feature/Tweak endpoint createConsentByConsentRequestId v5.0.0

2026-02-06 13:46:49 +00:00 · 2023-04-25 11:57:15 +02:00 · 2023-04-25 11:57:15 +02:00 · e113d24850
commit e113d24850
parent d183b79118
3 changed files with 46 additions and 2 deletions
--- a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala
+++ b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala
@ -5,7 +5,7 @@ import java.util.regex.Pattern

 import com.openbankproject.commons.model.enums.TransactionRequestStatus._
 import code.api.Constant._
-import code.api.util.ApiRole.CanCreateAnyTransactionRequest
+import code.api.util.ApiRole.{CanCreateAnyTransactionRequest, canCreateEntitlementAtAnyBank, canCreateEntitlementAtOneBank}

 object ErrorMessages {
  import code.api.util.APIUtil._
@ -511,6 +511,7 @@ object ErrorMessages {
  val ConsumerKeyIsInvalid = "OBP-35030: The Consumer Key must be alphanumeric. (A-Z, a-z, 0-9)"
  val ConsumerKeyIsToLong = "OBP-35031: The Consumer Key max length <= 512"
  val ConsentHeaderValueInvalid = "OBP-35032: The Consent's Request Header value is not formatted as UUID or JWT."
+  val RolesForbiddenInConsent = s"OBP-35033: Consents cannot contain Roles: ${canCreateEntitlementAtOneBank} and ${canCreateEntitlementAtAnyBank}."

  //Authorisations
  val AuthorisationNotFound = "OBP-36001: Authorisation not found. Please specify valid values for PAYMENT_ID and AUTHORISATION_ID. "
--- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
+++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
@ -831,6 +831,14 @@ trait APIMethods500 {
            }
            requestedEntitlements = consentRequestJson.entitlements.getOrElse(Nil)
            myEntitlements <- Entitlement.entitlement.vend.getEntitlementsByUserIdFuture(user.userId)
+            _ <- Helper.booleanToFuture(RolesForbiddenInConsent, cc=callContext){
+              requestedEntitlements.map(_.role_name)
+                .intersect(
+                  List(
+                    canCreateEntitlementAtOneBank.toString(), 
+                    canCreateEntitlementAtAnyBank.toString())
+                ).length == 0
+            }
            _ <- Helper.booleanToFuture(RolesAllowedInConsent, cc=callContext){
              requestedEntitlements.forall(
                re => myEntitlements.getOrElse(Nil).exists(
@ -838,7 +846,6 @@ trait APIMethods500 {
                  )
                )
            }
-
            postConsentViewJsons <- Future.sequence(
              consentRequestJson.account_access.map(
                access => 
--- a/obp-api/src/test/scala/code/api/v5_0_0/ConsentRequestTest.scala
+++ b/obp-api/src/test/scala/code/api/v5_0_0/ConsentRequestTest.scala
@ -62,6 +62,8 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
  object ApiEndpoint5 extends Tag(nameOf(Implementations4_0_0.getUsers))
  
  lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString()))
+  lazy val forbiddenEntitlementOneBank = List(PostConsentEntitlementJsonV310(testBankId1.value, CanCreateEntitlementAtOneBank.toString()))
+  lazy val forbiddenEntitlementAnyBank = List(PostConsentEntitlementJsonV310("", CanCreateEntitlementAtAnyBank.toString()))
  lazy val accountAccess = List(AccountAccessV500(
    account_routing = AccountRoutingJsonV121(
      scheme = "AccountId",
@ -160,6 +162,40 @@ class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{
      responseGetUsersWrong.body.extract[ErrorMessage].message contains (ConsentHeaderValueInvalid) should be (true)
    }

+    scenario(s"Check the forbidden roles ${CanCreateEntitlementAtAnyBank.toString()}", ApiEndpoint1, ApiEndpoint2, ApiEndpoint3, ApiEndpoint4, ApiEndpoint5, VersionOfApi) {
+      When(s"We try $ApiEndpoint1 v5.0.0")
+      val postJsonForbiddenEntitlementAtAnyBank = postConsentRequestJsonV310.copy(entitlements = Some(forbiddenEntitlementAnyBank))
+      val createConsentResponse = makePostRequest(createConsentRequestUrl, write(postJsonForbiddenEntitlementAtAnyBank))
+      Then("We should get a 201")
+      createConsentResponse.code should equal(201)
+      val createConsentRequestResponseJson = createConsentResponse.body.extract[ConsentRequestResponseJson]
+      val consentRequestId = createConsentRequestResponseJson.consent_request_id
+
+      // Role CanCreateEntitlementAtAnyBank MUST be forbidden
+      val forbiddenRoleResponse = makePostRequest(createConsentByConsentRequestIdEmail(consentRequestId), write(""))
+      Then("We should get a 400")
+      forbiddenRoleResponse.code should equal(400)
+      forbiddenRoleResponse.code should equal(400)
+      forbiddenRoleResponse.body.extract[ErrorMessage].message should equal (RolesForbiddenInConsent)
+    }
+    
+    scenario(s"Check the forbidden roles ${CanCreateEntitlementAtOneBank.toString()}", ApiEndpoint1, ApiEndpoint2, ApiEndpoint3, ApiEndpoint4, ApiEndpoint5, VersionOfApi) {
+      When(s"We try $ApiEndpoint1 v5.0.0")
+      val postJsonForbiddenEntitlementAtOneBank = postConsentRequestJsonV310.copy(entitlements = Some(forbiddenEntitlementOneBank))
+      val createConsentResponse = makePostRequest(createConsentRequestUrl, write(postJsonForbiddenEntitlementAtOneBank))
+      Then("We should get a 201")
+      createConsentResponse.code should equal(201)
+      val createConsentRequestResponseJson = createConsentResponse.body.extract[ConsentRequestResponseJson]
+      val consentRequestId = createConsentRequestResponseJson.consent_request_id
+
+      // Role CanCreateEntitlementAtOneBank MUST be forbidden
+      val forbiddenRoleResponse = makePostRequest(createConsentByConsentRequestIdEmail(consentRequestId), write(""))
+      Then("We should get a 400")
+      forbiddenRoleResponse.code should equal(400)
+      forbiddenRoleResponse.code should equal(400)
+      forbiddenRoleResponse.body.extract[ErrorMessage].message should equal (RolesForbiddenInConsent)
+    }
+
  }
  
 }