diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala index 837175941..b0310910b 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala @@ -248,7 +248,7 @@ recurringIndicator: (Full(user), callContext) <- authenticatedAccess(cc) _ <- passesPsd2Aisp(callContext) _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - unboxFullOrFail(_, callContext, ConsentNotFound) + unboxFullOrFail(_, callContext, ConsentNotFound, 403) } _ <- Future(Consents.consentProvider.vend.revokeBerlinGroupConsent(consentId)) map { i => connectorEmptyResponse(i, callContext) @@ -752,7 +752,7 @@ This method returns the SCA status of a consent initiation's authorisation sub-r (_, callContext) <- authenticatedAccess(cc) _ <- passesPsd2Aisp(callContext) _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - unboxFullOrFail(_, callContext, s"$ConsentNotFound ($consentId)") + unboxFullOrFail(_, callContext, s"$ConsentNotFound ($consentId)", 403) } (challenges, callContext) <- NewStyle.function.getChallengesByConsentId(consentId, callContext) } yield { @@ -787,7 +787,7 @@ This method returns the SCA status of a consent initiation's authorisation sub-r (Full(u), callContext) <- authenticatedAccess(cc) _ <- passesPsd2Aisp(callContext) consent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - unboxFullOrFail(_, callContext, ConsentNotFound) + unboxFullOrFail(_, callContext, ConsentNotFound, 403) } } yield { val status = consent.status @@ -1134,7 +1134,7 @@ using the extended forms as indicated above. (Full(u), callContext) <- authenticatedAccess(cc) _ <- passesPsd2Aisp(callContext) consent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - unboxFullOrFail(_, callContext, ConsentNotFound) + unboxFullOrFail(_, callContext, ConsentNotFound, 403) } (challenges, callContext) <- NewStyle.function.createChallengesC2( List(u.userId), @@ -1297,7 +1297,7 @@ Maybe in a later version the access path will change. (Full(u), callContext) <- authenticatedAccess(cc) _ <- passesPsd2Aisp(callContext) _ <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - unboxFullOrFail(_, callContext, ConsentNotFound) + unboxFullOrFail(_, callContext, ConsentNotFound, 403) } failMsg = s"$InvalidJsonFormat The Json body should be the $TransactionAuthorisation " updateJson <- NewStyle.function.tryons(failMsg, 400, callContext) { diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala index 5d041bc3a..905d2d549 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/SigningBasketsApi.scala @@ -260,7 +260,7 @@ This method returns the SCA status of a signing basket's authorisation sub-resou (Full(u), callContext) <- authenticatedAccess(cc) _ <- passesPsd2Pisp(callContext) _ <- Future(SigningBasketX.signingBasketProvider.vend.getSigningBasketByBasketId(basketId)) map { - unboxFullOrFail(_, callContext, s"$ConsentNotFound ($basketId)") + unboxFullOrFail(_, callContext, s"$ConsentNotFound ($basketId)", 403) } (challenges, callContext) <- NewStyle.function.getChallengesByBasketId(basketId, callContext) } yield { diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index 5ba84c140..f4acc2ccc 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -3001,12 +3001,12 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ val res = if (authHeadersWithEmptyValues.nonEmpty) { // Check Authorization Headers Empty Values val message = ErrorMessages.EmptyRequestHeaders + s"Header names: ${authHeadersWithEmptyValues.mkString(", ")}" - Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), None) } + Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), Some(cc)) } } else if (authHeadersWithEmptyNames.nonEmpty) { // Check Authorization Headers Empty Names val message = ErrorMessages.EmptyRequestHeaders + s"Header values: ${authHeadersWithEmptyNames.mkString(", ")}" - Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), None) } + Future { (fullBoxOrException(Empty ~> APIFailureNewStyle(message, 400, Some(cc.toLight))), Some(cc)) } } else if (authHeaders.size > 1) { // Check Authorization Headers ambiguity - Future { (Failure(ErrorMessages.AuthorizationHeaderAmbiguity + s"${authHeaders}"), None) } + Future { (Failure(ErrorMessages.AuthorizationHeaderAmbiguity + s"${authHeaders}"), Some(cc)) } } else if (APIUtil.`hasConsent-ID`(reqHeaders)) { // Berlin Group's Consent Consent.applyBerlinGroupRules(APIUtil.`getConsent-ID`(reqHeaders), cc.copy(consumer = consumerByCertificate)) } else if (APIUtil.hasConsentJWT(reqHeaders)) { // Open Bank Project's Consent diff --git a/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala b/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala index e39065907..738ebd758 100644 --- a/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala +++ b/obp-api/src/main/scala/code/api/util/BerlinGroupError.scala @@ -69,8 +69,6 @@ object BerlinGroupError { case "401" if message.contains("OBP-35018") => "CONSENT_INVALID" case "401" if message.contains("OBP-35005") => "CONSENT_INVALID" - case "403" if message.contains("OBP-35001") => "CONSENT_UNKNOWN" - case "401" if message.contains("OBP-20300") => "CERTIFICATE_BLOCKED" case "401" if message.contains("OBP-20312") => "CERTIFICATE_INVALID" case "401" if message.contains("OBP-20300") => "CERTIFICATE_INVALID" @@ -80,6 +78,7 @@ object BerlinGroupError { case "400" if message.contains("OBP-35018") => "CONSENT_UNKNOWN" case "400" if message.contains("OBP-35001") => "CONSENT_UNKNOWN" + case "403" if message.contains("OBP-35001") => "CONSENT_UNKNOWN" case "404" if message.contains("OBP-30076") => "RESOURCE_UNKNOWN" diff --git a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala index 015761a07..96c5057a8 100644 --- a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala +++ b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala @@ -3,12 +3,13 @@ package code.api.util import java.text.SimpleDateFormat import java.util.{Date, UUID} import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{ConsentAccessJson, PostConsentJson} +import code.api.util.APIUtil.fullBoxOrException import code.api.util.ApiRole.{canCreateEntitlementAtAnyBank, canCreateEntitlementAtOneBank} import code.api.util.BerlinGroupSigning.getHeaderValue import code.api.util.ErrorMessages.{CouldNotAssignAccountAccess, InvalidConnectorResponse, NoViewReadAccountsBerlinGroup} import code.api.v3_1_0.{PostConsentBodyCommonJson, PostConsentEntitlementJsonV310, PostConsentViewJsonV310} import code.api.v5_0_0.HelperInfoJson -import code.api.{APIFailure, Constant, RequestHeader} +import code.api.{APIFailure, APIFailureNewStyle, Constant, RequestHeader} import code.bankconnectors.Connector import code.consent import code.consent.ConsentStatus.ConsentStatus @@ -602,7 +603,8 @@ object Consent extends MdcLoggable { case failure@Failure(_, _, _) => Future(failure, Some(callContext)) case _ => - Future(Failure(ErrorMessages.ConsentNotFound + s" ($consentId)"), Some(callContext)) + val errorMessage = ErrorMessages.ConsentNotFound + s" ($consentId)" + Future(fullBoxOrException(Empty ~> APIFailureNewStyle(errorMessage, 400, Some(callContext.toLight))), Some(callContext)) } } def applyBerlinGroupRules(consentId: Option[String], callContext: CallContext): Future[(Box[User], Option[CallContext])] = { diff --git a/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala b/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala index 3d39ead8f..d27b96636 100644 --- a/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala +++ b/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala @@ -110,7 +110,7 @@ class BerlinGroupConsent extends MdcLoggable with RestHelper with APIMethods510 for { // Fetch the consent by ID consent: MappedConsent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map { - APIUtil.unboxFullOrFail(_, None, s"$ConsentNotFound ($consentId)", 404) + APIUtil.unboxFullOrFail(_, None, s"$ConsentNotFound ($consentId)", 400) } // Update the consent JWT with new access details consentJWT <- Consent.updateAccountAccessOfBerlinGroupConsentJWT( diff --git a/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala b/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala index 9e993fc2a..a413c86f7 100644 --- a/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala +++ b/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala @@ -484,7 +484,7 @@ class AccountInformationServiceAISApiTest extends BerlinGroupServerSetupV1_3 wit scenario("Authentication User, only mocked data, just test succeed", BerlinGroupV1_3, updateConsentsPsuDataTransactionAuthorisation) { val requestStartConsentAuthorisation = (V1_3_BG / "consents"/"consentId" /"authorisations"/ "AUTHORISATIONID" ).PUT <@ (user1) val responseStartConsentAuthorisation = makePutRequest(requestStartConsentAuthorisation, """{"scaAuthenticationData":""}""") - responseStartConsentAuthorisation.code should be (400) + responseStartConsentAuthorisation.code should be (403) }