diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index d7cbacae0..54cbd9297 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -4336,5 +4336,12 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ .map(_.split("::::")) .filter(_.length == 2) .map(a =>(a.apply(0),a.apply(1))).toSet + + /** + * We support the `::::` as the delimiter in UserAuthContext, so we need a guard for it. + * @param value + * @return + */ + def `checkIfContains::::` (value: String) = value.contains("::::") } diff --git a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala index a99363010..07b82dea7 100644 --- a/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala +++ b/obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala @@ -1734,6 +1734,8 @@ trait APIMethods200 { _ <- tryo(assert(isValidID(bankId.value)))?~! ErrorMessages.InvalidBankIdFormat (bank, callContext ) <- BankX(bankId, Some(cc)) ?~! BankNotFound postedData <- tryo{json.extract[CreateCustomerJson]} ?~! ErrorMessages.InvalidJsonFormat + _ <- Helper.booleanToBox( + !`checkIfContains::::` (postedData.customer_number), s"$InvalidJsonFormat customer_number can not contain `::::` characters") requiredEntitlements = canCreateCustomer :: canCreateUserCustomerLink :: Nil diff --git a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala index c611a5d6f..4c2d5dadb 100644 --- a/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala +++ b/obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala @@ -1352,6 +1352,8 @@ trait APIMethods210 { _ <- tryo(assert(isValidID(bankId.value)))?~! InvalidBankIdFormat (bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {BankNotFound} postedData <- tryo{json.extract[PostCustomerJsonV210]} ?~! InvalidJsonFormat + _ <- Helper.booleanToBox( + !`checkIfContains::::` (postedData.customer_number), s"$InvalidJsonFormat customer_number can not contain `::::` characters") _ <- NewStyle.function.hasAllEntitlements(bankId.value, u.userId, createCustomerEntitlementsRequiredForSpecificBank, createCustomerEntitlementsRequiredForAnyBank, callContext) _ <- tryo(assert(CustomerX.customerProvider.vend.checkCustomerNumberAvailable(bankId, postedData.customer_number) == true)) ?~! CustomerNumberAlreadyExists user_id <- tryo (if (postedData.user_id.nonEmpty) postedData.user_id else u.userId) ?~! s"Problem getting user_id" diff --git a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala index 0c3f8fb1b..b7e1507b6 100644 --- a/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala +++ b/obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala @@ -440,6 +440,8 @@ trait APIMethods220 { bank <- tryo{ json.extract[BankJSONV220] } ?~! ErrorMessages.InvalidJsonFormat _ <- Helper.booleanToBox( bank.id.length > 5,s"$InvalidJsonFormat Min length of BANK_ID should be 5 characters.") + _ <- Helper.booleanToBox( + !`checkIfContains::::` (bank.id), s"$InvalidJsonFormat BANK_ID can not contain `::::` characters") u <- cc.user ?~!ErrorMessages.UserNotLoggedIn consumer <- cc.consumer ?~! ErrorMessages.InvalidConsumerCredentials _ <- NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canCreateBank, cc.callContext) diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index 51eeb8b71..132cb1447 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -4007,6 +4007,10 @@ trait APIMethods400 { !bank.id.contains(" ") } + _ <- Helper.booleanToFuture(failMsg = s"$InvalidJsonFormat BANK_ID can not contain `::::` characters", cc=cc.callContext) { + !`checkIfContains::::` (bank.id) + } + (success, callContext) <- NewStyle.function.createOrUpdateBank( bank.id, bank.full_name, diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 5f53ff19e..c4a067a64 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -158,6 +158,9 @@ trait APIMethods500 { _ <- Helper.booleanToFuture(failMsg = s"$InvalidJsonFormat BANK_ID can not contain space characters", cc=cc.callContext) { !bank.id.contains(" ") } + _ <- Helper.booleanToFuture(failMsg = s"$InvalidJsonFormat BANK_ID can not contain `::::` characters", cc=cc.callContext) { + !`checkIfContains::::`(bank.id.getOrElse("")) + } (banks, callContext) <- NewStyle.function.getBanks(cc.callContext) _ <- Helper.booleanToFuture(failMsg = ErrorMessages.bankIdAlreadyExists, cc=cc.callContext) { !banks.exists { b => Some(b.bankId.value) == bank.id } @@ -1012,6 +1015,10 @@ trait APIMethods500 { postedData.dependants.getOrElse(0) == postedData.dob_of_dependants.getOrElse(Nil).length } customerNumber = postedData.customer_number.getOrElse(Random.nextInt(Integer.MAX_VALUE).toString) + + _ <- Helper.booleanToFuture(failMsg = s"$InvalidJsonFormat customer_number can not contain `::::` characters", cc=cc.callContext) { + !`checkIfContains::::` (customerNumber) + } (_, callContext) <- NewStyle.function.checkCustomerNumberAvailable(bankId, customerNumber, cc.callContext) (customer, callContext) <- NewStyle.function.createCustomerC2( bankId,