artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 15:06:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'UPSTREAM/develop' into develop

Browse Source
This commit is contained in:
Tobias Woelk 2018-02-21 10:40:51 +01:00
commit ee74779fe5
90 changed files with 1163 additions and 627 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -330,7 +330,31 @@ the api will stop at boot up and ask for.
keystore.path=/path/to/api.keystore.jks
truststore.path=/path/to/api.truststore.jks
## Using SSL Encryption with props file
For SSL encryption we use jks keystores.
Note that keystore (and all keys within) must have the same password for unlocking, for which the api will stop at boot up and ask for.
* Edit your props file(s) to contain:
jwt.use.ssl=true
keystore.path=/path/to/api.keystore.jks
keystore.alias=SOME_KEYSTORE_ALIAS
A props key value, XXX, is considered encrypted if has an encryption property (XXX.is_encrypted) in addition to the regular props key name in the props file e.g:
* db.url.is_encrypted=true
* db.url=BASE64URL(SOME_ENCRYPTED_VALUE)
The Encrypt/Decrypt workflow is :
1. Encrypt: Array[Byte]
2. Helpers.base64Encode(encrypted)
3. Props file: String
4. Helpers.base64Decode(encryptedValue)
5. Decrypt: Array[Byte]
1st, 2nd and 3rd step can be done using an external tool
## Scala / Lift
* We use scala and liftweb http://www.liftweb.net/

5
pom.xml
View File

@ -334,6 +334,11 @@
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>4.23</version>
</dependency>
</dependencies>

3
release_notes.md
View File

@ -4,6 +4,7 @@
```
Date Commit Action
19/02/2018 Added possibility of Encryption/Decryption of properties in the props file over SSL Private/Public key infrastructure
19/01/2018 189942e Added 2 way SSL authentication to kafka connection
12/11/2017 9529c3b Make Payments in 1.2.1 disabled. Internal Accounts API disabled.
20/09/2017 Upgraded Lift version to 3.1.0. Script scripts/migrate/migrate_0000008.sql has to be executed at existing instances
@ -24,4 +25,4 @@ Date Commit Action
10/05/2017 7f95a5c added allow_public_views=false, we will not create the public views and will not access them (if public views are exsiting)when it is false.
17/07/2017 1530231 added account_id.length=64, this will set all relevant accountid length to 64, when create new sandbox.
```
```

27
src/main/scala/bootstrap/liftweb/Boot.scala
View File

@ -167,8 +167,8 @@ class Boot extends MdcLoggable {
Props.mode match {
case Props.RunModes.Production | Props.RunModes.Staging | Props.RunModes.Development =>
new StandardDBVendor(driver,
Props.get("db.url") openOr "jdbc:h2:lift_proto.db;AUTO_SERVER=TRUE",
Props.get("db.user"), Props.get("db.password"))
APIUtil.getPropsValue("db.url") openOr "jdbc:h2:lift_proto.db;AUTO_SERVER=TRUE",
Props.get("db.user"), APIUtil.getPropsValue("db.password"))
case _ =>
new StandardDBVendor(
driver,
@ -184,7 +184,8 @@ class Boot extends MdcLoggable {
print("Enter the Password for the SSL Certificate Stores: ")
//As most IDEs do not provide a Console, we fall back to readLine
code.api.util.APIUtil.initPasswd = if (Props.get("kafka.use.ssl").getOrElse("") == "true") {
code.api.util.APIUtil.initPasswd = if (Props.get("kafka.use.ssl").getOrElse("") == "true" ||
Props.get("jwt.use.ssl").getOrElse("") == "true") {
try {
System.console.readPassword().toString
} catch {
@ -223,7 +224,7 @@ class Boot extends MdcLoggable {
LiftRules.statelessDispatch.append(OAuthHandshake)
// JWT auth endpoints
if(Props.getBool("allow_direct_login", true)) {
if(APIUtil.getPropsAsBoolValue("allow_direct_login", true)) {
LiftRules.statelessDispatch.append(DirectLogin)
}
@ -233,7 +234,7 @@ class Boot extends MdcLoggable {
// OpenIdConnect endpoint and validator
if(Props.getBool("allow_openidconnect", false)) {
if(APIUtil.getPropsAsBoolValue("allow_openidconnect", false)) {
LiftRules.dispatch.append(OpenIdConnect)
}
@ -269,7 +270,7 @@ class Boot extends MdcLoggable {
// LiftRules.statelessDispatch.append(Metrics) TODO: see metric menu entry below
//add sandbox api calls only if we're running in sandbox mode
if(Props.getBool("allow_sandbox_data_import", false)) {
if(APIUtil.getPropsAsBoolValue("allow_sandbox_data_import", false)) {
LiftRules.statelessDispatch.append(SandboxApiCalls)
} else {
logger.info("Not adding sandbox api calls")
@ -279,7 +280,7 @@ class Boot extends MdcLoggable {
Schedule.schedule(()=> OAuthAuthorisation.dataBaseCleaner, 2 minutes)
val accountCreation = {
if(Props.getBool("allow_sandbox_account_creation", false)){
if(APIUtil.getPropsAsBoolValue("allow_sandbox_account_creation", false)){
//user must be logged in, as a created account needs an owner
// Not mentioning test and sandbox for App store purposes right now.
List(Menu("Sandbox Account Creation", "Create Bank Account") / "create-sandbox-account" >> AuthUser.loginFirst)
@ -293,7 +294,7 @@ class Boot extends MdcLoggable {
KafkaHelperActors.startLocalKafkaHelperWorkers(actorSystem)
}
if (!Props.getBool("remotedata.enable", false)) {
if (!APIUtil.getPropsAsBoolValue("remotedata.enable", false)) {
try {
logger.info(s"RemotedataActors.startLocalRemotedataWorkers( ${actorSystem} ) starting")
RemotedataActors.startActors(actorSystem)
@ -305,7 +306,7 @@ class Boot extends MdcLoggable {
// API Metrics (logs of API calls)
// If set to true we will write each URL with params to a datastore / log file
if (Props.getBool("write_metrics", false)) {
if (APIUtil.getPropsAsBoolValue("write_metrics", false)) {
logger.info("writeMetrics is true. We will write API metrics")
} else {
logger.info("writeMetrics is false. We will NOT write API metrics")
@ -370,7 +371,7 @@ class Boot extends MdcLoggable {
S.addAround(DB.buildLoanWrapper)
try {
val useMessageQueue = Props.getBool("messageQueue.createBankAccounts", false)
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.createBankAccounts", false)
if(useMessageQueue)
BankAccountCreationListener.startListen
} catch {
@ -396,15 +397,15 @@ class Boot extends MdcLoggable {
}
}
if ( !Props.getLong("transaction_status_scheduler_delay").isEmpty ) {
val delay = Props.getLong("transaction_status_scheduler_delay").openOrThrowException("Incorrect value for transaction_status_scheduler_delay, please provide number of seconds.")
if ( !APIUtil.getPropsAsLongValue("transaction_status_scheduler_delay").isEmpty ) {
val delay = APIUtil.getPropsAsLongValue("transaction_status_scheduler_delay").openOrThrowException("Incorrect value for transaction_status_scheduler_delay, please provide number of seconds.")
TransactionStatusScheduler.start(delay)
}
APIUtil.akkaSanityCheck() match {
case Full(c) if c == true => logger.info(s"remotedata.secret matched = $c")
case Full(c) if c == false => throw new Exception(ErrorMessages.RemoteDataSecretMatchError)
case Empty => Props.getBool("use_akka", false) match {
case Empty => APIUtil.getPropsAsBoolValue("use_akka", false) match {
case true => throw new Exception(ErrorMessages.RemoteDataSecretObtainError)
case false => logger.info("Akka middleware layer is disabled.")
}

5
src/main/scala/code/accountholder/AccountHolders.scala
View File

@ -2,9 +2,10 @@ package code.accountholder
import code.api.util.APIUtil
import code.model._
import net.liftweb.util.{Props, SimpleInjector}
import code.remotedata.{RemotedataAccountHolders}
import code.remotedata.RemotedataAccountHolders
import net.liftweb.common.Box
@ -13,7 +14,7 @@ object AccountHolders extends SimpleInjector {
val accountHolders = new Inject(buildOne _) {}
def buildOne: AccountHolders =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MapperAccountHolders
case true => RemotedataAccountHolders // We will use Akka as a middleware
}

3
src/main/scala/code/actorsystem/ObpActorInit.scala
View File

@ -2,6 +2,7 @@ package code.actorsystem
import akka.util.Timeout
import code.api.APIFailure
import code.api.util.APIUtil
import code.util.Helper.MdcLoggable
import net.liftweb.common._
import net.liftweb.util.Props
@ -12,7 +13,7 @@ import scala.concurrent.{Await, Future}
trait ObpActorInit extends MdcLoggable{
// Default is 3 seconds, which should be more than enough for slower systems
val ACTOR_TIMEOUT: Long = Props.getLong("remotedata.timeout").openOr(3)
val ACTOR_TIMEOUT: Long = APIUtil.getPropsAsLongValue("remotedata.timeout").openOr(3)
val actorName = CreateActorNameFromClassName(this.getClass.getName)
val actor = ObpLookupSystem.getRemotedataActor(actorName)

3
src/main/scala/code/actorsystem/ObpLookupSystem.scala
View File

@ -1,6 +1,7 @@
package code.actorsystem
import akka.actor.ActorSystem
import code.api.util.APIUtil
import code.util.Helper
import code.util.Helper.MdcLoggable
import com.typesafe.config.ConfigFactory
@ -41,7 +42,7 @@ trait ObpLookupSystem extends MdcLoggable {
def getRemotedataActor(actorName: String) = {
val actorPath: String = Props.getBool("remotedata.enable", false) match {
val actorPath: String = APIUtil.getPropsAsBoolValue("remotedata.enable", false) match {
case true =>
val hostname = ObpActorConfig.remoteHostname
val port = ObpActorConfig.remotePort

13
src/main/scala/code/api/GatewayLogin.scala
View File

@ -28,7 +28,7 @@ package code.api
import java.io.UnsupportedEncodingException
import code.api.util.{CertificateUtil, CryptoSystem, ErrorMessages}
import code.api.util.{APIUtil, CertificateUtil, CryptoSystem, ErrorMessages}
import code.bankconnectors.{Connector, InboundAccountCommon}
import code.consumer.Consumers
import code.model.dataAccess.AuthUser
@ -86,7 +86,7 @@ object GatewayLogin extends RestHelper with MdcLoggable {
var jwt: String = ""
try {
val algorithm = Props.getBool("jwt.use.ssl", false) match {
val algorithm = APIUtil.getPropsAsBoolValue("jwt.use.ssl", false) match {
case true =>
Algorithm.RSA256(CertificateUtil.publicKey, CertificateUtil.privateKey)
case false =>
@ -107,7 +107,12 @@ object GatewayLogin extends RestHelper with MdcLoggable {
//Invalid Signing configuration / Couldn't convert Claims.
logger.error(exception)
}
jwt
APIUtil.getPropsAsBoolValue("jwt.use.ssl", false) match {
case true =>
CertificateUtil.encryptJwtWithRsa(jwt)
case false =>
jwt
}
}
def parseJwt(parameters: Map[String, String]): Box[String] = {
@ -134,7 +139,7 @@ object GatewayLogin extends RestHelper with MdcLoggable {
def validateJwtToken(token: String): Box[DecodedJWT] = {
try {
val jwtDecoded = JWT.decode(token)
val algorithm = Props.getBool("jwt.use.ssl", false) match {
val algorithm = APIUtil.getPropsAsBoolValue("jwt.use.ssl", false) match {
case true =>
Algorithm.RSA256(CertificateUtil.publicKey, CertificateUtil.privateKey)
case false =>

8
src/main/scala/code/api/OBPAPI1.0.scala
View File

@ -139,7 +139,7 @@
// val params : List[OBPQueryParam] = fromDate.toList ::: toDate.toList ::: basicParams
// val response = for {
// bankAccount <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewName, bankAccount)
// view <- Views.views.vend.view(viewName, bankAccount)
// transactions <- bankAccount.getModeratedTransactions(getUser(httpCode,oAuthParameters.get("oauth_token")), view, params : _*)
// } yield {
// JsonResponse("transactions" -> transactions.map(t => t.toJson(view)))
@ -164,7 +164,7 @@
// val moderatedTransactionAndView = for {
// bank <- Bank(bankId) ?~ { "bank " + bankId + " not found"} ~> 404
// account <- BankAccount(bankId, accountId) ?~ { "account " + accountId + " not found for bank"} ~> 404
// view <- View.fromUrl(viewName, account) ?~ { "view " + viewName + " not found for account"} ~> 404
// view <- Views.views.vend.view(viewName, account) ?~ { "view " + viewName + " not found for account"} ~> 404
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user) ?~ "view/transaction not authorised" ~> 401
// } yield {
// (moderatedTransaction, view)
@ -188,7 +188,7 @@
// val comments = for {
// bank <- Bank(bankId) ?~ { "bank " + bankId + " not found"} ~> 404
// account <- BankAccount(bankId, accountId) ?~ { "account " + accountId + " not found for bank"} ~> 404
// view <- View.fromUrl(viewName,account) ?~ { "view " + viewName + " not found for account"} ~> 404
// view <- Views.views.vend.view(viewName,account) ?~ { "view " + viewName + " not found for account"} ~> 404
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user) ?~ "view/transaction not authorised" ~> 401
// comments <- Box(moderatedTransaction.metadata).flatMap(_.comments) ?~ "transaction metadata not authorised" ~> 401
// } yield comments
@ -247,7 +247,7 @@
// val moderatedAccountAndViews = for {
// bank <- Bank(bankId) ?~ { "bank " + bankId + " not found"} ~> 404
// account <- BankAccount(bankId, accountId) ?~ { "account " + accountId + " not found for bank"} ~> 404
// view <- View.fromUrl(viewName, account) ?~ { "view " + viewName + " not found for account"} ~> 404
// view <- Views.views.vend.view(viewName, account) ?~ { "view " + viewName + " not found for account"} ~> 404
// moderatedAccount <- account.moderatedBankAccount(view, user) ?~ {"view/account not authorised"} ~> 401
// availableViews <- Full(account.permittedViews(user))
// } yield ModeratedAccountAndViews(moderatedAccount, availableViews)

30
src/main/scala/code/api/OBPAPI1.1.scala
View File

@ -220,7 +220,7 @@ case class SuccessMessage(
// private def moderatedTransactionMetadata(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionId : TransactionId, user : Box[User]) : Box[ModeratedTransactionMetadata] =
// for {
// account <- BankAccount(bankId, accountId) ?~ { "bank " + bankId + " and account " + accountId + " not found for bank"}
// view <- View.fromUrl(viewId, account) ?~ { "view " + viewId + " not found"}
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~ { "view " + viewId + " not found"}
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user) ?~ "view/transaction not authorized"
// metadata <- Box(moderatedTransaction.metadata) ?~ {"view " + viewId + " does not authorize metadata access"}
// } yield metadata
@ -228,7 +228,7 @@ case class SuccessMessage(
// private def moderatedTransactionOtherAccount(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionId : TransactionId, user : Box[User]) : Box[ModeratedOtherBankAccount] =
// for {
// account <- BankAccount(bankId, accountId) ?~ { "bank " + bankId + " and account " + accountId + " not found for bank"}
// view <- View.fromUrl(viewId, account) ?~ { "view " + viewId + " not found"}
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~ { "view " + viewId + " not found"}
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user) ?~ "view/transaction not authorized"
// otherAccount <- Box(moderatedTransaction.otherBankAccount) ?~ {"view " + viewId + " does not authorize other account access"}
// } yield otherAccount
@ -236,7 +236,7 @@ case class SuccessMessage(
// private def moderatedOtherAccount(bankId : BankId, accountId : AccountId, viewId : ViewId, other_account_ID : String, user : Box[User]) : Box[ModeratedOtherBankAccount] =
// for {
// account <- BankAccount(bankId, accountId) ?~ { "bank " + bankId + " and account " + accountId + " not found for bank"}
// view <- View.fromUrl(viewId, account) ?~ { "view " + viewId + " not found"}
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~ { "view " + viewId + " not found"}
// moderatedOtherBankAccount <- account.moderatedOtherBankAccount(other_account_ID, view, user)
// } yield moderatedOtherBankAccount
//
@ -393,7 +393,7 @@ case class SuccessMessage(
// val moderatedAccountAndViews = for {
// bank <- Bank(bankId) ?~ { "bank " + bankId + " not found" } ~> 404
// account <- BankAccount(bankId, accountId) ?~ { "account " + accountId + " not found for bank" } ~> 404
// view <- View.fromUrl(viewId, account) ?~ { "view " + viewId + " not found for account" } ~> 404
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~ { "view " + viewId + " not found for account" } ~> 404
// moderatedAccount <- account.moderatedBankAccount(view, user) ?~ { "view/account not authorized" } ~> 401
// availableViews <- Full(account.permittedViews(user))
// } yield ModeratedAccountAndViews(moderatedAccount, availableViews)
@ -456,7 +456,7 @@ case class SuccessMessage(
// val response : Box[JsonResponse] = for {
// params <- getTransactionParams(json)
// bankAccount <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, bankAccount)
// view <- Views.views.vend.view(viewId, bankAccount)
// transactions <- bankAccount.getModeratedTransactions(getUser(httpCode,oAuthParameters.get("oauth_token")), view, params: _*)
// } yield {
// JsonResponse(transactionsJson(transactions, view),Nil, Nil, 200)
@ -473,7 +473,7 @@ case class SuccessMessage(
// def transactionInJson(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionId : TransactionId, user : Box[User]) : JsonResponse = {
// val moderatedTransaction = for {
// account <- BankAccount(bankId, accountId) ?~ { "bank " + bankId + " and account " + accountId + " not found for bank"}
// view <- View.fromUrl(viewId, account) ?~ { "view " + viewId + " not found"}
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~ { "view " + viewId + " not found"}
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user) ?~ "view/transaction not authorized"
// } yield moderatedTransaction
//
@ -689,7 +689,7 @@ case class SuccessMessage(
//
// val comment = for{
// user <- getUser(httpCode,oAuthParameters.get("oauth_token")) ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedComment <- addComment(user, viewId, commentJson.value, commentJson.posted_date)
// } yield postedComment
//
@ -785,7 +785,7 @@ case class SuccessMessage(
//
// val tag = for{
// user <- getUser(httpCode,oAuthParameters.get("oauth_token")) ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedTagID <- addTag(user, viewId, tagJson.value, tagJson.posted_date)
// } yield postedTagID
//
@ -886,7 +886,7 @@ case class SuccessMessage(
//
// val imageId = for{
// user <- getUser(httpCode,oAuthParameters.get("oauth_token")) ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// url <- tryo{new URL(imageJson.URL)} ?~! "Could not parse url string as a valid URL"
// postedImageId <- addImage(user, viewId, imageJson.label, url.toString)
// } yield postedImageId
@ -968,7 +968,7 @@ case class SuccessMessage(
//
// val postedGeoTag = for{
// user <- getUser(httpCode,oAuthParameters.get("oauth_token")) ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// posterWheteTag <- addWhereTag(user, viewId, whereTagJson.where.longitude, whereTagJson.where.latitude)
// } yield posterWheteTag
//
@ -1020,7 +1020,7 @@ case class SuccessMessage(
//
// val postedGeoTag = for{
// user <- getUser(httpCode,oAuthParameters.get("oauth_token")) ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// posterWheteTag <- addWhereTag(user, viewId, whereTagJson.where.longitude, whereTagJson.where.latitude)
// } yield posterWheteTag
//
@ -1584,7 +1584,7 @@ case class SuccessMessage(
// }
// val postedGeoTag = for {
// u <- user ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedGeoTag <- addCorporateLocation(u, viewId, corporateLocationJSON.corporate_location.longitude, corporateLocationJSON.corporate_location.latitude)
// } yield postedGeoTag
//
@ -1643,7 +1643,7 @@ case class SuccessMessage(
// }
// val postedGeoTag = for {
// u <- user ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedGeoTag <- addCorporateLocation(u, viewId, corporateLocationJSON.corporate_location.longitude, corporateLocationJSON.corporate_location.latitude)
// } yield postedGeoTag
//
@ -1702,7 +1702,7 @@ case class SuccessMessage(
// }
// val postedGeoTag = for {
// u <- user ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedGeoTag <- addPhysicalLocation(u, viewId, physicalLocationJSON.physical_location.longitude, physicalLocationJSON.physical_location.latitude)
// } yield postedGeoTag
//
@ -1761,7 +1761,7 @@ case class SuccessMessage(
// }
// val postedGeoTag = for {
// u <- user ?~ "User not found. Authentication via OAuth is required"
// view <- View.fromUrl(viewId, accountId, bankId) ?~ {"view " + viewId +" view not found"}
// view <- Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId)) ?~ {"view " + viewId +" view not found"}
// postedGeoTag <- addPhysicalLocation(u, viewId, physicalLocationJSON.physical_location.longitude, physicalLocationJSON.physical_location.latitude)
// } yield postedGeoTag
//

6
src/main/scala/code/api/OBPRestHelper.scala
View File

@ -113,7 +113,7 @@ trait OBPRestHelper extends RestHelper with MdcLoggable {
errorJsonResponse(apiFailure.msg, apiFailure.responseCode)
}
case obj@Failure(msg, _, c) => {
val failuresMsg = Props.getBool("display_internal_errors").openOr(false) match {
val failuresMsg = APIUtil.getPropsAsBoolValue("display_internal_errors", false) match {
case true => // Show all error in a chain
obj.messageChain
case false => // Do not display internal errors
@ -216,7 +216,7 @@ trait OBPRestHelper extends RestHelper with MdcLoggable {
case Failure(msg, t, c) => Failure(msg, t, c)
case _ => Failure("oauth error")
}
} else if (Props.getBool("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
} else if (APIUtil.getPropsAsBoolValue("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
DirectLogin.getUser match {
case Full(u) => fn(cc.copy(user = Full(u)))// Authentication is successful
case _ => {
@ -224,7 +224,7 @@ trait OBPRestHelper extends RestHelper with MdcLoggable {
Full(errorJsonResponse(message, httpCode))
}
}
} else if (Props.getBool("allow_gateway_login", false) && hasGatewayHeader(authorization)) {
} else if (APIUtil.getPropsAsBoolValue("allow_gateway_login", false) && hasGatewayHeader(authorization)) {
logger.info("allow_gateway_login-getRemoteIpAddress: " + getRemoteIpAddress() )
Props.get("gateway.host") match {
case Full(h) if h.split(",").toList.exists(_.equalsIgnoreCase(getRemoteIpAddress()) == true) => // Only addresses from white list can use this feature

3
src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala
View File

@ -1069,6 +1069,7 @@ object SwaggerDefinitionsJSON {
function = "getBranches"
)
// Used to describe the OBP API calls for documentation and API discovery purposes
val canCreateCustomerSwagger = CanCreateCustomer()
val resourceDocJson = ResourceDocJson(
operation_id = "String",
request_verb = "String",
@ -1085,7 +1086,7 @@ object SwaggerDefinitionsJSON {
tags = List("String"),
typed_request_body = json.parse("""{"request": { "type" :"string" }}"""),
typed_success_response_body = json.parse("""{"response": { "type" :"string" }}"""),
roles = Some(List(canCreateCustomer))
roles = Some(List(canCreateCustomerSwagger))
)
val resourceDocsJson = ResourceDocsJson(resource_docs = List(resourceDocJson))

7
src/main/scala/code/api/ResourceDocs1_4_0/SwaggerJSONFactory.scala
View File

@ -15,6 +15,7 @@ import scala.collection.immutable.ListMap
import scala.reflect.runtime.currentMirror
import scala.reflect.runtime.universe._
import code.api.util.ErrorMessages._
import net.liftweb.json.JsonAST.JValue
object SwaggerJSONFactory {
//Info Object
@ -443,6 +444,12 @@ object SwaggerJSONFactory {
// _ = print("\n val properties for comprehension: " + key + " is " + value)
} yield {
value match {
//TODO: this maybe wrong, JValue will have many types: JObject, JBool, JInt, JDouble , but here we just map one type `String`
case i:JValue => "\"" + key + """": {"type":"string","example":"This is a json String."}"""
case Some(i:JValue) => "\"" + key + """": {"type":"string","example":"This is a json String."}"""
case List(i: JValue, _*) => "\"" + key + """": {"type":"array", "items":{"type":"string","example":"This is a json String."}}"""
case Some(List(i: JValue, _*)) => "\"" + key + """": {"type":"array", "items":{"type":"string","example":"This is a json String."}}"""
//Boolean - 4 kinds
case i: Boolean => "\"" + key + """": {"type":"boolean", "example":"""" +i+"\"}"
case Some(i: Boolean) => "\"" + key + """": {"type":"boolean", "example":"""" +i+"\"}"

6
src/main/scala/code/api/directlogin.scala
View File

@ -250,7 +250,7 @@ object DirectLogin extends RestHelper with MdcLoggable {
//check if the application is registered and active
else if (
requestType == "authorizationToken" &&
Props.getBool("direct_login_consumer_key_mandatory", true) &&
APIUtil.getPropsAsBoolValue("direct_login_consumer_key_mandatory", true) &&
! APIUtil.registeredApplication(parameters.getOrElse("consumer_key", ""))) {
logger.error("application: " + parameters.getOrElse("consumer_key", "") + " not found")
@ -364,7 +364,7 @@ object DirectLogin extends RestHelper with MdcLoggable {
if (requestType == "protectedResource") {
validAccessTokenFuture(parameters.getOrElse("token", ""))
} else if (requestType == "authorizationToken" &&
Props.getBool("direct_login_consumer_key_mandatory", true))
APIUtil.getPropsAsBoolValue("direct_login_consumer_key_mandatory", true))
{
APIUtil.registeredApplicationFuture(parameters.getOrElse("consumer_key", ""))
} else {
@ -392,7 +392,7 @@ object DirectLogin extends RestHelper with MdcLoggable {
}
//check if the application is registered and active
else if ( requestType == "authorizationToken" &&
Props.getBool("direct_login_consumer_key_mandatory", true) &&
APIUtil.getPropsAsBoolValue("direct_login_consumer_key_mandatory", true) &&
!valid)
{
logger.error("application: " + parameters.getOrElse("consumer_key", "") + " not found")

212
src/main/scala/code/api/util/APIUtil.scala
View File

@ -33,14 +33,16 @@
package code.api.util
import java.io.InputStream
import java.nio.charset.Charset
import java.nio.charset.{Charset, StandardCharsets}
import java.text.SimpleDateFormat
import java.util
import java.util.{Date, UUID}
import code.api.Constant._
import code.api.JSONFactoryGateway.PayloadOfJwtJSON
import code.api.OAuthHandshake._
import code.api.util.APIUtil.ApiVersion.ApiVersion
import code.api.util.CertificateUtil.{decrypt, privateKey}
import code.api.v1_2.ErrorMessage
import code.api.{DirectLogin, _}
import code.bankconnectors._
@ -117,6 +119,7 @@ val dateformat = new java.text.SimpleDateFormat("yyyy-MM-dd")
val InvalidFutureDateValue = "OBP-10011: future_date has to be in future."
val maximumLimitExceeded = "OBP-10012: Invalid value. Maximum number is 10000."
val attemptedToOpenAnEmptyBox = "OBP-10013: Attempted to open an empty Box."
val cannotDecryptValueOfProperty = "OBP-10014: Could not decrypt value of property "
// General Sort and Paging
val FilterSortDirectionError = "OBP-10023: obp_sort_direction parameter can only take two values: DESC or ASC!" // was OBP-20023
@ -275,6 +278,7 @@ val dateformat = new java.text.SimpleDateFormat("yyyy-MM-dd")
val EntitlementRequestAlreadyExists = "OBP-30214: Entitlement Request already exists for the user."
val EntitlementRequestCannotBeAdded = "OBP-30214: Entitlement Request cannot be added."
val EntitlementRequestNotFound = "OBP-30215: EntitlementRequestId not found"
val EntitlementAlreadyExists = "OBP-30216: Entitlement already exists for the user."
// Branch related messages
val branchesNotFoundLicense = "OBP-32001: No branches available. License may not be set."
@ -429,7 +433,7 @@ object APIUtil extends MdcLoggable {
def logAPICall(callContext: Option[CallContext]) = {
callContext match {
case Some(cc) =>
if(Props.getBool("write_metrics", false)) {
if(getPropsAsBoolValue("write_metrics", false)) {
val u: User = cc.user.orNull
val userId = if (u != null) u.userId else "null"
val userName = if (u != null) u.name else "null"
@ -453,7 +457,7 @@ object APIUtil extends MdcLoggable {
case Full(c) => Full(c)
case _ => Empty
}
} else if (Props.getBool("allow_direct_login", true) && hasDirectLoginHeader(cc.authorization)) {
} else if (getPropsAsBoolValue("allow_direct_login", true) && hasDirectLoginHeader(cc.authorization)) {
DirectLogin.getConsumer(cc) match {
case Full(c) => Full(c)
case _ => Empty
@ -490,14 +494,14 @@ object APIUtil extends MdcLoggable {
def logAPICall(date: TimeSpan, duration: Long, rd: Option[ResourceDoc]) = {
val authorization = S.request.map(_.header("Authorization")).flatten
if(Props.getBool("write_metrics", false)) {
if(getPropsAsBoolValue("write_metrics", false)) {
val user =
if (hasAnOAuthHeader(authorization)) {
getUser match {
case Full(u) => Full(u)
case _ => Empty
}
} else if (Props.getBool("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
} else if (getPropsAsBoolValue("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
DirectLogin.getUser match {
case Full(u) => Full(u)
case _ => Empty
@ -512,7 +516,7 @@ object APIUtil extends MdcLoggable {
case Full(c) => Full(c)
case _ => Empty
}
} else if (Props.getBool("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
} else if (getPropsAsBoolValue("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
DirectLogin.getConsumer match {
case Full(c) => Full(c)
case _ => Empty
@ -1145,7 +1149,7 @@ object APIUtil extends MdcLoggable {
//check #511, https://github.com/OpenBankProject/OBP-API/issues/511
// get rid of JValue, but in API-EXPLORER or other places, it need the Empty JValue "{}"
// So create the EmptyClassJson to set the empty JValue "{}"
case class EmptyClassJson()
case class EmptyClassJson(jsonString: String ="{}")
// Used to document the API calls
case class ResourceDoc(
@ -1165,6 +1169,144 @@ object APIUtil extends MdcLoggable {
)
case class GlossaryItem(
title: String,
description: String
)
val glossaryItems = ArrayBuffer[GlossaryItem]()
glossaryItems += GlossaryItem(
title = "Account",
description =
"""The thing that tokens of value (money) come in and out of.
|An account has one or more `owners` which are `Users`.
|In the future, `Customers` may also be `owners`.
|An account has a balance in a specified currency and zero or more `transactions` which are records of successful movements of money.
|"""
)
glossaryItems += GlossaryItem(
title = "Account.account_id",
description =
"""
|An identifier for the account that MUST NOT leak the account number or other identifier nomrally used by the customer or bank staff.
|It SHOULD be a UUID. It MUST be unique in combination with the BANK_ID. ACCOUNT_ID is used in many URLS so it should be considered public.
|(We do NOT use account number in URLs since URLs are cached and logged all over the internet.)
|In local / sandbox mode, ACCOUNT_ID is generated as a UUID and stored in the database.
|In non sandbox modes (Kafka etc.), ACCOUNT_ID is mapped to core banking account numbers / identifiers at the South Side Adapter level.
|ACCOUNT_ID is used to link Metadata and Views so it must be persistant and known to the North Side (OBP-API).
""")
glossaryItems += GlossaryItem(
title = "Bank",
description =
"""
|The entity that represents the financial institution or bank within a financial group.
|Open Bank Project is a multi-bank API. Each bank resource contains basic identifying information such as name, logo and website.
""")
glossaryItems += GlossaryItem(
title = "Bank.bank_id",
description =
"""
|An identifier that uniquely identifies the bank or financial institution on the OBP-API instance.
|
|It is typically a human (developer) friendly string for ease of identification.
|In sandbox mode it typically has the form financialinstitutuion.sequenceno.region.language. e.g. "bnpp-irb.01.it.it" however for production it could be the BIC of the institution.
""")
glossaryItems += GlossaryItem(
title = "Consumer",
description =
"""
|The "consumer" of the API, i.e. the web, mobile or serverside "App" that calls on the OBP API on behalf of the end user (or system).
|
|Each Consumer has a consumer key and secrect which allows it to enter into secure communication with the API server.
""")
glossaryItems += GlossaryItem(
title = "Customer",
description =
"""
|The legal entity that has the relationship to the bank. Customers are linked to Users via `User Customer Links`. Customer attributes include Date of Birth, Customer Number etc.
|
""")
glossaryItems += GlossaryItem(
title = "Customer.customer_id",
description =
"""
|The identifier that MUST NOT leak the customer number or other identifier nomrally used by the customer or bank staff. It SHOULD be a UUID and MUST be unique in combination with BANK_ID.
|
""")
glossaryItems += GlossaryItem(
title = "Transaction",
description =
"""
|Records of successful movements of money from / to an `Account`. OBP Transactions don't contain any "draft" or "pending" Transactions. (see Transaction Requests). Transactions contain infomration including type, description, from, to, currency, amount and new balance information.
|
""")
glossaryItems += GlossaryItem(
title = "Transaction Requests",
description =
"""
|Transaction Requests are records of transaction / payment requests coming to the API. They may or may not result in Transactions (following authorisation, security challenges and sufficient funds etc.)
|
|A successful Transaction Request results in a Transaction.
|
|For more information [see here](https://github.com/OpenBankProject/OBP-API/wiki/Transaction-Requests)
""")
glossaryItems += GlossaryItem(
title = "User",
description =
"""
|The entity that accesses the API with a login / authorisation token and has access to zero or more resources on the OBP API. The User is linked to the core banking user / customer at the South Side Adapter layer.
""")
glossaryItems += GlossaryItem(
title = "User.user_id",
description =
"""
|An identifier that MUST NOT leak the user name or other identifier nomrally used by the customer or bank staff. It SHOULD be a UUID and MUST be unique on the OBP instance.
""")
glossaryItems += GlossaryItem(
title = "User.provider",
description =
"""
|The name of the authentication service. e.g. the OBP hostname or kafka if users are authenticated over Kafka.
""")
glossaryItems += GlossaryItem(
title = "User.provider_id",
description =
"""
|The id of the user given by the authenticaiton provider.
""")
glossaryItems += GlossaryItem(
title = "User Customer Links",
description =
"""
|Link Users and Customers in a many to many relationship. A User can represent many Customers (e.g. the bank may have several Customer records for the same individual or a dependant). In this way Customers can easily be attached / detached from Users.
""")
def getGlossaryItems : List[GlossaryItem] = {
glossaryItems.toList
}
/**
*
* This is the base class for all kafka outbound case class
@ -1461,7 +1603,7 @@ Returns a string showed to the developer
val result = blockOfCode
// call-by-name
val t1 = System.currentTimeMillis()
if (Props.getBool("write_metrics", false)){
if (getPropsAsBoolValue("write_metrics", false)){
val correlationId = getCorrelationId()
Future {
ConnectorMetricsProvider.metrics.vend.saveConnectorMetric(nameOfConnector, nameOfFunction, correlationId, now, t1 - t0)
@ -1471,7 +1613,7 @@ Returns a string showed to the developer
}
def akkaSanityCheck (): Box[Boolean] = {
Props.getBool("use_akka", false) match {
getPropsAsBoolValue("use_akka", false) match {
case true =>
val remotedataSecret = Props.get("remotedata.secret").openOrThrowException("Cannot obtain property remotedata.secret")
SanityCheck.sanityCheck.vend.remoteAkkaSanityCheck(remotedataSecret)
@ -1921,9 +2063,9 @@ Versions are groups of endpoints in a file
val res =
if (hasAnOAuthHeader(authorization)) {
getUserFromOAuthHeaderFuture(cc)
} else if (Props.getBool("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
} else if (getPropsAsBoolValue("allow_direct_login", true) && hasDirectLoginHeader(authorization)) {
DirectLogin.getUserFromDirectLoginHeaderFuture(cc)
} else if (Props.getBool("allow_gateway_login", false) && hasGatewayHeader(authorization)) {
} else if (getPropsAsBoolValue("allow_gateway_login", false) && hasGatewayHeader(authorization)) {
Props.get("gateway.host") match {
case Full(h) if h.split(",").toList.exists(_.equalsIgnoreCase(getRemoteIpAddress()) == true) => // Only addresses from white list can use this feature
val (httpCode, message, parameters) = GatewayLogin.validator(s.request)
@ -2012,7 +2154,7 @@ Versions are groups of endpoints in a file
case ParamFailure(msg,_,_,_) =>
throw new Exception(msg)
case obj@Failure(msg, _, c) =>
val failuresMsg = Props.getBool("display_internal_errors").openOr(false) match {
val failuresMsg = getPropsAsBoolValue("display_internal_errors", false) match {
case true => // Show all error in a chain
obj.messageChain
case false => // Do not display internal errors
@ -2086,4 +2228,50 @@ Versions are groups of endpoints in a file
)= createOBPId(s"$thisBankId$thisAccountId$counterpartyName")
val isSandboxMode: Boolean = (Props.get("connector").openOrThrowException(attemptedToOpenAnEmptyBox).toString).equalsIgnoreCase("mapped")
/**
* This function is implemented in order to support encrypted values in props file.
* Please note that some value is considered as encrypted if has an encryption mark property in addition to regular props value in props file e.g
* db.url=Helpers.base64Encode(SOME_ENCRYPTED_VALUE)
* db.url.is_encrypted=true
* getDecryptedPropsValue("db.url") = jdbc:postgresql://localhost:5432/han_obp_api_9?user=han_obp_api&password=mypassword
* Encrypt/Decrypt workflow:
* Encrypt: Array[Byte] -> Helpers.base64Encode(encrypted) -> Props file: String -> Helpers.base64Decode(encryptedValue) -> Decrypt: Array[Byte]
* @param nameOfProperty Name of property which value should be decrypted
* @return Decrypted value of a property
*/
def getPropsValue(nameOfProperty: String): Box[String] = {
(Props.get(nameOfProperty), Props.get(nameOfProperty + ".is_encrypted")) match {
case (Full(base64PropsValue), Full(isEncrypted)) if isEncrypted == "true" =>
val decryptedValueAsArray = decrypt(privateKey, Helpers.base64Decode(base64PropsValue), CryptoSystem.RSA)
val decryptedValueAsString = new String(decryptedValueAsArray)
Full(decryptedValueAsString)
case (Full(property), Full(isEncrypted)) if isEncrypted == "false" =>
Full(property)
case (Full(property), Empty) =>
Full(property)
case (Empty, Empty) =>
Empty
case _ =>
logger.error(cannotDecryptValueOfProperty + nameOfProperty)
Failure(cannotDecryptValueOfProperty + nameOfProperty)
}
}
def getPropsAsBoolValue(nameOfProperty: String, defaultValue: Boolean): Boolean = {
getPropsValue(nameOfProperty) map(toBoolean) openOr(defaultValue)
}
def getPropsAsIntValue(nameOfProperty: String): Box[Int] = {
getPropsValue(nameOfProperty) map(toInt)
}
def getPropsAsIntValue(nameOfProperty: String, defaultValue: Int): Int = {
getPropsAsIntValue(nameOfProperty) openOr(defaultValue)
}
def getPropsAsLongValue(nameOfProperty: String): Box[Long] = {
getPropsValue(nameOfProperty) flatMap(asLong)
}
def getPropsAsLongValue(nameOfProperty: String, defaultValue: Long): Long = {
getPropsAsLongValue(nameOfProperty) openOr(defaultValue)
}
}

71
src/main/scala/code/api/util/CertificateUtil.scala
View File

@ -6,7 +6,11 @@ import java.security.{PublicKey, _}
import javax.crypto.Cipher
import code.api.util.CryptoSystem.CryptoSystem
import net.liftweb.util.Props
import com.nimbusds.jose.crypto.RSAEncrypter
import com.nimbusds.jose.{EncryptionMethod, JOSEObject, JWEAlgorithm, JWEHeader}
import com.nimbusds.jwt.EncryptedJWT
import code.util.Helper.MdcLoggable
import net.liftweb.util.{Helpers, Props}
object CryptoSystem extends Enumeration {
@ -14,14 +18,14 @@ object CryptoSystem extends Enumeration {
val RSA = Value
}
object CertificateUtil {
object CertificateUtil extends MdcLoggable {
lazy val (publicKey: RSAPublicKey, privateKey: RSAPrivateKey) = Props.getBool("jwt.use.ssl", false) match {
lazy val (publicKey: RSAPublicKey, privateKey: RSAPrivateKey) = APIUtil.getPropsAsBoolValue("jwt.use.ssl", false) match {
case true =>
getKeyPair(
jkspath = Props.get("keystore.path").getOrElse(""),
jkspasswd = Props.get("keystore.password").getOrElse(""),
keypasswd = Props.get("keystore.passphrase").getOrElse(""),
jkspasswd = Props.get("keystore.password").getOrElse(APIUtil.initPasswd),
keypasswd = Props.get("keystore.passphrase").getOrElse(APIUtil.initPasswd),
alias = Props.get("keystore.alias").getOrElse("")
)
case false =>
@ -95,20 +99,73 @@ object CertificateUtil {
cipher.doFinal(encrypted)
}
def getClaimSet(jwt: String) = {
import com.nimbusds.jose.util.Base64URL
import com.nimbusds.jwt.PlainJWT
// {"alg":"none"}// {"alg":"none"}
val header = "eyJhbGciOiJub25lIn0"
val parts: Array[Base64URL] = JOSEObject.split(jwt)
val plainJwt = new PlainJWT(new Base64URL(header), (parts(1)))
plainJwt.getJWTClaimsSet
}
def encryptJwtWithRsa(jwt: String) = {
// Request JWT encrypted with RSA-OAEP-256 and 128-bit AES/GCM
val header = new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM)
// Create an encrypter with the specified public RSA key
val encrypter = new RSAEncrypter(publicKey)
// Create the encrypted JWT object
val encryptedJWT = new EncryptedJWT(header, CertificateUtil.getClaimSet(jwt))
// Do the actual encryption
encryptedJWT.encrypt(encrypter)
logger.debug("encryptedJWT.serialize(): " + encryptedJWT.serialize())
// Return JWT
encryptedJWT.serialize()
}
def decryptJwtWithRsa(jwt: String) = {
import com.nimbusds.jose.crypto.RSADecrypter
import com.nimbusds.jwt.EncryptedJWT
// Parse back
val jwtParsed = EncryptedJWT.parse(jwt)
System.out.println("decryptJwtWithRsa: " + jwtParsed.serialize())
// Create a decrypter with the specified private RSA key
val decrypter = new RSADecrypter(privateKey)
jwtParsed.decrypt(decrypter)
logger.debug("jwt: " + jwt)
logger.debug("getState: " + jwtParsed.getState)
logger.debug("getJWTClaimsSet: " + jwtParsed.getJWTClaimsSet)
logger.debug("getCipherText: " + jwtParsed.getCipherText)
logger.debug("getAuthTag: " + jwtParsed.getAuthTag)
jwtParsed.serialize()
}
@throws[Exception]
def main(args: Array[String]): Unit = {
print("Enter the Password for the SSL Certificate Stores: ")
//As most IDEs do not provide a Console, we fall back to readLine
code.api.util.APIUtil.initPasswd =
if (Props.get("kafka.use.ssl").getOrElse("") == "true" ||
Props.get("jwt.use.ssl").getOrElse("") == "true")
{
try {
System.console.readPassword().toString
} catch {
case e: NullPointerException => scala.io.StdIn.readLine()
}
} else {"notused"}
System.out.println("Public key:" + publicKey.getEncoded)
System.out.println("Private key:" + privateKey.getEncoded)
// 1.1 Encrypt the token with public key
val encryptedWithPublicReceived = encrypt(publicKey, "This is a secret message we should receive", CryptoSystem.RSA)
System.out.println("Encrypted token with public key:")
System.out.println(new String(encryptedWithPublicReceived)) // <<encrypted message>>
val encryptedString = Helpers.base64Encode(encryptedWithPublicReceived)
System.out.println(encryptedString) // <<encrypted message>>
// 1.2 Decrypt the token with private key
val decryptedToken = decrypt(privateKey, encryptedWithPublicReceived, CryptoSystem.RSA)
val decryptedToken = decrypt(privateKey, Helpers.base64Decode(encryptedString), CryptoSystem.RSA)
System.out.println("Decrypted token with private key:") // This is a secret message
System.out.println(new String(decryptedToken)) // This is a secret message

68
src/main/scala/code/api/v1_2/OBPAPI1.2.scala
View File

@ -82,7 +82,7 @@
// private def moderatedTransactionMetadata(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionId : TransactionId, user : Box[User]) : Box[ModeratedTransactionMetadata] =
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user)
// metadata <- Box(moderatedTransaction.metadata) ?~ {"view " + viewId + " does not authorize metadata access"}
// } yield metadata
@ -179,7 +179,7 @@
// for {
// account <- BankAccount(bankId, accountId)
// availableviews <- Full(account.permittedViews(user))
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// moderatedAccount <- account.moderatedBankAccount(view, user)
// } yield {
// val viewsAvailable = availableviews.map(JSONFactory.createViewJSON)
@ -341,7 +341,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccounts <- account.moderatedOtherBankAccounts(view, user)
// } yield {
// val otherBankAccountsJson = JSONFactory.createOtherBankAccountsJSON(otherBankAccounts)
@ -356,7 +356,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// } yield {
// val otherBankAccountJson = JSONFactory.createOtherBankAccount(otherBankAccount)
@ -371,7 +371,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// } yield {
@ -387,7 +387,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// alias <- Box(metadata.publicAlias) ?~ {"the view " + viewId + "does not allow public alias access"}
@ -404,7 +404,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow adding a public alias"}
@ -423,7 +423,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow updating the public alias"}
@ -442,7 +442,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow deleting the public alias"}
@ -459,7 +459,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// alias <- Box(metadata.privateAlias) ?~ {"the view " + viewId + "does not allow private alias access"}
@ -476,7 +476,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow adding a private alias"}
@ -496,7 +496,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow updating the private alias"}
@ -516,7 +516,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow deleting the private alias"}
@ -532,7 +532,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow adding more info"}
@ -552,7 +552,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow updating more info"}
@ -572,7 +572,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow deleting more info"}
@ -588,7 +588,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow adding a url"}
@ -608,7 +608,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow updating a url"}
@ -628,7 +628,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow deleting a url"}
@ -644,7 +644,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow adding an image url"}
@ -664,7 +664,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow updating an image url"}
@ -684,7 +684,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow deleting an image url"}
@ -700,7 +700,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow adding an open corporate url"}
@ -720,7 +720,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow updating an open corporate url"}
@ -740,7 +740,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow deleting an open corporate url"}
@ -757,7 +757,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow adding a corporate location"}
@ -779,7 +779,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow updating a corporate location"}
@ -801,7 +801,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// deleted <- Counterparties.counterparties.vend.deleteCorporateLocation(other_account_id) ?~ {"Corporate Location cannot be deleted"}
@ -828,7 +828,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow adding a physical location"}
@ -850,7 +850,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow updating a physical location"}
@ -872,7 +872,7 @@
// for {
// u <- user
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, user)
// metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
// deleted <- Counterparties.counterparties.vend.deletePhysicalLocation(other_account_id) ?~ {"Physical Location cannot be deleted"}
@ -894,7 +894,7 @@
// for {
// params <- getTransactionParams(json)
// bankAccount <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, bankAccount)
// view <- Views.views.vend.view(viewId, bankAccount)
// transactions <- bankAccount.getModeratedTransactions(user, view, params : _*)
// } yield {
// val json = JSONFactory.createTransactionsJSON(transactions)
@ -909,7 +909,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// moderatedTransaction <- account.moderatedTransaction(transactionId, view, user)
// } yield {
// val json = JSONFactory.createTransactionJSON(moderatedTransaction)
@ -1189,7 +1189,7 @@
// cc =>
// for {
// account <- BankAccount(bankId, accountId)
// view <- View.fromUrl(viewId, account)
// view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
// transaction <- account.moderatedTransaction(transactionId, view, user)
// moderatedOtherBankAccount <- transaction.otherBankAccount
// } yield {

139
src/main/scala/code/api/v1_2_1/APIMethods121.scala
View File

@ -3,7 +3,7 @@ package code.api.v1_2_1
import java.net.URL
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
import code.api.util.APIUtil
import code.api.util.{APIUtil, ErrorMessages}
import code.api.util.APIUtil._
import code.api.util.ErrorMessages._
import code.bankconnectors.{OBPFromDate, OBPOffset, OBPToDate, _}
@ -31,6 +31,7 @@ import scalacache.{memoization}
import scalacache.memoization.memoizeSync
import code.api.util.APIUtil._
import code.util.Helper.booleanToBox
import code.views.Views
trait APIMethods121 {
//needs to be a RestHelper to get access to JsonGet, JsonPost, etc.
@ -66,7 +67,7 @@ trait APIMethods121 {
private def moderatedTransactionMetadata(bankId : BankId, accountId : AccountId, viewId : ViewId, transactionID : TransactionId, user : Box[User]) : Box[ModeratedTransactionMetadata] ={
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
moderatedTransaction <- account.moderatedTransaction(transactionID, view, user)
metadata <- Box(moderatedTransaction.metadata) ?~ {"view " + viewId + " does not authorize metadata access"}
} yield metadata
@ -103,7 +104,7 @@ trait APIMethods121 {
"root",
"GET",
"/root",
"The root of the API",
"Get API Info",
"""Returns information about:
|
|* API version
@ -193,36 +194,36 @@ trait APIMethods121 {
resourceDocs += ResourceDoc(
allAccountsAllBanks,
getPrivateAccountsAllBanks,
apiVersion,
"allAccountsAllBanks",
"getPrivateAccountsAllBanks",
"GET",
"/accounts",
"Get accounts at all banks (Authenticated + Anonymous access).",
"""Returns the list of accounts at that the user has access to at all banks.
"Get accounts at all banks (Private, inc views).",
s"""Returns the list of accounts at that the user has access to at all banks.
|For each account the API returns the account ID and the available views.
|
|If the user is not authenticated via OAuth, the list will contain only the accounts providing public views. If
|the user is authenticated, the list will contain Private accounts to which the user has access, in addition to
|all public accounts.
|
|Note for those upgrading from v1.2:
|The v1.2 version of this call was buggy in that it did not include public accounts if an authenticated user made the call.
|If you need the previous behaviour, please use the API call for private accounts (..../accounts/private).
|
|This endpoint works with firehose.
|
|${authenticationRequiredMessage(true)}
|""".stripMargin,
emptyObjectJson,
accountJSON,
List(UnknownError),
List(UserNotLoggedIn, UnknownError),
Catalogs(Core, PSD2, OBWG),
apiTagAccount :: Nil)
lazy val allAccountsAllBanks : OBPEndpoint = {
//TODO double check with `lazy val privateAccountsAllBanks :`, they are the same now.
lazy val getPrivateAccountsAllBanks : OBPEndpoint = {
//get accounts for all banks (private + public)
case "accounts" :: Nil JsonGet json => {
cc =>
Full(successJsonResponse(bankAccountsListToJson(BankAccount.accounts(cc.user), cc.user)))
for {
u <- cc.user ?~ UserNotLoggedIn
} yield {
val availableAccounts = BankAccount.privateAccounts(u)
successJsonResponse(bankAccountsListToJson(availableAccounts, cc.user))
}
}
}
@ -290,23 +291,19 @@ trait APIMethods121 {
}
resourceDocs += ResourceDoc(
allAccountsAtOneBank,
getPrivateAccountsAtOneBank,
apiVersion,
"allAccountsAtOneBank",
"getPrivateAccountsAtOneBank",
"GET",
"/banks/BANK_ID/accounts",
"Get accounts at bank (Autheneticated + Anonymous access).",
"""Returns the list of accounts at BANK_ID that the user has access to.
"Get accounts at bank (Private, inc views).",
s"""Returns the list of accounts at BANK_ID that the user has access to.
|For each account the API returns the account ID and the available views.
|
|If the user is not authenticated via OAuth, the list will contain only the accounts providing public views.
|
|Note for those upgrading from v1.2:
|The v1.2 version of this call was buggy in that it did not include public accounts if an authenticated user made the call.
|If you need the previous behaviour, please use the API call for private accounts (..../accounts/private)
|
|This endpoint works with firehose.
|
|${authenticationRequiredMessage(true)}
|
""",
emptyObjectJson,
accountJSON,
@ -314,14 +311,16 @@ trait APIMethods121 {
Catalogs(notCore, notPSD2, notOBWG),
apiTagAccount :: Nil)
lazy val allAccountsAtOneBank : OBPEndpoint = {
//TODO, double check with `lazy val privateAccountsAtOneBank`, they are the same now.
lazy val getPrivateAccountsAtOneBank : OBPEndpoint = {
//get accounts for a single bank (private + public)
case "banks" :: BankId(bankId) :: "accounts" :: Nil JsonGet json => {
cc =>
for{
u <- cc.user ?~! ErrorMessages.UserNotLoggedIn
bank <- Bank(bankId)?~! BankNotFound
} yield {
val availableAccounts = bank.accounts(cc.user)
val availableAccounts = bank.privateAccounts(u)
successJsonResponse(bankAccountsListToJson(availableAccounts, cc.user))
}
}
@ -433,7 +432,7 @@ trait APIMethods121 {
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
availableviews <- Full(account.permittedViews(cc.user))
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
moderatedAccount <- account.moderatedBankAccount(view, cc.user)
} yield {
val viewsAvailable = availableviews.map(JSONFactory.createViewJSON)
@ -614,7 +613,7 @@ trait APIMethods121 {
u <- cc.user ?~ UserNotLoggedIn
//customer views are started ith `_`,eg _life, _work, and System views startWith letter, eg: owner
_ <- booleanToBox(viewId.value.startsWith("_"), InvalidCustomViewFormat)
view <- View.fromUrl(viewId, accountId, bankId)?~! ViewNotFound
view <- Views.views.vend.view(viewId, BankIdAccountId(bankId, accountId))?~! ViewNotFound
_ <- booleanToBox(!view.isSystem, SystemViewsCanNotBeModified)
updatedView <- account.updateView(u, viewId, updateJson)
} yield {
@ -652,7 +651,7 @@ trait APIMethods121 {
for {
//customer views are started ith `_`,eg _lift, _work, and System views startWith letter, eg: owner
_ <- booleanToBox(viewId.value.startsWith("_"), InvalidCustomViewFormat)
view <- View.fromUrl(viewId, accountId, bankId)?~! ViewNotFound
view <- Views.views.vend.view(viewId, BankIdAccountId(bankId, accountId))?~! ViewNotFound
_ <- booleanToBox(!view.isSystem, SystemViewsCanNotBeModified)
u <- cc.user ?~ UserNotLoggedIn
@ -912,7 +911,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccounts <- account.moderatedOtherBankAccounts(view, cc.user)
} yield {
val otherBankAccountsJson = JSONFactory.createOtherBankAccountsJSON(otherBankAccounts)
@ -943,7 +942,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~!BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
} yield {
val otherBankAccountJson = JSONFactory.createOtherBankAccount(otherBankAccount)
@ -975,7 +974,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
} yield {
@ -1012,7 +1011,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
alias <- Box(metadata.publicAlias) ?~ {"the view " + viewId + "does not allow public alias access"}
@ -1059,7 +1058,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow adding a public alias"}
@ -1103,7 +1102,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow updating the public alias"}
@ -1145,7 +1144,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPublicAlias) ?~ {"the view " + viewId + "does not allow deleting the public alias"}
@ -1184,7 +1183,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
alias <- Box(metadata.privateAlias) ?~ {"the view " + viewId + "does not allow private alias access"}
@ -1225,7 +1224,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow adding a private alias"}
@ -1269,7 +1268,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow updating the private alias"}
@ -1312,7 +1311,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addAlias <- Box(metadata.addPrivateAlias) ?~ {"the view " + viewId + "does not allow deleting the private alias"}
@ -1352,7 +1351,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow adding more info"}
@ -1393,7 +1392,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow updating more info"}
@ -1433,7 +1432,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addMoreInfo <- Box(metadata.addMoreInfo) ?~ {"the view " + viewId + "does not allow deleting more info"}
@ -1473,7 +1472,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow adding a url"}
@ -1514,7 +1513,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow updating a url"}
@ -1554,7 +1553,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addUrl <- Box(metadata.addURL) ?~ {"the view " + viewId + "does not allow deleting a url"}
@ -1593,7 +1592,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow adding an image url"}
@ -1633,7 +1632,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow updating an image url"}
@ -1667,7 +1666,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addImageUrl <- Box(metadata.addImageURL) ?~ {"the view " + viewId + "does not allow deleting an image url"}
@ -1705,7 +1704,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow adding an open corporate url"}
@ -1746,7 +1745,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow updating an open corporate url"}
@ -1786,7 +1785,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addOpenCorpUrl <- Box(metadata.addOpenCorporatesURL) ?~ {"the view " + viewId + "does not allow deleting an open corporate url"}
@ -1826,7 +1825,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow adding a corporate location"}
@ -1870,7 +1869,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addCorpLocation <- Box(metadata.addCorporateLocation) ?~ {"the view " + viewId + "does not allow updating a corporate location"}
@ -1912,7 +1911,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
deleted <- Counterparties.counterparties.vend.deleteCorporateLocation(other_account_id) ?~ {"Corporate Location cannot be deleted"}
@ -1956,7 +1955,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow adding a physical location"}
@ -2001,7 +2000,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
addPhysicalLocation <- Box(metadata.addPhysicalLocation) ?~ {"the view " + viewId + "does not allow updating a physical location"}
@ -2044,7 +2043,7 @@ trait APIMethods121 {
for {
u <- cc.user
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
metadata <- Box(otherBankAccount.metadata) ?~ {"the view " + viewId + "does not allow metadata access"}
deleted <- Counterparties.counterparties.vend.deletePhysicalLocation(other_account_id) ?~ {"Physical Location cannot be deleted"}
@ -2097,7 +2096,7 @@ trait APIMethods121 {
for {
params <- paramsBox
bankAccount <- BankAccount(bankId, accountId)
view <- View.fromUrl(viewId, bankAccount)
view <- Views.views.vend.view(viewId, BankIdAccountId(bankAccount.bankId,bankAccount.accountId))
transactions <- bankAccount.getModeratedTransactions(user, view, params : _*)(None)
} yield {
val json = JSONFactory.createTransactionsJSON(transactions)
@ -2145,7 +2144,7 @@ trait APIMethods121 {
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
moderatedTransaction <- account.moderatedTransaction(transactionId, view, cc.user)
} yield {
val json = JSONFactory.createTransactionJSON(moderatedTransaction)
@ -2693,6 +2692,7 @@ Authentication via OAuth is required. The user must either have owner privileges
UserNotLoggedIn,
BankAccountNotFound,
InvalidJsonFormat,
ViewNotFound,
"view does not authorize metadata access",
"the view does not allow adding a where tag",
"Coordinates not possible",
@ -2706,7 +2706,7 @@ Authentication via OAuth is required. The user must either have owner privileges
cc =>
for {
u <- cc.user
view <- View.fromUrl(viewId, accountId, bankId)
view <- Views.views.vend.view(viewId, BankIdAccountId(bankId, accountId))?~! ViewNotFound
metadata <- moderatedTransactionMetadata(bankId, accountId, viewId, transactionId, cc.user)
addWhereTag <- Box(metadata.addWhereTag) ?~ {"the view " + viewId + "does not allow adding a where tag"}
whereJson <- tryo{(json.extract[PostTransactionWhereJSON])} ?~ {InvalidJsonFormat}
@ -2737,6 +2737,7 @@ Authentication via OAuth is required. The user must either have owner privileges
UserNotLoggedIn,
BankAccountNotFound,
InvalidJsonFormat,
ViewNotFound,
"view does not authorize metadata access",
"the view does not allow updating a where tag",
"Coordinates not possible",
@ -2750,7 +2751,7 @@ Authentication via OAuth is required. The user must either have owner privileges
cc =>
for {
u <- cc.user
view <- View.fromUrl(viewId, accountId, bankId)
view <- Views.views.vend.view(viewId, BankIdAccountId(bankId, accountId))?~! ViewNotFound
metadata <- moderatedTransactionMetadata(bankId, accountId, viewId, transactionId, cc.user)
addWhereTag <- Box(metadata.addWhereTag) ?~ {"the view " + viewId + "does not allow updating a where tag"}
whereJson <- tryo{(json.extract[PostTransactionWhereJSON])} ?~ {InvalidJsonFormat}
@ -2797,7 +2798,7 @@ Authentication via OAuth is required. The user must either have owner privileges
cc =>
for {
bankAccount <- BankAccount(bankId, accountId)?~! BankAccountNotFound
view <- View.fromUrl(viewId, bankAccount)
view <- Views.views.vend.view(viewId, BankIdAccountId(bankAccount.bankId,bankAccount.accountId))
metadata <- moderatedTransactionMetadata(bankId, accountId, viewId, transactionId, cc.user)
deleted <- metadata.deleteWhereTag(viewId, cc.user, bankAccount)
} yield {
@ -2831,7 +2832,7 @@ Authentication via OAuth is required. The user must either have owner privileges
cc =>
for {
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
transaction <- account.moderatedTransaction(transactionId, view, cc.user)
moderatedOtherBankAccount <- transaction.otherBankAccount
} yield {
@ -2879,7 +2880,7 @@ Authentication via OAuth is required. The user must either have owner privileges
lazy val makePayment : OBPEndpoint = {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transactions" :: Nil JsonPost json -> _ => {
sc
if (Props.getBool("payments_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("payments_enabled", false)) {
for {
u <- cc.user ?~ UserNotLoggedIn
makeTransJson <- tryo{json.extract[MakePaymentJson]} ?~ {InvalidJsonFormat}

4
src/main/scala/code/api/v1_2_1/OBPAPI1.2.1.scala
View File

@ -51,10 +51,10 @@ object OBPAPI1_2_1 extends OBPRestHelper with APIMethods121 with MdcLoggable {
Implementations1_2_1.root(version, versionStatus),
Implementations1_2_1.getBanks,
Implementations1_2_1.bankById,
Implementations1_2_1.allAccountsAllBanks,
Implementations1_2_1.getPrivateAccountsAllBanks,
Implementations1_2_1.privateAccountsAllBanks,
Implementations1_2_1.publicAccountsAllBanks,
Implementations1_2_1.allAccountsAtOneBank,
Implementations1_2_1.getPrivateAccountsAtOneBank,
Implementations1_2_1.privateAccountsAtOneBank,
Implementations1_2_1.publicAccountsAtOneBank,
Implementations1_2_1.accountById,

4
src/main/scala/code/api/v1_3_0/OBPAPI1_3_0.scala
View File

@ -25,10 +25,10 @@ object OBPAPI1_3_0 extends OBPRestHelper with APIMethods130 with APIMethods121 w
Implementations1_2_1.root(version, versionStatus),
Implementations1_2_1.getBanks,
Implementations1_2_1.bankById,
Implementations1_2_1.allAccountsAllBanks,
Implementations1_2_1.getPrivateAccountsAllBanks,
Implementations1_2_1.privateAccountsAllBanks,
Implementations1_2_1.publicAccountsAllBanks,
Implementations1_2_1.allAccountsAtOneBank,
Implementations1_2_1.getPrivateAccountsAtOneBank,
Implementations1_2_1.privateAccountsAtOneBank,
Implementations1_2_1.publicAccountsAtOneBank,
Implementations1_2_1.accountById,

14
src/main/scala/code/api/v1_4_0/APIMethods140.scala
View File

@ -167,7 +167,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
}
val getBranchesIsPublic = Props.getBool("apiOptions.getBranchesIsPublic", true)
val getBranchesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getBranchesIsPublic", true)
resourceDocs += ResourceDoc(
getBranches,
@ -234,7 +234,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
}
val getAtmsIsPublic = Props.getBool("apiOptions.getAtmsIsPublic", true)
val getAtmsIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getAtmsIsPublic", true)
resourceDocs += ResourceDoc(
getAtms,
@ -302,7 +302,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
}
val getProductsIsPublic = Props.getBool("apiOptions.getProductsIsPublic", true)
val getProductsIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getProductsIsPublic", true)
resourceDocs += ResourceDoc(
@ -445,7 +445,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
Nil JsonGet _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
fromBank <- Bank(bankId) ?~! {ErrorMessages.BankNotFound}
@ -488,7 +488,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
lazy val getTransactionRequests: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-requests" :: Nil JsonGet _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
fromBank <- Bank(bankId) ?~! {ErrorMessages.BankNotFound}
@ -554,7 +554,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
/* TODO:
* check if user has access using the view that is given (now it checks if user has access to owner view), will need some new permissions for transaction requests
@ -622,7 +622,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: TransactionRequestId(transReqId) :: "challenge" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
fromBank <- Bank(bankId) ?~! {ErrorMessages.BankNotFound}

4
src/main/scala/code/api/v1_4_0/OBPAPI1_4_0.scala
View File

@ -18,10 +18,10 @@ object OBPAPI1_4_0 extends OBPRestHelper with APIMethods140 with MdcLoggable {
Implementations1_2_1.root(version, versionStatus),
Implementations1_2_1.getBanks,
Implementations1_2_1.bankById,
Implementations1_2_1.allAccountsAllBanks,
Implementations1_2_1.getPrivateAccountsAllBanks,
Implementations1_2_1.privateAccountsAllBanks,
Implementations1_2_1.publicAccountsAllBanks,
Implementations1_2_1.allAccountsAtOneBank,
Implementations1_2_1.getPrivateAccountsAtOneBank,
Implementations1_2_1.privateAccountsAtOneBank,
Implementations1_2_1.publicAccountsAtOneBank,
Implementations1_2_1.accountById,

75
src/main/scala/code/api/v2_0_0/APIMethods200.scala
View File

@ -7,7 +7,7 @@ import code.TransactionTypes.TransactionType
import code.api.APIFailure
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
import code.api.util.APIUtil._
import code.api.util.{ApiRole, ErrorMessages}
import code.api.util.{APIUtil, ApiRole, ErrorMessages}
import code.api.v1_2_1.OBPAPI1_2_1._
import code.api.v1_2_1.{AmountOfMoneyJsonV121 => AmountOfMoneyJSON121, JSONFactory => JSONFactory121}
import code.api.v1_4_0.JSONFactory1_4_0
@ -27,6 +27,7 @@ import code.search.{elasticsearchMetrics, elasticsearchWarehouse}
import code.socialmedia.SocialMediaHandle
import code.usercustomerlinks.UserCustomerLink
import code.util.Helper
import code.views.Views
import net.liftweb.common.{Full, _}
import net.liftweb.http.CurrentReq
import net.liftweb.http.rest.RestHelper
@ -34,6 +35,7 @@ import net.liftweb.json.JsonAST.JValue
import net.liftweb.mapper.By
import net.liftweb.util.Helpers.tryo
import net.liftweb.util.Props
import scala.concurrent.ExecutionContext.Implicits.global
import scala.collection.immutable.Nil
import scala.collection.mutable.ArrayBuffer
@ -118,37 +120,38 @@ trait APIMethods200 {
resourceDocs += ResourceDoc(
allAccountsAllBanks,
getPrivateAccountsAllBanks,
apiVersion,
"allAccountsAllBanks",
"getPrivateAccountsAllBanks",
"GET",
"/accounts",
"Get all Accounts at all Banks.",
s"""Get all accounts at all banks the User has access to (Authenticated + Anonymous access).
s"""Get all accounts at all banks the User has access to.
|Returns the list of accounts at that the user has access to at all banks.
|For each account the API returns the account ID and the available views.
|
|If the user is not authenticated via OAuth, the list will contain only the accounts providing public views. If
|the user is authenticated, the list will contain Private accounts to which the user has access, in addition to
|all public accounts.
|
|${authenticationRequiredMessage(false)}
|${authenticationRequiredMessage(true)}
|
|This endpoint works with firehose.
|
|""".stripMargin,
emptyObjectJson,
basicAccountsJSON,
List(UnknownError),
List(UserNotLoggedIn, UnknownError),
Catalogs(notCore, notPSD2, notOBWG),
List(apiTagAccount, apiTagPrivateData, apiTagPublicData))
lazy val allAccountsAllBanks : OBPEndpoint = {
lazy val getPrivateAccountsAllBanks : OBPEndpoint = {
//get accounts for all banks (private + public)
case "accounts" :: Nil JsonGet json => {
cc =>
Full(successJsonResponse(bankAccountBasicListToJson(BankAccount.accounts(cc.user), cc.user)))
for {
u <- cc.user ?~ UserNotLoggedIn
} yield {
val availableAccounts = BankAccount.privateAccounts(u)
successJsonResponse(bankAccountsListToJson(availableAccounts, cc.user))
}
}
}
@ -240,21 +243,19 @@ trait APIMethods200 {
resourceDocs += ResourceDoc(
allAccountsAtOneBank,
getPrivateAccountsAtOneBank,
apiVersion,
"allAccountsAtOneBank",
"getPrivateAccountsAtOneBank",
"GET",
"/banks/BANK_ID/accounts",
"Get Accounts at Bank (inc. Public).",
s"""Get accounts at one bank that the user has access to (Authenticated + Anonymous access).
"Get Accounts at Bank (Private, inc views).",
s"""Get accounts at one bank that the user has access to.
|Returns the list of accounts at BANK_ID that the user has access to.
|For each account the API returns the account ID and the available views.
|
|If the user is not authenticated, the list will contain only the accounts providing public views.
|
|This endpoint works with firehose.
|
|${authenticationRequiredMessage(false)}
|${authenticationRequiredMessage(true)}
""".stripMargin,
emptyObjectJson,
basicAccountsJSON,
@ -262,15 +263,17 @@ trait APIMethods200 {
Catalogs(notCore, notPSD2, notOBWG),
List(apiTagAccount, apiTagPrivateData, apiTagPublicData)
)
lazy val allAccountsAtOneBank : OBPEndpoint = {
//TODO, double check with `lazy val privateAccountsAtOneBank`, they are the same accounts, only different json body.
lazy val getPrivateAccountsAtOneBank : OBPEndpoint = {
//get accounts for a single bank (private + public)
case "banks" :: BankId(bankId) :: "accounts" :: Nil JsonGet json => {
cc =>
for{
u <- cc.user ?~! ErrorMessages.UserNotLoggedIn
bank <- Bank(bankId) ?~! BankNotFound
} yield {
val availableAccounts = bank.accounts(cc.user)
val availableAccounts = bank.privateAccounts(u)
successJsonResponse(bankAccountBasicListToJson(availableAccounts, cc.user))
}
}
@ -869,7 +872,7 @@ trait APIMethods200 {
account <- BankAccount(bankId, accountId) ?~ BankAccountNotFound
availableviews <- Full(account.permittedViews(cc.user))
// Assume owner view was requested
view <- View.fromUrl( ViewId("owner"), account)
view <- Views.views.vend.view( ViewId("owner"), BankIdAccountId(account.bankId,account.accountId))
moderatedAccount <- account.moderatedBankAccount(view, cc.user)
} yield {
val viewsAvailable = availableviews.map(JSONFactory121.createViewJSON)
@ -920,7 +923,7 @@ trait APIMethods200 {
params <- getTransactionParams(json)
bankAccount <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
// Assume owner view was requested
view <- View.fromUrl( ViewId("owner"), bankAccount)
view <- Views.views.vend.view( ViewId("owner"), BankIdAccountId(bankAccount.bankId,bankAccount.accountId))
transactions <- bankAccount.getModeratedTransactions(cc.user, view, params : _*)(None)
} yield {
val json = JSONFactory200.createCoreTransactionsJSON(transactions)
@ -972,7 +975,7 @@ trait APIMethods200 {
bank <- Bank(bankId) ?~ BankNotFound // Check bank exists.
account <- BankAccount(bank.bankId, accountId) ?~ {ErrorMessages.AccountNotFound} // Check Account exists.
availableViews <- Full(account.permittedViews(cc.user))
view <- View.fromUrl(viewId, account) ?~! {ErrorMessages.ViewNotFound}
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~! {ErrorMessages.ViewNotFound}
_ <- tryo(availableViews.find(_ == viewId)) ?~! UserNoPermissionAccessView
moderatedAccount <- account.moderatedBankAccount(view, cc.user)
} yield {
@ -1143,7 +1146,7 @@ trait APIMethods200 {
val getTransactionTypesIsPublic = Props.getBool("apiOptions.getTransactionTypesIsPublic", true)
val getTransactionTypesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getTransactionTypesIsPublic", true)
resourceDocs += ResourceDoc(
@ -1270,7 +1273,7 @@ trait APIMethods200 {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
/* TODO:
* check if user has access using the view that is given (now it checks if user has access to owner view), will need some new permissions for transaction requests
@ -1285,7 +1288,7 @@ trait APIMethods200 {
fromAccount <- BankAccount(bankId, accountId) ?~! AccountNotFound
availableViews <- Full(fromAccount.permittedViews(cc.user))
_ <- View.fromUrl(viewId, fromAccount) ?~! ViewNotFound
_ <- Views.views.vend.view(viewId, BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) ?~! ViewNotFound
_ <- tryo(availableViews.find(_ == viewId)) ?~! UserNoPermissionAccessView
_ <- booleanToBox(u.ownerAccess(fromAccount) == true || hasEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest) == true , InsufficientAuthorisationToCreateTransactionRequest)
@ -1347,7 +1350,7 @@ trait APIMethods200 {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: TransactionRequestId(transReqId) :: "challenge" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
_ <- cc.user ?~! ErrorMessages.UserNotLoggedIn
_ <- tryo(assert(isValidID(accountId.value)))?~! ErrorMessages.InvalidAccountIdFormat
@ -1436,7 +1439,7 @@ trait APIMethods200 {
lazy val getTransactionRequests: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-requests" :: Nil JsonGet _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
u <- cc.user ?~! UserNotLoggedIn
_ <- Bank(bankId) ?~! BankNotFound
@ -1561,7 +1564,7 @@ trait APIMethods200 {
lazy val createMeeting: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "meetings" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("meeting.tokbox_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("meeting.tokbox_enabled", false)) {
for {
// TODO use these keys to get session and tokens from tokbox
_ <- Props.get("meeting.tokbox_api_key") ~> APIFailure(MeetingApiKeyNotConfigured, 403)
@ -1618,7 +1621,7 @@ trait APIMethods200 {
lazy val getMeetings: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "meetings" :: Nil JsonGet _ => {
cc =>
if (Props.getBool("meeting.tokbox_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("meeting.tokbox_enabled", false)) {
for {
_ <- cc.user ?~! ErrorMessages.UserNotLoggedIn
_ <- Bank(bankId) ?~! BankNotFound
@ -1676,7 +1679,7 @@ trait APIMethods200 {
lazy val getMeeting: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "meetings" :: meetingId :: Nil JsonGet _ => {
cc =>
if (Props.getBool("meeting.tokbox_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("meeting.tokbox_enabled", false)) {
for {
u <- cc.user ?~! UserNotLoggedIn
_ <- Bank(bankId) ?~! BankNotFound
@ -1943,8 +1946,8 @@ trait APIMethods200 {
InvalidJsonFormat,
IncorrectRoleName,
EntitlementIsBankRole,
EntitlementIsSystemRole,
"Entitlement already exists for the user.",
EntitlementIsSystemRole,
EntitlementAlreadyExists,
UnknownError
),
Catalogs(notCore, notPSD2, notOBWG),
@ -1967,7 +1970,7 @@ trait APIMethods200 {
Nil
_ <- booleanToBox(isSuperAdmin(u.userId) || hasAtLeastOneEntitlement(postedData.bank_id, u.userId, allowedEntitlements) == true) ?~! {"Logged user is not super admin or does not have entitlements: " + allowedEntitlements.mkString(", ") + "!"}
_ <- booleanToBox(postedData.bank_id.nonEmpty == false || Bank(BankId(postedData.bank_id)).isEmpty == false) ?~! BankNotFound
_ <- booleanToBox(hasEntitlement(postedData.bank_id, userId, role) == false, "Entitlement already exists for the user." )
_ <- booleanToBox(hasEntitlement(postedData.bank_id, userId, role) == false, EntitlementAlreadyExists )
addedEntitlement <- Entitlement.entitlement.vend.addEntitlement(postedData.bank_id, userId, postedData.role_name)
} yield {
val viewJson = JSONFactory200.createEntitlementJSON(addedEntitlement)

88
src/main/scala/code/api/v2_0_0/OBPAPI2_0_0.scala
View File

@ -146,50 +146,50 @@ object OBPAPI2_0_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
// Updated in 2.0.0 (less info about the views)
val endpointsOf2_0_0 = List(
Implementations2_0_0.allAccountsAllBanks,
Implementations2_0_0.corePrivateAccountsAllBanks,
Implementations2_0_0.publicAccountsAllBanks,
Implementations2_0_0.allAccountsAtOneBank,
Implementations2_0_0.corePrivateAccountsAtOneBank, // this is /my accounts
Implementations2_0_0.privateAccountsAtOneBank, // This was missing for a while from v2.0.0
Implementations2_0_0.publicAccountsAtOneBank,
Implementations2_0_0.createTransactionRequest,
Implementations2_0_0.answerTransactionRequestChallenge,
Implementations2_0_0.getTransactionRequests, // Now has charges information
// Updated in 2.0.0 (added sorting and better guards / error messages)
Implementations2_0_0.accountById,
Implementations2_0_0.getPermissionsForBankAccount,
Implementations2_0_0.getPermissionForUserForBankAccount,
// New in 2.0.0
Implementations2_0_0.getKycDocuments,
Implementations2_0_0.getKycMedia,
Implementations2_0_0.getKycStatuses,
Implementations2_0_0.getKycChecks,
Implementations2_0_0.getSocialMediaHandles,
Implementations2_0_0.addKycDocument,
Implementations2_0_0.addKycMedia,
Implementations2_0_0.addKycStatus,
Implementations2_0_0.addKycCheck,
Implementations2_0_0.addSocialMediaHandle,
Implementations2_0_0.getCoreAccountById,
Implementations2_0_0.getCoreTransactionsForBankAccount,
Implementations2_0_0.createAccount,
Implementations2_0_0.getTransactionTypes,
Implementations2_0_0.createUser,
Implementations2_0_0.createMeeting,
Implementations2_0_0.getMeetings,
Implementations2_0_0.getMeeting,
Implementations2_0_0.createCustomer,
Implementations2_0_0.getCurrentUser,
Implementations2_0_0.getUser,
Implementations2_0_0.createUserCustomerLinks,
Implementations2_0_0.addEntitlement,
Implementations2_0_0.getEntitlements,
Implementations2_0_0.deleteEntitlement,
Implementations2_0_0.getAllEntitlements,
Implementations2_0_0.elasticSearchWarehouse,
Implementations2_0_0.elasticSearchMetrics,
Implementations2_0_0.getCustomers
Implementations2_0_0.getPrivateAccountsAllBanks,
Implementations2_0_0.corePrivateAccountsAllBanks,
Implementations2_0_0.publicAccountsAllBanks,
Implementations2_0_0.getPrivateAccountsAtOneBank,
Implementations2_0_0.corePrivateAccountsAtOneBank, // this is /my accounts
Implementations2_0_0.privateAccountsAtOneBank, // This was missing for a while from v2.0.0
Implementations2_0_0.publicAccountsAtOneBank,
Implementations2_0_0.createTransactionRequest,
Implementations2_0_0.answerTransactionRequestChallenge,
Implementations2_0_0.getTransactionRequests, // Now has charges information
// Updated in 2.0.0 (added sorting and better guards / error messages)
Implementations2_0_0.accountById,
Implementations2_0_0.getPermissionsForBankAccount,
Implementations2_0_0.getPermissionForUserForBankAccount,
// New in 2.0.0
Implementations2_0_0.getKycDocuments,
Implementations2_0_0.getKycMedia,
Implementations2_0_0.getKycStatuses,
Implementations2_0_0.getKycChecks,
Implementations2_0_0.getSocialMediaHandles,
Implementations2_0_0.addKycDocument,
Implementations2_0_0.addKycMedia,
Implementations2_0_0.addKycStatus,
Implementations2_0_0.addKycCheck,
Implementations2_0_0.addSocialMediaHandle,
Implementations2_0_0.getCoreAccountById,
Implementations2_0_0.getCoreTransactionsForBankAccount,
Implementations2_0_0.createAccount,
Implementations2_0_0.getTransactionTypes,
Implementations2_0_0.createUser,
Implementations2_0_0.createMeeting,
Implementations2_0_0.getMeetings,
Implementations2_0_0.getMeeting,
Implementations2_0_0.createCustomer,
Implementations2_0_0.getCurrentUser,
Implementations2_0_0.getUser,
Implementations2_0_0.createUserCustomerLinks,
Implementations2_0_0.addEntitlement,
Implementations2_0_0.getEntitlements,
Implementations2_0_0.deleteEntitlement,
Implementations2_0_0.getAllEntitlements,
Implementations2_0_0.elasticSearchWarehouse,
Implementations2_0_0.elasticSearchMetrics,
Implementations2_0_0.getCustomers
)

25
src/main/scala/code/api/v2_1_0/APIMethods210.scala
View File

@ -4,7 +4,7 @@ import java.text.SimpleDateFormat
import java.util.{Date, Locale}
import code.TransactionTypes.TransactionType
import code.api.util.ApiRole
import code.api.util.{APIUtil, ApiRole}
import code.api.util.ErrorMessages.TransactionDisabled
import code.api.v1_2_1.AmountOfMoneyJsonV121
import code.api.v1_3_0.{JSONFactory1_3_0, _}
@ -29,6 +29,7 @@ import code.transactionrequests.TransactionRequests.{TransactionChallengeTypes,
import code.usercustomerlinks.UserCustomerLink
import code.users.Users
import code.util.Helper.booleanToBox
import code.views.Views
import net.liftweb.http.S
import net.liftweb.json.Extraction
import net.liftweb.util.Helpers.tryo
@ -126,7 +127,7 @@ trait APIMethods210 {
}
val getTransactionRequestTypesIsPublic = Props.getBool("apiOptions.getTransactionRequestTypesIsPublic", true)
val getTransactionRequestTypesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getTransactionRequestTypesIsPublic", true)
resourceDocs += ResourceDoc(
getTransactionRequestTypesSupportedByBank,
@ -403,13 +404,13 @@ trait APIMethods210 {
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: Nil JsonPost json -> _ => {
cc =>
for {
_ <- booleanToBox(Props.getBool("transactionRequests_enabled", false)) ?~ TransactionDisabled
_ <- booleanToBox(APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) ?~ TransactionDisabled
u <- cc.user ?~ UserNotLoggedIn
_ <- tryo(assert(isValidID(accountId.value))) ?~! InvalidAccountIdFormat
_ <- tryo(assert(isValidID(bankId.value))) ?~! InvalidBankIdFormat
_ <- Bank(bankId) ?~! {BankNotFound}
fromAccount <- BankAccount(bankId, accountId) ?~! {AccountNotFound}
_ <- View.fromUrl(viewId, fromAccount) ?~! {ViewNotFound}
_ <- Views.views.vend.view(viewId, BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) ?~! {ViewNotFound}
isOwnerOrHasEntitlement <- booleanToBox(u.ownerAccess(fromAccount) == true ||
hasEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest) == true, InsufficientAuthorisationToCreateTransactionRequest)
_ <- tryo(assert(Props.get("transactionRequests_supported_types", "").split(",").contains(transactionRequestType.value))) ?~!
@ -559,7 +560,7 @@ trait APIMethods210 {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-request-types" ::
TransactionRequestType(transactionRequestType) :: "transaction-requests" :: TransactionRequestId(transReqId) :: "challenge" :: Nil JsonPost json -> _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
// Check we have a User
u: User <- cc.user ?~ UserNotLoggedIn
@ -673,7 +674,7 @@ trait APIMethods210 {
lazy val getTransactionRequests: OBPEndpoint = {
case "banks" :: BankId(bankId) :: "accounts" :: AccountId(accountId) :: ViewId(viewId) :: "transaction-requests" :: Nil JsonGet _ => {
cc =>
if (Props.getBool("transactionRequests_enabled", false)) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false)) {
for {
u <- cc.user ?~ UserNotLoggedIn
_ <- Bank(bankId) ?~! {BankNotFound}
@ -1010,7 +1011,7 @@ trait APIMethods210 {
}
}
val getTransactionTypesIsPublic = Props.getBool("apiOptions.getTransactionTypesIsPublic", true)
val getTransactionTypesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getTransactionTypesIsPublic", true)
resourceDocs += ResourceDoc(
createTransactionType,
@ -1063,7 +1064,7 @@ trait APIMethods210 {
}
val getAtmsIsPublic = Props.getBool("apiOptions.getAtmsIsPublic", true)
val getAtmsIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getAtmsIsPublic", true)
resourceDocs += ResourceDoc(
getAtm,
@ -1107,7 +1108,7 @@ trait APIMethods210 {
}
}
val getBranchesIsPublic = Props.getBool("apiOptions.getBranchesIsPublic", true)
val getBranchesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getBranchesIsPublic", true)
resourceDocs += ResourceDoc(
getBranch,
@ -1155,7 +1156,7 @@ trait APIMethods210 {
}
}
val getProductsIsPublic = Props.getBool("apiOptions.getProductsIsPublic", true)
val getProductsIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getProductsIsPublic", true)
resourceDocs += ResourceDoc(
@ -1541,7 +1542,7 @@ trait APIMethods210 {
for {
u <- cc.user ?~ UserNotLoggedIn
_ <- booleanToBox(
hasEntitlement("", u.userId, ApiRole.canUpdateConsumerRedirectUrl) || Props.getBool("consumers_enabled_by_default", false),
hasEntitlement("", u.userId, ApiRole.canUpdateConsumerRedirectUrl) || APIUtil.getPropsAsBoolValue("consumers_enabled_by_default", false),
UserHasMissingRoles + CanUpdateConsumerRedirectUrl
)
postJson <- tryo {json.extract[ConsumerRedirectUrlJSON]} ?~! InvalidJsonFormat
@ -1550,7 +1551,7 @@ trait APIMethods210 {
//only the developer that created the Consumer should be able to edit it
_ <- tryo(assert(consumer.createdByUserId.equals(cc.user.openOrThrowException(attemptedToOpenAnEmptyBox).userId)))?~! UserNoPermissionUpdateConsumer
//update the redirectURL and isactive (set to false when change redirectUrl) field in consumer table
updatedConsumer <- Consumers.consumers.vend.updateConsumer(consumer.id.get, None, None, Some(Props.getBool("consumers_enabled_by_default", false)), None, None, None, None, Some(postJson.redirect_url), None) ?~! UpdateConsumerError
updatedConsumer <- Consumers.consumers.vend.updateConsumer(consumer.id.get, None, None, Some(APIUtil.getPropsAsBoolValue("consumers_enabled_by_default", false)), None, None, None, None, Some(postJson.redirect_url), None) ?~! UpdateConsumerError
} yield {
val json = JSONFactory210.createConsumerJSON(updatedConsumer)
createdJsonResponse(Extraction.decompose(json))

4
src/main/scala/code/api/v2_1_0/OBPAPI2_1_0.scala
View File

@ -145,7 +145,7 @@ object OBPAPI2_1_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
// Possible Endpoints 2.0.0
val endpointsOf2_0_0 = Implementations2_0_0.allAccountsAllBanks ::
val endpointsOf2_0_0 = Implementations2_0_0.getPrivateAccountsAllBanks ::
Implementations2_0_0.accountById ::
Implementations2_0_0.addEntitlement ::
Implementations2_0_0.addKycCheck ::
@ -153,7 +153,7 @@ object OBPAPI2_1_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
Implementations2_0_0.addKycMedia ::
Implementations2_0_0.addKycStatus ::
Implementations2_0_0.addSocialMediaHandle ::
Implementations2_0_0.allAccountsAtOneBank ::
Implementations2_0_0.getPrivateAccountsAtOneBank ::
Implementations2_0_0.createAccount ::
Implementations2_0_0.createMeeting ::
Implementations2_0_0.createUser ::

14
src/main/scala/code/api/v2_2_0/APIMethods220.scala
View File

@ -20,6 +20,7 @@ import code.model.dataAccess.BankAccountCreation
import code.model.{BankId, ViewId, _}
import code.util.Helper
import code.util.Helper._
import code.views.Views
import net.liftweb.common.Full
import net.liftweb.http.S
import net.liftweb.http.rest.RestHelper
@ -223,7 +224,7 @@ trait APIMethods220 {
updateJson <- tryo{json.extract[UpdateViewJSON]} ?~!InvalidJsonFormat
//customer views are started ith `_`,eg _life, _work, and System views startWith letter, eg: owner
_ <- booleanToBox(viewId.value.startsWith("_"), InvalidCustomViewFormat)
view <- View.fromUrl(viewId, accountId, bankId)?~! ViewNotFound
view <- Views.views.vend.view(viewId, BankIdAccountId(bankId, accountId))?~! ViewNotFound
_ <- booleanToBox(!view.isSystem, SystemViewsCanNotBeModified)
u <- cc.user ?~!UserNotLoggedIn
account <- BankAccount(bankId, accountId) ?~!BankAccountNotFound
@ -299,7 +300,7 @@ trait APIMethods220 {
for {
u <- cc.user ?~! UserNotLoggedIn
account <- Connector.connector.vend.checkBankAccountExists(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)?~! ViewNotFound
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))?~! ViewNotFound
_ <- booleanToBox(view.canAddCounterparty == true, s"${ViewNoPermission}canAddCounterparty")
_ <- Full(account.permittedViews(cc.user).find(_ == viewId)) ?~! UserNoPermissionAccessView
counterparties <- Connector.connector.vend.getCounterparties(bankId,accountId,viewId)
@ -342,7 +343,7 @@ trait APIMethods220 {
for {
_ <- cc.user ?~! UserNotLoggedIn
account <- Connector.connector.vend.checkBankAccountExists(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)?~! ViewNotFound
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))?~! ViewNotFound
_ <- booleanToBox(view.canAddCounterparty == true, s"${ViewNoPermission}canAddCounterparty")
_ <- Full(account.permittedViews(cc.user).find(_ == viewId)) ?~! UserNoPermissionAccessView
counterpartyMetadata <- Counterparties.counterparties.vend.getMetadata(bankId, accountId, counterpartyId.value) ?~! CounterpartyMetadataNotFound
@ -773,9 +774,10 @@ trait APIMethods220 {
"config",
"GET",
"/config",
"The configuration of the API",
"Get API Configuration",
"""Returns information about:
|
|* API Config
|* Akka ports
|* Elastic search ports
|* Cached function """,
@ -1068,7 +1070,7 @@ trait APIMethods220 {
account <- Connector.connector.vend.checkBankAccountExists(bankId, AccountId(accountId.value)) ?~! {AccountNotFound}
postJson <- tryo {json.extract[PostCounterpartyJSON]} ?~! {InvalidJsonFormat+PostCounterpartyJSON}
availableViews <- Full(account.permittedViews(cc.user))
view <- View.fromUrl(viewId, account) ?~! {ViewNotFound}
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~! {ViewNotFound}
_ <- tryo(availableViews.find(_ == viewId)) ?~! {"Current user does not have access to the view " + viewId}
_ <- booleanToBox(view.canAddCounterparty == true, "The current view does not have can_add_counterparty permission. Please use a view with that permission or add the permission to this view.")
_ <- tryo(assert(Counterparties.counterparties.vend.
@ -1138,7 +1140,7 @@ trait APIMethods220 {
for {
bank <- Bank(bankId) ?~ BankNotFound
account <- BankAccount(bank.bankId, accountId) ?~ ErrorMessages.AccountNotFound
view <- View.fromUrl(viewId, account) ?~! {ErrorMessages.ViewNotFound}
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId)) ?~! {ErrorMessages.ViewNotFound}
availableViews <- Full(account.permittedViews(user))
canUserAccessView <- tryo(availableViews.find(_ == viewId)) ?~! UserNoPermissionAccessView
moderatedAccount <- account.moderatedBankAccount(view, user)

4
src/main/scala/code/api/v2_2_0/OBPAPI2_2_0.scala
View File

@ -146,7 +146,7 @@ object OBPAPI2_2_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
// Possible Endpoints 2.0.0 (less info about the views)
val endpointsOf2_0_0 = Implementations2_0_0.allAccountsAllBanks ::
val endpointsOf2_0_0 = Implementations2_0_0.getPrivateAccountsAllBanks ::
Implementations2_0_0.accountById ::
Implementations2_0_0.addEntitlement ::
Implementations2_0_0.addKycCheck ::
@ -154,7 +154,7 @@ object OBPAPI2_2_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
Implementations2_0_0.addKycMedia ::
Implementations2_0_0.addKycStatus ::
Implementations2_0_0.addSocialMediaHandle ::
Implementations2_0_0.allAccountsAtOneBank ::
Implementations2_0_0.getPrivateAccountsAtOneBank ::
//now in V220
//Implementations2_0_0.createAccount ::
Implementations2_0_0.createMeeting ::

52
src/main/scala/code/api/v3_0_0/APIMethods300.scala
View File

@ -5,7 +5,7 @@ import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
import code.api.util.APIUtil.{canGetAtm, _}
import code.api.util.ApiRole._
import code.api.util.ErrorMessages._
import code.api.util.{ApiRole, CallContext, ErrorMessages}
import code.api.util.{APIUtil, ApiRole, CallContext, ErrorMessages}
import code.api.v2_0_0.JSONFactory200
import code.api.v3_0_0.JSONFactory300._
import code.atms.Atms.AtmId
@ -962,7 +962,7 @@ trait APIMethods300 {
val getBranchesIsPublic = Props.getBool("apiOptions.getBranchesIsPublic", true)
val getBranchesIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getBranchesIsPublic", true)
resourceDocs += ResourceDoc(
getBranch,
@ -1096,7 +1096,7 @@ trait APIMethods300 {
}
}
val getAtmsIsPublic = Props.getBool("apiOptions.getAtmsIsPublic", true)
val getAtmsIsPublic = APIUtil.getPropsAsBoolValue("apiOptions.getAtmsIsPublic", true)
resourceDocs += ResourceDoc(
getAtm,
@ -1440,7 +1440,7 @@ trait APIMethods300 {
cc =>
for {
account <- Connector.connector.vend.checkBankAccountExists(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccounts <- account.moderatedOtherBankAccounts(view, cc.user)
} yield {
val otherBankAccountsJson = createOtherBankAccountsJson(otherBankAccounts)
@ -1471,7 +1471,7 @@ trait APIMethods300 {
cc =>
for {
account <- Connector.connector.vend.checkBankAccountExists(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccount <- account.moderatedOtherBankAccount(other_account_id, view, cc.user)
} yield {
val otherBankAccountJson = createOtherBankAccount(otherBankAccount)
@ -1765,6 +1765,46 @@ trait APIMethods300 {
val exampleGlossaryItems = List(GlossaryItem(
title = "Title ",
description =
"""
|Description.
|
|Goes here..
"""))
def getExampleGlossaryItems : List[GlossaryItem] = {
exampleGlossaryItems.toList
}
resourceDocs += ResourceDoc(
getApiGlossary,
implementedInApiVersion,
"glossary",
"GET",
"/api/glossary",
"Get API Glossary",
"""Returns the glossary of the API
|""",
emptyObjectJson,
JSONFactory300.createGlossaryItemsJsonV300(getExampleGlossaryItems),
List(UnknownError),
Catalogs(notCore, notPSD2, notOBWG),
apiTagApi :: Nil)
lazy val getApiGlossary : OBPEndpoint = {
case "api" :: "glossary" :: Nil JsonGet json => _ => {
val json = JSONFactory300.createGlossaryItemsJsonV300(getGlossaryItems)
Full(successJsonResponse(Extraction.decompose(json)))
}
}
/* WIP
resourceDocs += ResourceDoc(
getOtherAccountsForBank,
@ -1793,7 +1833,7 @@ trait APIMethods300 {
for {
_ <- Bank(bankId) ?~! {ErrorMessages.BankNotFound}
account <- BankAccount(bankId, accountId) ?~! BankAccountNotFound
view <- View.fromUrl(viewId, account)
view <- Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
otherBankAccounts <- account.moderatedOtherBankAccounts(view, user)
} yield {
val otherBankAccountsJson = JSONFactory.createOtherBankAccountsJSON(otherBankAccounts)

41
src/main/scala/code/api/v3_0_0/JSONFactory3.0.0.scala
View File

@ -45,6 +45,7 @@ import code.entitlement.Entitlement
import code.entitlementrequest.EntitlementRequest
import code.model.dataAccess.ResourceUser
import net.liftweb.common.{Box, Full}
import org.pegdown.PegDownProcessor
import scala.collection.immutable.List
@ -393,7 +394,47 @@ case class EntitlementRequestJSON(entitlement_request_id: String, user: UserJson
case class EntitlementRequestsJSON(entitlement_requests: List[EntitlementRequestJSON])
case class CreateEntitlementRequestJSON(bank_id: String, role_name: String)
case class GlossaryDescriptionJsonV300 (markdown: String, html: String)
case class GlossaryItemJsonV300 (title: String,
description : GlossaryDescriptionJsonV300
)
case class GlossaryItemsJsonV300 (glossary_items: List[GlossaryItemJsonV300])
import code.api.util.APIUtil.GlossaryItem
object JSONFactory300{
// There are multiple flavours of markdown. For instance, original markdown emphasises underscores (surrounds _ with (<em>))
// But we don't want to have to escape underscores (\_) in our documentation
// Thus we use a flavour of markdown that ignores underscores in words. (Github markdown does this too)
// PegDown seems to be feature rich and ignores underscores in words by default.
// We return html rather than markdown to the consumer so they don't have to bother with these questions.
// Set the timeout: https://github.com/sirthias/pegdown#parsing-timeouts
val PegDownProcessorTimeout: Long = 1000*20
val pegDownProcessor : PegDownProcessor = new PegDownProcessor(PegDownProcessorTimeout)
def createGlossaryItemsJsonV300(glossaryItems: List[GlossaryItem]) : GlossaryItemsJsonV300 = {
GlossaryItemsJsonV300(glossary_items = glossaryItems.map(createGlossaryItemJsonV300))
}
def createGlossaryItemJsonV300(glossaryItem : GlossaryItem) : GlossaryItemJsonV300 = {
GlossaryItemJsonV300(
title = glossaryItem.title,
description = GlossaryDescriptionJsonV300 (markdown = glossaryItem.description.stripMargin, //.replaceAll("\n", ""),
html = pegDownProcessor.markdownToHtml(glossaryItem.description.stripMargin).replaceAll("\n", "")
)
)
}
//stated -- Transaction relevant methods /////
def createTransactionsJson(transactions: List[ModeratedTransaction]) : TransactionsJsonV300 = {
TransactionsJsonV300(transactions.map(createTransactionJSON))

3
src/main/scala/code/api/v3_0_0/OBPAPI3_0_0.scala
View File

@ -153,7 +153,7 @@ object OBPAPI3_0_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
Implementations2_0_0.addKycMedia ::
Implementations2_0_0.addKycStatus ::
Implementations2_0_0.addSocialMediaHandle ::
Implementations2_0_0.allAccountsAtOneBank ::
Implementations2_0_0.getPrivateAccountsAtOneBank ::
//now in V220
//Implementations2_0_0.createAccount ::
Implementations2_0_0.createMeeting ::
@ -265,6 +265,7 @@ object OBPAPI3_0_0 extends OBPRestHelper with APIMethods130 with APIMethods140 w
Implementations3_0_0.getFirehoseAccountsAtOneBank ::
Implementations3_0_0.getEntitlementsForCurrentUser ::
Implementations3_0_0.getFirehoseTransactionsForBankAccount ::
Implementations3_0_0.getApiGlossary ::
Nil

2
src/main/scala/code/bankconnectors/Connector.scala
View File

@ -569,7 +569,7 @@ trait Connector extends MdcLoggable{
// i.e. if we are certain that saveTransaction will be honored immediately by the backend, then transaction_status_scheduler_delay
// can be empty in the props file. Otherwise, the status will be set to STATUS_PENDING
// and getTransactionRequestStatusesImpl needs to be run periodically to update the transaction request status.
if (Props.getLong("transaction_status_scheduler_delay").isEmpty )
if (APIUtil.getPropsAsLongValue("transaction_status_scheduler_delay").isEmpty )
TransactionRequestStatus.COMPLETED
else
TransactionRequestStatus.PENDING

11
src/main/scala/code/bankconnectors/KafkaMappedConnector.scala
View File

@ -25,9 +25,10 @@ Berlin 13359, Germany
import java.text.SimpleDateFormat
import java.util.{Date, Locale, UUID}
import code.api.util.ErrorMessages._
import code.accountholder.AccountHolders
import code.api.util.{ErrorMessages, CallContext}
import code.api.util.{APIUtil, CallContext, ErrorMessages}
import code.api.v2_1_0.TransactionRequestCommonBodyJSON
import code.bankconnectors.vJune2017.AccountRule
import code.bankconnectors.vMar2017.{InboundAdapterInfoInternal, KafkaMappedConnector_vMar2017}
@ -480,9 +481,9 @@ object KafkaMappedConnector extends Connector with KafkaHelper with MdcLoggable
account <- getBankAccountType(bankId, accountId)
} {
spawn{
val useMessageQueue = Props.getBool("messageQueue.updateBankAccountsTransaction", false)
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = Box!!account.lastUpdate match {
case Full(l) => now after time(l.getTime + hours(Props.getInt("messageQueue.updateTransactionsInterval", 1)))
case Full(l) => now after time(l.getTime + hours(APIUtil.getPropsAsIntValue("messageQueue.updateTransactionsInterval", 1)))
case _ => true
}
//if(outDatedTransactions && useMessageQueue) {
@ -502,7 +503,7 @@ object KafkaMappedConnector extends Connector with KafkaHelper with MdcLoggable
// Get one counterparty by the Counterparty Id
override def getCounterpartyByCounterpartyId(counterpartyId: CounterpartyId): Box[CounterpartyTrait] = {
if (Props.getBool("get_counterparties_from_OBP_DB", true)) {
if (APIUtil.getPropsAsBoolValue("get_counterparties_from_OBP_DB", true)) {
Counterparties.counterparties.vend.getCounterparty(counterpartyId.value)
} else {
val req = Map(
@ -527,7 +528,7 @@ object KafkaMappedConnector extends Connector with KafkaHelper with MdcLoggable
override def getCounterpartyByIban(iban: String): Box[CounterpartyTrait] = {
if (Props.getBool("get_counterparties_from_OBP_DB", true)) {
if (APIUtil.getPropsAsBoolValue("get_counterparties_from_OBP_DB", true)) {
Counterparties.counterparties.vend.getCounterpartyByIban(iban)
} else {
val req = Map(

4
src/main/scala/code/bankconnectors/KafkaMappedConnector_JVMcompatible.scala
View File

@ -666,9 +666,9 @@ object KafkaMappedConnector_JVMcompatible extends Connector with KafkaHelper wit
account <- getBankAccountType(bankId, accountId)
} {
spawn{
val useMessageQueue = Props.getBool("messageQueue.updateBankAccountsTransaction", false)
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = Box!!account.lastUpdate match {
case Full(l) => now after time(l.getTime + hours(Props.getInt("messageQueue.updateTransactionsInterval", 1)))
case Full(l) => now after time(l.getTime + hours(APIUtil.getPropsAsIntValue("messageQueue.updateTransactionsInterval", 1)))
case _ => true
}
//if(outDatedTransactions && useMessageQueue) {

4
src/main/scala/code/bankconnectors/LocalMappedConnector.scala
View File

@ -265,9 +265,9 @@ object LocalMappedConnector extends Connector with MdcLoggable {
account <- getBankAccount(bankId, accountId).map(_.asInstanceOf[MappedBankAccount])
} {
Future{
val useMessageQueue = Props.getBool("messageQueue.updateBankAccountsTransaction", false)
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = Box!!account.accountLastUpdate.get match {
case Full(l) => now after time(l.getTime + hours(Props.getInt("messageQueue.updateTransactionsInterval", 1)))
case Full(l) => now after time(l.getTime + hours(APIUtil.getPropsAsIntValue("messageQueue.updateTransactionsInterval", 1)))
case _ => true
}
if(outDatedTransactions && useMessageQueue) {

7
src/main/scala/code/bankconnectors/LocalRecordConnector.scala
View File

@ -2,8 +2,9 @@ package code.bankconnectors
import java.text.SimpleDateFormat
import java.util.{Date, TimeZone, UUID}
import code.api.util.ErrorMessages._
import code.api.util.CallContext
import code.api.util.{APIUtil, CallContext}
import code.api.v2_1_0.TransactionRequestCommonBodyJSON
import code.bankconnectors.vMar2017.InboundAdapterInfoInternal
import code.branches.Branches.{Branch, BranchT}
@ -338,8 +339,8 @@ private object LocalRecordConnector extends Connector with MdcLoggable {
private def updateAccountTransactions(bank: HostedBank, account: Account): Unit = {
Future {
val useMessageQueue = Props.getBool("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = now after time(account.accountLastUpdate.get.getTime + hours(Props.getInt("messageQueue.updateTransactionsInterval", 1)))
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = now after time(account.accountLastUpdate.get.getTime + hours(APIUtil.getPropsAsIntValue("messageQueue.updateTransactionsInterval", 1)))
if(outDatedTransactions && useMessageQueue) {
UpdatesRequestSender.sendMsg(UpdateBankAccount(account.accountNumber.get, bank.national_identifier.get))
}

4
src/main/scala/code/bankconnectors/ObpJvmMappedConnector.scala
View File

@ -531,9 +531,9 @@ object ObpJvmMappedConnector extends Connector with MdcLoggable {
account <- getBankAccountType(bankId, accountId)
} {
spawn{
val useMessageQueue = Props.getBool("messageQueue.updateBankAccountsTransaction", false)
val useMessageQueue = APIUtil.getPropsAsBoolValue("messageQueue.updateBankAccountsTransaction", false)
val outDatedTransactions = Box!!account.lastUpdate match {
case Full(l) => now after time(l.getTime + hours(Props.getInt("messageQueue.updateTransactionsInterval", 1)))
case Full(l) => now after time(l.getTime + hours(APIUtil.getPropsAsIntValue("messageQueue.updateTransactionsInterval", 1)))
case _ => true
}
//if(outDatedTransactions && useMessageQueue) {

7
src/main/scala/code/bankconnectors/vMar2017/KafkaMappedConnector_vMar2017.scala
View File

@ -25,10 +25,11 @@ Berlin 13359, Germany
import java.text.SimpleDateFormat
import java.util.{Date, Locale, UUID}
import code.api.util.ErrorMessages._
import code.accountholder.AccountHolders
import code.api.util.APIUtil.MessageDoc
import code.api.util.{ErrorMessages, CallContext}
import code.api.util.{APIUtil, CallContext, ErrorMessages}
import code.api.v2_1_0._
import code.bankconnectors._
import code.branches.Branches.{Branch, BranchT}
@ -890,7 +891,7 @@ trait KafkaMappedConnector_vMar2017 extends Connector with KafkaHelper with MdcL
)
override def getCounterpartyByCounterpartyId(counterpartyId: CounterpartyId): Box[CounterpartyTrait] = {
if (Props.getBool("get_counterparties_from_OBP_DB", true)) {
if (APIUtil.getPropsAsBoolValue("get_counterparties_from_OBP_DB", true)) {
Counterparties.counterparties.vend.getCounterparty(counterpartyId.value)
} else {
val req = OutboundCounterpartyByCounterpartyIdBase(
@ -946,7 +947,7 @@ trait KafkaMappedConnector_vMar2017 extends Connector with KafkaHelper with MdcL
)
override def getCounterpartyByIban(iban: String): Box[CounterpartyTrait] = {
if (Props.getBool("get_counterparties_from_OBP_DB", true)) {
if (APIUtil.getPropsAsBoolValue("get_counterparties_from_OBP_DB", true)) {
Counterparties.counterparties.vend.getCounterpartyByIban(iban)
} else {
val req = OutboundCounterpartyByIbanBase(

4
src/main/scala/code/consumer/ConsumerProvider.scala
View File

@ -1,9 +1,11 @@
package code.consumer
import code.api.util.APIUtil
import code.model.{AppType, Consumer, MappedConsumersProvider}
import code.remotedata.RemotedataConsumers
import net.liftweb.common.Box
import net.liftweb.util.{Props, SimpleInjector}
import scala.concurrent.Future
object Consumers extends SimpleInjector {
@ -11,7 +13,7 @@ object Consumers extends SimpleInjector {
val consumers = new Inject(buildOne _) {}
def buildOne: ConsumersProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedConsumersProvider
case true => RemotedataConsumers // We will use Akka as a middleware
}

3
src/main/scala/code/customer/CustomerProvider.scala
View File

@ -3,6 +3,7 @@ package code.customer
import java.lang
import java.util.Date
import code.api.util.APIUtil
import code.model.{BankId, User}
import code.remotedata.RemotedataCustomers
import net.liftweb.common.Box
@ -15,7 +16,7 @@ object Customer extends SimpleInjector {
val customerProvider = new Inject(buildOne _) {}
def buildOne: CustomerProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedCustomerProvider
case true => RemotedataCustomers // We will use Akka as a middleware
}

3
src/main/scala/code/entitlement/Entilement.scala
View File

@ -1,6 +1,7 @@
package code.entitlement
import code.api.util.APIUtil
import code.remotedata.RemotedataEntitlements
import net.liftweb.common.Box
import net.liftweb.util.{Props, SimpleInjector}
@ -12,7 +13,7 @@ object Entitlement extends SimpleInjector {
val entitlement = new Inject(buildOne _) {}
def buildOne: EntitlementProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedEntitlementsProvider
case true => RemotedataEntitlements // We will use Akka as a middleware
}

5
src/main/scala/code/kafka/KafkaConfig.scala
View File

@ -2,6 +2,7 @@ package code.kafka
import java.util.UUID
import code.api.util.APIUtil
import net.liftweb.util.Props
import scala.concurrent.duration.{FiniteDuration, MILLISECONDS}
@ -13,7 +14,7 @@ trait KafkaConfig {
val bootstrapServers = Props.get("kafka.bootstrap_hosts")openOr("localhost:9092")
val partitions = Props.getInt("kafka.partitions")openOr(10)
val partitions = APIUtil.getPropsAsIntValue("kafka.partitions", 10)
val clientId = UUID.randomUUID().toString
@ -22,5 +23,5 @@ trait KafkaConfig {
val autoOffsetResetConfig = "earliest"
val maxWakeups = 50
//TODO should be less then container's timeout
val completionTimeout = FiniteDuration(Props.getInt("kafka.akka.timeout", 2)*1000 - 450, MILLISECONDS)
val completionTimeout = FiniteDuration(APIUtil.getPropsAsIntValue("kafka.akka.timeout", 2)*1000 - 450, MILLISECONDS)
}

3
src/main/scala/code/metadata/comments/Comments.scala
View File

@ -2,6 +2,7 @@ package code.metadata.comments
import java.util.Date
import code.api.util.APIUtil
import code.model._
import code.remotedata.RemotedataComments
import net.liftweb.common.Box
@ -12,7 +13,7 @@ object Comments extends SimpleInjector {
val comments = new Inject(buildOne _) {}
def buildOne: Comments =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedComments
case true => RemotedataComments // We will use Akka as a middleware
}

3
src/main/scala/code/metadata/counterparties/Counterparties.scala
View File

@ -2,6 +2,7 @@ package code.metadata.counterparties
import java.util.Date
import code.api.util.APIUtil
import code.model._
import code.remotedata.RemotedataCounterparties
import net.liftweb.common.Box
@ -12,7 +13,7 @@ object Counterparties extends SimpleInjector {
val counterparties = new Inject(buildOne _) {}
def buildOne: Counterparties =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MapperCounterparties
case true => RemotedataCounterparties // We will use Akka as a middleware
}

3
src/main/scala/code/metadata/narrative/Narrative.scala
View File

@ -1,5 +1,6 @@
package code.metadata.narrative
import code.api.util.APIUtil
import code.model.{AccountId, BankId, TransactionId}
import code.remotedata.RemotedataNarratives
import net.liftweb.util.{Props, SimpleInjector}
@ -9,7 +10,7 @@ object Narrative extends SimpleInjector {
val narrative = new Inject(buildOne _) {}
def buildOne: Narrative =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedNarratives
case true => RemotedataNarratives // We will use Akka as a middleware
}

3
src/main/scala/code/metadata/tags/Tags.scala
View File

@ -2,6 +2,7 @@ package code.metadata.tags
import java.util.Date
import code.api.util.APIUtil
import code.model._
import code.remotedata.RemotedataTags
import net.liftweb.common.Box
@ -12,7 +13,7 @@ object Tags extends SimpleInjector {
val tags = new Inject(buildOne _) {}
def buildOne: Tags =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedTags
case true => RemotedataTags // We will use Akka as a middleware
}

3
src/main/scala/code/metadata/transactionimages/TransactionImages.scala
View File

@ -2,6 +2,7 @@ package code.metadata.transactionimages
import java.util.Date
import code.api.util.APIUtil
import code.model._
import code.remotedata.RemotedataTransactionImages
import net.liftweb.common.Box
@ -12,7 +13,7 @@ object TransactionImages extends SimpleInjector {
val transactionImages = new Inject(buildOne _) {}
def buildOne: TransactionImages =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MapperTransactionImages
case true => RemotedataTransactionImages // We will use Akka as a middleware
}

3
src/main/scala/code/metadata/wheretags/WhereTags.scala
View File

@ -2,6 +2,7 @@ package code.metadata.wheretags
import java.util.Date
import code.api.util.APIUtil
import code.model._
import code.remotedata.RemotedataWhereTags
import net.liftweb.common.Box
@ -12,7 +13,7 @@ object WhereTags extends SimpleInjector {
val whereTags = new Inject(buildOne _) {}
def buildOne: WhereTags =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MapperWhereTags
case true => RemotedataWhereTags // We will use Akka as a middleware
}

7
src/main/scala/code/metrics/APIMetrics.scala
View File

@ -2,6 +2,7 @@ package code.metrics
import java.util.{Calendar, Date}
import code.api.util.APIUtil
import code.bankconnectors.OBPQueryParam
import code.remotedata.RemotedataMetrics
import net.liftweb.util.{Props, SimpleInjector}
@ -11,11 +12,11 @@ object APIMetrics extends SimpleInjector {
val apiMetrics = new Inject(buildOne _) {}
def buildOne: APIMetrics =
Props.getBool("allow_elasticsearch", false) &&
Props.getBool("allow_elasticsearch_metrics", false) match {
APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) &&
APIUtil.getPropsAsBoolValue("allow_elasticsearch_metrics", false) match {
// case false => MappedMetrics
case false =>
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedMetrics
case true => RemotedataMetrics // We will use Akka as a middleware
}

3
src/main/scala/code/metrics/ConnectorMetricsProvider.scala
View File

@ -2,6 +2,7 @@ package code.metrics
import java.util.{Calendar, Date}
import code.api.util.APIUtil
import code.bankconnectors.OBPQueryParam
import code.remotedata.RemotedataConnectorMetrics
import net.liftweb.util.{Props, SimpleInjector}
@ -11,7 +12,7 @@ object ConnectorMetricsProvider extends SimpleInjector {
val metrics = new Inject(buildOne _) {}
def buildOne: ConnectorMetricsProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => ConnectorMetrics
case true => RemotedataConnectorMetrics // We will use Akka as a middleware
}

3
src/main/scala/code/metrics/ElasticsearchMetrics.scala
View File

@ -2,6 +2,7 @@ package code.metrics
import java.util.Date
import code.api.util.APIUtil
import code.bankconnectors._
import code.search.elasticsearchMetrics
import net.liftweb.mapper._
@ -12,7 +13,7 @@ object ElasticsearchMetrics extends APIMetrics {
val es = new elasticsearchMetrics
override def saveMetric(userId: String, url: String, date: Date, duration: Long, userName: String, appName: String, developerEmail: String, consumerId: String, implementedByPartialFunction: String, implementedInVersion: String, verb: String, correlationId: String): Unit = {
if (Props.getBool("allow_elasticsearch", false) && Props.getBool("allow_elasticsearch_metrics", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_metrics", false) ) {
//TODO ,need to be fixed now add more parameters
es.indexMetric(userId, url, date, duration, userName, appName, developerEmail, correlationId)
}

24
src/main/scala/code/model/BankingData.scala
View File

@ -181,7 +181,8 @@ trait Bank {
//it's not entirely clear what this is/represents (BLZ in Germany?)
@deprecated("Please use bankRoutingScheme and bankRoutingAddress instead")
def nationalIdentifier : String
@deprecated("This method will mix public and private, not clear for Apps.","2018-02-18")
def accounts(user : Box[User]) : List[BankAccount] = {
Views.views.vend.getAllAccountsUserCanSee(this, user).flatMap { a =>
BankAccount(a.bankId, a.accountId)
@ -357,8 +358,15 @@ trait BankAccount extends MdcLoggable {
}
}
private def viewNotAllowed(view : View ) = Failure("user does not have access to the " + view.name + " view")
private def viewNotAllowed(view : View ) = Failure(s"${UserNoPermissionAccessView} Current VIEW_ID (${view.viewId.value})")
/**
*
* Check search for the bankaccount private views which the user have access to ++ public views.
* @param user a user
* @return a list of views, the user can access
*
*/
final def permittedViews(user: Box[User]) : List[View] = {
user match {
case Full(u) => u.permittedViews(this)
@ -625,15 +633,6 @@ trait BankAccount extends MdcLoggable {
else
viewNotAllowed(view)
@deprecated(Helper.deprecatedJsonGenerationMessage)
final def overviewJson(user: Box[User]): JObject = {
val views = permittedViews(user)
("number" -> number) ~
("account_alias" -> label) ~
("owner_description" -> "") ~
("views_available" -> views.map(view => view.toJson)) ~
View.linksJson(views, accountId, bankId)
}
}
object BankAccount {
@ -701,6 +700,7 @@ object BankAccount {
}
}
@deprecated("This method will mix public and private, not clear for Apps.","2018-02-18")
def accounts(user : Box[User]) : List[BankAccount] = {
Views.views.vend.getAllAccountsUserCanSee(user).flatMap { a =>
BankAccount(a.bankId, a.accountId)

3
src/main/scala/code/model/OAuth.scala
View File

@ -32,6 +32,7 @@ Berlin 13359, Germany
package code.model
import java.util.Date
import code.api.util.APIUtil
import code.token.TokensProvider
import code.consumer.{Consumers, ConsumersProvider}
import code.model.AppType.{Mobile, Web}
@ -309,7 +310,7 @@ class Consumer extends LongKeyedMapper[Consumer] with CreatedUpdated{
object key extends MappedString(this, 250)
object secret extends MappedString(this, 250)
object isActive extends MappedBoolean(this){
override def defaultValue = Props.getBool("consumers_enabled_by_default", false)
override def defaultValue = APIUtil.getPropsAsBoolValue("consumers_enabled_by_default", false)
}
object name extends MappedString(this, 100){
override def validations = minLength3(this) _ :: super.validations

9
src/main/scala/code/model/User.scala
View File

@ -77,9 +77,14 @@ trait User {
Failure("user doesn't have access to any view that allows initiating transactions")
}
}
/**
* return all the views the user has the access to.
*/
def views: List[View]
/**
* Check the User have this `view` or not.
*/
def permittedView(v: View): Boolean =
views.contains(v)

32
src/main/scala/code/model/View.scala
View File

@ -200,6 +200,8 @@ trait View {
// System Views: eg: owner, accountant ... They are the fixed views, account owner can not modify it.
// User Created Views: Start with _, eg _son, _wife ... The owner can update the fields for these views.
def isSystem : Boolean
def isFirehose : Boolean
def isPublic : Boolean
//these ids are used together to uniquely identify a view
def viewId : ViewId
@ -211,8 +213,6 @@ trait View {
def name: String
def description : String
def isPublic : Boolean
def isFirehose : Boolean
def users: List[User]
//the view settings
@ -793,30 +793,4 @@ trait View {
else
None
}
@deprecated(Helper.deprecatedJsonGenerationMessage)
def toJson : JObject = {
("name" -> name) ~
("description" -> description)
}
}
object View {
def fromUrl(viewId: ViewId, account: BankAccount): Box[View] =
Views.views.vend.view(viewId, BankIdAccountId(account.bankId, account.accountId))
def fromUrl(viewId: ViewId, accountId: AccountId, bankId: BankId): Box[View] =
Views.views.vend.view(ViewIdBankIdAccountId(viewId, bankId, accountId))
@deprecated(Helper.deprecatedJsonGenerationMessage)
def linksJson(views: List[View], accountId: AccountId, bankId: BankId): JObject = {
val viewsJson = views.map(view => {
("rel" -> "account") ~
("href" -> { "/" + bankId + "/account/" + accountId + "/" + view.viewId }) ~
("method" -> "GET") ~
("title" -> "Get information about one account")
})
("links" -> viewsJson)
}
}
}

10
src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -257,7 +257,7 @@ import net.liftweb.util.Helpers._
override def signupFields = List(firstName, lastName, email, username, password)
// If we want to validate email addresses set this to false
override def skipEmailValidation = Props.getBool("authUser.skipEmailValidation", true)
override def skipEmailValidation = APIUtil.getPropsAsBoolValue("authUser.skipEmailValidation", true)
override def loginXhtml = {
val loginXml = Templates(List("templates-hidden","_login")).map({
@ -516,7 +516,7 @@ import net.liftweb.util.Helpers._
case Full(user) if (user.getProvider() != Props.get("hostname","")) =>
connector match {
case Helper.matchAnyKafka() if ( Props.getBool("kafka.user.authentication", false) &&
case Helper.matchAnyKafka() if ( APIUtil.getPropsAsBoolValue("kafka.user.authentication", false) &&
! LoginAttempt.userIsLocked(username) ) =>
val userId = for { kafkaUser <- getUserFromConnector(username, password)
kafkaUserId <- tryo{kafkaUser.user} } yield {
@ -529,7 +529,7 @@ import net.liftweb.util.Helpers._
LoginAttempt.incrementBadLoginAttempts(username)
Empty
}
case "obpjvm" if ( Props.getBool("obpjvm.user.authentication", false) &&
case "obpjvm" if ( APIUtil.getPropsAsBoolValue("obpjvm.user.authentication", false) &&
! LoginAttempt.userIsLocked(username) ) =>
val userId = for { obpjvmUser <- getUserFromConnector(username, password)
obpjvmUserId <- tryo{obpjvmUser.user} } yield {
@ -720,8 +720,8 @@ import net.liftweb.util.Helpers._
// If not found locally, try to authenticate user via Kafka, if enabled in props
case Empty if (connector.startsWith("kafka") || connector == "obpjvm") &&
(Props.getBool("kafka.user.authentication", false) ||
Props.getBool("obpjvm.user.authentication", false)) =>
(APIUtil.getPropsAsBoolValue("kafka.user.authentication", false) ||
APIUtil.getPropsAsBoolValue("obpjvm.user.authentication", false)) =>
val preLoginState = capturePreLoginState()
info("login redir: " + loginRedirect.get)
val redir = loginRedirect.get match {

2
src/main/scala/code/model/dataAccess/BankAccountCreationDispatcher.scala
View File

@ -111,7 +111,7 @@ import com.tesobe.model.{CreateBankAccount, UpdateBankAccount}
private def createOwnerView(bankId : BankId, accountId : AccountId, user: User): Unit = {
val ownerViewUID = ViewIdBankIdAccountId(ViewId("owner"), bankId, accountId)
val existingOwnerView = Views.views.vend.view(ownerViewUID)
val existingOwnerView = Views.views.vend.view(ownerViewUID.viewId, BankIdAccountId(ownerViewUID.bankId, ownerViewUID.accountId))
existingOwnerView match {
case Full(v) => {

3
src/main/scala/code/model/dataAccess/MongoConfig.scala
View File

@ -31,6 +31,7 @@ Berlin 13359, Germany
*/
package code.model.dataAccess
import code.api.util.APIUtil
import code.metadata.narrative.OBPNarrativeInit
import code.metadata.wheretags.OBPWhereTagInit
import com.mongodb.MongoClient
@ -49,7 +50,7 @@ object MongoConfig {
val srvr = new ServerAddress(
Props.get("mongo.host", "localhost"),
Props.getInt("mongo.port", 27017)
APIUtil.getPropsAsIntValue("mongo.port", 27017)
)
val defaultDatabase = Props.mode match {
case Props.RunModes.Test => "test"

3
src/main/scala/code/model/dataAccess/view.scala
View File

@ -33,6 +33,7 @@ Berlin 13359, Germany
package code.model.dataAccess
import code.api.APIFailure
import code.api.util.ErrorMessages
import code.util.{AccountIdString, UUIDString}
import net.liftweb.common.{Box, Full}
import net.liftweb.mapper._
@ -522,7 +523,7 @@ object ViewImpl extends ViewImpl with LongKeyedMetaMapper[ViewImpl]{
def find(viewUID : ViewIdBankIdAccountId) : Box[ViewImpl] = {
find(By(permalink_, viewUID.viewId.value) :: accountFilter(viewUID.bankId, viewUID.accountId): _*) ~>
APIFailure(s"View with permalink $viewId not found", 404)
APIFailure(s"${ErrorMessages.ViewNotFound}. Current ACCOUNT_ID(${viewUID.accountId.value}) and VIEW_ID (${viewUID.viewId.value})", 404)
//TODO: APIFailures with http response codes belong at a higher level in the code
}

3
src/main/scala/code/nonce/NonceProvider.scala
View File

@ -2,6 +2,7 @@ package code.nonce
import java.util.Date
import code.api.util.APIUtil
import code.model.{MappedNonceProvider, Nonce}
import code.remotedata.RemotedataNonces
import net.liftweb.common.Box
@ -15,7 +16,7 @@ object Nonces extends SimpleInjector {
val nonces = new Inject(buildOne _) {}
def buildOne: NoncesProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedNonceProvider
case true => RemotedataNonces // We will use Akka as a middleware
}

6
src/main/scala/code/remotedata/RemotedataViews.scala
View File

@ -31,9 +31,6 @@ object RemotedataViews extends ObpActorInit with Views {
def revokeAllPermissions(bankId : BankId, accountId: AccountId, user : User) : Box[Boolean] =
extractFutureToBox(actor ? cc.revokeAllPermissions(bankId, accountId, user))
def view(viewUID : ViewIdBankIdAccountId) : Box[View] =
extractFutureToBox(actor ? cc.view(viewUID))
def view(viewId : ViewId, account: BankIdAccountId) : Box[View] =
extractFutureToBox(actor ? cc.view(viewId, account))
@ -128,9 +125,6 @@ object RemotedataViews extends ObpActorInit with Views {
def createRandomView(bankId: BankId, accountId: AccountId) : Box[View] =
extractFutureToBox(actor ? cc.createRandomView(bankId, accountId))
def viewExists(bankId: BankId, accountId: AccountId, name: String): Boolean =
extractFuture(actor ? cc.viewExists(bankId, accountId, name))
// For tests
def bulkDeleteAllPermissionsAndViews(): Boolean =
extractFuture(actor ? cc.bulkDeleteAllPermissionsAndViews())

4
src/main/scala/code/remotedata/RemotedataViewsActor.scala
View File

@ -39,10 +39,6 @@ class RemotedataViewsActor extends Actor with ObpActorHelper with MdcLoggable {
logger.debug("revokeAllPermissions(" + bankId +"," + accountId +","+ user +")")
sender ! extractResult(mapper.revokeAllPermissions(bankId, accountId, user))
case cc.view(viewIdBankIdAccountId : ViewIdBankIdAccountId) =>
logger.debug("view(" + viewIdBankIdAccountId +")")
sender ! extractResult(mapper.view(viewIdBankIdAccountId))
case cc.view(viewId: ViewId, bankAccountId: BankIdAccountId) =>
logger.debug("view(" + viewId +", "+ bankAccountId + ")")
sender ! extractResult(mapper.view(viewId, bankAccountId))

18
src/main/scala/code/search/search.scala
View File

@ -14,11 +14,11 @@ import Defaults._
import net.liftweb.json
import java.util.Date
import code.api.util.APIUtil
import org.elasticsearch.common.settings.Settings
import com.sksamuel.elastic4s.TcpClient
import com.sksamuel.elastic4s.mappings.FieldType._
import com.sksamuel.elastic4s.ElasticDsl._
import net.liftweb.http.provider.HTTPCookie
import net.liftweb.json.JsonAST
@ -44,7 +44,7 @@ class elasticsearch extends MdcLoggable {
def searchProxy(userId: String, queryString: String): LiftResponse = {
//println("-------------> " + esHost + ":" + esPortHTTP + "/" + esIndex + "/" + queryString)
if (Props.getBool("allow_elasticsearch", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) ) {
val request = constructQuery(userId, getParameters(queryString))
val response = getAPIResponse(request)
ESJsonResponse(response.body, ("Access-Control-Allow-Origin", "*") :: Nil, Nil, response.code)
@ -54,7 +54,7 @@ class elasticsearch extends MdcLoggable {
}
def searchProxyV300(userId: String, uri: String, body: String): LiftResponse = {
if (Props.getBool("allow_elasticsearch", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) ) {
val httpHost = ("http://" + esHost + ":" + esPortHTTP)
val esUrl = s"${httpHost}${uri.replaceAll("\"" , "")}"
logger.debug(esUrl)
@ -151,7 +151,7 @@ class elasticsearchMetrics extends elasticsearch {
var client:TcpClient = null
if (Props.getBool("allow_elasticsearch", false) && Props.getBool("allow_elasticsearch_metrics", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_metrics", false) ) {
val settings = Settings.builder().put("cluster.name", Props.get("es.cluster.name", "elasticsearch")).build()
client = TcpClient.transport(settings, "elasticsearch://" + esHost + ":" + esPortTCP + ",")
try {
@ -175,7 +175,7 @@ class elasticsearchMetrics extends elasticsearch {
}
def indexMetric(userId: String, url: String, date: Date, duration: Long, userName: String, appName: String, developerEmail: String, correlationId: String) {
if (Props.getBool("allow_elasticsearch", false) && Props.getBool("allow_elasticsearch_metrics", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_metrics", false) ) {
try {
client.execute {
indexInto(esIndex / "request") fields (
@ -204,7 +204,7 @@ class elasticsearchWarehouse extends elasticsearch {
override val esPortHTTP = Props.get("es.warehouse.port.http","9200")
override val esIndex = Props.get("es.warehouse.index", "warehouse")
var client:TcpClient = null
if (Props.getBool("allow_elasticsearch", false) && Props.getBool("allow_elasticsearch_warehouse", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) && APIUtil.getPropsAsBoolValue("allow_elasticsearch_warehouse", false) ) {
val settings = Settings.builder().put("cluster.name", Props.get("es.cluster.name", "elasticsearch")).build()
client = TcpClient.transport(settings, "elasticsearch://" + esHost + ":" + esPortTCP + ",")
}
@ -221,7 +221,7 @@ class elasticsearchOBP extends elasticsearch {
var client:TcpClient = null
if (Props.getBool("allow_elasticsearch", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) ) {
client = TcpClient.transport("elasticsearch://" + esHost + ":" + esPortTCP + ",")
client.execute {
@ -251,7 +251,7 @@ class elasticsearchOBP extends elasticsearch {
// Index a Transaction
// Put into a index that has the viewId and version in the name.
def indexTransaction(viewId: String, transaction: TransactionJSON) {
if (Props.getBool("allow_elasticsearch", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) ) {
client.execute {
index into transactionIndex / "transaction" fields (
"viewId" -> viewId,
@ -264,7 +264,7 @@ class elasticsearchOBP extends elasticsearch {
// Index an Account
// Put into a index that has the viewId and version in the name.
def indexAccount(viewId: String, account: AccountJSON) {
if (Props.getBool("allow_elasticsearch", false) ) {
if (APIUtil.getPropsAsBoolValue("allow_elasticsearch", false) ) {
client.execute {
index into accountIndex / "account" fields (
"viewId" -> viewId,

4
src/main/scala/code/snippet/ConsumerRegistration.scala
View File

@ -31,7 +31,7 @@ Berlin 13359, Germany
*/
package code.snippet
import code.api.util.ErrorMessages
import code.api.util.{APIUtil, ErrorMessages}
import code.model._
import code.model.dataAccess.AuthUser
import net.liftweb.common.{Empty, Full}
@ -202,7 +202,7 @@ class ConsumerRegistration extends MdcLoggable {
} yield {
// Only send consumer key / secret by email if we explicitly want that.
val sendSensitive : Boolean = Props.getBool("mail.api.consumer.registered.notification.send.sensistive", false)
val sendSensitive : Boolean = APIUtil.getPropsAsBoolValue("mail.api.consumer.registered.notification.send.sensistive", false)
val consumerKeyOrMessage : String = if (sendSensitive) registered.key.get else "Configured so sensitive data is not sent by email (Consumer Key)."
val consumerSecretOrMessage : String = if (sendSensitive) registered.secret.get else "Configured so sensitive data is not sent by email (Consumer Secret)."

5
src/main/scala/code/snippet/Login.scala
View File

@ -33,6 +33,7 @@ Berlin 13359, Germany
package code.snippet
import code.api.OpenIdConnectConfig
import code.api.util.APIUtil
import code.model.dataAccess.{Admin, AuthUser}
import net.liftweb.http.{S, SHtml}
import net.liftweb.util.Helpers._
@ -96,7 +97,7 @@ class Login {
def openIdConnectButton : CssSel = {
if(Props.getBool("allow_openidconnect", false)){
if(APIUtil.getPropsAsBoolValue("allow_openidconnect", false)){
val config = OpenIdConnectConfig.get()
var onclick = "getCode();"
if (config.url_login.endsWith(".js") )
@ -116,7 +117,7 @@ class Login {
}
def openIdConnectScripts : CssSel = {
if(Props.getBool("allow_openidconnect", false)){
if(APIUtil.getPropsAsBoolValue("allow_openidconnect", false)){
val config = OpenIdConnectConfig.get()
val url = config.url_login

4
src/main/scala/code/token/TokenProvider.scala
View File

@ -2,10 +2,12 @@ package code.token
import java.util.Date
import code.api.util.APIUtil
import code.model.{MappedTokenProvider, Token, TokenType}
import code.remotedata.RemotedataTokens
import net.liftweb.common.Box
import net.liftweb.util.{Props, SimpleInjector}
import scala.concurrent.Future
object Tokens extends SimpleInjector {
@ -13,7 +15,7 @@ object Tokens extends SimpleInjector {
val tokens = new Inject(buildOne _) {}
def buildOne: TokensProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedTokenProvider
case true => RemotedataTokens // We will use Akka as a middleware
}

3
src/main/scala/code/transactionChallenge/ExpectedChallengeAnswer.scala
View File

@ -1,5 +1,6 @@
package code.transactionChallenge
import code.api.util.APIUtil
import code.remotedata.RemotedataExpectedChallengeAnswerProvider
import net.liftweb.util.{Props, SimpleInjector}
@ -17,7 +18,7 @@ object ExpectedChallengeAnswer extends SimpleInjector {
val expectedChallengeAnswerProvider = new Inject(buildOne _) {}
def buildOne: ExpectedChallengeAnswerProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedExpectedChallengeAnswerProvider
case true => RemotedataExpectedChallengeAnswerProvider // We will use Akka as a middleware
}

3
src/main/scala/code/transactionrequests/TransactionRequests.scala
View File

@ -3,6 +3,7 @@ package code.transactionrequests
import java.util.Date
import code.api.util.APIUtil
import code.api.v2_1_0.TransactionRequestCommonBodyJSON
import code.metadata.counterparties.CounterpartyTrait
import code.model._
@ -84,7 +85,7 @@ object TransactionRequests extends SimpleInjector {
def buildOne: TransactionRequestProvider =
Props.get("transactionRequests_connector", "mapped") match {
case "mapped" => Props.getBool("use_akka", false) match {
case "mapped" => APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedTransactionRequestProvider
case true => RemotedataTransactionRequests // We will use Akka as a middleware
}

3
src/main/scala/code/usercustomerlinks/UserCustomerLink.scala
View File

@ -2,6 +2,7 @@ package code.usercustomerlinks
import java.util.Date
import code.api.util.APIUtil
import code.remotedata.RemotedataUserCustomerLinks
import net.liftweb.common.Box
import net.liftweb.util.{Props, SimpleInjector}
@ -12,7 +13,7 @@ object UserCustomerLink extends SimpleInjector {
val userCustomerLink = new Inject(buildOne _) {}
def buildOne: UserCustomerLinkProvider =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MappedUserCustomerLinkProvider
case true => RemotedataUserCustomerLinks // We will use Akka as a middleware
}

3
src/main/scala/code/users/Users.scala
View File

@ -1,5 +1,6 @@
package code.users
import code.api.util.APIUtil
import code.entitlement.Entitlement
import code.model.User
import code.model.dataAccess.{ResourceUser, ResourceUserCaseClass}
@ -15,7 +16,7 @@ object Users extends SimpleInjector {
val users = new Inject(buildOne _) {}
def buildOne: Users =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => LiftUsers
case true => RemotedataUsers // We will use Akka as a middleware
}

9
src/main/scala/code/util/UUIDString.scala
View File

@ -1,5 +1,6 @@
package code.util
import code.api.util.APIUtil
import net.liftweb.mapper.{MappedString, Mapper}
import net.liftweb.util.Props
@ -12,20 +13,20 @@ class UUIDString [T <: Mapper[T]](override val fieldOwner : T) extends MappedStr
object UUIDString {
// We use 44 as a default because base64 encoding of sha256 is 44 characters long
val MaxLength = Props.getInt("uuid_string.length", 44)
val MaxLength = APIUtil.getPropsAsIntValue("uuid_string.length", 44)
}
class MediumString [T <: Mapper[T]](override val fieldOwner : T) extends MappedString(fieldOwner, MediumString.MaxLength)
object MediumString {
val MaxLength = Props.getInt("medium_string.length", 20)
val MaxLength = APIUtil.getPropsAsIntValue("medium_string.length", 20)
}
class AccountIdString [T <: Mapper[T]](override val fieldOwner : T) extends MappedString(fieldOwner, AccountIdString.MaxLength)
object AccountIdString {
val MaxLength = Props.getInt("account_id.length", 64)
val MaxLength = APIUtil.getPropsAsIntValue("account_id.length", 64)
}
@ -36,5 +37,5 @@ So we can store a time of day without the date e.g. 23:33 - but also go past mid
class TwentyFourHourClockString [T <: Mapper[T]](override val fieldOwner : T) extends MappedString(fieldOwner, TwentyFourHourClockString.MaxLength)
object TwentyFourHourClockString {
val MaxLength = Props.getInt("time_string.length", 5)
val MaxLength = APIUtil.getPropsAsIntValue("time_string.length", 5)
}

47
src/main/scala/code/views/MapperViews.scala
View File

@ -3,7 +3,7 @@ package code.views
import bootstrap.liftweb.ToSchemify
import code.accountholder.{AccountHolders, MapperAccountHolders}
import code.api.APIFailure
import code.api.util.ApiRole
import code.api.util.{APIUtil, ApiRole}
import code.model.dataAccess.ViewImpl.create
import code.model.dataAccess.{ResourceUser, ViewImpl, ViewPrivileges}
import code.model.{CreateViewJson, Permission, UpdateViewJSON, User, _}
@ -11,6 +11,7 @@ import net.liftweb.common._
import net.liftweb.mapper.{By, Schemifier}
import net.liftweb.util.Helpers._
import code.api.util.ErrorMessages._
import scala.collection.immutable.List
import code.util.Helper.MdcLoggable
import net.liftweb.util.Props
@ -27,8 +28,8 @@ object MapperViews extends Views with MdcLoggable {
Schemifier.schemify(true, Schemifier.infoF _, ToSchemify.modelsRemotedata: _*)
val ALLOW_PUBLIC_VIEWS: Boolean = Props.getBool("allow_public_views").openOr(false)
val ALLOW_FIREHOSE_VIEWS: Boolean = Props.getBool("allow_firehose_views").openOr(false)
val ALLOW_PUBLIC_VIEWS: Boolean = APIUtil.getPropsAsBoolValue("allow_public_views", false)
val ALLOW_FIREHOSE_VIEWS: Boolean = APIUtil.getPropsAsBoolValue("allow_firehose_views", false)
def permissions(account : BankIdAccountId) : List[Permission] = {
@ -126,14 +127,8 @@ object MapperViews extends Views with MdcLoggable {
} else {
viewImpls.foreach(v => {
if(v.isPublic && !ALLOW_PUBLIC_VIEWS) return Failure(PublicViewsNotAllowedOnThisInstance)
if (ViewPrivileges.count(By(ViewPrivileges.user, user.resourceUserId.value), By(ViewPrivileges.view, v.id)) == 0) {
ViewPrivileges.create.
user(user.resourceUserId.value).
view(v.id).
save
}
getOrCreateViewPrivilege(user, v)
})
//TODO: this doesn't handle the case where one viewImpl fails to be saved
Full(viewImpls)
}
}
@ -223,14 +218,6 @@ object MapperViews extends Views with MdcLoggable {
}
}
def view(viewUID : ViewIdBankIdAccountId) : Box[View] = {
val view=ViewImpl.find(viewUID)
if(view.isDefined && view.openOrThrowException(attemptedToOpenAnEmptyBox).isPublic && !ALLOW_PUBLIC_VIEWS) return Failure(PublicViewsNotAllowedOnThisInstance)
view
}
/*
Create View based on the Specification (name, alias behavior, what fields can be seen, actions are allowed etc. )
* */
@ -724,30 +711,6 @@ object MapperViews extends Views with MdcLoggable {
false
}
/**
* Find view by bankId , accountId and viewName. If it is exsting in ViewImple table, return true.
* Otherwise, return false.
*
* But not used yet !
*/
def viewExists(bankId: BankId, accountId: AccountId, name: String): Boolean = {
val res =
if (ALLOW_PUBLIC_VIEWS)
ViewImpl.findAll(
By(ViewImpl.bankPermalink, bankId.value),
By(ViewImpl.accountPermalink, accountId.value),
By(ViewImpl.name_, name)
)
else
ViewImpl.findAll(
By(ViewImpl.bankPermalink, bankId.value),
By(ViewImpl.accountPermalink, accountId.value),
By(ViewImpl.name_, name),
By(ViewImpl.isPublic_, false)
)
res.nonEmpty
}
def createDefaultFirehoseView(bankId: BankId, accountId: AccountId, name: String): Box[View] = {
createAndSaveFirehoseView(bankId, accountId, "Firehose View")
}

11
src/main/scala/code/views/Views.scala
View File

@ -1,5 +1,6 @@
package code.views
import code.api.util.APIUtil
import code.model.{CreateViewJson, Permission, _}
import code.remotedata.RemotedataViews
import net.liftweb.common.Box
@ -14,7 +15,7 @@ object Views extends SimpleInjector {
//TODO Remove MapperViews when Remotedata is optimized and stable
def buildOne: Views =
Props.getBool("use_akka", false) match {
APIUtil.getPropsAsBoolValue("use_akka", false) match {
case false => MapperViews
case true => RemotedataViews // We will use Akka as a middleware
}
@ -26,6 +27,8 @@ trait Views {
def permissions(account : BankIdAccountId) : List[Permission]
def permission(account : BankIdAccountId, user: User) : Box[Permission]
def getOrCreateViewPrivilege(view: View, user: User): Box[View]
// This is for ViewPrivileges. It will first find the view object by `viewIdBankIdAccountId`
// And than, @getOrCreateViewPrivilege(view: View, user: User) for the view and user.
def addPermission(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) : Box[View]
def addPermissions(views : List[ViewIdBankIdAccountId], user : User) : Box[List[View]]
def revokePermission(viewIdBankIdAccountId : ViewIdBankIdAccountId, user : User) : Box[Boolean]
@ -33,7 +36,6 @@ trait Views {
def view(viewId : ViewId, bankAccountId: BankIdAccountId) : Box[View]
def viewFuture(viewId : ViewId, bankAccountId: BankIdAccountId) : Future[Box[View]]
def view(viewUID : ViewIdBankIdAccountId) : Box[View]
def createView(bankAccountId: BankIdAccountId, view: CreateViewJson): Box[View]
def removeView(viewId: ViewId, bankAccountId: BankIdAccountId): Box[Unit]
@ -46,7 +48,9 @@ trait Views {
def getAllPublicAccounts : List[BankIdAccountId]
def getPublicBankAccounts(bank : Bank) : List[BankIdAccountId]
@deprecated("This method will mix public and private, not clear for Apps.","2018-02-18")
def getAllAccountsUserCanSee(user : Box[User]) : List[BankIdAccountId]
@deprecated("This method will mix public and private, not clear for Apps.","2018-02-18")
def getAllAccountsUserCanSee(bank: Bank, user : Box[User]) : List[BankIdAccountId]
def getPrivateBankAccounts(user : User) : List[BankIdAccountId]
def getPrivateBankAccountsFuture(user : User) : Future[List[BankIdAccountId]]
@ -66,7 +70,6 @@ trait Views {
def grantAccessToView(user : User, view : View) : Boolean
def grantAccessToAllExistingViews(user : User) : Boolean
def viewExists(bank: BankId, accountId: AccountId, name: String): Boolean
def removeAllPermissions(bankId: BankId, accountId: AccountId) : Boolean
def removeAllViews(bankId: BankId, accountId: AccountId) : Boolean
@ -105,7 +108,6 @@ class RemotedataViewsCaseClasses {
def apply(user: User, bankId: BankId): List[(BankId, AccountId)] = this (user, bankId)
}
case class view(pars: Any*) {
def apply(viewIdBankIdAccountId: ViewIdBankIdAccountId): Box[View] = this (viewIdBankIdAccountId)
def apply(viewId: ViewId, bankAccountId: BankIdAccountId): Box[View] = this (viewId, bankAccountId)
}
case class viewFuture(viewId : ViewId, bankAccountId: BankIdAccountId)
@ -122,7 +124,6 @@ class RemotedataViewsCaseClasses {
case class grantAccessToView(user : User, view : View)
case class grantAccessToAllExistingViews(user : User)
case class viewExists(bank: BankId, accountId: AccountId, name: String)
case class removeAllPermissions(bankId: BankId, accountId: AccountId)
case class removeAllViews(bankId: BankId, accountId: AccountId)

3
src/test/scala/RunWebApp.scala
View File

@ -29,12 +29,13 @@ Berlin 13359, Germany
Ayoub Benali: ayoub AT tesobe DOT com
*/
import code.api.util.APIUtil
import net.liftweb.util.Props
import org.eclipse.jetty.server.Server
import org.eclipse.jetty.webapp.WebAppContext
object RunWebApp extends App {
val server = new Server(Props.getInt("dev.port", 8080))
val server = new Server(APIUtil.getPropsAsIntValue("dev.port", 8080))
val context = new WebAppContext()
context.setServer(server)

5
src/test/scala/code/TestServer.scala
View File

@ -1,5 +1,6 @@
package code
import code.api.util.APIUtil
import org.eclipse.jetty.server.Server
import org.eclipse.jetty.webapp.WebAppContext
@ -7,9 +8,9 @@ object TestServer {
import net.liftweb.util.Props
val host = "localhost"
val port = Props.getInt("tests.port",8000)
val port = APIUtil.getPropsAsIntValue("tests.port",8000)
val externalHost = Props.get("external.hostname")
val externalPort = Props.getInt("external.port")
val externalPort = APIUtil.getPropsAsIntValue("external.port")
val server = new Server(port)
val context = new WebAppContext()

69
src/test/scala/code/api/ResourceDocs1_4_0/SwaggerFactoryUnitTest.scala
View File

@ -31,41 +31,44 @@ class SwaggerFactoryUnitTest extends FlatSpec
translateCaseClassToSwaggerFormatString should not include("$colon")
}
it should ("Test all the case classes in SwaggerDefinitionsJSON") in{
val allSwaggerDefinitionCaseClasses = SwaggerDefinitionsJSON.allFields
it should ("Test all V300, V220 and V210, exampleRequestBodies and successResponseBodies and all the case classes in SwaggerDefinitionsJSON") in {
val listNestingMissDefinition: List[String] =
for (e <- allSwaggerDefinitionCaseClasses.toList if e!= null)
yield {
SwaggerJSONFactory.translateEntity(e)
}
logger.debug(listNestingMissDefinition)
listNestingMissDefinition.toString() should not include("$colon")
}
it should ("Test all V300, V220 and V210, exampleRequestBodies and successResponseBodies") in {
val resourceDocList: ArrayBuffer[ResourceDoc] = OBPAPI3_0_0.allResourceDocs ++ OBPAPI2_2_0.allResourceDocs++ OBPAPI2_1_0.allResourceDocs
val resourceDocList: ArrayBuffer[ResourceDoc] = OBPAPI3_0_0.allResourceDocs ++ OBPAPI2_2_0.allResourceDocs ++ OBPAPI2_1_0.allResourceDocs
//Translate every entity(JSON Case Class) in a list to appropriate swagger format
val listOfExampleRequestBodyDefinition =
for (e <- resourceDocList if e.exampleRequestBody != null)
yield {
SwaggerJSONFactory.translateEntity(e.exampleRequestBody)
}
val listOfSuccessRequestBodyDefinition =
for (e <- resourceDocList if e.successResponseBody != null)
yield {
SwaggerJSONFactory.translateEntity(e.successResponseBody)
}
//Translate every entity(JSON Case Class) in a list to appropriate swagger format
val listOfExampleRequestBodyDefinition =
for (e <- resourceDocList if e.exampleRequestBody != null)
yield {
SwaggerJSONFactory.translateEntity(e.exampleRequestBody)
}
val listOfSuccessRequestBodyDefinition =
for (e <- resourceDocList if e.successResponseBody != null)
yield {
SwaggerJSONFactory.translateEntity(e.successResponseBody)
}
listOfExampleRequestBodyDefinition.toString() should not include("$colon")
listOfSuccessRequestBodyDefinition.toString() should not include("$colon")
logger.debug(listOfExampleRequestBodyDefinition)
logger.debug(listOfExampleRequestBodyDefinition)
}
val allSwaggerDefinitionCaseClasses = SwaggerDefinitionsJSON.allFields
val listNestingMissDefinition: List[String] =
for (e <- allSwaggerDefinitionCaseClasses.toList if e != null)
yield {
SwaggerJSONFactory.translateEntity(e)
}
val allStrings = listOfExampleRequestBodyDefinition ++ listOfSuccessRequestBodyDefinition ++ listNestingMissDefinition
//All of the following are invalid value in Swagger, if any of them are exsiting, need check the source code!
allStrings.toString() should not include ("$colon")
allStrings.toString() should not include ("Nil$")
allStrings.toString() should not include ("JArray")
allStrings.toString() should not include ("JBool")
allStrings.toString() should not include ("JInt")
allStrings.toString() should not include ("JNothing")
allStrings.toString() should not include ("JNull")
allStrings.toString() should not include ("JObject")
allStrings.toString() should not include ("JString")
logger.debug(allStrings)
}
}

6
src/test/scala/code/api/gateWayloginTest.scala
View File

@ -1,6 +1,6 @@
package code.api
import code.api.util.ErrorMessages
import code.api.util.{APIUtil, ErrorMessages}
import code.bankconnectors.vJune2017.InboundAccountJune2017
import code.bankconnectors.vMar2017.InboundStatusMessage
import code.setup.{APIResponse, DefaultUsers, ServerSetup}
@ -95,7 +95,7 @@ class gateWayloginTest extends ServerSetup with BeforeAndAfter with DefaultUsers
def gatewayLoginNonBlockingRequest = baseRequest / "obp" / "v3.0.0" / "users" / "current" / "customers"
feature("GatewayLogin in a BLOCKING way") {
Props.getBool("allow_gateway_login", false) match {
APIUtil.getPropsAsBoolValue("allow_gateway_login", false) match {
case true =>
scenario("Missing parameter token in a blocking way") {
When("We try to login without parameter token in a Header")
@ -134,7 +134,7 @@ class gateWayloginTest extends ServerSetup with BeforeAndAfter with DefaultUsers
}
feature("GatewayLogin in a NON BLOCKING way") {
Props.getBool("allow_gateway_login", false) match {
APIUtil.getPropsAsBoolValue("allow_gateway_login", false) match {
case true =>
scenario("Missing parameter token in a blocking way") {
When("We try to login without parameter token in a Header")

118
src/test/scala/code/api/v1_2_1/API1_2_1Test.scala
View File

@ -667,7 +667,7 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
TODO check we have equivelent tests in Create Transaction Request tests
if (Props.getBool("payments_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("payments_enabled", false) == false) {
ignore("we make a payment", Payments) {}
} else {
scenario("we make a payment", Payments) {
@ -1085,30 +1085,30 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
}
feature("Information about all the bank accounts for all banks"){
scenario("we get only the public bank accounts", API1_2, GetBankAccountsForAllBanks) {
accountTestsSpecificDBSetup()
Given("We will not use an access token")
When("the request is sent")
val reply = getBankAccountsForAllBanks(None)
Then("we should get a 200 ok code")
reply.code should equal (200)
val publicAccountsInfo = reply.body.extract[AccountsJSON]
And("some fields should not be empty")
publicAccountsInfo.accounts.foreach(a => {
a.id.nonEmpty should equal (true)
a.views_available.nonEmpty should equal (true)
a.views_available.foreach(
//check that all the views are public
v => v.is_public should equal (true)
)
})
And("There are accounts from more than one bank")
assertAccountsFromMoreThanOneBank(publicAccountsInfo)
And("There are no duplicate accounts")
assertNoDuplicateAccounts(publicAccountsInfo)
}
// scenario("we get only the public bank accounts", API1_2, GetBankAccountsForAllBanks) {
// accountTestsSpecificDBSetup()
// Given("We will not use an access token")
// When("the request is sent")
// val reply = getBankAccountsForAllBanks(None)
// Then("we should get a 200 ok code")
// reply.code should equal (200)
// val publicAccountsInfo = reply.body.extract[AccountsJSON]
// And("some fields should not be empty")
// publicAccountsInfo.accounts.foreach(a => {
// a.id.nonEmpty should equal (true)
// a.views_available.nonEmpty should equal (true)
// a.views_available.foreach(
// //check that all the views are public
// v => v.is_public should equal (true)
// )
// })
//
// And("There are accounts from more than one bank")
// assertAccountsFromMoreThanOneBank(publicAccountsInfo)
//
// And("There are no duplicate accounts")
// assertNoDuplicateAccounts(publicAccountsInfo)
// }
scenario("we get the bank accounts the user has access to", API1_2, GetBankAccountsForAllBanks) {
accountTestsSpecificDBSetup()
Given("We will use an access token")
@ -1124,8 +1124,8 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
})
//test that this call is a combination of accounts with more than public access, and accounts with public access
And("Some accounts should have only public views")
assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, _.is_public)
// And("Some accounts should have only public views")
// assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, _.is_public)
And("Some accounts should have only private views")
assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, !_.is_public)
@ -1201,30 +1201,30 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
}
feature("Information about all the bank accounts for a single bank"){
scenario("we get only the public bank accounts", API1_2, GetBankAccounts) {
accountTestsSpecificDBSetup()
Given("We will not use an access token")
When("the request is sent")
val reply = getBankAccounts(randomBank, None)
Then("we should get a 200 ok code")
reply.code should equal (200)
val publicAccountsInfo = reply.body.extract[AccountsJSON]
And("some fields should not be empty")
publicAccountsInfo.accounts.foreach(a => {
a.id.nonEmpty should equal (true)
a.views_available.nonEmpty should equal (true)
a.views_available.foreach(
//check that all the views are public
v => v.is_public should equal (true)
)
})
And("The accounts are only from one bank")
assertAccountsFromOneBank(publicAccountsInfo)
And("There are no duplicate accounts")
assertNoDuplicateAccounts(publicAccountsInfo)
}
// scenario("we get only the public bank accounts", API1_2, GetBankAccounts) {
// accountTestsSpecificDBSetup()
// Given("We will not use an access token")
// When("the request is sent")
// val reply = getBankAccounts(randomBank, None)
// Then("we should get a 200 ok code")
// reply.code should equal (200)
// val publicAccountsInfo = reply.body.extract[AccountsJSON]
// And("some fields should not be empty")
// publicAccountsInfo.accounts.foreach(a => {
// a.id.nonEmpty should equal (true)
// a.views_available.nonEmpty should equal (true)
// a.views_available.foreach(
// //check that all the views are public
// v => v.is_public should equal (true)
// )
// })
//
// And("The accounts are only from one bank")
// assertAccountsFromOneBank(publicAccountsInfo)
//
// And("There are no duplicate accounts")
// assertNoDuplicateAccounts(publicAccountsInfo)
// }
scenario("we get the bank accounts the user have access to", API1_2, GetBankAccounts) {
accountTestsSpecificDBSetup()
Given("We will use an access token")
@ -1242,8 +1242,8 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
//test that this call is a combination of accounts with more than public access, and accounts with public access
And("Some accounts should have only public views")
assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, _.is_public)
And("Some accounts should have only private views")
// assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, _.is_public)
// And("Some accounts should have only private views")
assertAtLeastOneAccountHasAllViewsWithCondition(accountsInfo, !_.is_public)
And("The accounts are only from one bank")
@ -2013,7 +2013,7 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
val bankId = randomBank
val bankAccount : AccountJSON = randomPrivateAccount(bankId)
val viewId = ViewId("owner")
val view = Views.views.vend.view(ViewIdBankIdAccountId(viewId, BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
val view = Views.views.vend.view(viewId, BankIdAccountId(BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
if(Views.views.vend.getOwners(view).toList.length == 0){
val userId = resourceUser2.idGivenByProvider
grantUserAccessToView(bankId, bankAccount.id, userId, viewId.value, user1)
@ -2057,7 +2057,7 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
reply.code should equal (400)
And("The account holder should still have access to the owner view")
val view = Views.views.vend.view(ViewIdBankIdAccountId(ownerViewId, BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
val view = Views.views.vend.view(ownerViewId, BankIdAccountId(BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
Views.views.vend.getOwners(view).toList should contain (resourceUser3)
}
@ -2139,7 +2139,7 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
val bankId = randomBank
val bankAccount : AccountJSON = randomPrivateAccount(bankId)
val viewId = ViewId("owner")
val view = Views.views.vend.view(ViewIdBankIdAccountId(viewId, BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
val view = Views.views.vend.view(viewId, BankIdAccountId(BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
val userId = resourceUser1.idGivenByProvider
Views.views.vend.getOwners(view).toList.length should equal(1)
@ -2173,7 +2173,7 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
reply.code should equal (400)
And("The user should not have had his access revoked")
val view = Views.views.vend.view(ViewIdBankIdAccountId(ViewId("owner"), BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
val view = Views.views.vend.view(ViewId("owner"), BankIdAccountId(BankId(bankId), AccountId(bankAccount.id))).openOrThrowException(attemptedToOpenAnEmptyBox)
Views.views.vend.getOwners(view).toList should contain (resourceUser3)
}
}
@ -6031,8 +6031,8 @@ class API1_2_1Test extends User1AllPrivileges with DefaultUsers with PrivateUser
val randomLoc = randomLocation
When("the request is sent")
val postReply = postWhereForOneTransaction(bankId, bankAccount.id, randomString(5), transaction.id, randomLoc, user1)
Then("we should get a 404 code")
postReply.code should equal (404)
Then("we should get a 400 code")
postReply.code should equal (400)
And("we should get an error message")
postReply.body.extract[ErrorMessage].error.nonEmpty should equal (true)
}

5
src/test/scala/code/api/v1_4_0/TransactionRequestsTest.scala
View File

@ -1,5 +1,6 @@
package code.api.v1_4_0
import code.api.util.APIUtil
import code.api.util.APIUtil.OAuth._
import code.api.v1_2_1.AmountOfMoneyJsonV121
import code.api.v1_4_0.JSONFactory1_4_0._
@ -29,7 +30,7 @@ class TransactionRequestsTest extends V140ServerSetup with DefaultUsers {
})
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request without challenge", TransactionRequest) {}
} else {
scenario("we create a transaction request without challenge", TransactionRequest) {
@ -159,7 +160,7 @@ class TransactionRequestsTest extends V140ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request with a challenge", TransactionRequest) {}
} else {
scenario("we create a transaction request with a challenge", TransactionRequest) {

64
src/test/scala/code/api/v2_0_0/AccountTest.scala
View File

@ -26,22 +26,22 @@ class AccountTest extends V200ServerSetup with DefaultUsers {
And("We should get a 200")
responsePut.code should equal(200)
When("We make the anonymous access request")
val requestGet = (v2_0Request / "accounts").GET
val responseGet = makeGetRequest(requestGet)
Then("We should get a 200")
responseGet.code should equal(200)
val isPublic: List[Boolean] =
for {
JObject(o) <- responseGet.body
JField("is_public", JBool(isPublic)) <- o
} yield {
isPublic
}
And("All received accounts have to be public")
isPublic.forall(_ == true) should equal(true)
// When("We make the anonymous access request")
// val requestGet = (v2_0Request / "accounts").GET
// val responseGet = makeGetRequest(requestGet)
//
// Then("We should get a 200")
// responseGet.code should equal(200)
//
// val isPublic: List[Boolean] =
// for {
// JObject(o) <- responseGet.body
// JField("is_public", JBool(isPublic)) <- o
// } yield {
// isPublic
// }
// And("All received accounts have to be public")
// isPublic.forall(_ == true) should equal(true)
When("We make the authenticated access request")
val requestGetAll = (v2_0Request / "accounts").GET <@ (user1)
@ -74,22 +74,22 @@ class AccountTest extends V200ServerSetup with DefaultUsers {
And("We should get a 200")
responsePut.code should equal(200)
When("We make the anonymous access request")
val requestGet = (v2_0Request / "banks" / testBank.value / "accounts").GET
val responseGet = makeGetRequest(requestGet)
Then("We should get a 200")
responseGet.code should equal(200)
val isPublic: List[Boolean] =
for {
JObject(o) <- responseGet.body
JField("is_public", JBool(isPublic)) <- o
} yield {
isPublic
}
And("All received accounts have to be public")
isPublic.forall(_ == true) should equal(true)
// When("We make the anonymous access request")
// val requestGet = (v2_0Request / "banks" / testBank.value / "accounts").GET
// val responseGet = makeGetRequest(requestGet)
//
// Then("We should get a 200")
// responseGet.code should equal(200)
//
// val isPublic: List[Boolean] =
// for {
// JObject(o) <- responseGet.body
// JField("is_public", JBool(isPublic)) <- o
// } yield {
// isPublic
// }
// And("All received accounts have to be public")
// isPublic.forall(_ == true) should equal(true)
When("We make the authenticated access request")
val requestGetAll = (v2_0Request / "banks" / testBank.value / "accounts").GET <@ (user1)

16
src/test/scala/code/api/v2_0_0/TransactionRequestsTest.scala
View File

@ -2,7 +2,7 @@ package code.api.v2_0_0
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole._
import code.api.util.ErrorMessages
import code.api.util.{APIUtil, ErrorMessages}
import code.api.v1_2_1.AmountOfMoneyJsonV121
import code.api.v1_4_0.JSONFactory1_4_0.{ChallengeAnswerJSON, TransactionRequestAccountJsonV140}
import code.bankconnectors.Connector
@ -33,7 +33,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
}
// No challenge, No FX (same currencies)
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request with a user who doesn't have access to owner view but has CanCreateAnyTransactionRequest at BANK_ID", TransactionRequest) {}
} else {
scenario("we create a transaction request with a user who doesn't have access to owner view but has CanCreateAnyTransactionRequest at BANK_ID", TransactionRequest) {
@ -182,7 +182,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
// No challenge, No FX (same currencies)
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request without challenge, no FX (same currencies)", TransactionRequest) {}
} else {
scenario("we create a transaction request without challenge, no FX (same currencies)", TransactionRequest) {
@ -320,7 +320,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request with a user without owner view access", TransactionRequest) {}
} else {
scenario("we create a transaction request with a user without owner view access", TransactionRequest) {
@ -367,7 +367,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request with a user who doesn't have access to owner view but has CanCreateAnyTransactionRequest at a different BANK_ID", TransactionRequest) {}
} else {
scenario("we create a transaction request with a user who doesn't have access to owner view but has CanCreateAnyTransactionRequest at a different BANK_ID", TransactionRequest) {
@ -428,7 +428,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
}
// No challenge, with FX
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create an FX transaction request without challenge, with FX (different currencies)", TransactionRequest) {}
} else {
scenario("we create an FX transaction request without challenge, with FX (different currencies)", TransactionRequest) {
@ -640,7 +640,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
// With challenge, No FX (Same currencies)
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create a transaction request with a challenge, same currencies", TransactionRequest) {}
} else {
scenario("we create a transaction request with a challenge", TransactionRequest) {
@ -811,7 +811,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
// With Challenge, with FX
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("we create an FX transaction request with challenge", TransactionRequest) {}
} else {
scenario("we create an FX transaction request with challenge", TransactionRequest) {

43
src/test/scala/code/api/v2_1_0/TransactionRequestsTest.scala
View File

@ -1,11 +1,12 @@
package code.api.v2_1_0
import java.util.UUID
import code.api.util.ErrorMessages._
import code.api.ChargePolicy
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole.CanCreateAnyTransactionRequest
import code.api.util.ErrorMessages
import code.api.util.{APIUtil, ErrorMessages}
import code.api.v1_2_1.AmountOfMoneyJsonV121
import code.api.v1_4_0.JSONFactory1_4_0.{ChallengeAnswerJSON, TransactionRequestAccountJsonV140}
import code.api.v2_0_0.TransactionRequestBodyJsonV200
@ -292,7 +293,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
feature("Security Tests: permissions, roles, views...") {
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No login user", TransactionRequest) {}
} else {
scenario("No login user", TransactionRequest) {
@ -315,7 +316,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No owner view , No CanCreateAnyTransactionRequest role", TransactionRequest) {}
} else {
scenario("No owner view, No CanCreateAnyTransactionRequest role", TransactionRequest) {
@ -336,7 +337,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No owner view, With CanCreateAnyTransactionRequest role", TransactionRequest) {}
} else {
scenario("No owner view, With CanCreateAnyTransactionRequest role", TransactionRequest) {
@ -357,7 +358,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("Invalid transactionRequestType", TransactionRequest) {}
} else {
scenario("Invalid transactionRequestType", TransactionRequest) {
@ -386,7 +387,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
feature("we can create transaction requests -- SANDBOX_TAN") {
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, No FX (same currencies)", TransactionRequest) {}
} else {
scenario("No challenge, No FX (same currencies)", TransactionRequest) {
@ -416,7 +417,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, With FX ", TransactionRequest) {}
} else {
scenario("No challenge, With FX ", TransactionRequest) {
@ -456,7 +457,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, No FX", TransactionRequest) {}
} else {
scenario("With challenge, No FX ", TransactionRequest) {
@ -502,7 +503,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, With FX ", TransactionRequest) {}
} else {
scenario("With challenge, With FX ", TransactionRequest) {
@ -555,7 +556,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
feature("we can create transaction requests -- FREE_FORM") {
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, No FX ", TransactionRequest) {}
} else {
scenario("No challenge, No FX ", TransactionRequest) {
@ -585,7 +586,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, With FX ", TransactionRequest) {}
} else {
scenario("No challenge, With FX ", TransactionRequest) {
@ -625,7 +626,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, No FX", TransactionRequest) {}
} else {
scenario("With challenge, No FX ", TransactionRequest) {
@ -671,7 +672,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, With FX ", TransactionRequest) {}
} else {
scenario("With challenge, With FX ", TransactionRequest) {
@ -724,7 +725,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
feature("we can create transaction requests -- SEPA") {
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, No FX ", TransactionRequest) {}
} else {
scenario("No challenge, No FX ", TransactionRequest) {
@ -754,7 +755,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, With FX ", TransactionRequest) {}
} else {
scenario("No challenge, With FX ", TransactionRequest) {
@ -794,7 +795,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, No FX ", TransactionRequest) {}
} else {
scenario("With challenge, No FX ", TransactionRequest) {
@ -840,7 +841,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, With FX ", TransactionRequest) {}
} else {
scenario("With challenge, With FX ", TransactionRequest) {
@ -893,7 +894,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
feature("we can create transaction requests -- COUNTERPARTY") {
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, No FX ", TransactionRequest) {}
} else {
scenario("No challenge, No FX ", TransactionRequest) {
@ -923,7 +924,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("No challenge, With FX ", TransactionRequest) {}
} else {
scenario("No challenge, With FX ", TransactionRequest) {
@ -963,7 +964,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, No FX ", TransactionRequest) {}
} else {
scenario("With challenge, No FX ", TransactionRequest) {
@ -1009,7 +1010,7 @@ class TransactionRequestsTest extends V210ServerSetup with DefaultUsers {
}
}
if (Props.getBool("transactionRequests_enabled", false) == false) {
if (APIUtil.getPropsAsBoolValue("transactionRequests_enabled", false) == false) {
ignore("With challenge, With FX", TransactionRequest) {}
} else {
scenario("With challenge, With FX", TransactionRequest) {

3
src/test/scala/code/bankaccountcreation/BankAccountCreationListenerTest.scala
View File

@ -1,6 +1,7 @@
package code.bankaccountcreation
import code.accountholder.AccountHolders
import code.api.util.APIUtil
import code.api.util.ErrorMessages._
import code.model.{BankId, User}
import code.views.Views
@ -59,7 +60,7 @@ class BankAccountCreationListenerTest extends ServerSetup with DefaultConnectorT
AccountHolders.accountHolders.vend.getAccountHolders(BankId(expectedBankId), createdAccount.accountId) should equal(Set(user))
}
if (Props.getBool("messageQueue.createBankAccounts", false) == false) {
if (APIUtil.getPropsAsBoolValue("messageQueue.createBankAccounts", false) == false) {
ignore("a bank account is created at a bank that does not yet exist", BankAccountCreationListenerTag) {}
ignore("a bank account is created at a bank that already exists", BankAccountCreationListenerTag) {}
} else {

178
src/test/scala/code/fx/PutFX.scala Normal file
View File

@ -0,0 +1,178 @@
package code.fx
/**
Open Bank Project - API
Copyright (C) 2011-2016, TESOBE Ltd.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Email: contact@tesobe.com
TESOBE Ltd.
Osloer Strasse 16/17
Berlin 13359, Germany
This product includes software developed at
TESOBE (http://www.tesobe.com/)
*/
/*
* This is a utility script that can be used to POST data via the API as a logged-in User.
* It POSTS customers and links them to existing Users
* It requires the credentials of the user and logs in via OAuth using selenium.
*
* We use an "admin user" e.g. a user which has been assigned certain roles to perform the actions.
* The roles required include CanGetAnyUser, CanCreateCustomerAtAnyBank , CanCreateUserCustomerLinkAtAnyBank
*
* To use this one-time script, put e.g.
* target_api_hostname=https://localhost:8080
* obp_consumer_key=xxx
* obp_secret_key=yyy
* import.fx_data_path=path_to.json
* import.admin_user.username=username-of-user-that-has-correct-roles
* import.admin_user.password=password
*
* into your props file.
* */
import java.util.Date
import code.api.v2_2_0.FXRateJsonV220
import code.setup.SendServerRequests
import code.util.ObpJson._
import code.util.{OAuthClient, ObpGet, ObpPut}
import net.liftweb.common.{Box, Empty, Full}
import net.liftweb.http.RequestVar
import net.liftweb.json._
import net.liftweb.util.Props
import scala.collection.mutable.ListBuffer
import scala.io.Source
case class FxJson(from_currency_code: String,
to_currency_code: String,
conversion_value: Double,
inverse_conversion_value: Double,
effective_date: Date)
object PutFX extends SendServerRequests {
def debugBreak() {
println("Breakpoint hit!") // Manually set a breakpoint here
}
def main(args : Array[String]) {
// this sets the date format to "yyyy-MM-dd'T'HH:mm:ss'Z'" i.e. ISO 8601 No milliseconds UTC
implicit val formats = DefaultFormats // Brings in default date formats etc.
val adminUserUsername = Props.get("import.admin_user.username").getOrElse("ERROR")
println(s"adminUserUsername is $adminUserUsername")
val adminUserPassword = Props.get("import.admin_user.password").getOrElse("ERROR")
println(s"adminUserPassword is $adminUserPassword")
//println("Got " + customers.length + " records")
object allBanksVar extends RequestVar[Box[BanksJson]] (Empty)
def allBanks : Box[BanksJson]= {
allBanksVar.get match {
case Full(a) => Full(a)
case _ => ObpGet("/v1.2.1/banks").flatMap(_.extractOpt[BanksJson]) // TODO use more recent API version
}
}
case class SimpleBank(
id : String,
shortName : String,
fullName : String,
logo : String,
website : String)
// Login once as an admin user. Will need to have some admin Roles
if(!OAuthClient.loggedIn) {
print("login as user: ")
println (adminUserUsername)
OAuthClient.authenticateWithOBPCredentials(adminUserUsername, adminUserPassword)
println(" - ok.")
}
val banks = for {
a <- allBanks.toList
b <- a.bankJsons
// This filtering could be turned on/off by Props setting
// Filter out banks if we have a list of ones to use, else use all of them.
// Also, show all if requested by url parameter
// if featuredBankIds.length == 0 || featuredBankIds.contains(b.id.get) || listAllBanks
} yield SimpleBank (b.id.get,
b.short_name.getOrElse(""),
b.full_name.getOrElse(""),
b.logo.getOrElse(""),
b.website.getOrElse("")
) // Add a flag to say if this bank is featured.
for (b <- banks) { // (b.shortName == "uk")
println(s"Posting FX Rate for bank ${b.shortName}")
val url = s"/v3.0.0/banks/${b.id}/fx"
//load json for fx rates
val fxDataPath = Props.get("import.fx_data_path")
println(s"fxDataPath is $fxDataPath")
// This contains a list of fx rates.
val fxListData = JsonParser.parse(Source.fromFile(fxDataPath.getOrElse("ERROR")) mkString)
var fxrates = ListBuffer[FxJson]()
// Get fx rate data from json
for(i <- fxListData.children){
//logger.info(s" extract fx rate records")
val f = i.extract[FxJson]
val fxJsonV210 = FXRateJsonV220(
bank_id = b.id,
from_currency_code = f.from_currency_code,
to_currency_code = f.to_currency_code,
conversion_value = f.conversion_value,
inverse_conversion_value = f.inverse_conversion_value,
effective_date = f.effective_date
)
val json = Extraction.decompose(fxJsonV210)
println(s"json to post is $json")
val result = ObpPut(url, json)
if (!result.isEmpty) {
println("saved " + f.from_currency_code + " to " + f.to_currency_code + " as currency exchange rate " + result)
} else {
println("did NOT save fx rate " + result)
}
}
//OAuthClient.logoutAll()
}
OAuthClient.logoutAll()
sys.exit(0)
}
}

3
src/test/scala/code/management/AccountsAPITest.scala
View File

@ -1,11 +1,10 @@
package code.management
import code.api.util.APIUtil.OAuth.{Consumer, Token, _}
import code.api.v1_2_1._
import code.setup.{APIResponse, DefaultUsers, PrivateUser2AccountsAndSetUpWithTestData, User1AllPrivileges}
import org.scalatest.Tag
class AccountsAPITest extends API1_2_1Test with User1AllPrivileges with DefaultUsers with PrivateUser2AccountsAndSetUpWithTestData {
class AccountsAPITest extends User1AllPrivileges with DefaultUsers with PrivateUser2AccountsAndSetUpWithTestData {
//define Tags
object Management extends Tag("Management")

4
src/test/scala/code/sandbox/SandboxDataLoadingTest.scala
View File

@ -33,10 +33,12 @@ package code.sandbox
import java.text.SimpleDateFormat
import java.util.Date
import code.api.util.ErrorMessages._
import bootstrap.liftweb.ToSchemify
import code.TestServer
import code.accountholder.AccountHolders
import code.api.util.APIUtil
import code.api.util.APIUtil._
import code.atms.Atms
import code.atms.Atms.{AtmId, AtmT, countOfAtms}
@ -90,7 +92,7 @@ class SandboxDataLoadingTest extends FlatSpec with SendServerRequests with Match
//drop database tables before
//MongoDB.getDb(DefaultMongoIdentifier).foreach(_.dropDatabase())
ToSchemify.models.foreach(_.bulkDelete_!!())
if (!Props.getBool("remotedata.enable", false)) {
if (!APIUtil.getPropsAsBoolValue("remotedata.enable", false)) {
ToSchemify.modelsRemotedata.foreach(_.bulkDelete_!!())
} else {
Views.views.vend.bulkDeleteAllPermissionsAndViews()

4
src/test/scala/code/setup/DefaultUsers.scala
View File

@ -1,8 +1,10 @@
package code.setup
import java.util.UUID
import code.api.util.ErrorMessages._
import code.api.GatewayLogin
import code.api.util.APIUtil
import code.api.util.APIUtil.OAuth.{Consumer, Token}
import code.consumer.Consumers
import code.model.TokenType._
@ -36,7 +38,7 @@ trait DefaultUsers {
lazy val consumer = Consumer(testConsumer.key.get, testConsumer.secret.get)
// create the access token
val expiration = Props.getInt("token_expiration_weeks", 4)
val expiration = APIUtil.getPropsAsIntValue("token_expiration_weeks", 4)
lazy val tokenDuration = weeks(expiration)
// Create resource user, need provider

4
src/test/scala/code/setup/LocalMappedConnectorTestSetup.scala
View File

@ -1,9 +1,11 @@
package code.setup
import java.util.{Date, UUID}
import code.api.util.ErrorMessages._
import bootstrap.liftweb.ToSchemify
import code.accountholder.AccountHolders
import code.api.util.APIUtil
import code.entitlement.Entitlement
import code.metadata.counterparties.{Counterparties, CounterpartyTrait}
import code.model._
@ -141,7 +143,7 @@ trait LocalMappedConnectorTestSetup extends TestConnectorSetupWithStandardPermis
//empty the relational db tables after each test
ToSchemify.models.filterNot(exclusion).foreach(_.bulkDelete_!!())
if (!Props.getBool("remotedata.enable", false)) {
if (!APIUtil.getPropsAsBoolValue("remotedata.enable", false)) {
ToSchemify.modelsRemotedata.filterNot(exclusion).foreach(_.bulkDelete_!!())
} else {
Views.views.vend.bulkDeleteAllPermissionsAndViews()

3
src/test/scala/code/setup/ServerSetup.scala
View File

@ -36,6 +36,7 @@ import java.text.SimpleDateFormat
import _root_.net.liftweb.json.JsonAST.JObject
import code.TestServer
import code.api.util.APIUtil
import code.model.BankId
import code.util.Helper.MdcLoggable
import dispatch._
@ -56,7 +57,7 @@ trait ServerSetup extends FeatureSpec with SendServerRequests
val server = TestServer
def baseRequest = host(server.host, server.port)
val secured = Props.getBool("external.https", false)
val secured = APIUtil.getPropsAsBoolValue("external.https", false)
def externalBaseRequest = (server.externalHost, server.externalPort) match {
case (Full(h), Full(p)) if secured => host(h, p).secure
case (Full(h), Full(p)) if !secured => host(h, p)

3
src/test/scala/code/setup/TestConnectorSetupWithStandardPermissions.scala
View File

@ -2,6 +2,7 @@ package code.setup
import bootstrap.liftweb.ToSchemify
import code.accountholder.AccountHolders
import code.api.util.APIUtil
import code.model._
import code.model.dataAccess._
import code.views.Views
@ -54,7 +55,7 @@ trait TestConnectorSetupWithStandardPermissions extends TestConnectorSetup {
//empty the relational db tables after each test
ToSchemify.models.filterNot(exclusion).foreach(_.bulkDelete_!!())
if (!Props.getBool("remotedata.enable", false)) {
if (!APIUtil.getPropsAsBoolValue("remotedata.enable", false)) {
ToSchemify.modelsRemotedata.filterNot(exclusion).foreach(_.bulkDelete_!!())
} else {
Views.views.vend.bulkDeleteAllPermissionsAndViews()