diff --git a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala index 2e0288c46..283cb1264 100644 --- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala +++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala @@ -3542,11 +3542,11 @@ trait APIMethods310 { } ) } - (consumerId, applicationText) <- consentJson.consumer_id match { + (consumerId, applicationText, consumer) <- consentJson.consumer_id match { case Some(id) => NewStyle.function.checkConsumerByConsumerId(id, callContext) map { - c => (Some(c.consumerId.get), c.description) + c => (Some(c.consumerId.get), c.description, Some(c)) } - case None => Future(None, "Any application") + case None => Future(None, "Any application", None) } @@ -3554,7 +3554,7 @@ trait APIMethods310 { case Props.RunModes.Test => Consent.challengeAnswerAtTestEnvironment case _ => SecureRandomUtil.numeric() } - createdConsent <- Future(Consents.consentProvider.vend.createObpConsent(user, challengeAnswer, None)) map { + createdConsent <- Future(Consents.consentProvider.vend.createObpConsent(user, challengeAnswer, None, consumer)) map { i => connectorEmptyResponse(i, callContext) } consentJWT = diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 215111f2f..32f8ce6c2 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -2161,8 +2161,7 @@ trait APIMethods510 { consentJson, createdConsent.secret, createdConsent.consentId, - consumerFromRequestBody.map(_.consumerId.get) - .orElse(cc.consumer.map(_.consumerId.get)), // Consumer from current call + consumerFromRequestBody.map(_.consumerId.get), consentJson.valid_from, consentJson.time_to_live.getOrElse(3600), None, diff --git a/obp-api/src/test/scala/code/api/v3_1_0/ConsentTest.scala b/obp-api/src/test/scala/code/api/v3_1_0/ConsentTest.scala index cc23dc8d9..ee79be308 100644 --- a/obp-api/src/test/scala/code/api/v3_1_0/ConsentTest.scala +++ b/obp-api/src/test/scala/code/api/v3_1_0/ConsentTest.scala @@ -57,6 +57,8 @@ class ConsentTest extends V310ServerSetup { object VersionOfApi2 extends Tag(ApiVersion.v3_0_0.toString) object ApiEndpoint3 extends Tag(nameOf(APIMethods300.Implementations3_0_0.getUserByUserId)) + val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN"))) + lazy val bankId = randomBankId lazy val bankAccount = randomPrivateAccount(bankId) lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString())) @@ -140,7 +142,7 @@ class ConsentTest extends V310ServerSetup { // Create a consent as the user1. // Must fail because we try to assign a role other that user already have access to the request val request400 = (v3_1_0_Request / "banks" / bankId / "my" / "consents" / "EMAIL").POST <@ (user1) - val response400 = makePostRequest(request400, write(postConsentEmailJsonV310)) + val response400 = makePostRequest(request400, write(postConsentEmailJsonV310), validHeaderConsumerKey) Then("We should get a 400") response400.code should equal(400) response400.body.extract[ErrorMessage].message should equal(RolesAllowedInConsent) @@ -148,7 +150,7 @@ class ConsentTest extends V310ServerSetup { Then("We grant the role and test it again") Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, CanGetAnyUser.toString) // Create a consent as the user1. The consent is in status INITIATED - val secondResponse400 = makePostRequest(request400, write(postConsentEmailJsonV310)) + val secondResponse400 = makePostRequest(request400, write(postConsentEmailJsonV310), validHeaderConsumerKey) Then("We should get a 201") secondResponse400.code should equal(201) @@ -158,7 +160,7 @@ class ConsentTest extends V310ServerSetup { // Make a request with the consent which is NOT in status ACCEPTED val requestGetUserByUserId400 = (v3_1_0_Request / "users" / "current").GET - val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header) + val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header ::: validHeaderConsumerKey) APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match { case true => // Due to the wrong status of the consent the request must fail @@ -175,16 +177,15 @@ class ConsentTest extends V310ServerSetup { // Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE" // Due to missing value the request must fail makeGetRequest(requestGetUserByUserId400, header) - .body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE" // Due to non existing value the request must fail val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE")) makeGetRequest(requestGetUserByUserId400, header ::: headerConsumerKey) - .body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: EXISTING_VALUE" - val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN"))) val response = makeGetRequest((v3_1_0_Request / "users" / "current").GET, header ::: validHeaderConsumerKey) val user = response.body.extract[UserJsonV300] val assignedEntitlements: Seq[PostConsentEntitlementJsonV310] = user.entitlements.list.flatMap( @@ -237,7 +238,7 @@ class ConsentTest extends V310ServerSetup { // Make a request with the consent which is NOT in status ACCEPTED val requestGetUserByUserId400 = (v3_1_0_Request / "users" / "current").GET - val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header) + val responseGetUserByUserId400 = makeGetRequest(requestGetUserByUserId400, header ::: validHeaderConsumerKey) APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match { case true => // Due to the wrong status of the consent the request must fail @@ -254,13 +255,13 @@ class ConsentTest extends V310ServerSetup { // Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE" // Due to missing value the request must fail makeGetRequest(requestGetUserByUserId400, header) - .body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE" // Due to non existing value the request must fail val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE")) makeGetRequest(requestGetUserByUserId400, header ::: headerConsumerKey) - .body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: EXISTING_VALUE" val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN"))) diff --git a/obp-api/src/test/scala/code/api/v5_1_0/ConsentObpTest.scala b/obp-api/src/test/scala/code/api/v5_1_0/ConsentObpTest.scala index 1cfd6c0d9..6ce76e53b 100644 --- a/obp-api/src/test/scala/code/api/v5_1_0/ConsentObpTest.scala +++ b/obp-api/src/test/scala/code/api/v5_1_0/ConsentObpTest.scala @@ -58,17 +58,19 @@ class ConsentObpTest extends V510ServerSetup { object VersionOfApi2 extends Tag(ApiVersion.v3_0_0.toString) object GetUserByUserId extends Tag(nameOf(APIMethods300.Implementations3_0_0.getUserByUserId)) + val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN"))) + lazy val bankId = randomBankId lazy val bankAccount = randomPrivateAccount(bankId) lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString())) lazy val views = List(PostConsentViewJsonV310(bankId, bankAccount.id, Constant.SYSTEM_OWNER_VIEW_ID)) lazy val postConsentEmailJsonV310 = SwaggerDefinitionsJSON.postConsentEmailJsonV310 .copy(entitlements=entitlements) - .copy(consumer_id=None) + .copy(consumer_id=Some(testConsumer.consumerId.get)) .copy(views=views) lazy val postConsentImplicitJsonV310 = SwaggerDefinitionsJSON.postConsentImplicitJsonV310 .copy(entitlements=entitlements) - .copy(consumer_id=None) + .copy(consumer_id=Some(testConsumer.consumerId.get)) .copy(views=views) val maxTimeToLive = APIUtil.getPropsAsIntValue(nameOfProperty="consents.max_time_to_live", defaultValue=3600) @@ -111,7 +113,7 @@ class ConsentObpTest extends V510ServerSetup { // Create a consent as the user1. // Must fail because we try to assign a role other that user already have access to the request val request = (v5_1_0_Request / "my" / "consents" / "IMPLICIT").POST <@ (user1) - val response = makePostRequest(request, write(postConsentImplicitJsonV310)) + val response = makePostRequest(request, write(postConsentImplicitJsonV310), validHeaderConsumerKey) Then("We should get a 400") response.code should equal(400) response.body.extract[ErrorMessage].message should equal(RolesAllowedInConsent) @@ -119,7 +121,7 @@ class ConsentObpTest extends V510ServerSetup { Then("We grant the role and test it again") Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, CanGetAnyUser.toString) // Create a consent as the user1. The consent is in status INITIATED - val secondResponse = makePostRequest(request, write(postConsentImplicitJsonV310)) + val secondResponse = makePostRequest(request, write(postConsentImplicitJsonV310), validHeaderConsumerKey) Then("We should get a 201") secondResponse.code should equal(201) @@ -129,7 +131,7 @@ class ConsentObpTest extends V510ServerSetup { // Make a request with the consent which is NOT in status ACCEPTED val requestGetUserByUserId = (v5_1_0_Request / "users" / "current").GET - val responseGetUserByUserId = makeGetRequest(requestGetUserByUserId, header) + val responseGetUserByUserId = makeGetRequest(requestGetUserByUserId, header ::: validHeaderConsumerKey) APIUtil.getPropsAsBoolValue(nameOfProperty = "consents.allowed", defaultValue = false) match { case true => // Due to the wrong status of the consent the request must fail @@ -146,16 +148,15 @@ class ConsentObpTest extends V510ServerSetup { // Make a request WITHOUT the request header "Consumer-Key: SOME_VALUE" // Due to missing value the request must fail makeGetRequest(requestGetUserByUserId, header) - .body.extract[ErrorMessage].message should include(ConsumerKeyHeaderMissing) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: NON_EXISTING_VALUE" // Due to non existing value the request must fail val headerConsumerKey = List((RequestHeader.`Consumer-Key`, "NON_EXISTING_VALUE")) makeGetRequest(requestGetUserByUserId, header ::: headerConsumerKey) - .body.extract[ErrorMessage].message should include(ConsentDoesNotMatchConsumer) + .body.extract[ErrorMessage].message should include(ConsentNotFound) // Make a request WITH the request header "Consumer-Key: EXISTING_VALUE" - val validHeaderConsumerKey = List((RequestHeader.`Consumer-Key`, user1.map(_._1.key).getOrElse("SHOULD_NOT_HAPPEN"))) val response2 = makeGetRequest((v5_1_0_Request / "users" / "current").GET, header ::: validHeaderConsumerKey) val user = response2.body.extract[UserJsonV300] val assignedEntitlements: Seq[PostConsentEntitlementJsonV310] = user.entitlements.list.flatMap(