diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 16fb9e044..de159c2c4 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -112,7 +112,7 @@ trait APIMethods510 { revokeConsentAtBank, implementedInApiVersion, nameOf(revokeConsentAtBank), - "GET", + "DELETE", "/banks/BANK_ID/consents/CONSENT_ID/revoke", "Revoke Consent at Bank", s""" @@ -141,7 +141,7 @@ trait APIMethods510 { ) lazy val revokeConsentAtBank: OBPEndpoint = { - case "banks" :: BankId(bankId) :: "consents" :: consentId :: "revoke" :: Nil JsonGet _ => { + case "banks" :: BankId(bankId) :: "consents" :: consentId :: "revoke" :: Nil JsonDelete _ => { cc => for { (Full(user), callContext) <- authenticatedAccess(cc) diff --git a/obp-api/src/test/scala/code/api/v5_1_0/ConsentsTest.scala b/obp-api/src/test/scala/code/api/v5_1_0/ConsentsTest.scala index 93e9557a8..490baa615 100644 --- a/obp-api/src/test/scala/code/api/v5_1_0/ConsentsTest.scala +++ b/obp-api/src/test/scala/code/api/v5_1_0/ConsentsTest.scala @@ -80,12 +80,12 @@ class ConsentsTest extends V510ServerSetup with PropsReset{ def getConsentRequestUrl(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId).GET<@(user1) def createConsentByConsentRequestIdEmail(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId/"EMAIL"/"consents").POST<@(user1) def getConsentByRequestIdUrl(requestId:String) = (v5_1_0_Request / "consumer"/ "consent-requests"/requestId/"consents").GET<@(user1) - def revokeConsentUrl(consentId: String) = v5_1_0_Request / "banks" / bankId / "consents" / consentId / "revoke" + def revokeConsentUrl(consentId: String) = (v5_1_0_Request / "banks" / bankId / "consents" / consentId / "revoke").DELETE feature(s"test $ApiEndpoint6 version $VersionOfApi - Unauthorized access") { scenario("We will call the endpoint without user credentials", ApiEndpoint6, VersionOfApi) { When(s"We make a request $ApiEndpoint6") - val response510 = makeGetRequest(revokeConsentUrl("whatever")) + val response510 = makeDeleteRequest(revokeConsentUrl("whatever")) Then("We should get a 401") response510.code should equal(401) response510.body.extract[ErrorMessage].message should equal(UserNotLoggedIn) @@ -94,7 +94,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{ feature(s"test $ApiEndpoint6 version $VersionOfApi - Authorized access") { scenario("We will call the endpoint without user credentials", ApiEndpoint6, VersionOfApi) { When(s"We make a request $ApiEndpoint1") - val response510 = makeGetRequest(revokeConsentUrl("whatever")<@(user1)) + val response510 = makeDeleteRequest(revokeConsentUrl("whatever")<@(user1)) Then("We should get a 403") response510.code should equal(403) response510.body.extract[ErrorMessage].message contains (UserHasMissingRoles + CanRevokeConsentAtBank) should be (true) @@ -177,7 +177,7 @@ class ConsentsTest extends V510ServerSetup with PropsReset{ // Revoke consent Entitlement.entitlement.vend.addEntitlement(bankId, resourceUser1.userId, CanRevokeConsentAtBank.toString) - val response510 = makeGetRequest(revokeConsentUrl(getConsentByRequestResponseJson.consent_id)<@(user1)) + val response510 = makeDeleteRequest(revokeConsentUrl(getConsentByRequestResponseJson.consent_id)<@(user1)) Then("We should get a 200") response510.code should equal(200)