[MOSIP-32144] Code coverage of IDA

[tarique-azeez]

Summary by CodeRabbit

• Tests
  • Added comprehensive unit tests covering authentication configuration initialization, request filtering and validation, security policies including child account handling, cache management, exception processing, and API integration components to ensure system reliability and prevent regressions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@tarique-azeez has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 27 minutes and 38 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f406569 and 0744923.

📒 Files selected for processing (15)

• authentication/authentication-common/src/test/java/childauthFilter/ChildAuthFilterImplTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/CacheConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/DemoAuthConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/IdAuthConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/LangComparatorConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/SwaggerConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/TrailingSlashRedirectFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/exception/IDAuthExceptionHandlerTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/ExternalAuthFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/helper/IdentityAttributesForMatchTypeHelperTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java
• authentication/authentication-otp-service/src/test/java/io/mosip/authentication/otp/service/filter/OTPFilterTest.java
• authentication/authentication-service/src/test/java/io/mosip/authentication/service/kyc/validator/IdentityKeyBindingRequestValidatorUnitTest.java

Walkthrough

This pull request expands test coverage across the authentication module by adding 13 new unit test classes and extending 2 existing test files. Tests validate Spring configurations, filter behaviors, exception handling, validators, and helpers using reflection injection, mocking, and assertion techniques.

Changes

Cohort / File(s)	Change Summary
Config/Spring Bean Tests authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/*ConfigTest.java (CacheConfigTest, DemoAuthConfigTest, IdAuthConfigTest, KafkaProducerConfigTest, LangComparatorConfigTest, SwaggerConfigTest)	Six new test classes validating Spring @Configuration bean creation, DemoAuthConfig SDK reflection handling, IdAuthConfig component initialization with mocked EnvUtil, KafkaProducerConfig template/factory creation, LangComparatorConfig language comparator instantiation, and SwaggerConfig OpenAPI/GroupedOpenApi setup.
Filter Tests authentication/authentication-common/src/test/java/childauthFilter/ChildAuthFilterImplTest.java, authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/TrailingSlashRedirectFilterTest.java, authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java, authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/ExternalAuthFilterTest.java, authentication/authentication-otp-service/src/test/java/io/mosip/authentication/otp/service/filter/OTPFilterTest.java	Three new test classes (TrailingSlashRedirectFilterTest, DefaultInternalFilterTest, ExternalAuthFilterTest) covering filter URI handling, request forwarding, and policy validation. Extended ChildAuthFilterImplTest with OTP/demo denial and no-auth-factors builders; extended OTPFilterTest with policy presence/absence validation.
Exception & Validator Tests authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/exception/IDAuthExceptionHandlerTest.java, authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java, authentication/authentication-service/src/test/java/io/mosip/authentication/service/kyc/validator/IdentityKeyBindingRequestValidatorUnitTest.java	Extended IDAuthExceptionHandlerTest with mocked WebRequest and additional exception scenarios (ServletRequestBindingException, HttpMessageConversionException). Added AuthFiltersValidatorTest for filter factory invocation ordering and error propagation. Added IdentityKeyBindingRequestValidatorUnitTest using reflection to validate private method branches.
Helper Tests authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/helper/IdentityAttributesForMatchTypeHelperTest.java	New test class validating identity attribute extraction via mocked mappings, dynamic attribute recursion, null handling, and fallback logic using Mockito spies and ReflectionTestUtils.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• [MOSIP-32144] Code coverage of IDA module. #1666: Modifies the same test file ChildAuthFilterImplTest.java; this PR extends that test suite with child-denial scenarios and request builder helpers.

Suggested reviewers

• JanardhanBS-SyncByte
• mahammedtaheer

Poem

🐰 Tests bloom like carrots in spring,
Config beans and filters taking wing,
Validators dance, exceptions caught with care,
Coverage grows beyond compare!
A quality harvest, we all declare! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.46% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'MOSIP-32144 Code coverage of IDA' is directly related to the main change—adding extensive unit tests across multiple test files to improve code coverage for the IDA (ID Authentication) system.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (12)

authentication/authentication-common/src/test/java/childauthFilter/ChildAuthFilterImplTest.java (2)

5-5: Consider using specific imports instead of wildcard.

Wildcard imports can reduce clarity and make it harder to identify which classes are in use. Prefer explicit imports for better maintainability.

---

122-122: Consider consistent List creation throughout the file.

The newer tests use List.of() (lines 122, 134, 144) while earlier tests use Arrays.asList() (lines 59, 72, 79, 87). For consistency, consider using the same approach throughout the file.

Also applies to: 134-134, 144-144

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java (1)

14-14: Consider removing unused @RunWith(MockitoJUnitRunner.class).

The MockitoJUnitRunner is declared but no Mockito annotations (@Mock, @InjectMocks, etc.) are used in this test class. You can simplify by removing the runner annotation.

🔎 Proposed fix

-@RunWith(MockitoJUnitRunner.class)
 public class KafkaProducerConfigTest {

authentication/authentication-service/src/test/java/io/mosip/authentication/service/kyc/validator/IdentityKeyBindingRequestValidatorUnitTest.java (1)

35-51: Consider adding negative test cases for completeness.

The tests validate the happy path scenarios but miss the error paths:

• validateIdentityKeyBindingPublicKey with missing n or e keys
• validateIdentityKeyBindingAuthFactorType with blank/empty value

These would strengthen the validation coverage.

🔎 Suggested additional tests

@Test
public void validateIdentityKeyBindingPublicKeyAddsErrorWhenModulusMissing() {
    Errors errors = errors();
    Map<String, Object> jwk = new HashMap<>();
    jwk.put("e", "AQAB");
    // missing "n"
    ReflectionTestUtils.invokeMethod(validator, "validateIdentityKeyBindingPublicKey", jwk, errors);
    assertTrue(errors.hasErrors());
}

@Test
public void validateIdentityKeyBindingAuthFactorTypeAddsErrorWhenBlank() {
    Errors errors = errors();
    ReflectionTestUtils.invokeMethod(validator, "validateIdentityKeyBindingAuthFactorType", "", errors);
    assertTrue(errors.hasErrors());
}

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/helper/IdentityAttributesForMatchTypeHelperTest.java (1)

126-150: Unused idMapping mock variables.

In both getIdentityAttributesForMatchType_dynamic_returnsConfiguredListWhenPresent (line 133) and getIdentityAttributesForMatchType_dynamic_returnsIdNameWhenNotConfigured (line 146), the idMapping mock is created but never used. Either remove these unused variables or wire them appropriately.

🔎 Proposed fix

     @Test
     public void getIdentityAttributesForMatchType_dynamic_returnsConfiguredListWhenPresent() {
         when(idMappingConfig.getDynamicAttributes()).thenReturn(Map.of("residenceStatus", List.of("residenceStatus")));

         MatchType matchType = mock(MatchType.class);
         when(matchType.isDynamic()).thenReturn(true);

-        IdMapping idMapping = mock(IdMapping.class);
-
         List<String> result = helper.getIdentityAttributesForMatchType(matchType, "residenceStatus");
         assertEquals(List.of("residenceStatus"), result);
     }

     @Test
     public void getIdentityAttributesForMatchType_dynamic_returnsIdNameWhenNotConfigured() {
         when(idMappingConfig.getDynamicAttributes()).thenReturn(Map.of());

         MatchType matchType = mock(MatchType.class);
         when(matchType.isDynamic()).thenReturn(true);

-        IdMapping idMapping = mock(IdMapping.class);
-
         List<String> result = helper.getIdentityAttributesForMatchType(matchType, "newAttribute");
         assertEquals(List.of("newAttribute"), result);
     }

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/LangComparatorConfigTest.java (3)

33-46: Duplicate test methods.

testGetSystemSupportedLanguageCodes and testGetSystemSupportedLanguageCodesActualLogic are functionally identical—both invoke the same overridden method on the anonymous subclass and perform the same assertions. The second test's name suggests it tests "actual logic," but it still exercises the mocked implementation.

Consider removing the duplicate or, if the intent is to test the real LangComparatorConfig behavior, create a separate instance without the override (though that would require proper Spring context or environment setup for the actual property injection).

Also applies to: 60-74

---

35-39: Unnecessary reflection for public method.

getSystemSupportedLanguageCodes() is a public method that can be invoked directly on config. Using ReflectionUtils adds complexity without benefit.

🔎 Simplified approach

     @Test
     public void testGetSystemSupportedLanguageCodes() {
-        Method method = ReflectionUtils.findMethod(LangComparatorConfig.class, "getSystemSupportedLanguageCodes");
-        ReflectionUtils.makeAccessible(method);
-
-        @SuppressWarnings("unchecked")
-        List<String> result = (List<String>) ReflectionUtils.invokeMethod(method, config);
+        List<String> result = config.getSystemSupportedLanguageCodes();

         assertNotNull(result);
         assertEquals(3, result.size());

---

10-11: Unnecessary MockitoJUnitRunner.

No @Mock or @Spy annotations are used in this test class. The runner can be removed to reduce overhead.

Also applies to: 16-16

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/CacheConfigTest.java (2)

17-25: Use try-with-resources to ensure context cleanup.

If context.getBean() throws, context.close() won't be called. Using try-with-resources ensures proper cleanup.

🔎 Proposed fix

     @Test
     public void testCacheManagerBeanCreation() {
-        // Load only this configuration
-        AnnotationConfigApplicationContext context =
-                new AnnotationConfigApplicationContext(CacheConfig.class);
-
-        ConcurrentMapCacheManager cacheManager =
-                context.getBean(ConcurrentMapCacheManager.class);
-
-        assertNotNull(cacheManager);
-
-        context.close();
+        try (AnnotationConfigApplicationContext context =
+                new AnnotationConfigApplicationContext(CacheConfig.class)) {
+            ConcurrentMapCacheManager cacheManager =
+                    context.getBean(ConcurrentMapCacheManager.class);
+            assertNotNull(cacheManager);
+        }
     }

---

7-7: SpringRunner is unnecessary here.

Since you're manually creating AnnotationConfigApplicationContext, the @RunWith(SpringRunner.class) annotation provides no benefit. Consider removing it.

Also applies to: 11-11

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java (1)

22-41: Limited assertion value in these tests.

These three tests call methods with empty inputs and assert nothing meaningful—they only verify no exception is thrown. While this provides code coverage, consider adding assertions on return values or observable side effects, or rename them to indicate they're smoke/no-throw tests (e.g., testDecipherAndValidateRequest_noException).

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java (1)

69-71: Trailing blank lines.

Remove the extra blank lines at the end of the file.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baa6cea and f406569.

📒 Files selected for processing (15)

• authentication/authentication-common/src/test/java/childauthFilter/ChildAuthFilterImplTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/CacheConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/DemoAuthConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/IdAuthConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/LangComparatorConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/SwaggerConfigTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/TrailingSlashRedirectFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/exception/IDAuthExceptionHandlerTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/ExternalAuthFilterTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/helper/IdentityAttributesForMatchTypeHelperTest.java
• authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java
• authentication/authentication-otp-service/src/test/java/io/mosip/authentication/otp/service/filter/OTPFilterTest.java
• authentication/authentication-service/src/test/java/io/mosip/authentication/service/kyc/validator/IdentityKeyBindingRequestValidatorUnitTest.java

🧰 Additional context used

🧬 Code graph analysis (5)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java (2)

authentication/authentication-filter-api/src/main/java/io/mosip/authentication/authfilter/exception/IdAuthenticationFilterException.java (1)

• IdAuthenticationFilterException (9-63)

authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/factory/MosipAuthFilterFactory.java (1)

• MosipAuthFilterFactory (31-133)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/LangComparatorConfigTest.java (1)

authentication/authentication-core/src/main/java/io/mosip/authentication/core/util/LanguageComparator.java (1)

• LanguageComparator (11-33)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/IdAuthConfigTest.java (3)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java (1)

• RunWith (14-47)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/LangComparatorConfigTest.java (1)

• RunWith (16-75)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/SwaggerConfigTest.java (1)

• RunWith (16-93)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java (1)

authentication/authentication-core/src/main/java/io/mosip/authentication/core/constant/IdAuthConfigKeyConstants.java (1)

• IdAuthConfigKeyConstants (11-180)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java (2)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/IdAuthConfigTest.java (1)

• RunWith (16-80)

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/SwaggerConfigTest.java (1)

• RunWith (16-93)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-maven-apitest-auth / maven-build

🔇 Additional comments (18)

authentication/authentication-common/src/test/java/childauthFilter/ChildAuthFilterImplTest.java (2)

91-115: LGTM! Helper methods improve test readability.

The builder methods effectively reduce duplication and make the test setup clearer. The structure is clean and reusable across multiple test cases.

---

117-147: LGTM! Comprehensive test coverage for child authentication restrictions.

The three new test methods effectively validate:

• Denial of restricted auth factors (OTP) for children
• Dynamic configuration changes for additional restrictions (demo)
• Permissive behavior for empty auth requests

The test logic correctly exercises age-based filtering with appropriate assertions.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/KafkaProducerConfigTest.java (1)

32-46: LGTM!

The tests correctly validate that producerFactory() and kafkaTemplate() return non-null instances. This is consistent with the testing pattern used in other configuration tests in this PR (e.g., SwaggerConfigTest, IdAuthConfigTest).

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/DemoAuthConfigTest.java (2)

27-46: LGTM!

Good coverage of error paths for SDK instance creation. The tests correctly validate ClassNotFoundException for invalid class names and null return when no default constructor exists.

---

54-63: Unable to verify the specific code location in DemoAuthConfigTest.java — repository access failed. However, the technical claim about List.of() is accurate.

Java's List.of() indeed throws NullPointerException immediately during list creation if any element is null, per the official Javadoc. The code snippet shown (lines 54-63) does not display the List.of((String) null) pattern being reviewed. A similar pattern was found in the codebase at IdentityAttributesForMatchTypeHelperTest.java line 60. If this pattern exists in DemoAuthConfigTest.java, the suggestion to use Arrays.asList((String) null) or Collections.singletonList(null) is valid for testing null handling in the mapping function.

authentication/authentication-otp-service/src/test/java/io/mosip/authentication/otp/service/filter/OTPFilterTest.java (1)

79-98: LGTM!

The new tests properly validate both the positive case (OTP request allowed when policy type is "otp-request") and the negative case (exception thrown when policy type doesn't match). Good use of assertDoesNotThrow and assertThrows for clear intent.

authentication/authentication-service/src/test/java/io/mosip/authentication/service/kyc/validator/IdentityKeyBindingRequestValidatorUnitTest.java (1)

28-33: LGTM!

Good test for validating that null IdentityKeyBindingDTO input properly triggers an error.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/exception/IDAuthExceptionHandlerTest.java (2)

507-529: LGTM!

The tests for InvalidFormatException handling with eventType and expiryTimestamp scenarios properly validate the exception handling paths. The assertions verify the response is non-null and returns HTTP 200.

---

556-562: LGTM!

Good test coverage for the edge case where buildExceptionResponse receives an empty error list, validating that it returns null as expected.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/IdAuthConfigTest.java (1)

61-79: LGTM!

The tests for messageSource(), threadPoolTaskScheduler(), afterburnerModule(), and getRestRequestBuilder() appropriately validate that these configuration methods return non-null instances.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/helper/IdentityAttributesForMatchTypeHelperTest.java (1)

65-77: LGTM!

Good test for verifying that the helper correctly recurses into dynamic ID mappings and returns the expanded list from getDynamicAttributes().

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/ExternalAuthFilterTest.java (2)

18-24: LGTM!

The test correctly validates that fetchId() concatenates the attribute with "auth". The mock request is appropriately unused if fetchId only uses the attribute parameter.

---

26-49: LGTM!

Good coverage of the filter's boolean flag methods. The tests clearly document the expected behavior of each method.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/TrailingSlashRedirectFilterTest.java (1)

34-77: Good test coverage for filter scenarios.

The tests cover the key branches: trailing slash removal with URI/URL verification, passthrough when no trailing slash, and the ObjectWithMetadata bypass. The use of ArgumentCaptor to verify the wrapped request is appropriate.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/config/SwaggerConfigTest.java (1)

21-92: Comprehensive tests for Swagger configuration.

The setup properly injects dependencies via reflection, and the test methods thoroughly validate the OpenAPI and GroupedOpenApi bean configurations including info, license, servers, and grouped paths.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/filter/DefaultInternalFilterTest.java (2)

43-60: Good test for field removal logic.

This test meaningfully validates the removeNullOrEmptyFieldsInResponse behavior, checking that null fields, empty lists, and nested maps are handled correctly.

---

62-69: The test correctly validates the implementation. The fetchId() method at line 93 in DefaultInternalFilter.java does concatenate attribute directly with OTP_INTERNAL_ID_SUFFIX without a separator, producing "attributeotp.internal". This matches the test assertion exactly.

authentication/authentication-common/src/test/java/io/mosip/authentication/common/service/validator/AuthFiltersValidatorTest.java (1)

50-58: Good test for filter invocation.

The test correctly verifies that all enabled filters are retrieved from the factory and that each filter's validate method is invoked once.