feature/Add endpoint Revoke Consent at Bank

2026-02-06 20:06:56 +00:00 · 2022-12-20 13:33:11 +01:00 · 2022-12-20 13:33:11 +01:00 · caefa4fc3a
commit caefa4fc3a
parent 7534296b24
2 changed files with 72 additions and 2 deletions
--- a/obp-api/src/main/scala/code/api/util/ApiRole.scala
+++ b/obp-api/src/main/scala/code/api/util/ApiRole.scala
@ -962,6 +962,9 @@ object ApiRole {
  case class CanGetAccountsMinimalForCustomerAtAnyBank(requiresBankId: Boolean = false) extends ApiRole
  lazy val canGetAccountsMinimalForCustomerAtAnyBank = CanGetAccountsMinimalForCustomerAtAnyBank()
  
+  case class CanRevokeConsentAtBank(requiresBankId: Boolean = true) extends ApiRole
+  lazy val canRevokeConsentAtBank = CanRevokeConsentAtBank()
+  
  private val dynamicApiRoles = new ConcurrentHashMap[String, ApiRole]

  private case class DynamicApiRole(role: String, requiresBankId: Boolean = false) extends ApiRole{
--- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala
+++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala
@ -1,15 +1,27 @@
 package code.api.v5_1_0


+import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.revokedConsentJsonV310
 import code.api.util.APIUtil._
-
+import code.api.util.ApiRole._
+import code.api.util.ApiTag.{apiTagConsent, apiTagNewStyle, apiTagPSD2AIS, apiTagPsd2}
+import code.api.util.ErrorMessages.{BankNotFound, ConsentNotFound, UnknownError, UserNotLoggedIn}
+import code.api.util.NewStyle
+import code.api.util.NewStyle.HttpCode
+import code.api.v3_1_0.ConsentJsonV310
+import code.consent.Consents
 import code.transactionrequests.TransactionRequests.TransactionRequestTypes.{apply => _}
+import code.util.Helper
 import com.github.dwickern.macros.NameOf.nameOf
+import com.openbankproject.commons.ExecutionContext.Implicits.global
 import com.openbankproject.commons.model.BankId
 import com.openbankproject.commons.util.ApiVersion
+import net.liftweb.common.Full
 import net.liftweb.http.rest.RestHelper
-import com.openbankproject.commons.ExecutionContext.Implicits.global
+
+import scala.collection.immutable.{List, Nil}
 import scala.collection.mutable.ArrayBuffer
+import scala.concurrent.Future


 trait APIMethods510 {
@ -27,6 +39,61 @@ trait APIMethods510 {
    val apiRelations = ArrayBuffer[ApiRelation]()
    val codeContext = CodeContext(staticResourceDocs, apiRelations)

+
+    resourceDocs += ResourceDoc(
+      revokeConsentAtBank,
+      implementedInApiVersion,
+      nameOf(revokeConsentAtBank),
+      "GET",
+      "/banks/BANK_ID/consents/CONSENT_ID/revoke",
+      "Revoke Consent at Bank",
+      s"""
+         |Revoke Consent for current user specified by CONSENT_ID
+         |
+         |There are a few reasons you might need to revoke an application’s access to a user’s account:
+         |  - The user explicitly wishes to revoke the application’s access
+         |  - You as the service provider have determined an application is compromised or malicious, and want to disable it
+         |  - etc.
+         ||
+         |OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
+         |The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
+         |
+         |${authenticationRequiredMessage(true)}
+         |
+      """.stripMargin,
+      EmptyBody,
+      revokedConsentJsonV310,
+      List(
+        UserNotLoggedIn,
+        BankNotFound,
+        UnknownError
+      ),
+      List(apiTagConsent, apiTagPSD2AIS, apiTagPsd2, apiTagNewStyle), 
+      Some(List(canRevokeConsentAtBank))
+    )
+
+    lazy val revokeConsentAtBank: OBPEndpoint = {
+      case "banks" :: BankId(bankId) :: "consents" :: consentId :: "revoke" :: Nil JsonGet _ => {
+        cc =>
+          for {
+            (Full(user), callContext) <- authenticatedAccess(cc)
+            (_, callContext) <- NewStyle.function.getBank(bankId, callContext)
+            consent <- Future(Consents.consentProvider.vend.getConsentByConsentId(consentId)) map {
+              unboxFullOrFail(_, callContext, ConsentNotFound)
+            }
+            _ <- Helper.booleanToFuture(failMsg = ConsentNotFound, cc=callContext) {
+              consent.mUserId == user.userId
+            }
+            consent <- Future(Consents.consentProvider.vend.revoke(consentId)) map {
+              i => connectorEmptyResponse(i, callContext)
+            }
+          } yield {
+            (ConsentJsonV310(consent.consentId, consent.jsonWebToken, consent.status), HttpCode.`200`(callContext))
+          }
+      }
+    }
+    
+
  }
 }