bugfix/Fix Berlin Group error codes

2026-02-06 16:16:47 +00:00 · 2025-05-07 11:06:26 +02:00 · 2025-05-07 11:06:26 +02:00 · c1c5230498
commit c1c5230498
parent eb35680a6f
7 changed files with 16 additions and 15 deletions
--- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala
+++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala
@ -248,7 +248,7 @@ recurringIndicator:
             (Full(user), callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Aisp(callContext)
             _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-               unboxFullOrFail(_, callContext, ConsentNotFound)
+               unboxFullOrFail(_, callContext, ConsentNotFound, 403)
             }
             _ <- Future(Consents.consentProvider.vend.revokeBerlinGroupConsent(consentId)) map {
               i => connectorEmptyResponse(i, callContext)
@ -752,7 +752,7 @@ This method returns the SCA status of a consent initiation's authorisation sub-r
             (_, callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Aisp(callContext)
             _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-               unboxFullOrFail(_, callContext, s"$ConsentNotFound ($consentId)")
+               unboxFullOrFail(_, callContext, s"$ConsentNotFound ($consentId)", 403)
             }
             (challenges, callContext) <-  NewStyle.function.getChallengesByConsentId(consentId, callContext)
           } yield {
@ -787,7 +787,7 @@ This method returns the SCA status of a consent initiation's authorisation sub-r
             (Full(u), callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Aisp(callContext)
             consent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-               unboxFullOrFail(_, callContext, ConsentNotFound)
+               unboxFullOrFail(_, callContext, ConsentNotFound, 403)
             }
           } yield {
             val status = consent.status
@ -1134,7 +1134,7 @@ using the extended forms as indicated above.
             (Full(u), callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Aisp(callContext)
             consent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-               unboxFullOrFail(_, callContext, ConsentNotFound)
+               unboxFullOrFail(_, callContext, ConsentNotFound, 403)
              }
             (challenges, callContext) <- NewStyle.function.createChallengesC2(
               List(u.userId),
@ -1297,7 +1297,7 @@ Maybe in a later version the access path will change.
             (Full(u), callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Aisp(callContext)
             _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-               unboxFullOrFail(_, callContext, ConsentNotFound)
+               unboxFullOrFail(_, callContext, ConsentNotFound, 403)
             }
             failMsg = s"$InvalidJsonFormat The Json body should be the $TransactionAuthorisation "
             updateJson <- NewStyle.function.tryons(failMsg, 400, callContext) {
--- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala
+++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala
@ -260,7 +260,7 @@ This method returns the SCA status of a signing basket's authorisation sub-resou
             (Full(u), callContext) <- authenticatedAccess(cc)
             _ <- passesPsd2Pisp(callContext)
             _ <- Future(SigningBasketX.signingBasketProvider.vend.getSigningBasketByBasketId(basketId)) map {
-               unboxFullOrFail(_, callContext, s"$ConsentNotFound ($basketId)")
+               unboxFullOrFail(_, callContext, s"$ConsentNotFound ($basketId)", 403)
             }
             (challenges, callContext) <- NewStyle.function.getChallengesByBasketId(basketId, callContext)
           } yield {
--- a/obp-api/src/main/scala/code/api/util/APIUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@ -3001,12 +3001,12 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
    val res =
      if (authHeadersWithEmptyValues.nonEmpty) { // Check Authorization Headers Empty Values
        val message = ErrorMessages.EmptyRequestHeaders + s"Header names: ${authHeadersWithEmptyValues.mkString(", ")}"
-        Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), None) }
+        Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), Some(cc)) }
      } else if (authHeadersWithEmptyNames.nonEmpty) { // Check Authorization Headers Empty Names
        val message = ErrorMessages.EmptyRequestHeaders + s"Header values: ${authHeadersWithEmptyNames.mkString(", ")}"
-        Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), None) }
+        Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), Some(cc)) }
      } else if (authHeaders.size > 1) { // Check Authorization Headers ambiguity
-        Future { (Failure(ErrorMessages.AuthorizationHeaderAmbiguity + s"${authHeaders}"), None) }
+        Future { (Failure(ErrorMessages.AuthorizationHeaderAmbiguity + s"${authHeaders}"), Some(cc)) }
      } else if (APIUtil.`hasConsent-ID`(reqHeaders)) { // Berlin Group's Consent
        Consent.applyBerlinGroupRules(APIUtil.`getConsent-ID`(reqHeaders), cc.copy(consumer = consumerByCertificate))
      } else if (APIUtil.hasConsentJWT(reqHeaders)) { // Open Bank Project's Consent
--- a/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala
+++ b/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala
@ -69,8 +69,6 @@ object BerlinGroupError {
      case "401" if message.contains("OBP-35018") => "CONSENT_INVALID"
      case "401" if message.contains("OBP-35005") => "CONSENT_INVALID"

-      case "403" if message.contains("OBP-35001") => "CONSENT_UNKNOWN"
-
      case "401" if message.contains("OBP-20300") => "CERTIFICATE_BLOCKED"
      case "401" if message.contains("OBP-20312") => "CERTIFICATE_INVALID"
      case "401" if message.contains("OBP-20300") => "CERTIFICATE_INVALID"
@ -80,6 +78,7 @@ object BerlinGroupError {

      case "400" if message.contains("OBP-35018") => "CONSENT_UNKNOWN"
      case "400" if message.contains("OBP-35001") => "CONSENT_UNKNOWN"
+      case "403" if message.contains("OBP-35001") => "CONSENT_UNKNOWN"

      case "404" if message.contains("OBP-30076") => "RESOURCE_UNKNOWN"

--- a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala
@ -3,12 +3,13 @@ package code.api.util
 import java.text.SimpleDateFormat
 import java.util.{Date, UUID}
 import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{ConsentAccessJson, PostConsentJson}
+import code.api.util.APIUtil.fullBoxOrException
 import code.api.util.ApiRole.{canCreateEntitlementAtAnyBank, canCreateEntitlementAtOneBank}
 import code.api.util.BerlinGroupSigning.getHeaderValue
 import code.api.util.ErrorMessages.{CouldNotAssignAccountAccess, InvalidConnectorResponse, NoViewReadAccountsBerlinGroup}
 import code.api.v3_1_0.{PostConsentBodyCommonJson, PostConsentEntitlementJsonV310, PostConsentViewJsonV310}
 import code.api.v5_0_0.HelperInfoJson
-import code.api.{APIFailure, Constant, RequestHeader}
+import code.api.{APIFailure, APIFailureNewStyle, Constant, RequestHeader}
 import code.bankconnectors.Connector
 import code.consent
 import code.consent.ConsentStatus.ConsentStatus
@ -602,7 +603,8 @@ object Consent extends MdcLoggable {
      case failure@Failure(_, _, _) =>
        Future(failure, Some(callContext))
      case _ =>
-        Future(Failure(ErrorMessages.ConsentNotFound + s" ($consentId)"), Some(callContext))
+        val errorMessage = ErrorMessages.ConsentNotFound + s" ($consentId)"
+        Future(fullBoxOrException(Empty ~> APIFailureNewStyle(errorMessage, 400, Some(callContext.toLight))), Some(callContext))
    }
  }
  def applyBerlinGroupRules(consentId: Option[String], callContext: CallContext): Future[(Box[User], Option[CallContext])] = {
--- a/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala
+++ b/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala
@ -110,7 +110,7 @@ class BerlinGroupConsent extends MdcLoggable with RestHelper with APIMethods510
    for {
      // Fetch the consent by ID
      consent: MappedConsent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
-        APIUtil.unboxFullOrFail(_, None, s"$ConsentNotFound ($consentId)", 404)
+        APIUtil.unboxFullOrFail(_, None, s"$ConsentNotFound ($consentId)", 400)
      }
      // Update the consent JWT with new access details
      consentJWT <- Consent.updateAccountAccessOfBerlinGroupConsentJWT(
--- a/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala
+++ b/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala
@ -484,7 +484,7 @@ class AccountInformationServiceAISApiTest extends BerlinGroupServerSetupV1_3 wit
      scenario("Authentication User, only mocked data, just test succeed", BerlinGroupV1_3, updateConsentsPsuDataTransactionAuthorisation) {
        val requestStartConsentAuthorisation = (V1_3_BG / "consents"/"consentId" /"authorisations"/ "AUTHORISATIONID" ).PUT <@ (user1)
        val responseStartConsentAuthorisation = makePutRequest(requestStartConsentAuthorisation, """{"scaAuthenticationData":""}""")
-        responseStartConsentAuthorisation.code should be (400)
+        responseStartConsentAuthorisation.code should be (403)
      }