use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapperTest method verifyAccountId_noMatch.
@Test
public void verifyAccountId_noMatch() throws Exception {
// Given
wrapper.accountRequest = new FRAccountRequest();
wrapper.accountRequest.setAccountIds(Collections.singletonList("differentAccount123"));
wrapper.accountId("12345");
// When
OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.verifyAccountId(), OBErrorException.class);
// Then
assertThat(obErrorException.getMessage()).isEqualTo("You are not authorised to access account '12345'. The account request 'null' only authorised the following accounts: '[differentAccount123]'");
assertThat(obErrorException.getOBError().getErrorCode()).isEqualTo(OBStandardErrorCodes1.UK_OBIE_FIELD_INVALID.getValue());
assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(400);
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class DomesticVrpPaymentsEndpointWrapperTest method fail_validateRisk.
@Test
public void fail_validateRisk() throws OBErrorException {
// Given
DomesticVrpPaymentsEndpointWrapper domesticVrpPaymentsEndpointWrapper = new DomesticVrpPaymentsEndpointWrapper(endpointWrapperService, tppStoreService, riskValidator);
OBDomesticVRPRequest vrpRequest = OBDomesticVRPRequestTestDataFactory.aValidOBDomesticVRPRequest();
FRDomesticVRPConsent vrpConsent = FRVrpTestDataFactory.aValidFRDomesticVRPConsent();
vrpRequest.setRisk(toOBRisk1(vrpConsent.getRisk()));
vrpRequest.getRisk().setMerchantCategoryCode("mismatched Merchange Category Code");
// When
OBErrorException exception = catchThrowableOfType(() -> domesticVrpPaymentsEndpointWrapper.checkRequestAndConsentRiskMatch(vrpRequest, vrpConsent), OBErrorException.class);
// Then
assertThat(exception.getObriErrorType()).isEqualTo(OBRIErrorType.REQUEST_VRP_RISK_DOESNT_MATCH_CONSENT);
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class PaymentsRequestPaymentIdEndpointWrapperTest method setup.
@Before
public void setup() {
// setting required objects to the perform test
UUID uuid = UUID.randomUUID();
RSEndpointWrapperService rsEndpointWrapperService = new RSEndpointWrapperService(obHeaderCheckerService, cryptoApiClient, null, null, rsConfiguration, null, null, false, null, rsConfiguration.financialId, amOpenBankingConfiguration, null, null, null, amResourceServerService, null, null, null, null);
wrapper = new PaymentsRequestPaymentIdEndpointWrapper(rsEndpointWrapperService, tppStoreService) {
@Override
protected ResponseEntity run(PaymentRestEndpointContent main) throws OBErrorException {
return super.run(main);
}
};
wrapper.xFapiFinancialId(uuid.toString());
wrapper.principal(new PasswordLessUserNameAuthentication("test-tpp", Collections.EMPTY_LIST));
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class PaymentsRequestPaymentIdEndpointWrapperTest method verifyAccessUsing_GrantTypeWrong.
@Test
public void verifyAccessUsing_GrantTypeWrong() throws Exception {
// given
PaymentConsent payment = FRDomesticConsent.builder().status(ConsentStatusCode.AUTHORISED).build();
String jws = jws("payments", OIDCConstants.GrantType.AUTHORIZATION_CODE);
wrapper.authorization("Bearer " + jws);
when(amResourceServerService.verifyAccessToken("Bearer " + jws)).thenReturn((SignedJWT) JWTParser.parse(jws));
// then
// When
OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.payment(payment).applyFilters(), OBErrorException.class);
assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(403);
assertThat(obErrorException.getOBError().getErrorCode()).isEqualTo(ErrorCode.OBRI_ACCESS_TOKEN_INVALID.getValue());
assertThat(obErrorException.getMessage()).isEqualTo("The access token grant type AUTHORIZATION_CODE doesn't match one of the expected grant types [CLIENT_CREDENTIAL]");
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class PaymentsSubmissionsEndpointWrapper method verifyPaymentIdWithAccessToken.
public void verifyPaymentIdWithAccessToken() throws OBErrorException {
try {
String paymentIdFromAccessToken = rsEndpointWrapperService.accessTokenService.getIntentId(accessToken);
LOGGER.info("Payment id {} associated with the access token", payment.getId());
if (!payment.getId().equals(paymentIdFromAccessToken)) {
LOGGER.error("Payment id {} associated with the access token is not the same than the payment id {} " + "associated with the payment submission", paymentIdFromAccessToken, payment.getId());
throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_PAYMENT_ID, paymentIdFromAccessToken, payment.getId());
}
} catch (ParseException | IOException e) {
LOGGER.error("Can't retrieve claims from access token: {}", accessToken);
throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
}
}
Aggregations