From 0b8d35343d3db858c9ce73eb2a5d8ee39e53c16a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Tue, 16 May 2023 12:37:07 +0200 Subject: [PATCH 1/7] docfix/Tweak names regarding OTP --- obp-api/src/main/scala/code/snippet/PaymentOTP.scala | 2 +- obp-api/src/main/webapp/otp.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/obp-api/src/main/scala/code/snippet/PaymentOTP.scala b/obp-api/src/main/scala/code/snippet/PaymentOTP.scala index 91e3c1613..ffd51bde0 100644 --- a/obp-api/src/main/scala/code/snippet/PaymentOTP.scala +++ b/obp-api/src/main/scala/code/snippet/PaymentOTP.scala @@ -64,7 +64,7 @@ class PaymentOTP extends MdcLoggable with RestHelper with APIMethods400 { val form = "form" #> { "#otp_input" #> SHtml.textElem(otpVar) & - "type=submit" #> SHtml.submit("Send OTP", () => submitButtonDefense) + "type=submit" #> SHtml.submit("Submit OTP", () => submitButtonDefense) } def PaymentOTP = { diff --git a/obp-api/src/main/webapp/otp.html b/obp-api/src/main/webapp/otp.html index 6fbc9cdc0..bc558e533 100644 --- a/obp-api/src/main/webapp/otp.html +++ b/obp-api/src/main/webapp/otp.html @@ -29,7 +29,7 @@ Berlin 13359, Germany
-

Please send your OTP

+

Please submit your OTP

From 0b663ed18379a62512fbac25fe0c24272acd26e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Tue, 16 May 2023 13:00:09 +0200 Subject: [PATCH 2/7] feature/Tweak GUI regarding OTP --- obp-api/src/main/webapp/otp.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/obp-api/src/main/webapp/otp.html b/obp-api/src/main/webapp/otp.html index bc558e533..0eb64552f 100644 --- a/obp-api/src/main/webapp/otp.html +++ b/obp-api/src/main/webapp/otp.html @@ -29,7 +29,11 @@ Berlin 13359, Germany
-

Please submit your OTP

+
+
+

Please submit your OTP

+
+
From 137b9b8fdd5b3d4a600a100ead6a0fdc858c416a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Wed, 17 May 2023 17:33:15 +0200 Subject: [PATCH 3/7] feature/Tweak endpoint root v5.1.0 --- .../src/main/scala/code/api/v5_1_0/APIMethods510.scala | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index c12a5308b..5160d2c76 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -77,9 +77,12 @@ trait APIMethods510 { def root (apiVersion : ApiVersion, apiVersionStatus: String) : OBPEndpoint = { case (Nil | "root" :: Nil) JsonGet _ => { - cc => Future { - JSONFactory510.getApiInfoJSON(apiVersion,apiVersionStatus) -> HttpCode.`200`(cc.callContext) - } + cc => + for { + _ <- Future() // Just start async call + } yield { + (JSONFactory510.getApiInfoJSON(apiVersion,apiVersionStatus), HttpCode.`200`(cc.callContext)) + } } } From ef1036ec8aa768d834ea25470b10f72010a13a1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Thu, 18 May 2023 09:04:38 +0200 Subject: [PATCH 4/7] feature/Add endpoint waitingForGodot v5.1.0 --- .../main/scala/code/api/util/APIUtil.scala | 2 ++ .../scala/code/api/v5_1_0/APIMethods510.scala | 36 +++++++++++++++++++ .../code/api/v5_1_0/JSONFactory5.1.0.scala | 3 ++ 3 files changed, 41 insertions(+) diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala index e6fc60d59..3b23eb3d1 100644 --- a/obp-api/src/main/scala/code/api/util/APIUtil.scala +++ b/obp-api/src/main/scala/code/api/util/APIUtil.scala @@ -1254,6 +1254,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ * @return List(HTTPParam("from_date","$DateWithMsExampleString"),HTTPParam("to_date","$DateWithMsExampleString")) */ def createHttpParamsByUrl(httpRequestUrl: String): Box[List[HTTPParam]] = { + val sleep = getHttpRequestUrlParam(httpRequestUrl,"sleep") val sortDirection = getHttpRequestUrlParam(httpRequestUrl,"sort_direction") val fromDate = getHttpRequestUrlParam(httpRequestUrl,"from_date") val toDate = getHttpRequestUrlParam(httpRequestUrl,"to_date") @@ -1300,6 +1301,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{ HTTPParam("include_url_patterns", includeUrlPattern), HTTPParam("include_implemented_by_partial_functions", includeImplementedByPartialfunctions), HTTPParam("function_name", functionName), + HTTPParam("sleep", sleep), HTTPParam("currency", currency), HTTPParam("amount", amount), HTTPParam("bank_id", bankId), diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 5160d2c76..1c6bc4f3c 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -1,6 +1,8 @@ package code.api.v5_1_0 +import java.io + import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.{apiCollectionJson400, apiCollectionsJson400, apiInfoJson400, postApiCollectionJson400, revokedConsentJsonV310} import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._ import code.api.util.APIUtil._ @@ -31,8 +33,10 @@ import com.openbankproject.commons.model.enums.AtmAttributeType import com.openbankproject.commons.util.{ApiVersion, ScannedApiVersion} import net.liftweb.common.Full import net.liftweb.http.S +import net.liftweb.http.provider.HTTPParam import net.liftweb.http.rest.RestHelper import net.liftweb.mapper.By +import net.liftweb.util.Helpers.tryo import scala.collection.immutable.{List, Nil} import scala.collection.mutable.ArrayBuffer @@ -86,6 +90,38 @@ trait APIMethods510 { } } + staticResourceDocs += ResourceDoc( + waitingForGodot, + implementedInApiVersion, + nameOf(waitingForGodot), + "GET", + "/waiting-for-godot", + "Waiting For Godot", + """Waiting For Godot + | + |Uses query parameter "sleep" in milliseconds. + |For instance: .../waiting-for-godot?sleep=50 means postpone response in 50 milliseconds. + |""".stripMargin, + EmptyBody, + WaitingForGodotJsonV510(sleep_in_milliseconds = 50), + List(UnknownError, "no connector set"), + apiTagApi :: apiTagNewStyle :: Nil) + + lazy val waitingForGodot: OBPEndpoint = { + case "waiting-for-godot" :: Nil JsonGet _ => { + cc => + for { + httpParams <- NewStyle.function.extractHttpParamsFromUrl(cc.url) + } yield { + val sleep: String = httpParams.filter(_.name == "sleep").headOption + .map(_.values.headOption.getOrElse("0")).getOrElse("0") + val sleepInMillis: Long = tryo(sleep.trim.toLong).getOrElse(0) + Thread.sleep(sleepInMillis) + (JSONFactory510.waitingForGodot(sleepInMillis), HttpCode.`200`(cc.callContext)) + } + } + } + staticResourceDocs += ResourceDoc( getAllApiCollections, implementedInApiVersion, diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index 0ef6768f8..c34dd5afb 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -56,6 +56,7 @@ case class APIInfoJsonV510( energy_source : EnergySource400, resource_docs_requires_role: Boolean ) +case class WaitingForGodotJsonV510(sleep_in_milliseconds: Long) case class CertificateInfoJsonV510( subject_domain_name: String, @@ -195,6 +196,8 @@ case class AtmAttributesResponseJsonV510(atm_attributes: List[AtmAttributeRespon object JSONFactory510 { + + def waitingForGodot(sleep: Long): WaitingForGodotJsonV510 = WaitingForGodotJsonV510(sleep) def createAtmsJsonV510(atmAndAttributesTupleList: List[(AtmT, List[AtmAttribute])] ): AtmsJsonV510 = { AtmsJsonV510(atmAndAttributesTupleList.map( From 47165f0cd3b04d5603fa3f3181b10076993b4836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Fri, 19 May 2023 11:57:08 +0200 Subject: [PATCH 5/7] feature/Increase random string length to be at least 10 --- .../src/test/scala/code/api/oauthTest.scala | 16 ++++----- .../scala/code/api/v1_2_1/API1_2_1Test.scala | 36 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/obp-api/src/test/scala/code/api/oauthTest.scala b/obp-api/src/test/scala/code/api/oauthTest.scala index 273c85cb7..603fddc99 100644 --- a/obp-api/src/test/scala/code/api/oauthTest.scala +++ b/obp-api/src/test/scala/code/api/oauthTest.scala @@ -79,7 +79,7 @@ class OAuthTest extends ServerSetup { lazy val user1Password = randomString(10) lazy val user1 = AuthUser.create. - email(randomString(3)+"@example.com"). + email(randomString(10)+"@example.com"). username("username with_space"). password(user1Password). validated(true). @@ -90,7 +90,7 @@ class OAuthTest extends ServerSetup { lazy val user2Password = randomString(10) lazy val user2 = AuthUser.create. - email(randomString(3)+"@example.com"). + email(randomString(10)+"@example.com"). username("username with more than 1 space"). password(user2Password). validated(false). @@ -100,7 +100,7 @@ class OAuthTest extends ServerSetup { lazy val consumer = new Consumer (testConsumer.key.get,testConsumer.secret.get) lazy val disabledConsumer = new Consumer (disabledTestConsumer.key.get, disabledTestConsumer.secret.get) - lazy val notRegisteredConsumer = new Consumer (randomString(5),randomString(5)) + lazy val notRegisteredConsumer = new Consumer (randomString(10),randomString(10)) private def getAPIResponse(req : Req) : OAuthResponse = { Await.result( @@ -264,7 +264,7 @@ class OAuthTest extends ServerSetup { scenario("the user cannot login because the token does not exist", Verifier, Oauth){ Given("we will use a random request token") When("the browser is launched to login") - val verifier = getVerifier(randomString(4), user1.username.get, user1Password) + val verifier = getVerifier(randomString(10), user1.username.get, user1Password) Then("we should not get a verifier") verifier.isEmpty should equal (true) } @@ -295,7 +295,7 @@ class OAuthTest extends ServerSetup { val reply = getRequestToken(consumer, oob) val requestToken = extractToken(reply.body) When("when we ask for an access token") - val accessTokenReply = getAccessToken(consumer, requestToken, randomString(5)) + val accessTokenReply = getAccessToken(consumer, requestToken, randomString(10)) Then("we should get a 401") accessTokenReply.code should equal (401) } @@ -305,7 +305,7 @@ class OAuthTest extends ServerSetup { val requestToken = extractToken(reply.body) val verifier = getVerifier(requestToken.value, user1.username.get, user1Password) When("when we ask for an access token with a request token") - val randomRequestToken = Token(randomString(5), randomString(5)) + val randomRequestToken = Token(randomString(10), randomString(10)) val accessTokenReply = getAccessToken(consumer, randomRequestToken, verifier.openOrThrowException(attemptedToOpenAnEmptyBox)) Then("we should get a 401") accessTokenReply.code should equal (401) @@ -314,8 +314,8 @@ class OAuthTest extends ServerSetup { Given("we will first get request token and a verifier") val reply = getRequestToken(consumer, selfCallback) When("when we ask for an access token with a request token") - val randomRequestToken = Token(randomString(5), randomString(5)) - val accessTokenReply = getAccessToken(consumer, randomRequestToken, randomString(5)) + val randomRequestToken = Token(randomString(10), randomString(10)) + val accessTokenReply = getAccessToken(consumer, randomRequestToken, randomString(10)) Then("we should get a 401") accessTokenReply.code should equal (401) } diff --git a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala index 8f30349fd..17f23f9d5 100644 --- a/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala +++ b/obp-api/src/test/scala/code/api/v1_2_1/API1_2_1Test.scala @@ -1047,7 +1047,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat scenario("we don't get the hosted bank information", API1_2_1, GetHostedBank){ Given("We will not use an access token and request a random bankId") When("the request is sent") - val reply = getBankInfo(randomString(5)) + val reply = getBankInfo(randomString(10)) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -1454,7 +1454,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val view = randomView(true, "") When("the request is sent") - val reply = postView(bankId, randomString(3), view, user1) + val reply = postView(bankId, randomString(10), view, user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -1482,7 +1482,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val viewsBefore = getAccountViews(bankId, bankAccount.id, user1).body.extract[ViewsJSONV121].views val viewWithEmptyName = CreateViewJsonV121( name = "", - description = randomString(3), + description = randomString(10), is_public = true, which_alias_to_use="alias", hide_metadata_if_alias_used = false, @@ -1503,7 +1503,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankAccount : AccountJSON = randomPrivateAccount(bankId) val viewWithSystemName = CreateViewJsonV121( name = SYSTEM_OWNER_VIEW_ID, - description = randomString(3), + description = randomString(10), is_public = true, which_alias_to_use="alias", hide_metadata_if_alias_used = false, @@ -1720,7 +1720,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = deleteView(bankId, bankAccount.id, randomString(3), user1) + val reply = deleteView(bankId, bankAccount.id, randomString(10), user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -1833,7 +1833,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = getUserAccountPermission(bankId, bankAccount.id, randomString(5), user1) + val reply = getUserAccountPermission(bankId, bankAccount.id, randomString(10), user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -1864,7 +1864,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = grantUserAccessToView(bankId, bankAccount.id, randomString(5), randomCustomViewPermalink(bankId, bankAccount), user1) + val reply = grantUserAccessToView(bankId, bankAccount.id, randomString(10), randomCustomViewPermalink(bankId, bankAccount), user1) Then("we should get a 400 ok code") reply.code should equal (400) And("we should get an error message") @@ -1878,7 +1878,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val userId = resourceUser2.idGivenByProvider val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSONV121].views.length When("the request is sent") - val reply = grantUserAccessToView(bankId, bankAccount.id, userId, randomString(5), user1) + val reply = grantUserAccessToView(bankId, bankAccount.id, userId, randomString(10), user1) Then("we should get a 404 code") reply.code should equal (404) And("we should get an error message") @@ -1931,7 +1931,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat Given("We will use an access token with a random user Id") val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) - val userId = randomString(5) + val userId = randomString(10) val viewsIdsToGrant= randomCustomViewsIdsToGrant(bankId, bankAccount.id) When("the request is sent") val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) @@ -1946,7 +1946,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) val userId = resourceUser3.idGivenByProvider - val viewsIdsToGrant= List(randomString(3),randomString(3)) + val viewsIdsToGrant= List(randomString(10),randomString(10)) When("the request is sent") val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) Then("we should get a 404 code") @@ -1960,7 +1960,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) val userId = resourceUser3.idGivenByProvider - val viewsIdsToGrant= randomCustomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(3),randomString(3)) + val viewsIdsToGrant= randomCustomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(10),randomString(10)) val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSONV121].views.length When("the request is sent") val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user1) @@ -1977,7 +1977,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) val userId = resourceUser3.idGivenByProvider - val viewsIdsToGrant= randomCustomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(3),randomString(3)) + val viewsIdsToGrant= randomCustomViewsIdsToGrant(bankId, bankAccount.id) ++ List(randomString(10),randomString(10)) val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSONV121].views.length When("the request is sent") val reply = grantUserAccessToViews(bankId, bankAccount.id, userId, viewsIdsToGrant, user3) @@ -2031,7 +2031,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = revokeUserAccessToView(bankId, bankAccount.id, randomString(5), randomCustomViewPermalink(bankId, bankAccount), user1) + val reply = revokeUserAccessToView(bankId, bankAccount.id, randomString(10), randomCustomViewPermalink(bankId, bankAccount), user1) Then("we should get a 400 ok code") reply.code should equal (400) } @@ -2064,7 +2064,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val userId =resourceUser2.idGivenByProvider val viewsBefore = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSONV121].views.length When("the request is sent") - val reply = revokeUserAccessToView(bankId, bankAccount.id, userId, randomString(5), user1) + val reply = revokeUserAccessToView(bankId, bankAccount.id, userId, randomString(10), user1) Then("we should get a 400 code") reply.code should equal (400) val viewsAfter = getUserAccountPermission(bankId, bankAccount.id, userId, user1).body.extract[ViewsJSONV121].views.length @@ -2107,7 +2107,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = revokeUserAccessToAllViews(bankId, bankAccount.id, randomString(5), user1) + val reply = revokeUserAccessToAllViews(bankId, bankAccount.id, randomString(510), user1) Then("we should get a 400 ok code") reply.code should equal (400) } @@ -2219,7 +2219,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankId = randomBank val bankAccount : AccountJSON = randomPrivateAccount(bankId) When("the request is sent") - val reply = getTheCounterparties(bankId, bankAccount.id, randomString(5), user1) + val reply = getTheCounterparties(bankId, bankAccount.id, randomString(10), user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -2277,7 +2277,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankAccount : AccountJSON = randomPrivateAccount(bankId) val otherBankAccount = randomCounterparty(bankId, bankAccount.id, randomCustomViewPermalink(bankId, bankAccount)) When("the request is sent") - val reply = getTheCounterparty(bankId, bankAccount.id, randomString(5), otherBankAccount.id, user1) + val reply = getTheCounterparty(bankId, bankAccount.id, randomString(10), otherBankAccount.id, user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") @@ -2290,7 +2290,7 @@ class API1_2_1Test extends ServerSetupWithTestData with DefaultUsers with Privat val bankAccount : AccountJSON = randomPrivateAccount(bankId) val view = randomCustomViewPermalink(bankId, bankAccount) When("the request is sent") - val reply = getTheCounterparty(bankId, bankAccount.id, view, randomString(5), user1) + val reply = getTheCounterparty(bankId, bankAccount.id, view, randomString(10), user1) Then("we should get a 400 code") reply.code should equal (400) And("we should get an error message") From 049a8578e1ecebd0ee372b93f22af2ccdf2c26a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Mon, 22 May 2023 09:08:20 +0200 Subject: [PATCH 6/7] bugfix/Handle Anonymous access at Old Style --- obp-api/src/main/scala/code/api/OBPRestHelper.scala | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/obp-api/src/main/scala/code/api/OBPRestHelper.scala b/obp-api/src/main/scala/code/api/OBPRestHelper.scala index 317b5573b..45ad8e18d 100644 --- a/obp-api/src/main/scala/code/api/OBPRestHelper.scala +++ b/obp-api/src/main/scala/code/api/OBPRestHelper.scala @@ -403,9 +403,12 @@ trait OBPRestHelper extends RestHelper with MdcLoggable { val (usr, callContext) = getUserAndCallContext(cc) usr match { case Full(u) => fn(callContext.copy(user = Full(u))) // Authentication is successful + case Empty => fn(cc.copy(user = Empty)) // Anonymous access case ParamFailure(a, b, c, apiFailure : APIFailure) => ParamFailure(a, b, c, apiFailure : APIFailure) case Failure(msg, t, c) => Failure(msg, t, c) - case _ => Failure("oauth error") + case unhandled => + logger.debug(unhandled) + Failure("oauth error") } } else if (hasAnOAuth2Header(authorization)) { val (user, callContext) = OAuth2Login.getUser(cc) @@ -413,9 +416,12 @@ trait OBPRestHelper extends RestHelper with MdcLoggable { case Full(u) => AuthUser.refreshUser(u, callContext) fn(cc.copy(user = Full(u))) // Authentication is successful + case Empty => fn(cc.copy(user = Empty)) // Anonymous access case ParamFailure(a, b, c, apiFailure : APIFailure) => ParamFailure(a, b, c, apiFailure : APIFailure) case Failure(msg, t, c) => Failure(msg, t, c) - case _ => Failure("oauth error") + case unhandled => + logger.debug(unhandled) + Failure("oauth error") } } // Direct Login Deprecated i.e Authorization: DirectLogin token=eyJhbGciOiJIUzI1NiJ9.eyIiOiIifQ.Y0jk1EQGB4XgdqmYZUHT6potmH3mKj5mEaA9qrIXXWQ From 2834beca30c148589779bb30a13b5689f39f242c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Mon, 22 May 2023 09:13:34 +0200 Subject: [PATCH 7/7] Revert "feature/Hydra ORA: It is no longer possible to set an OAuth2 Client ID as a user" This reverts commit 9d3877bd --- .../code/snippet/ConsumerRegistration.scala | 51 ++++++++----------- .../src/main/scala/code/util/HydraUtil.scala | 3 +- 2 files changed, 21 insertions(+), 33 deletions(-) diff --git a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala index 198c48cc0..45513574f 100644 --- a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala +++ b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala @@ -27,6 +27,7 @@ TESOBE (http://www.tesobe.com/) package code.snippet import java.util + import code.api.{Constant, DirectLogin} import code.api.util.{APIUtil, ErrorMessages, X509} import code.consumer.Consumers @@ -41,7 +42,6 @@ import net.liftweb.util.Helpers._ import net.liftweb.util.{CssSel, FieldError, Helpers} import org.apache.commons.lang3.StringUtils import org.codehaus.jackson.map.ObjectMapper -import sh.ory.hydra.model.OAuth2Client import scala.collection.immutable.{List, ListMap} import scala.jdk.CollectionConverters.seqAsJavaListConverter @@ -127,17 +127,19 @@ class ConsumerRegistration extends MdcLoggable { "#register-consumer-success" #> "" } - def createHydraClient(consumer: Consumer): Option[OAuth2Client] = { + def showResults(consumer : Consumer) = { + val urlOAuthEndpoint = Constant.HostName + "/oauth/initiate" + val urlDirectLoginEndpoint = Constant.HostName + "/my/logins/direct" val jwksUri = jwksUriVar.is val jwks = jwksVar.is - - var jwkPrivateKey: String = s"Please change this value to ${if (StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key" + val jwsAlg = signingAlgVar.is + var jwkPrivateKey: String = s"Please change this value to ${if(StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key" // In case we use Hydra ORY as Identity Provider we create corresponding client at Hydra side a well - if (HydraUtil.integrateWithHydra) { + if(HydraUtil.integrateWithHydra) { HydraUtil.createHydraClient(consumer, oAuth2Client => { val signingAlg = signingAlgVar.is - if (oidcCheckboxVar.is == false) { + if(oidcCheckboxVar.is == false) { // TODO Set token_endpoint_auth_method in accordance to the Consumer.AppType value // Consumer.AppType = Confidential => client_secret_post // Consumer.AppType = Public => private_key_jwt @@ -146,8 +148,8 @@ class ConsumerRegistration extends MdcLoggable { } else { oAuth2Client.setTokenEndpointAuthMethod(HydraUtil.clientSecretPost) } - - + + oAuth2Client.setTokenEndpointAuthSigningAlg(signingAlg) oAuth2Client.setRequestObjectSigningAlg(signingAlg) @@ -155,34 +157,25 @@ class ConsumerRegistration extends MdcLoggable { new ObjectMapper().readValue(jwksJson, classOf[util.Map[String, _]]) val requestUri = requestUriVar.is - if (StringUtils.isAllBlank(jwksUri, jwks)) { - val (privateKey, publicKey) = HydraUtil.createJwk(signingAlg) + if(StringUtils.isAllBlank(jwksUri, jwks)) { + val(privateKey, publicKey) = HydraUtil.createJwk(signingAlg) jwkPrivateKey = privateKey val jwksJson = s"""{"keys": [$publicKey]}""" val jwksMap = toJson(jwksJson) oAuth2Client.setJwks(jwksMap) - } else if (StringUtils.isNotBlank(jwks)) { + } else if(StringUtils.isNotBlank(jwks)){ val jwksMap = toJson(jwks) oAuth2Client.setJwks(jwksMap) - } else if (StringUtils.isNotBlank(jwksUri)) { + } else if(StringUtils.isNotBlank(jwksUri)){ oAuth2Client.setJwksUri(jwksUri) } - if (StringUtils.isNotBlank(requestUri)) { + if(StringUtils.isNotBlank(requestUri)) { oAuth2Client.setRequestUris(List(requestUri).asJava) } oAuth2Client }) - } else { - None } - } - - def showResults(consumer : Consumer) = { - val urlOAuthEndpoint = Constant.HostName + "/oauth/initiate" - val urlDirectLoginEndpoint = Constant.HostName + "/my/logins/direct" - val jwsAlg = signingAlgVar.is - val (jwkPrivateKey, _) = HydraUtil.createJwk(signingAlgVar.is) val registerConsumerSuccessMessageWebpage = getWebUiPropsValue( "webui_register_consumer_success_message_webpage", "Thanks for registering your consumer with the Open Bank Project API! Here is your developer information. Please save it in a secure location.") @@ -248,16 +241,12 @@ class ConsumerRegistration extends MdcLoggable { } } - def showRegistrationResults(consumer : Consumer) = { - // Create client at ORY Hydra side and update our consumer with a new Client ID - val updatedConsumer = createHydraClient(consumer).flatMap { c => - Consumers.consumers.vend - .updateConsumer(consumer.id.get,Some(c.getClientId),None,None,None,None,None,None,None,None) - }.getOrElse(consumer) + def showRegistrationResults(result : Consumer) = { - notifyRegistrationOccurred(updatedConsumer) - sendEmailToDeveloper(updatedConsumer) - showResults(updatedConsumer) + notifyRegistrationOccurred(result) + sendEmailToDeveloper(result) + + showResults(result) } def showErrors(errors : List[FieldError]) = { diff --git a/obp-api/src/main/scala/code/util/HydraUtil.scala b/obp-api/src/main/scala/code/util/HydraUtil.scala index 69956c5fe..b3d20fb2f 100644 --- a/obp-api/src/main/scala/code/util/HydraUtil.scala +++ b/obp-api/src/main/scala/code/util/HydraUtil.scala @@ -77,8 +77,7 @@ object HydraUtil extends MdcLoggable{ return None } val oAuth2Client = new OAuth2Client() - // ORY Hydra: It is no longer possible to set an OAuth2 Client ID as a user. The system will generate a unique ID for you. - // oAuth2Client.setClientId(consumer.key.get) + oAuth2Client.setClientId(consumer.key.get) oAuth2Client.setClientSecret(consumer.secret.get) oAuth2Client.setClientName(consumer.name.get)