,98 @@ void getOnboardingProduct_whenNotFound_shouldReturnNotFound() {
                 .statusCode(404);
     }
 
+    @Test
+    void uploadContractSigned_unauthorized() {
+        File testFile = new File("src/test/resources/application.properties");
+        String onboardingId = "actual-onboarding-id";
+
+        given()
+                .when()
+                .pathParam("onboardingId", onboardingId)
+                .contentType(ContentType.MULTIPART)
+                .multiPart("contract", testFile)
+                .put("/{onboardingId}/upload-contract-signed")
+                .then()
+                .statusCode(401);
+    }
+
+    @Test
+    @TestSecurity(user = "userJwt")
+    void uploadContractSigned_whenSuccess_shouldReturnNoContent() {
+        File testFile = new File("src/test/resources/application.properties");
+        String onboardingId = "actual-onboarding-id";
+
+        when(onboardingService.uploadContractSigned(anyString(), any()))
+                .thenReturn(Uni.createFrom().nullItem());
+
+        given()
+                .when()
+                .pathParam("onboardingId", onboardingId)
+                .contentType(ContentType.MULTIPART)
+                .multiPart("contract", testFile)
+                .put("/{onboardingId}/upload-contract-signed")
+                .then()
+                .statusCode(204);
+    }
+
+    @Test
+    @TestSecurity(user = "userJwt")
+    void uploadContractSigned_withoutFile_shouldReturnBadRequest() {
+        String onboardingId = "actual-onboarding-id";
+
+        given()
+                .when()
+                .pathParam("onboardingId", onboardingId)
+                .contentType(ContentType.MULTIPART)
+                .put("/{onboardingId}/upload-contract-signed")
+                .then()
+                .statusCode(400);
+    }
+
+    @Test
+    @TestSecurity(user = "userJwt")
+    void uploadContractSigned_whenServiceThrowsException_shouldReturnError() {
+        File testFile = new File("src/test/resources/application.properties");
+        String onboardingId = "actual-onboarding-id";
+        String errorMessage = "Upload failed";
+
+        when(onboardingService.uploadContractSigned(anyString(), any()))
+                .thenReturn(Uni.createFrom().failure(new RuntimeException(errorMessage)));
+
+        given()
+                .when()
+                .pathParam("onboardingId", onboardingId)
+                .contentType(ContentType.MULTIPART)
+                .multiPart("contract", testFile)
+                .put("/{onboardingId}/upload-contract-signed")
+                .then()
+                .statusCode(500);
+    }
+
+    @Test
+    @TestSecurity(user = "userJwt")
+    void uploadContractSigned_shouldPassCorrectParametersToService() {
+        File testFile = new File("src/test/resources/application.properties");
+        String onboardingId = "actual-onboarding-id";
+
+        when(onboardingService.uploadContractSigned(anyString(), any()))
+                .thenReturn(Uni.createFrom().nullItem());
+
+        given()
+                .when()
+                .pathParam("onboardingId", onboardingId)
+                .contentType(ContentType.MULTIPART)
+                .multiPart("contract", testFile)
+                .put("/{onboardingId}/upload-contract-signed")
+                .then()
+                .statusCode(204);
+
+        ArgumentCaptor<String> idCaptor = ArgumentCaptor.forClass(String.class);
+        ArgumentCaptor<FormItem> formItemCaptor = ArgumentCaptor.forClass(FormItem.class);
+        verify(onboardingService, times(1))
+                .uploadContractSigned(idCaptor.capture(), formItemCaptor.capture());
+        assertEquals(idCaptor.getValue(), onboardingId);
+        assertNotNull(formItemCaptor.getValue());
+    }
+
 }
diff --git a/apps/onboarding-ms/src/test/java/it/pagopa/selfcare/onboarding/service/OnboardingServiceDefaultTest.java b/apps/onboarding-ms/src/test/java/it/pagopa/selfcare/onboarding/service/OnboardingServiceDefaultTest.java
