mirror of
https://github.com/OpenBankProject/OBP-API.git
synced 2026-02-06 15:56:57 +00:00
Simon Redfern
GitHub
commit
5e22325eff
@ -46,6 +46,7 @@ import code.api.util.APIUtil.ResourceDoc.{findPathVariableNames, isPathVariable}
|
||||
import code.api.util.ApiRole._
|
||||
import code.api.util.ApiTag.{ResourceDocTag, apiTagBank}
|
||||
import code.api.util.BerlinGroupSigning.getCertificateFromTppSignatureCertificate
|
||||
import code.api.util.Consent.getConsumerKey
|
||||
import code.api.util.FutureUtil.{EndpointContext, EndpointTimeout}
|
||||
import code.api.util.Glossary.GlossaryItem
|
||||
import code.api.util.newstyle.ViewNewStyle
|
||||
@ -3019,6 +3020,13 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
|
||||
|
||||
// Identify consumer via certificate
|
||||
val consumerByCertificate = Consent.getCurrentConsumerViaTppSignatureCertOrMtls(callContext = cc)
|
||||
val method = APIUtil.getPropsValue(nameOfProperty = "consumer_validation_method_for_consent", defaultValue = "CONSUMER_CERTIFICATE")
|
||||
val consumerByConsumerKey = getConsumerKey(reqHeaders) match {
|
||||
case Some(consumerKey) if method == "CONSUMER_KEY_VALUE" =>
|
||||
Consumers.consumers.vend.getConsumerByConsumerKey(consumerKey)
|
||||
case None =>
|
||||
Empty
|
||||
}
|
||||
|
||||
val res =
|
||||
if (authHeadersWithEmptyValues.nonEmpty) { // Check Authorization Headers Empty Values
|
||||
@ -3043,12 +3051,12 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
|
||||
// Note: At this point we are getting the Consumer from the Consumer in the Consent.
|
||||
// This may later be cross checked via the value in consumer_validation_method_for_consent.
|
||||
// Get the source of truth for Consumer (e.g. CONSUMER_CERTIFICATE) as early as possible.
|
||||
cc.copy(consumer = consumerByCertificate)
|
||||
cc.copy(consumer = consumerByCertificate.orElse(consumerByConsumerKey))
|
||||
)
|
||||
case _ =>
|
||||
JwtUtil.checkIfStringIsJWTValue(consentValue.getOrElse("")).isDefined match {
|
||||
case true => // It's JWT obtained via "Consent-JWT" request header
|
||||
Consent.applyRules(APIUtil.getConsentJWT(reqHeaders), cc.copy(consumer = consumerByCertificate))
|
||||
Consent.applyRules(APIUtil.getConsentJWT(reqHeaders), cc.copy(consumer = consumerByCertificate.orElse(consumerByConsumerKey)))
|
||||
case false => // Unrecognised consent value
|
||||
Future { (Failure(ErrorMessages.ConsentHeaderValueInvalid), None) }
|
||||
}
|
||||
|
||||
@ -237,7 +237,7 @@ object Consent extends MdcLoggable {
|
||||
}
|
||||
|
||||
private def tppIsConsentHolder(consumerIdFromConsent: String, callContext: CallContext): Boolean = {
|
||||
val consumerIdFromCurrentCall = callContext.consumer.map(_.consumerId.get).getOrElse("None")
|
||||
val consumerIdFromCurrentCall = callContext.consumer.map(_.consumerId.get).orNull
|
||||
consumerIdFromConsent == consumerIdFromCurrentCall
|
||||
}
|
||||
|
||||
@ -416,7 +416,7 @@ object Consent extends MdcLoggable {
|
||||
} catch { // Possible exceptions
|
||||
case e: ParseException => Failure("ParseException: " + e.getMessage)
|
||||
case e: MappingException => Failure("MappingException: " + e.getMessage)
|
||||
case e: Exception => Failure("parsing failed: " + e.getMessage)
|
||||
case e: Exception => Failure(ErrorUtil.extractFailureMessage(e))
|
||||
}
|
||||
case failure@Failure(_, _, _) =>
|
||||
failure
|
||||
@ -473,7 +473,7 @@ object Consent extends MdcLoggable {
|
||||
} catch { // Possible exceptions
|
||||
case e: ParseException => Future(Failure("ParseException: " + e.getMessage), Some(callContext))
|
||||
case e: MappingException => Future(Failure("MappingException: " + e.getMessage), Some(callContext))
|
||||
case e: Exception => Future(Failure("parsing failed: " + e.getMessage), Some(callContext))
|
||||
case e: Exception => Future(Failure(ErrorUtil.extractFailureMessage(e)), Some(callContext))
|
||||
}
|
||||
case failure@Failure(_, _, _) =>
|
||||
Future(failure, Some(callContext))
|
||||
|
||||
@ -3542,11 +3542,11 @@ trait APIMethods310 {
|
||||
}
|
||||
)
|
||||
}
|
||||
(consumerId, applicationText) <- consentJson.consumer_id match {
|
||||
(consumerId, applicationText, consumer) <- consentJson.consumer_id match {
|
||||
case Some(id) => NewStyle.function.checkConsumerByConsumerId(id, callContext) map {
|
||||
c => (Some(c.consumerId.get), c.description)
|
||||
c => (Some(c.consumerId.get), c.description, Some(c))
|
||||
}
|
||||
case None => Future(None, "Any application")
|
||||
case None => Future(None, "Any application", None)
|
||||
}
|
||||
|
||||
|
||||
@ -3554,7 +3554,7 @@ trait APIMethods310 {
|
||||
case Props.RunModes.Test => Consent.challengeAnswerAtTestEnvironment
|
||||
case _ => SecureRandomUtil.numeric()
|
||||
}
|
||||
createdConsent <- Future(Consents.consentProvider.vend.createObpConsent(user, challengeAnswer, None)) map {
|
||||
createdConsent <- Future(Consents.consentProvider.vend.createObpConsent(user, challengeAnswer, None, consumer)) map {
|
||||
i => connectorEmptyResponse(i, callContext)
|
||||
}
|
||||
consentJWT =
|
||||
|
||||
@ -57,6 +57,8 @@ class ConsentTest extends V310ServerSetup {
|
||||
object VersionOfApi2 extends Tag(ApiVersion.v3_0_0.toString)
|
||||
object ApiEndpoint3 extends Tag(nameOf(APIMethods300.Implementations3_0_0.getUserByUserId))
|
||||
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
lazy val bankId = randomBankId
|
||||
lazy val bankAccount = randomPrivateAccount(bankId)
|
||||
lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString()))
|
||||
@ -140,7 +142,7 @@ class ConsentTest extends V310ServerSetup {
|
||||
// Create a consent as the user1.
|
||||
// Must fail because we try to assign a role other that user already have access to the request
|
||||
val request400 = (v3_1_0_Request / "banks" / bankId / "my" / "consents" / "EMAIL").POST <@ (user1)
|
||||
val response400 = makePostRequest(request400, write(postConsentEmailJsonV310))
|
||||
val response400 = makePostRequest(request400, write(postConsentEmailJsonV310), validHeaderConsumerKey)
|
||||
Then("We should get a 400")
|
||||
response400.code should equal(400)
|
||||
response400.body.extract[ErrorMessage].message should equal(RolesAllowedInConsent)
|
||||
@ -148,7 +150,7 @@ class ConsentTest extends V310ServerSetup {
|
||||
Then("We grant the role and test it again")
|
||||
Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, CanGetAnyUser.toString)
|
||||
// Create a consent as the user1. The consent is in status INITIATED
|
||||
val secondResponse400 = makePostRequest(request400, write(postConsentEmailJsonV310))
|
||||
val secondResponse400 = makePostRequest(request400, write(postConsentEmailJsonV310), validHeaderConsumerKey)
|
||||
Then("We should get a 201")
|
||||
secondResponse400.code should equal(201)
|
||||
|
||||
@ -158,7 +160,7 @@ class ConsentTest extends V310ServerSetup {
|
||||
|
||||
// Make a request with the consent which is NOT in status ACCEPTED
|
||||
val requestGetUserByUserId400 = (v3_1_0_Request / "users" / "current").GET
|
||||
val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header)
|
||||
val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header ::: validHeaderConsumerKey)
|
||||
APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match {
|
||||
case true =>
|
||||
// Due to the wrong status of the consent the request must fail
|
||||
@ -175,16 +177,15 @@ class ConsentTest extends V310ServerSetup {
|
||||
// Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE"
|
||||
// Due to missing value the request must fail
|
||||
makeGetRequest(requestGetUserByUserId400, header)
|
||||
.body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE"
|
||||
// Due to non existing value the request must fail
|
||||
val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE"))
|
||||
makeGetRequest(requestGetUserByUserId400, header ::: headerConsumerKey)
|
||||
.body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: EXISTING_VALUE"
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
val response = makeGetRequest((v3_1_0_Request / "users" / "current").GET, header ::: validHeaderConsumerKey)
|
||||
val user = response.body.extract[UserJsonV300]
|
||||
val assignedEntitlements: Seq[PostConsentEntitlementJsonV310] = user.entitlements.list.flatMap(
|
||||
@ -237,7 +238,7 @@ class ConsentTest extends V310ServerSetup {
|
||||
|
||||
// Make a request with the consent which is NOT in status ACCEPTED
|
||||
val requestGetUserByUserId400 = (v3_1_0_Request / "users" / "current").GET
|
||||
val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header)
|
||||
val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header ::: validHeaderConsumerKey)
|
||||
APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match {
|
||||
case true =>
|
||||
// Due to the wrong status of the consent the request must fail
|
||||
@ -254,13 +255,13 @@ class ConsentTest extends V310ServerSetup {
|
||||
// Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE"
|
||||
// Due to missing value the request must fail
|
||||
makeGetRequest(requestGetUserByUserId400, header)
|
||||
.body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE"
|
||||
// Due to non existing value the request must fail
|
||||
val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE"))
|
||||
makeGetRequest(requestGetUserByUserId400, header ::: headerConsumerKey)
|
||||
.body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: EXISTING_VALUE"
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
@ -61,7 +61,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
scenario("We will call the endpoint with user credentials", ApiEndpoint1, VersionOfApi) {
|
||||
When("We make a request v4.0.0")
|
||||
val request310 = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ user1
|
||||
val response310 = makePostRequest(request310, "", ("Force-Error", "OBP-20006"))
|
||||
val response310 = makePostRequest(request310, "", List(("Force-Error", "OBP-20006")))
|
||||
Then("We should get a 403")
|
||||
response310.code should equal(403)
|
||||
val errorMsg = UserHasMissingRoles + canCreateCustomer + " or " + canCreateCustomerAtAnyBank
|
||||
@ -92,7 +92,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error", "OBP-20006"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error", "OBP-20006")))
|
||||
|
||||
Then("We should get a 401")
|
||||
response.code should equal(401)
|
||||
@ -104,7 +104,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request / "save").POST
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error", "OBP-20006"))
|
||||
val response = makePostRequest(request, correctUser, List(("Force-Error", "OBP-20006")))
|
||||
|
||||
Then("We should get a 401")
|
||||
response.code should equal(401)
|
||||
@ -207,7 +207,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", "Force-Error" -> "OBP-xxxx")
|
||||
val response = makePostRequest(request, "", List(("Force-Error" -> "OBP-xxxx")))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -220,7 +220,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", ("Force-Error", "OBP-20009"))
|
||||
val response = makePostRequest(request, "", List(("Force-Error", "OBP-20009")))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -233,7 +233,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", ("Force-Error", "OBP-20006"), ("Response-Code", "not_integer"))
|
||||
val response = makePostRequest(request, "", List(("Force-Error", "OBP-20006"), ("Response-Code", "not_integer")))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -246,7 +246,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", ("Force-Error", "OBP-20006"))
|
||||
val response = makePostRequest(request, "", List(("Force-Error", "OBP-20006")))
|
||||
Then("We should get a 403")
|
||||
response.code should equal(403)
|
||||
val validation = response.body
|
||||
@ -261,7 +261,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", ("Force-Error", "OBP-20006"), ("Response-Code", "444"))
|
||||
val response = makePostRequest(request, "", List(("Force-Error", "OBP-20006"), ("Response-Code", "444")))
|
||||
Then("We should get a 444")
|
||||
response.code should equal(444)
|
||||
val validation = response.body
|
||||
@ -277,7 +277,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
addEntitlement(canCreateCustomer, bankId)
|
||||
When("We make a request v4.0.0")
|
||||
val request = (v4_0_0_Request / "banks" / bankId / "customers").POST <@ (user1)
|
||||
val response = makePostRequest(request, "", ("Force-Error", "OBP-20006"))
|
||||
val response = makePostRequest(request, "", List(("Force-Error", "OBP-20006")))
|
||||
Then("We should not get a 403")
|
||||
response.code should not equal(403)
|
||||
val validation = response.body
|
||||
@ -415,7 +415,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-xxxx"))
|
||||
val response = makePostRequest(request, correctFooBar, List((("Force-Error" -> "OBP-xxxx"))))
|
||||
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
@ -431,7 +431,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-20009"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error" -> "OBP-20009")))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -446,7 +446,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-20006"), ("Response-Code" -> "not_integer"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error" -> "OBP-20006"), ("Response-Code" -> "not_integer")))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -461,7 +461,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-20006"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error" -> "OBP-20006")))
|
||||
Then("We should get a 403")
|
||||
response.code should equal(403)
|
||||
val validation = response.body
|
||||
@ -478,7 +478,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-20006"), ("Response-Code" -> "444"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error" -> "OBP-20006"), ("Response-Code" -> "444")))
|
||||
Then("We should get a 444")
|
||||
response.code should equal(444)
|
||||
val validation = response.body
|
||||
@ -496,7 +496,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEntity_Request / "FooBar").POST <@ user1
|
||||
val response = makePostRequest(request, correctFooBar, ("Force-Error" -> "OBP-20006"))
|
||||
val response = makePostRequest(request, correctFooBar, List(("Force-Error" -> "OBP-20006")))
|
||||
Then("We should not get a 403")
|
||||
response.code should not equal(403)
|
||||
val validation = response.body
|
||||
@ -517,7 +517,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-xxxx"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-xxxx"))
|
||||
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
@ -534,7 +534,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-20009"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-20009"))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -550,7 +550,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-20006"), ("Response-Code" -> "not_integer"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-20006", "Response-Code" -> "not_integer"))
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
val validation = response.body
|
||||
@ -566,7 +566,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-20006"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-20006"))
|
||||
Then("We should get a 403")
|
||||
response.code should equal(403)
|
||||
val validation = response.body
|
||||
@ -584,7 +584,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-20006"), ("Response-Code" -> "444"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-20006", "Response-Code" -> "444"))
|
||||
Then("We should get a 444")
|
||||
response.code should equal(444)
|
||||
val validation = response.body
|
||||
@ -603,7 +603,7 @@ class ForceErrorValidationTest extends V400ServerSetup with PropsReset {
|
||||
|
||||
When("We make a request v4.0.0")
|
||||
val request = (dynamicEndpoint_Request/ "save").POST <@ user1
|
||||
val response = makePostRequest(request, correctUser, ("Force-Error" -> "OBP-20006"))
|
||||
val response = makePostRequest(request, correctUser, List("Force-Error" -> "OBP-20006"))
|
||||
Then("We should not get a 403")
|
||||
response.code should not equal(403)
|
||||
val validation = response.body
|
||||
|
||||
@ -25,11 +25,11 @@ TESOBE (http://www.tesobe.com/)
|
||||
*/
|
||||
package code.api.v5_0_0
|
||||
|
||||
import code.api.Constant
|
||||
import code.api.{Constant, RequestHeader}
|
||||
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
|
||||
import code.api.util.APIUtil.OAuth._
|
||||
import code.api.util.ApiRole._
|
||||
import code.api.util.Consent
|
||||
import code.api.util.{APIUtil, Consent}
|
||||
import code.api.util.ErrorMessages._
|
||||
import code.api.v3_1_0.{PostConsentChallengeJsonV310, PostConsentEntitlementJsonV310}
|
||||
import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0
|
||||
@ -73,9 +73,11 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
address = testAccountId1.value), Constant.SYSTEM_OWNER_VIEW_ID))
|
||||
lazy val postConsentRequestJson = SwaggerDefinitionsJSON.postConsentRequestJsonV500
|
||||
.copy(entitlements=Some(entitlements))
|
||||
.copy(consumer_id=None)
|
||||
.copy(consumer_id=Some(testConsumer.consumerId.get))
|
||||
.copy(bank_id=Some(bankId))
|
||||
.copy(account_access=accountAccess)
|
||||
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
val createConsentRequestWithoutLoginUrl = (v5_0_0_Request / "consumer" / "consent-requests")
|
||||
val createConsentRequestUrl = (v5_0_0_Request / "consumer"/ "consent-requests").POST<@(user1)
|
||||
@ -117,9 +119,9 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
val consentId = createConsentByRequestResponse.body.extract[ConsentJsonV500].consent_id
|
||||
val consentJwt = createConsentByRequestResponse.body.extract[ConsentJsonV500].jwt
|
||||
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val requestWhichFails = (v5_0_0_Request / "users").GET
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey)
|
||||
Then("We get 401 error")
|
||||
responseWhichFails.code should equal(401)
|
||||
responseWhichFails.body.toString contains(ConsentStatusIssue) shouldBe(true)
|
||||
@ -145,7 +147,7 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-JWT:SOME_VALUE"
|
||||
val consentRequestHeader = (s"Consent-JWT", getConsentByRequestResponseJson.jwt)
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader))
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsers.code should equal(200)
|
||||
val users = responseGetUsers.body.extract[UsersJsonV400].users
|
||||
@ -153,7 +155,7 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-Id:SOME_VALUE"
|
||||
val consentIdRequestHeader = (s"Consent-Id", getConsentByRequestResponseJson.consent_id)
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader))
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsersSecond.code should equal(200)
|
||||
val usersSecond = responseGetUsersSecond.body.extract[UsersJsonV400].users
|
||||
@ -192,7 +194,7 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
val consentId = createConsentByRequestResponse.body.extract[ConsentJsonV500].consent_id
|
||||
val consentJwt = createConsentByRequestResponse.body.extract[ConsentJsonV500].jwt
|
||||
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val requestWhichFails = (v5_0_0_Request / "users").GET
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
|
||||
Then("We get successful response")
|
||||
@ -219,7 +221,7 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-JWT:SOME_VALUE"
|
||||
val consentRequestHeader = (s"Consent-JWT", getConsentByRequestResponseJson.jwt)
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader))
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsers.code should equal(200)
|
||||
val users = responseGetUsers.body.extract[UsersJsonV400].users
|
||||
@ -227,7 +229,7 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-Id:SOME_VALUE"
|
||||
val consentIdRequestHeader = (s"Consent-Id", getConsentByRequestResponseJson.consent_id)
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader))
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsersSecond.code should equal(200)
|
||||
val usersSecond = responseGetUsersSecond.body.extract[UsersJsonV400].users
|
||||
|
||||
@ -58,6 +58,8 @@ class ConsentObpTest extends V510ServerSetup {
|
||||
object VersionOfApi2 extends Tag(ApiVersion.v3_0_0.toString)
|
||||
object GetUserByUserId extends Tag(nameOf(APIMethods300.Implementations3_0_0.getUserByUserId))
|
||||
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
lazy val bankId = randomBankId
|
||||
lazy val bankAccount = randomPrivateAccount(bankId)
|
||||
lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString()))
|
||||
@ -111,7 +113,7 @@ class ConsentObpTest extends V510ServerSetup {
|
||||
// Create a consent as the user1.
|
||||
// Must fail because we try to assign a role other that user already have access to the request
|
||||
val request = (v5_1_0_Request / "my" / "consents" / "IMPLICIT").POST <@ (user1)
|
||||
val response = makePostRequest(request, write(postConsentImplicitJsonV310))
|
||||
val response = makePostRequest(request, write(postConsentImplicitJsonV310), validHeaderConsumerKey)
|
||||
Then("We should get a 400")
|
||||
response.code should equal(400)
|
||||
response.body.extract[ErrorMessage].message should equal(RolesAllowedInConsent)
|
||||
@ -119,7 +121,7 @@ class ConsentObpTest extends V510ServerSetup {
|
||||
Then("We grant the role and test it again")
|
||||
Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, CanGetAnyUser.toString)
|
||||
// Create a consent as the user1. The consent is in status INITIATED
|
||||
val secondResponse = makePostRequest(request, write(postConsentImplicitJsonV310))
|
||||
val secondResponse = makePostRequest(request, write(postConsentImplicitJsonV310), validHeaderConsumerKey)
|
||||
Then("We should get a 201")
|
||||
secondResponse.code should equal(201)
|
||||
|
||||
@ -129,7 +131,7 @@ class ConsentObpTest extends V510ServerSetup {
|
||||
|
||||
// Make a request with the consent which is NOT in status ACCEPTED
|
||||
val requestGetUserByUserId = (v5_1_0_Request / "users" / "current").GET
|
||||
val responseGetUserByUserId = makeGetRequest(requestGetUserByUserId, header)
|
||||
val responseGetUserByUserId = makeGetRequest(requestGetUserByUserId, header ::: validHeaderConsumerKey)
|
||||
APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match {
|
||||
case true =>
|
||||
// Due to the wrong status of the consent the request must fail
|
||||
@ -146,16 +148,15 @@ class ConsentObpTest extends V510ServerSetup {
|
||||
// Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE"
|
||||
// Due to missing value the request must fail
|
||||
makeGetRequest(requestGetUserByUserId, header)
|
||||
.body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE"
|
||||
// Due to non existing value the request must fail
|
||||
val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE"))
|
||||
makeGetRequest(requestGetUserByUserId, header ::: headerConsumerKey)
|
||||
.body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer)
|
||||
.body.extract[ErrorMessage].message should include(ConsentNotFound)
|
||||
|
||||
// Make a request WITH the request header "Consumer-Key: EXISTING_VALUE"
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
val response2 = makeGetRequest((v5_1_0_Request / "users" / "current").GET, header ::: validHeaderConsumerKey)
|
||||
val user = response2.body.extract[UserJsonV300]
|
||||
val assignedEntitlements: Seq[PostConsentEntitlementJsonV310] = user.entitlements.list.flatMap(
|
||||
|
||||
@ -25,7 +25,7 @@ TESOBE (http://www.tesobe.com/)
|
||||
*/
|
||||
package code.api.v5_1_0
|
||||
|
||||
import code.api.Constant
|
||||
import code.api.{Constant, RequestHeader}
|
||||
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
|
||||
import code.api.util.APIUtil.OAuth._
|
||||
import code.api.util.ApiRole._
|
||||
@ -81,12 +81,14 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
|
||||
address = testAccountId1.value), Constant.SYSTEM_OWNER_VIEW_ID))
|
||||
lazy val postConsentRequestJsonV310 = SwaggerDefinitionsJSON.postConsentRequestJsonV500
|
||||
.copy(entitlements=Some(entitlements))
|
||||
.copy(consumer_id=None)
|
||||
.copy(consumer_id=Some(testConsumer.consumerId.get))
|
||||
.copy(bank_id=Some(bankId))
|
||||
.copy(account_access=accountAccess)
|
||||
|
||||
lazy val consentStatus = PutConsentStatusJsonV400(status = "AUTHORISED")
|
||||
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
val createConsentRequestWithoutLoginUrl = (v5_1_0_Request / "consumer" / "consent-requests")
|
||||
val createConsentRequestUrl = (v5_1_0_Request / "consumer"/ "consent-requests").POST<@(user1)
|
||||
def getConsentRequestUrl(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId).GET<@(user1)
|
||||
@ -310,7 +312,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
|
||||
val consentId = createConsentByRequestResponse.body.extract[ConsentJsonV500].consent_id
|
||||
val consentJwt = createConsentByRequestResponse.body.extract[ConsentJsonV500].jwt
|
||||
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val requestWhichFails = (v5_1_0_Request / "users").GET
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
|
||||
Then("We get successful response")
|
||||
@ -345,7 +347,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-JWT:SOME_VALUE"
|
||||
val consentRequestHeader = (s"Consent-JWT", getConsentByRequestResponseJson.jwt)
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader))
|
||||
val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsers.code should equal(200)
|
||||
val users = responseGetUsers.body.extract[UsersJsonV400].users
|
||||
@ -353,7 +355,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
|
||||
|
||||
// Test Request Header "Consent-Id:SOME_VALUE"
|
||||
val consentIdRequestHeader = (s"Consent-Id", getConsentByRequestResponseJson.consent_id)
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader))
|
||||
val responseGetUsersSecond = makeGetRequest(requestGetUsers, List(consentIdRequestHeader) ::: validHeaderConsumerKey)
|
||||
Then("We get successful response")
|
||||
responseGetUsersSecond.code should equal(200)
|
||||
val usersSecond = responseGetUsersSecond.body.extract[UsersJsonV400].users
|
||||
|
||||
@ -25,6 +25,7 @@ TESOBE (http://www.tesobe.com/)
|
||||
*/
|
||||
package code.api.v5_1_0
|
||||
|
||||
import code.api.RequestHeader
|
||||
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON
|
||||
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.{accountRoutingJsonV121, bankRoutingJsonV121, branchRoutingJsonV141, postCounterpartyLimitV510}
|
||||
import code.api.v5_0_0.ConsentJsonV500
|
||||
@ -73,7 +74,7 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
object ApiEndpoint7 extends Tag(nameOf(Implementations4_0_0.createTransactionRequestCounterparty))
|
||||
|
||||
|
||||
|
||||
val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN")))
|
||||
|
||||
val createVRPConsentRequestWithoutLoginUrl = (v5_1_0_Request / "consumer" / "vrp-consent-requests")
|
||||
val createVRPConsentRequestUrl = (v5_1_0_Request / "consumer"/ "vrp-consent-requests").POST<@(user1)
|
||||
@ -180,9 +181,9 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
accountAccess.get.account_id should equal(fromAccountJson.account_routing.address)
|
||||
accountAccess.get.view_id contains("_vrp-") shouldBe( true)
|
||||
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val requestWhichFails = (v5_1_0_Request / "my"/ "accounts").GET
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey)
|
||||
Then("We get 401 error")
|
||||
responseWhichFails.code should equal(401)
|
||||
responseWhichFails.body.toString contains(ConsentStatusIssue) shouldBe(true)
|
||||
@ -205,7 +206,7 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
|
||||
|
||||
val requestGetMyAccounts = (v5_1_0_Request / "my"/ "accounts").GET
|
||||
val responseGetMyAccounts = makeGetRequest(requestGetMyAccounts, List((s"Consent-JWT", consentJwt)))
|
||||
val responseGetMyAccounts = makeGetRequest(requestGetMyAccounts, List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey)
|
||||
Then("We get 200 and proper response")
|
||||
responseGetMyAccounts.code should equal(200)
|
||||
responseGetMyAccounts.body.extract[CoreAccountsJsonV300].accounts.length > 0 shouldBe(true)
|
||||
@ -227,7 +228,7 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
future_date = None,
|
||||
None,
|
||||
)
|
||||
val response = makePostRequest(createTransReqRequest, write(transactionRequestBodyCounterparty), (s"Consent-JWT", consentJwt))
|
||||
val response = makePostRequest(createTransReqRequest, write(transactionRequestBodyCounterparty), List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey)
|
||||
response.code shouldBe(201)
|
||||
response.body.extract[TransactionRequestWithChargeJSON400].status shouldBe("COMPLETED")
|
||||
}
|
||||
@ -262,7 +263,7 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
accountAccess.get.view_id contains("_vrp-") shouldBe( true)
|
||||
|
||||
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val requestWhichFails = (v5_1_0_Request / "my"/ "accounts").GET
|
||||
val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
|
||||
Then("We get successful response")
|
||||
@ -338,8 +339,8 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
future_date = None,
|
||||
None,
|
||||
)
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
val response = makePostRequest(createTransReqRequest, write(transactionRequestBodyCounterparty), (s"Consent-JWT", consentJwt))
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val response = makePostRequest(createTransReqRequest, write(transactionRequestBodyCounterparty), List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey)
|
||||
response.code shouldBe(400)
|
||||
response.body.extract[ErrorMessage].message contains(CounterpartyLimitValidationError) shouldBe (true)
|
||||
response.body.extract[ErrorMessage].message contains("max_single_amount") shouldBe(true)
|
||||
@ -348,13 +349,13 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
val response1 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","3"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response1.code shouldBe(201)
|
||||
val response2 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","9"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt) ) ::: validHeaderConsumerKey
|
||||
)
|
||||
|
||||
response2.body.extract[ErrorMessage].message contains(CounterpartyLimitValidationError) shouldBe (true)
|
||||
@ -364,14 +365,14 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
val response3 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response3.code shouldBe(201)
|
||||
|
||||
val response4 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response4.code shouldBe(400)
|
||||
|
||||
@ -433,17 +434,17 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
future_date = None,
|
||||
None,
|
||||
)
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
val response1 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","3"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response1.code shouldBe(201)
|
||||
val response2 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","9"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response2.body.extract[ErrorMessage].message contains(CounterpartyLimitValidationError) shouldBe (true)
|
||||
response2.body.extract[ErrorMessage].message contains("max_yearly_amount") shouldBe(true)
|
||||
@ -452,14 +453,14 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
val response3 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response3.code shouldBe(201)
|
||||
|
||||
val response4 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response4.code shouldBe(400)
|
||||
|
||||
@ -521,18 +522,18 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
future_date = None,
|
||||
None
|
||||
)
|
||||
setPropsValues("consumer_validation_method_for_consent"->"NONE")
|
||||
setPropsValues("consumer_validation_method_for_consent"->"CONSUMER_KEY_VALUE")
|
||||
//("we try the max_monthly_amount limit (11 euros) . now we transfer 9 euro first. then 9 euros, we will get the error")
|
||||
val response1 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","3"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List( (s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response1.code shouldBe(201)
|
||||
val response2 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","9"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
|
||||
response2.body.extract[ErrorMessage].message contains(CounterpartyLimitValidationError) shouldBe (true)
|
||||
@ -542,14 +543,14 @@ class VRPConsentRequestTest extends V510ServerSetup with PropsReset{
|
||||
val response3 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response3.code shouldBe(201)
|
||||
|
||||
val response4 = makePostRequest(
|
||||
createTransReqRequest,
|
||||
write(transactionRequestBodyCounterparty.copy(value=AmountOfMoneyJsonV121("EUR","2"))),
|
||||
(s"Consent-JWT", consentJwt)
|
||||
List((s"Consent-JWT", consentJwt)) ::: validHeaderConsumerKey
|
||||
)
|
||||
response4.code shouldBe(400)
|
||||
|
||||
|
||||
@ -211,9 +211,9 @@ trait SendServerRequests {
|
||||
/**
|
||||
*this method does a POST request given a URL, a JSON
|
||||
*/
|
||||
def makePostRequest(req: Req, json: String, headers: (String, String) *): APIResponse = {
|
||||
def makePostRequest(req: Req, json: String, headers: List[(String, String)] = Nil): APIResponse = {
|
||||
val extra_headers = Map( "Content-Type" -> "application/json",
|
||||
"Accept" -> "application/json") ++ headers.toMap
|
||||
"Accept" -> "application/json") ++ headers
|
||||
val reqData = extractParamsAndHeaders(req.POST, json, "UTF-8", extra_headers)
|
||||
val jsonReq = createRequest(reqData)
|
||||
getAPIResponse(jsonReq)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user