Examples with FRAccount com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount used on opensource projects

Example 21 with FRAccount

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount in project openbanking-aspsp by OpenBankingToolkit.

the class DataApiControllerIT method shouldReturnPayloadTooLargeWhenCreatingNewDataUsingUpdate.

@Test
public void shouldReturnPayloadTooLargeWhenCreatingNewDataUsingUpdate() throws Exception {
    // Given
    OBAccount6 account = new OBAccount6().accountId(UUID.randomUUID().toString());
    List<FRAccountData> accountDatas = Collections.singletonList(FRAccountData.builder().account(account).balances(Arrays.asList(new OBCashBalance1().type(OBBalanceType1Code.INTERIMAVAILABLE), new OBCashBalance1().type(OBBalanceType1Code.INTERIMBOOKED))).build());
    FRAccount savedAccount = frAccountRepository.save(FRAccount.builder().id(account.getAccountId()).userID(UUID.randomUUID().toString()).build());
    FRUserData userData = new FRUserData();
    userData.setAccountDatas(accountDatas);
    userData.setUserName(savedAccount.getUserID());
    // When
    mockMvc.perform(put("/api/data/user").content(mapper.writeValueAsString(userData)).contentType("application/json")).andExpect(status().isPayloadTooLarge());
}

Example 22 with FRAccount

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount in project openbanking-aspsp by OpenBankingToolkit.

the class AutodecisionsApiController method autoAccept.

@Override
public ResponseEntity<RedirectionAction> autoAccept(@RequestBody String consentRequestJwt, @CookieValue(value = "${am.cookie.name}") String ssoToken) throws OBErrorException {
    try {
        log.debug("Parse consent request JWS");
        SignedJWT signedJWT = (SignedJWT) JWTParser.parse(consentRequestJwt);
        log.debug("Read payment ID from the claims");
        // Read the claims
        Claims claims = JwsClaimsUtils.getClaims(signedJWT);
        if (!claims.getIdTokenClaims().containsKey(OpenBankingConstants.IdTokenClaim.INTENT_ID)) {
            return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID, "No intent ID");
        }
        String intentId = claims.getIdTokenClaims().get(OpenBankingConstants.IdTokenClaim.INTENT_ID).getValue();
        String clientId = signedJWT.getJWTClaimsSet().getStringClaim(RCSConstants.Claims.CLIENT_ID);
        String redirectUri = signedJWT.getJWTClaimsSet().getStringClaim(OIDCConstants.OIDCClaim.CONSENT_APPROVAL_REDIRECT_URI);
        String csrf = signedJWT.getJWTClaimsSet().getStringClaim(RCSConstants.Claims.CSRF);
        List<String> scopes = new ArrayList<>(signedJWT.getJWTClaimsSet().getJSONObjectClaim(RCSConstants.Claims.SCOPES).keySet());
        Map<String, String> profile = userProfileService.getProfile(ssoToken, amOpenBankingConfiguration.endpointUserProfile, amOpenBankingConfiguration.cookieName);
        String username = profile.get(amOpenBankingConfiguration.userProfileId);
        List<FRAccount> accounts = getAccountOrGenerateData(username);
        // Call the right decision delegate, cased on the intent type
        ConsentDecisionDelegate consentDecisionDelegate = intentTypeService.getConsentDecision(intentId);
        consentDecisionDelegate.autoaccept(accounts, username);
        log.debug("Redirect the resource owner to the original oauth2/openid request but this time, with the " + "consent response jwt '{}'.", consentRequestJwt);
        String consentJwt = rcsService.generateRCSConsentResponse(rcsConfiguration, amOpenBankingConfiguration, csrf, true, scopes, clientId);
        ResponseEntity responseEntity = rcsService.sendRCSResponseToAM(ssoToken, RedirectionAction.builder().redirectUri(redirectUri).consentJwt(consentJwt).requestMethod(HttpMethod.POST).build());
        log.debug("Response received from AM: {}", responseEntity);
        if (responseEntity.getStatusCode() != HttpStatus.FOUND) {
            log.error("When sending the consent response {} to AM, it failed to returned a 302", consentJwt, responseEntity);
            throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
        }
        // TODO: Determine if the id_token needs re-writing!
        String location = responseEntity.getHeaders().getFirst(HttpHeaders.LOCATION);
        log.debug("The redirection to the consent page should be in the location '{}'", location);
        return ResponseEntity.ok(RedirectionAction.builder().redirectUri(location).build());
    } catch (JOSEException e) {
        log.error("Could not generate consent context JWT", e);
        throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
    } catch (ParseException e) {
        log.error("Could not parse the JWT", e);
        throw new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_FORMAT);
    } catch (Exception e) {
        log.error("Unexpected error while authorising consent", e);
        throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
    }
}

Example 23 with FRAccount

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount in project openbanking-aspsp by OpenBankingToolkit.

the class SinglePaymentConsentDecisionDelegate method consentDecision.

@Override
public void consentDecision(String consentDecisionSerialised, boolean decision) throws IOException, OBErrorException {
    SinglePaymentConsentDecision singlePaymentConsentDecision = objectMapper.readValue(consentDecisionSerialised, SinglePaymentConsentDecision.class);
    if (decision) {
        List<FRAccount> accounts = accountsService.get(getUserIDBehindConsent());
        Optional<FRAccount> isAny = accounts.stream().filter(account -> account.getId().equals(singlePaymentConsentDecision.getAccountId())).findAny();
        if (!isAny.isPresent()) {
            log.error("The account selected {} is not own by this user {}. List accounts {}", singlePaymentConsentDecision.getAccountId(), getUserIDBehindConsent(), accounts);
            throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISION_INVALID_ACCOUNT, getUserIDBehindConsent(), singlePaymentConsentDecision.getAccountId(), accounts);
        }
        payment.setStatus(ConsentStatusCode.ACCEPTEDCUSTOMERPROFILE);
        payment.setAccountId(singlePaymentConsentDecision.getAccountId());
        paymentsService.updatePayment(payment);
    } else {
        log.debug("The current payment '{}' has been deny", payment.getId());
        payment.setStatus(ConsentStatusCode.REJECTED);
        paymentsService.updatePayment(payment);
    }
}

Example 24 with FRAccount

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount in project openbanking-aspsp by OpenBankingToolkit.

the class PaymentConsentDecisionUpdaterTest method paymentDecisionAllowed_applyUpdateToConsent.

@Test
public void paymentDecisionAllowed_applyUpdateToConsent() throws Exception {
    // Given
    FRAccount account = new FRAccount();
    account.id = ACCOUNT_ID;
    when(accountStoreService.get(USER_ID)).thenReturn(Collections.singletonList(account));
    FRDomesticConsent paymentConsent = new FRDomesticConsent();
    // When
    paymentConsentDecisionUpdater.applyUpdate(USER_ID, ACCOUNT_ID, true, p -> {
    }, paymentConsent);
    // Then
    assertThat(paymentConsent.getStatus()).isEqualTo(ConsentStatusCode.AUTHORISED);
    assertThat(paymentConsent.getAccountId()).isEqualTo(ACCOUNT_ID);
}

Example 25 with FRAccount

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount in project openbanking-aspsp by OpenBankingToolkit.

the class PaymentConsentDecisionUpdaterTest method paymentDecisionAllowed_butUserDoesNotOwnAccount_rejectWithException.

@Test
public void paymentDecisionAllowed_butUserDoesNotOwnAccount_rejectWithException() {
    // Given
    FRAccount account = new FRAccount();
    account.id = "differentId";
    when(accountStoreService.get(USER_ID)).thenReturn(Collections.singletonList(account));
    FRDomesticConsent paymentConsent = new FRDomesticConsent();
    // When
    assertThatThrownBy(() -> paymentConsentDecisionUpdater.applyUpdate(USER_ID, ACCOUNT_ID, true, p -> {
    }, paymentConsent)).isExactlyInstanceOf(OBErrorException.class).hasMessage("The PSU user1 is trying to share an account 'acc123' he doesn't own. List of his accounts '[FRAccount(id=differentId, userID=null, account=null, latestStatementId=null, created=null, updated=null)]'");
}