use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent in project openbanking-aspsp by OpenBankingToolkit.
the class AccountAccessConsentApiController method createAccountAccessConsent.
@Override
public ResponseEntity<OBReadConsentResponse1> createAccountAccessConsent(@ApiParam(value = "Create an Account Request", required = true) @Valid @RequestBody OBReadRequest1 body, @ApiParam(value = "The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB.", required = true) @RequestHeader(value = "x-fapi-financial-id", required = true) String xFapiFinancialId, @ApiParam(value = "An Authorisation Token as per https://tools.ietf.org/html/rfc6750", required = true) @RequestHeader(value = "Authorization", required = true) String authorization, @ApiParam(value = "Header containing a detached JWS signature of the body of the payload.", required = true) @RequestHeader(value = "x-jws-signature", required = false) String xJwsSignature, @ApiParam(value = "The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC") @RequestHeader(value = "x-fapi-customer-last-logged-time", required = false) @DateTimeFormat(pattern = HTTP_DATE_FORMAT) DateTime xFapiCustomerLastLoggedTime, @ApiParam(value = "The PSU's IP address if the PSU is currently logged in with the TPP.") @RequestHeader(value = "x-fapi-customer-ip-address", required = false) String xFapiCustomerIpAddress, @ApiParam(value = "An RFC4122 UID used as a correlation id.") @RequestHeader(value = "x-fapi-interaction-id", required = false) String xFapiInteractionId, @ApiParam(value = "Indicates the user-agent that the PSU is using.") @RequestHeader(value = "x-customer-user-agent", required = false) String xCustomerUserAgent, @ApiParam(value = "The AISP ID") @RequestHeader(value = "x-ob-aisp_id", required = false) String aispId, HttpServletRequest request) throws OBErrorResponseException {
log.info("Received a new account access consent");
String consentId = createNewConsentId(body);
log.info("Create a new Account access consent ID {}", consentId);
OBReadConsentResponse1 response = new OBReadConsentResponse1().data(new OBReadConsentResponse1Data().consentId(consentId).status(OBExternalRequestStatus1Code.AWAITINGAUTHORISATION).creationDateTime(DateTime.now()).permissions(body.getData().getPermissions()).expirationDateTime(body.getData().getExpirationDateTime()).statusUpdateDateTime(DateTime.now()).transactionFromDateTime(body.getData().getTransactionFromDateTime()).transactionToDateTime(body.getData().getTransactionToDateTime())).risk(body.getRisk());
FRAccountAccessConsent accountAccessConsent = new FRAccountAccessConsent();
accountAccessConsent.setId(consentId);
accountAccessConsent.setConsentId(consentId);
accountAccessConsent.setAccountAccessConsent(toFRReadConsentResponse(response));
accountAccessConsent.setAisp(tppRepository.findByClientId(aispId));
accountAccessConsent.setObVersion(VersionPathExtractor.getVersionFromPath(request));
consentMetricService.sendConsentActivity(new ConsentStatusEntry(accountAccessConsent.getId(), accountAccessConsent.getStatus().name()));
accountAccessConsent = frAccountAccessConsentRepository.save(accountAccessConsent);
log.debug("Account access consent created {}", accountAccessConsent.getAccountAccessConsent());
return ResponseEntity.status(HttpStatus.CREATED).body(response);
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent in project openbanking-aspsp by OpenBankingToolkit.
the class AccountRequestStoreServiceImpl method getAccountAccessConsent.
private Optional<FRAccountAccessConsent> getAccountAccessConsent(String consentId) {
ParameterizedTypeReference<Optional<FRAccountAccessConsent>> ptr = new ParameterizedTypeReference<Optional<FRAccountAccessConsent>>() {
};
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(rsStoreRoot + "/api/account-access-consents/" + consentId);
URI uri = builder.build().encode().toUri();
return restTemplate.exchange(uri, HttpMethod.GET, null, ptr).getBody();
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent in project openbanking-aspsp by OpenBankingToolkit.
the class RCSCustomerInfoDetailsApiTest method shouldReturnRedirectActionWhenCustomerInfoNotFound.
@Test
public void shouldReturnRedirectActionWhenCustomerInfoNotFound() throws OBErrorException {
FRAccountAccessConsent frAccountAccessConsent = JMockData.mock(FRAccountAccessConsent.class);
frAccountAccessConsent.setConsentId(IntentType.CUSTOMER_INFO_CONSENT.generateIntentId());
frAccountAccessConsent.setCustomerInfo(null);
given(tppStoreService.findById(frAccountAccessConsent.getAispId())).willReturn(Optional.of(Tpp.builder().clientId(frAccountAccessConsent.getClientId()).build()));
given(accountRequestStoreService.get(any())).willReturn(Optional.ofNullable(frAccountAccessConsent));
given(customerInfoRepository.findByUserID(any())).willReturn(null);
given(rcsErrorService.invalidConsentError(any(), any())).willReturn(ResponseEntity.ok(RedirectionAction.builder().redirectUri("redirect_uri_value").build()));
ResponseEntity<RedirectionAction> response = api.consentDetails("asdfasdc", Collections.EMPTY_LIST, frAccountAccessConsent.getUserId(), frAccountAccessConsent.getConsentId(), frAccountAccessConsent.getClientId());
RedirectionAction redirectionAction = response.getBody();
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(redirectionAction.getRedirectUri()).isNotNull();
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent in project openbanking-aspsp by OpenBankingToolkit.
the class RCSCustomerInfoDetailsApiTest method shouldReturnCustomerInfoDetails.
@Test
public void shouldReturnCustomerInfoDetails() throws OBErrorException {
FRAccountAccessConsent frAccountAccessConsent = JMockData.mock(FRAccountAccessConsent.class);
frAccountAccessConsent.setConsentId(IntentType.CUSTOMER_INFO_CONSENT.generateIntentId());
FRCustomerInfo customerInfo = JMockData.mock(FRCustomerInfo.class);
given(tppStoreService.findById(frAccountAccessConsent.getAispId())).willReturn(Optional.of(Tpp.builder().clientId(frAccountAccessConsent.getClientId()).build()));
given(accountRequestStoreService.get(any())).willReturn(Optional.ofNullable(frAccountAccessConsent));
given(customerInfoRepository.findByUserID(any())).willReturn(customerInfo);
ResponseEntity<CustomerInfoConsentDetails> response = api.consentDetails("asdfas", Collections.EMPTY_LIST, frAccountAccessConsent.getUserId(), frAccountAccessConsent.getConsentId(), frAccountAccessConsent.getClientId());
CustomerInfoConsentDetails details = response.getBody();
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(details.getCustomerInfo()).isNotNull();
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent in project openbanking-aspsp by OpenBankingToolkit.
the class RCSCustomerInfoDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a Customer info account consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The Customer info account consent id '{}'", consentId);
Optional<AccountRequest> isCustomerInfoConsent = accountRequestStoreService.get(consentId);
if (!isCustomerInfoConsent.isPresent()) {
log.error("The AISP '{}' is referencing an customer info account request {} that doesn't exist", clientId, consentId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, consentId);
}
FRAccountAccessConsent customerInfoAccountConsent = (FRAccountAccessConsent) isCustomerInfoConsent.get();
// Verify the aisp is the same than the one that created this customer info accountRequest ^
if (!clientId.equals(customerInfoAccountConsent.getClientId())) {
log.error("The AISP '{}' created the customer info account request '{}' but it's AISP '{}' that is " + "trying to get consent for it.", customerInfoAccountConsent.getClientId(), consentId, clientId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, customerInfoAccountConsent.getClientId(), clientId, consentId);
}
Optional<Tpp> isTpp = tppStoreService.findById(customerInfoAccountConsent.getAispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this customer info account consent id '{}' " + "doesn't exist anymore.", customerInfoAccountConsent.getAispId(), clientId, customerInfoAccountConsent.getId());
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, customerInfoAccountConsent.getId());
}
Tpp tpp = isTpp.get();
log.debug("Populate the customer info model with details data");
customerInfoAccountConsent.setUserId(username);
accountRequestStoreService.save(customerInfoAccountConsent);
log.debug("Populate the model with the customer info and consent data");
log.debug("get the customer info to add it in account consent data.");
FRCustomerInfo customerInfo = customerInfoRepository.findByUserID(username);
log.debug("customer info data {}", customerInfo);
if (customerInfo == null) {
return rcsErrorService.invalidConsentError(remoteConsentRequest, new OBErrorException(OBRIErrorType.CUSTOMER_INFO_NOT_FOUND));
}
customerInfoAccountConsent.setCustomerInfo(customerInfo);
log.debug("customer info to added in account consent data {}", consentId);
return ok(CustomerInfoConsentDetails.builder().username(username).merchantName(customerInfoAccountConsent.getAispName()).logo(tpp.getLogo()).clientId(clientId).customerInfo(customerInfoAccountConsent.getCustomerInfo()).build());
}
Aggregations