artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 15:27:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature/Use verb DELETE instead of GET at endpoint Revoke Consent v5.1.0

Browse Source
This commit is contained in:
Marko Milić 2023-02-14 12:51:33 +01:00
parent ade541c67f
commit 8e4a6ca900
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala
View File

@ -112,7 +112,7 @@ trait APIMethods510 {
revokeConsentAtBank,
implementedInApiVersion,
nameOf(revokeConsentAtBank),
"GET",
"DELETE",
"/banks/BANK_ID/consents/CONSENT_ID/revoke",
"Revoke Consent at Bank",
s"""
@ -141,7 +141,7 @@ trait APIMethods510 {
)
lazy val revokeConsentAtBank: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "consents" :: consentId :: "revoke" :: Nil JsonGet _ => {
case "banks" :: BankId(bankId) :: "consents" :: consentId :: "revoke" :: Nil JsonDelete _ => {
cc =>
for {
(Full(user), callContext) <- authenticatedAccess(cc)

8
obp-api/src/test/scala/code/api/v5_1_0/ConsentsTest.scala
View File

@ -80,12 +80,12 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
def getConsentRequestUrl(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId).GET<@(user1)
def createConsentByConsentRequestIdEmail(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId/"EMAIL"/"consents").POST<@(user1)
def getConsentByRequestIdUrl(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId/"consents").GET<@(user1)
def revokeConsentUrl(consentId: String) = v5_1_0_Request / "banks" / bankId / "consents" / consentId / "revoke"
def revokeConsentUrl(consentId: String) = (v5_1_0_Request / "banks" / bankId / "consents" / consentId / "revoke").DELETE
feature(s"test $ApiEndpoint6 version $VersionOfApi - Unauthorized access") {
scenario("We will call the endpoint without user credentials", ApiEndpoint6, VersionOfApi) {
When(s"We make a request $ApiEndpoint6")
val response510 = makeGetRequest(revokeConsentUrl("whatever"))
val response510 = makeDeleteRequest(revokeConsentUrl("whatever"))
Then("We should get a 401")
response510.code should equal(401)
response510.body.extract[ErrorMessage].message should equal(UserNotLoggedIn)
@ -94,7 +94,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
feature(s"test $ApiEndpoint6 version $VersionOfApi - Authorized access") {
scenario("We will call the endpoint without user credentials", ApiEndpoint6, VersionOfApi) {
When(s"We make a request $ApiEndpoint1")
val response510 = makeGetRequest(revokeConsentUrl("whatever")<@(user1))
val response510 = makeDeleteRequest(revokeConsentUrl("whatever")<@(user1))
Then("We should get a 403")
response510.code should equal(403)
response510.body.extract[ErrorMessage].message contains (UserHasMissingRoles + CanRevokeConsentAtBank) should be (true)
@ -177,7 +177,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{
// Revoke consent
Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, CanRevokeConsentAtBank.toString)
val response510 = makeGetRequest(revokeConsentUrl(getConsentByRequestResponseJson.consent_id)<@(user1))
val response510 = makeDeleteRequest(revokeConsentUrl(getConsentByRequestResponseJson.consent_id)<@(user1))
Then("We should get a 200")
response510.code should equal(200)