Merge pull request #2157 from constantine2nd/develop

Consent; Bump library
2026-02-06 17:56:46 +00:00 · 2022-12-13 15:15:38 +01:00 · 2022-12-13 15:15:38 +01:00 · fabceb0369
commit fabceb0369
parent b6e53b1d6f daca6cc3ef
3 changed files with 32 additions and 11 deletions
--- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
+++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala
@ -744,7 +744,7 @@ trait APIMethods500 {
      "Create Consent By CONSENT_REQUEST_ID (EMAIL)",
      s"""
         |
-         |This endpoint finishes the process of creating a Consent by CONSENT_REQUEST_ID.
+         |This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
         |Please note that the Consent cannot elevate the privileges logged in user already have.
         |
         |""",
@ -772,7 +772,7 @@ trait APIMethods500 {
      "Create Consent By CONSENT_REQUEST_ID (SMS)",
      s"""
         |
-         |This endpoint finishes the process of creating a Consent.
+         |This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
         |Please note that the Consent cannot elevate the privileges logged in user already have. 
         |
         |""",
@ -858,7 +858,10 @@ trait APIMethods500 {
                }
                )
            }
-            (consumerId, applicationText) <- consentRequestJson.consumer_id match {
+            // Use consumer specified at the payload of consent request in preference to the field ConsumerId of consent request
+            // i.e. ConsentRequest.Payload.consumer_id in preference to ConsentRequest.ConsumerId
+            calculatedConsumerId = consentRequestJson.consumer_id.orElse(Some(createdConsentRequest.consumerId))
+            (consumerId, applicationText) <- calculatedConsumerId match {
              case Some(id) => NewStyle.function.checkConsumerByConsumerId(id, callContext) map {
                c => (Some(c.consumerId.get), c.description)
              }
--- a/obp-api/src/test/scala/code/api/v5_0_0/ConsentRequestTest.scala
+++ b/obp-api/src/test/scala/code/api/v5_0_0/ConsentRequestTest.scala
@ -30,10 +30,13 @@ import code.api.util.APIUtil.OAuth._
 import code.api.util.ApiRole._
 import code.api.util.Consent
 import code.api.util.ErrorMessages._
-import code.api.v3_1_0.{PostConsentChallengeJsonV310, PostConsentEntitlementJsonV310, PostConsentViewJsonV310}
+import code.api.v3_1_0.{PostConsentChallengeJsonV310, PostConsentEntitlementJsonV310}
+import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0
+import code.api.v4_0_0.UsersJsonV400
 import code.api.v5_0_0.OBPAPI5_0_0.Implementations5_0_0
 import code.consent.ConsentStatus
 import code.entitlement.Entitlement
+import code.setup.PropsReset
 import com.github.dwickern.macros.NameOf.nameOf
 import com.openbankproject.commons.model.{AccountRoutingJsonV121, ErrorMessage}
 import com.openbankproject.commons.util.ApiVersion
@ -42,7 +45,7 @@ import org.scalatest.Tag

 import scala.language.postfixOps

-class ConsentRequestTest extends V500ServerSetupAsync {
+class ConsentRequestTest extends V500ServerSetupAsync with PropsReset{

  /**
    * Test tags
@ -56,6 +59,7 @@ class ConsentRequestTest extends V500ServerSetupAsync {
  object ApiEndpoint2 extends Tag(nameOf(Implementations5_0_0.getConsentByConsentRequestId))
  object ApiEndpoint3 extends Tag(nameOf(Implementations5_0_0.createConsentByConsentRequestId))
  object ApiEndpoint4 extends Tag(nameOf(Implementations5_0_0.getConsentByConsentRequestId))
+  object ApiEndpoint5 extends Tag(nameOf(Implementations4_0_0.getUsers))
  
  lazy val entitlements = List(PostConsentEntitlementJsonV310("", CanGetAnyUser.toString()))
  lazy val accountAccess = List(AccountAccessV500(
@ -70,7 +74,7 @@ class ConsentRequestTest extends V500ServerSetupAsync {
  val createConsentRequestWithoutLoginUrl = (v5_0_0_Request / "consumer" / "consent-requests")
  val createConsentRequestUrl = (v5_0_0_Request / "consumer"/ "consent-requests").POST<@(user1)
  def getConsentRequestUrl(requestId:String) = (v5_0_0_Request / "consumer"/ "consent-requests"/requestId).GET<@(user1)
-  def createConsentByRequestIdUrl(requestId:String) = (v5_0_0_Request / "consumer"/ "consent-requests"/requestId/"EMAIL"/"consents").POST<@(user1)
+  def createConsentByConsentRequestIdEmail(requestId:String) = (v5_0_0_Request / "consumer"/ "consent-requests"/requestId/"EMAIL"/"consents").POST<@(user1)
  def getConsentByRequestIdUrl(requestId:String) = (v5_0_0_Request / "consumer"/ "consent-requests"/requestId/"consents").GET<@(user1)

  feature("Create/Get Consent Request v5.0.0") {
@ -82,7 +86,7 @@ class ConsentRequestTest extends V500ServerSetupAsync {
      response500.body.extract[ErrorMessage].message should equal (ApplicationNotIdentified)
    }

-    scenario("We will call the Create, Get and Delete endpoints with user credentials ", ApiEndpoint1, ApiEndpoint2, ApiEndpoint3, ApiEndpoint4, VersionOfApi) {
+    scenario("We will call the Create, Get and Delete endpoints with user credentials ", ApiEndpoint1, ApiEndpoint2, ApiEndpoint3, ApiEndpoint4, ApiEndpoint5, VersionOfApi) {
      When(s"We try $ApiEndpoint1 v5.0.0")
      val createConsentResponse = makePostRequest(createConsentRequestUrl, write(postConsentRequestJsonV310))
      Then("We should get a 201")
@ -100,11 +104,19 @@ class ConsentRequestTest extends V500ServerSetupAsync {
      When("We try to make the GET request v5.0.0")
      Then("We grant the role and test it again")
      Entitlement.entitlement.vend.addEntitlement("", resourceUser1.userId, CanGetAnyUser.toString)
-      val createConsentByRequestResponse = makePostRequest(createConsentByRequestIdUrl(consentRequestId), write(""))
+      val createConsentByRequestResponse = makePostRequest(createConsentByConsentRequestIdEmail(consentRequestId), write(""))
      Then("We should get a 200")
      createConsentByRequestResponse.code should equal(201)
      val consentId = createConsentByRequestResponse.body.extract[ConsentJsonV500].consent_id
-  
+      val consentJwt = createConsentByRequestResponse.body.extract[ConsentJsonV500].jwt
+      
+      setPropsValues("consumer_validation_method_for_consent"->"NONE")
+      val requestWhichFails = (v5_0_0_Request / "users").GET
+      val responseWhichFails = makeGetRequest(requestWhichFails, List((s"Consent-JWT", consentJwt)))
+      Then("We get successful response")
+      responseWhichFails.code should equal(401)
+      
+      
      val answerConsentChallengeRequest = (v5_0_0_Request / "banks" / testBankId1.value / "consents" / consentId / "challenge").POST <@ (user1)
      val challenge = Consent.challengeAnswerAtTestEnvironment
      val post = PostConsentChallengeJsonV310(answer = challenge)
@ -120,9 +132,15 @@ class ConsentRequestTest extends V500ServerSetupAsync {
      getConsentByRequestResponseJson.consent_request_id.head should be(consentRequestId)
      getConsentByRequestResponseJson.status should be(ConsentStatus.ACCEPTED.toString)
      
+      val consentRequestHeader = (s"Consent-JWT", getConsentByRequestResponseJson.jwt)
+      val requestGetUsers = (v5_0_0_Request / "users").GET
+      val responseGetUsers = makeGetRequest(requestGetUsers, List(consentRequestHeader))
+      Then("We get successful response")
+      responseGetUsers.code should equal(200)
+      val users = responseGetUsers.body.extract[UsersJsonV400].users
+      users.size should be > 0
    }

-
  }
  
 }
--- a/pom.xml
+++ b/pom.xml
@ -106,7 +106,7 @@
      <dependency>
        <groupId>org.apache.commons</groupId>
        <artifactId>commons-text</artifactId>
-        <version>1.9</version>
+        <version>1.10.0</version>
      </dependency>
      <dependency>
        <groupId>org.scalatest</groupId>