From 590dbe9389e8d8746bbcf30fc8b74d0f4ee81a1b Mon Sep 17 00:00:00 2001
From: elinuxhenrik <henrik.b.andersson@est.tech>
Date: Fri, 3 Feb 2023 09:23:30 +0100
Subject: [PATCH] Add check for same provider registration

Issue-ID: NONRTRIC-814
Signed-off-by: elinuxhenrik <henrik.b.andersson@est.tech>
Change-Id: Iad539945c1c5df75d2e55042bd03edf1afb87944
---
 .../internal/providermanagement/providermanagement.go  | 18 ++++++++++++++++--
 .../providermanagement/providermanagement_test.go      | 15 ++++++++++++---
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/capifcore/internal/providermanagement/providermanagement.go b/capifcore/internal/providermanagement/providermanagement.go
index cb76c3a..6ca4a7c 100644
--- a/capifcore/internal/providermanagement/providermanagement.go
+++ b/capifcore/internal/providermanagement/providermanagement.go
@@ -71,12 +71,17 @@ func (pm *ProviderManager) GetAefsForPublisher(apfId string) []string {
 
 func (pm *ProviderManager) PostRegistrations(ctx echo.Context) error {
 	var newProvider provapi.APIProviderEnrolmentDetails
+	errMsg := "Unable to register provider due to %s"
 	if err := ctx.Bind(&newProvider); err != nil {
-		return sendCoreError(ctx, http.StatusBadRequest, "Invalid format for provider")
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, "invalid format for provider"))
+	}
+
+	if pm.isProviderRegistered(newProvider) {
+		return sendCoreError(ctx, http.StatusForbidden, fmt.Sprintf(errMsg, "provider already registered"))
 	}
 
 	if err := newProvider.Validate(); err != nil {
-		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf("Provider not valid due to %s", err))
+		return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err))
 	}
 
 	pm.prepareNewProvider(&newProvider)
@@ -90,6 +95,15 @@ func (pm *ProviderManager) PostRegistrations(ctx echo.Context) error {
 	return nil
 }
 
+func (pm *ProviderManager) isProviderRegistered(newProvider provapi.APIProviderEnrolmentDetails) bool {
+	for _, prov := range pm.registeredProviders {
+		if newProvider.RegSec == prov.RegSec {
+			return true
+		}
+	}
+	return false
+}
+
 func (pm *ProviderManager) prepareNewProvider(newProvider *provapi.APIProviderEnrolmentDetails) {
 	pm.lock.Lock()
 	defer pm.lock.Unlock()
diff --git a/capifcore/internal/providermanagement/providermanagement_test.go b/capifcore/internal/providermanagement/providermanagement_test.go
index de647fa..010e7c5 100644
--- a/capifcore/internal/providermanagement/providermanagement_test.go
+++ b/capifcore/internal/providermanagement/providermanagement_test.go
@@ -68,6 +68,15 @@ func TestRegisterValidProvider(t *testing.T) {
 	assert.Empty(t, resultProvider.FailReason)
 	assert.Equal(t, "http://example.com/registrations/"+*resultProvider.ApiProvDomId, result.Recorder.Header().Get(echo.HeaderLocation))
 	assert.True(t, managerUnderTest.IsFunctionRegistered("APF_id_rApp_as_APF"))
+
+	// Register same provider again should result in Forbidden
+	result = testutil.NewRequest().Post("/registrations").WithJsonBody(newProvider).Go(t, requestHandler)
+	var errorObj common29122.ProblemDetails
+	assert.Equal(t, http.StatusForbidden, result.Code())
+	err = result.UnmarshalBodyToObject(&errorObj)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.Equal(t, http.StatusForbidden, *errorObj.Status)
+	assert.Contains(t, *errorObj.Cause, "already registered")
 }
 
 func TestUpdateValidProviderWithNewFunction(t *testing.T) {
@@ -170,6 +179,7 @@ func TestUpdateMissingFunction(t *testing.T) {
 	assert.Equal(t, http.StatusBadRequest, result.Code())
 	err := result.UnmarshalBodyToObject(&errorObj)
 	assert.NoError(t, err, "error unmarshaling response")
+	assert.Equal(t, http.StatusBadRequest, *errorObj.Status)
 	assert.Contains(t, *errorObj.Cause, funcIdAPF)
 	assert.Contains(t, *errorObj.Cause, "not registered")
 }
@@ -200,9 +210,8 @@ func TestProviderHandlingValidation(t *testing.T) {
 	var problemDetails common29122.ProblemDetails
 	err := result.UnmarshalBodyToObject(&problemDetails)
 	assert.NoError(t, err, "error unmarshaling response")
-	badRequest := http.StatusBadRequest
-	assert.Equal(t, &badRequest, problemDetails.Status)
-	assert.Contains(t, *problemDetails.Cause, "Provider not valid")
+	assert.Equal(t, http.StatusBadRequest, *problemDetails.Status)
+	assert.Contains(t, *problemDetails.Cause, "missing")
 	assert.Contains(t, *problemDetails.Cause, "regSec")
 }
 
-- 
2.16.6