use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class DataApiController method createUserData.
@Override
public ResponseEntity createUserData(@ApiParam(value = "PSU User session") @CookieValue(value = "obri-session", required = true) String obriSession, @ApiParam(value = "The access token") @RequestHeader(name = HttpHeaders.AUTHORIZATION, required = true) String authorization, @ApiParam(value = "User financial data", required = true) @RequestBody FRUserData userData, Principal principal) throws OBErrorException, OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException {
try {
log.debug("createUserData() called");
String tppName = psd2WithSessionApiHelperService.getTppName(principal);
String psuName = psd2WithSessionApiHelperService.getPsuNameFromSession(obriSession);
verifyAccessTokenAndVerifyTppIdentity(authorization, tppName);
log.info("createUserData() called with session for psu '{}' by tpp '{}'", psuName, tppName);
userData.setUserName(psuName);
if (!userDataService.hasData(psuName)) {
psuCounterEntryKPIService.pushPsuCounterEntry(PsuCounterEntry.builder().count(1l).day(DateTime.now()).build());
}
return ResponseEntity.status(HttpStatus.CREATED).body(userDataService.createUserData(userData));
} catch (HttpClientErrorException e) {
if (e.getStatusCode() == HttpStatus.BAD_REQUEST) {
log.debug("TPP bad request: {}", e.getResponseBodyAsString(), e);
throw new OBErrorException(OBRIErrorType.DATA_INVALID_REQUEST, e.getResponseBodyAsString());
} else {
log.error("Internal server: {}", e.getResponseBodyAsString(), e);
throw new OBErrorException(OBRIErrorType.SERVER_ERROR);
}
}
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class DataApiController method updateUserData.
@Override
public ResponseEntity updateUserData(@ApiParam(value = "PSU User session") @CookieValue(value = "obri-session", required = true) String obriSession, @ApiParam(value = "The access token") @RequestHeader(name = HttpHeaders.AUTHORIZATION, required = true) String authorization, @ApiParam(value = "User financial data", required = true) @RequestBody FRUserData userData, Principal principal) throws OBErrorException, OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException {
try {
log.debug("updateUserData() called");
String tppName = psd2WithSessionApiHelperService.getTppName(principal);
String psuName = psd2WithSessionApiHelperService.getPsuNameFromSession(obriSession);
verifyAccessTokenAndVerifyTppIdentity(authorization, tppName);
log.info("updateUserData() called with session for psu '{}' by tpp '{}'", psuName, tppName);
userData.setUserName(psuName);
if (!userDataService.hasData(psuName)) {
psuCounterEntryKPIService.pushPsuCounterEntry(PsuCounterEntry.builder().count(1l).day(DateTime.now()).build());
}
return ResponseEntity.ok(userDataService.updateUserData(userData));
} catch (HttpClientErrorException e) {
if (e.getStatusCode() == HttpStatus.BAD_REQUEST) {
log.debug("TPP bad request: {}", e.getResponseBodyAsString(), e);
throw new OBErrorException(OBRIErrorType.DATA_INVALID_REQUEST, e.getResponseBodyAsString());
} else {
log.error("Internal server: {}", e.getResponseBodyAsString(), e);
throw new OBErrorException(OBRIErrorType.SERVER_ERROR);
}
}
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class DataApiHelperService method getPsuNameFromSession.
public String getPsuNameFromSession(String obriSession) throws OBErrorException {
try {
SignedJWT session = cryptoApiClient.decryptJwe(obriSession);
String psuName = session.getJWTClaimsSet().getSubject();
log.debug("getPsuNameFromSession returning '{}'", psuName);
return psuName;
} catch (Exception e) {
log.info("getPsuNameFromSession() caught exception getting psu name from session '{};", obriSession, e);
}
throw new OBErrorException(OBRIErrorType.SESSION_TOKEN_INVALID_FORMAT);
}
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class FilePaymentConsentsApiController method createFilePaymentConsentsConsentIdFile.
public ResponseEntity<Void> createFilePaymentConsentsConsentIdFile(String fileParam, String consentId, String authorization, String xIdempotencyKey, String xJwsSignature, DateTime xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
log.trace("Received: '{}'", fileParam);
FRFileConsent fileConsent = fileConsentRepository.findById(consentId).orElseThrow(() -> new OBErrorResponseException(HttpStatus.BAD_REQUEST, OBRIErrorResponseCategory.REQUEST_INVALID, OBRIErrorType.PAYMENT_ID_NOT_FOUND.toOBError1()));
// If file already exists it could be idempotent request
if (!StringUtils.isEmpty(fileConsent.getFileContent())) {
if (xIdempotencyKey.equals(fileConsent.getIdempotencyKey())) {
validateIdempotencyRequest(xIdempotencyKey, fileConsent);
log.info("File already exists for consent: '{}' and has matching idempotent key: '{}'. No action taken but returning 200/OK");
return ResponseEntity.ok().build();
} else {
log.debug("This consent already has a file uploaded and the idempotency key does not match the previous upload so rejecting.");
throw new OBErrorResponseException(HttpStatus.FORBIDDEN, OBRIErrorResponseCategory.REQUEST_INVALID, OBRIErrorType.PAYMENT_ALREADY_SUBMITTED.toOBError1(fileConsent.getStatus().toOBExternalConsentStatus2Code()));
}
}
// We parse the file and check metadata against the parsed file
try {
PaymentFile paymentFile = PaymentFileFactory.createPaymentFile(fileConsent.getFileType(), fileParam);
log.info("Successfully parsed file of type: '{}' for consent: '{}'", fileConsent.getFileType(), fileConsent.getId());
FileTransactionCountValidator.validate(fileConsent, paymentFile);
ControlSumValidator.validate(fileConsent, paymentFile);
fileConsent.setPayments(paymentFile.getPayments());
fileConsent.setFileContent(fileParam);
fileConsent.setUpdated(new Date());
fileConsent.setStatus(ConsentStatusCode.AWAITINGAUTHORISATION);
fileConsent.setStatusUpdate(DateTime.now());
fileConsentRepository.save(fileConsent);
} catch (OBErrorException e) {
throw new OBErrorResponseException(e.getObriErrorType().getHttpStatus(), OBRIErrorResponseCategory.REQUEST_INVALID, e.getOBError());
}
return ResponseEntity.ok().build();
}
Aggregations