Examples with FRDomesticVRPConsent com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent used on opensource projects

Example 6 with FRDomesticVRPConsent

use of com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent in project openbanking-aspsp by OpenBankingToolkit.

the class DomesticVrpsApiController method domesticVrpPost.

@Override
public /**
 *         @ApiParam(value = "An Authorisation Token as per https://tools.ietf.org/html/rfc6750", required = true)
 *             @RequestHeader(value = "Authorization", required = true) String authorization,
 *
 *             @ApiParam(value = "A detached JWS signature of the body of the payload.", required = true)
 *             @RequestHeader(value = "x-jws-signature", required = true) String xJwsSignature,
 *
 *             @ApiParam(value = "Default", required = true)
 *             @Valid
 *             @RequestBody OBDomesticVRPRequest obDomesticVRPRequest,
 *
 *             @ApiParam(value = "The time when the PSU last logged in with the TPP.  All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below:  Sun, 10 Sep 2017 19:43:31 UTC")
 *             @RequestHeader(value = "x-fapi-auth-date", required = false) String xFapiAuthDate,
 *
 *             @ApiParam(value = "The PSU's IP address if the PSU is currently logged in with the TPP.")
 *             @RequestHeader(value = "x-fapi-customer-ip-address", required = false) String xFapiCustomerIpAddress,
 *
 *             @ApiParam(value = "An RFC4122 UID used as a correlation id.")
 *             @RequestHeader(value = "x-fapi-interaction-id", required = false) String xFapiInteractionId,
 *
 *             @ApiParam(value = "Indicates the user-agent that the PSU is using.")
 *             @RequestHeader(value = "x-customer-user-agent", required = false) String xCustomerUserAgent,
 */
ResponseEntity<OBDomesticVRPResponse> domesticVrpPost(String authorization, String xJwsSignature, OBDomesticVRPRequest obDomesticVRPRequest, String xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("domesticVrpPost() Recieved OBDomesticVrpRequest {}", obDomesticVRPRequest);
    @NotNull @Valid OBDomesticVRPInitiation initiation = obDomesticVRPRequest.getData().getInitiation();
    String consentId = obDomesticVRPRequest.getData().getConsentId();
    log.debug("domesticVrpPost() consentId is {}", consentId);
    FRDomesticVRPConsent consent = vrpPaymentConsentService.getVrpPaymentConsent(consentId);
    DomesticVrpPaymentsEndpointWrapper vrpPaymentsEndpointWrapper = rsEndpointWrapperService.vrpPaymentEndpoint();
    vrpPaymentsEndpointWrapper.authorization(authorization);
    vrpPaymentsEndpointWrapper.obVersion(OBVersion.v3_1_8);
    vrpPaymentsEndpointWrapper.xFapiFinancialId(rsEndpointWrapperService.getRsConfiguration().financialId);
    vrpPaymentsEndpointWrapper.principal(principal);
    vrpPaymentsEndpointWrapper.payment(consent);
    vrpPaymentsEndpointWrapper.isAuthorizationCodeGrantType(true);
    vrpPaymentsEndpointWrapper.filters(f -> {
        f.verifyJwsDetachedSignature(xJwsSignature, request);
        f.validateRisk(obDomesticVRPRequest.getRisk());
        f.checkRequestAndConsentInitiationMatch(initiation, consent);
        f.checkRequestAndConsentRiskMatch(obDomesticVRPRequest, consent);
        f.checkControlParameters(obDomesticVRPRequest, consent);
        f.checkCreditorAccountIsInInstructionIfNotInConsent(obDomesticVRPRequest, consent);
    });
    ResponseEntity responseEntity = vrpPaymentsEndpointWrapper.execute((String tppId) -> {
        HttpHeaders additionalHeaders = new HttpHeaders();
        additionalHeaders.add("x-ob-client-id", tppId);
        return rsStoreGateway.toRsStore(request, additionalHeaders, Collections.emptyMap(), OBDomesticVRPResponse.class, obDomesticVRPRequest);
    });
    return responseEntity;
}

Example 7 with FRDomesticVRPConsent

use of com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent in project openbanking-aspsp by OpenBankingToolkit.

the class DomesticVrpConsentsApiController method domesticVrpConsentsFundsConfirmation.

@Override
public ResponseEntity domesticVrpConsentsFundsConfirmation(String consentId, String authorization, String xJwsSignature, OBVRPFundsConfirmationRequest obVRPFundsConfirmationRequest, String xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("(store) Request to get a VRP funds confirmation, consentId '{}', mode test '{}'", consentId, StringUtils.hasLength(request.getHeader(OpenBankingHttpHeaders.X_OB_MODE_TEST)));
    boolean areFundsAvailable = false;
    // check header 'x-ob-mode-test' to restrict the behaviour for test purposes
    if (StringUtils.hasLength(request.getHeader(OpenBankingHttpHeaders.X_OB_MODE_TEST))) {
        areFundsAvailable = true;
    } else {
        Optional<FRDomesticVRPConsent> optional = domesticVRPConsentRepository.findById(consentId);
        if (!optional.isPresent()) {
            log.warn("(store) Domestic VRP payment consent '{}' to confirm funds can't be found", consentId);
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Domestic VRP payment consent '" + consentId + "' to confirm funds can't be found");
        }
        FRDomesticVRPConsent domesticVrpConsent = optional.get();
        if (!domesticVrpConsent.getStatus().equals(ConsentStatusCode.AUTHORISED)) {
            log.error("(store) Funds confirmation for VRP payment consent Id '{}, with status '{}' can't be requested" + " because the consent status hasn't '{}'", consentId, domesticVrpConsent.getStatus().getValue(), ConsentStatusCode.AUTHORISED.getValue());
            throw new OBErrorResponseException(HttpStatus.BAD_REQUEST, OBRIErrorResponseCategory.REQUEST_INVALID, OBRIErrorType.CONSENT_STATUS_NOT_AUTHORISED.toOBError1(consentId));
        }
        // Check if funds are available on the account selected in consent
        String accountIdentification = domesticVrpConsent.getVrpDetails().getData().getInitiation().getDebtorAccount().getIdentification();
        Collection<FRAccount> accountsByUserID = accountRepository.findByUserID(Objects.requireNonNull(domesticVrpConsent.getUserId()));
        Optional<FRAccount> accountOptional = accountsByUserID.stream().filter(account -> account.getAccount().getAccounts().stream().filter(a -> a.getIdentification().equals(accountIdentification)).findFirst().isPresent()).findFirst();
        if (!accountOptional.isPresent()) {
            log.warn("(store) VRP consent '{}', debtor account with identitication '{}' can't be found", consentId, accountIdentification);
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("VRP consent '" + consentId + "', debtor account with identitication '" + accountIdentification + "' to confirm funds can't be found");
        }
        areFundsAvailable = fundsAvailabilityService.isFundsAvailable(accountOptional.get().getId(), obVRPFundsConfirmationRequest.getData().getInstructedAmount().getAmount());
    }
    OBVRPFundsConfirmationRequestData data = obVRPFundsConfirmationRequest.getData();
    return ResponseEntity.status(HttpStatus.OK).body(new OBVRPFundsConfirmationResponse().data(new OBVRPFundsConfirmationResponseData().fundsConfirmationId(UUID.randomUUID().toString()).consentId(consentId).creationDateTime(DateTime.now()).reference(data.getReference()).fundsAvailableResult(new OBPAFundsAvailableResult1().fundsAvailable(areFundsAvailable ? OBPAFundsAvailableResult1.FundsAvailableEnum.AVAILABLE : OBPAFundsAvailableResult1.FundsAvailableEnum.NOTAVAILABLE).fundsAvailableDateTime(DateTime.now())).instructedAmount(data.getInstructedAmount())));
}

Example 8 with FRDomesticVRPConsent

use of com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent in project openbanking-aspsp by OpenBankingToolkit.

the class DomesticVrpConsentsApiController method domesticVrpConsentsPost.

@Override
public ResponseEntity<OBDomesticVRPConsentResponse> domesticVrpConsentsPost(String authorization, String xIdempotencyKey, String xJwsSignature, OBDomesticVRPConsentRequest obDomesticVRPConsentRequest, String xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, String clientId, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("(store) Received Domestic VRP consent: '{}'", obDomesticVRPConsentRequest);
    log.debug("(store) Request to create a VRP consent received, interactionId '{}'", xFapiInteractionId);
    FRDomesticVRPConsentDetails frDomesticVRPDetails = toFRDomesticVRPConsentDetails(obDomesticVRPConsentRequest);
    log.trace("Converted OB Domestic VRP consent to: '{}'", frDomesticVRPDetails);
    final Tpp tpp = tppRepository.findByClientId(clientId);
    log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
    Optional<FRDomesticVRPConsent> vrpConsentByIdempotencyKey = domesticVRPConsentRepository.findByIdempotencyKeyAndPispId(xIdempotencyKey, tpp.getId());
    if (vrpConsentByIdempotencyKey.isPresent()) {
        validateIdempotencyRequest(xIdempotencyKey, frDomesticVRPDetails, vrpConsentByIdempotencyKey.get(), () -> vrpConsentByIdempotencyKey.get().getVrpDetails());
        log.info("Idempotent request for VRP payment consent is valid. Returning [201 CREATED] but take no further action.");
        return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(vrpConsentByIdempotencyKey.get()));
    }
    log.debug("No Domestic VRP payment consent with matching idempotency key has been found. Creating new consent.");
    FRDomesticVRPConsent domesticVrpConsent = FRDomesticVRPConsent.builder().id(IntentType.DOMESTIC_VRP_PAYMENT_CONSENT.generateIntentId()).status(ConsentStatusCode.AWAITINGAUTHORISATION).vrpDetails(frDomesticVRPDetails).pispId(tpp.getId()).pispName(tpp.getOfficialName()).statusUpdate(DateTime.now()).idempotencyKey(xIdempotencyKey).obVersion(VersionPathExtractor.getVersionFromPath(request)).build();
    log.debug("Saving Domestic VRP payment consent: '{}'", domesticVrpConsent);
    consentMetricService.sendConsentActivity(new ConsentStatusEntry(domesticVrpConsent.getId(), domesticVrpConsent.getStatus().name()));
    domesticVRPConsentRepository.save(domesticVrpConsent);
    log.info("Created domestic VRP payment consent id: '{}'", domesticVrpConsent.getId());
    return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(domesticVrpConsent));
}

Example 9 with FRDomesticVRPConsent

use of com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent in project openbanking-aspsp by OpenBankingToolkit.

the class RCSVrpPaymentDetailsApi method consentDetails.

@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
    log.debug("Received a VRP consent request with consent_request='{}'", remoteConsentRequest);
    log.debug("=> The VRP payment consent id '{}'", consentId);
    log.debug("Populate the model with the VRP payment and consent data");
    FRDomesticVRPConsent vrpConsent = consentService.getVrpPaymentConsent(consentId);
    if (vrpConsent == null) {
        log.error("VRP Consent ID '{}' not found", consentId);
        return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_INVALID, String.format("Consent ID '%s' not found.", consentId));
    }
    Optional<Tpp> isTpp = tppStoreService.findById(vrpConsent.getPispId());
    if (isTpp.isEmpty()) {
        log.error("The TPP '{}' (Client ID {}) that created this vrp consent id '{}' doesn't exist anymore.", vrpConsent.getPispId(), clientId, consentId);
        return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, consentId);
    }
    Tpp tpp = isTpp.get();
    // Verify the pisp is the same than the one that created this payment ^
    verifyTppCreatedPayment(clientId, tpp.getClientId(), consentId);
    // Associate the vrp payment to this user
    vrpConsent.setUserId(username);
    consentService.updateVrpPaymentConsent(vrpConsent);
    FRDomesticVRPConsentDetailsData data = vrpConsent.getVrpDetails().getData();
    return ResponseEntity.ok(DomesticVrpPaymentConsentDetails.builder().username(username).pispName(tpp.getOfficialName()).aspspName(platformConfiguration.getAspspName()).merchantName(vrpConsent.getPispName()).logo(tpp.getLogo()).clientId(clientId).creditorAccount(Optional.ofNullable(data.getInitiation().getCreditorAccount()).orElse(null)).debtorAccount(Optional.ofNullable(data.getInitiation().getDebtorAccount()).orElse(null)).controlParameters(Optional.ofNullable(data.getControlParameters()).orElse(null)).paymentReference(Optional.ofNullable(data.getInitiation().getRemittanceInformation()).map(FRRemittanceInformation::getReference).orElse(null)).debtorReference(Optional.ofNullable(data.getInitiation().getRemittanceInformation()).map(FRRemittanceInformation::getUnstructured).orElse(null)).build());
}

Example 10 with FRDomesticVRPConsent

use of com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent in project openbanking-aspsp by OpenBankingToolkit.

the class DomesticVrpConsentsApiControllerIT method getDomesticVrpPaymentConsent.

@Test
public void getDomesticVrpPaymentConsent() throws UnirestException {
    // Given
    springSecForTest.mockAuthCollector.mockAuthorities(OBRIRole.ROLE_PISP);
    FRDomesticVRPConsent consent = saveFRConsent(IntentType.DOMESTIC_VRP_PAYMENT_CONSENT.generateIntentId(), FRReadRefundAccount.NO, ConsentStatusCode.EXPIRED);
    // When
    HttpResponse<OBDomesticVRPConsentResponse> response = Unirest.get(RS_STORE_URL + port + CONTEXT_PATH + consent.getId()).header(OBHeaders.X_FAPI_FINANCIAL_ID, rsConfiguration.financialId).header(OBHeaders.AUTHORIZATION, "token").asObject(OBDomesticVRPConsentResponse.class);
    log.debug("Response {}:{}  {}", response.getStatus(), response.getStatusText(), response.getBody());
    if (response.getParsingError().isPresent()) {
        log.error("Parsing error", response.getParsingError().get());
    }
    // Then
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
    assertThat(response.getBody().getData().getConsentId()).isEqualTo(consent.getId());
    assertThat(toFRWriteDomesticVRPDataInitiation(response.getBody().getData().getInitiation())).isEqualTo(consent.getInitiation());
    assertThat(response.getBody().getData().getStatus().getValue()).isEqualTo(consent.getStatus().getValue());
}