Example 41 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class AccountAccessConsentPermittedPermissionsFilter method filterByCustomerInfoPermissionRules.
public void filterByCustomerInfoPermissionRules(List<OBExternalPermissions1Code> requestedPermissions) throws OBErrorException {
log.debug("filterByCustomerInfoPermissionRules() called on implemented service with permissions {}", requestedPermissions);
if (requestedPermissions.contains(OBExternalPermissions1Code.READCUSTOMERINFOCONSENT)) {
for (OBExternalPermissions1Code permission : requestedPermissions) {
if (permission != OBExternalPermissions1Code.READCUSTOMERINFOCONSENT) {
String errorMessage = "Requests containing the '" + OBExternalPermissions1Code.READCUSTOMERINFOCONSENT.toString() + "' permission should " + "not contain any other permissions. Permissions supplied were '" + requestedPermissions + "'";
log.info("filterByCustomerInfoPermissionRules(): {}", errorMessage);
throw new OBErrorException(OBRIErrorType.REQUEST_ACCOUNT_ACCESS_CONSENT_PERMISSIONS_ARE_INVALID, requestedPermissions, errorMessage);
}
}
}
log.debug("filterByCustomerInfoPermissionRules() called - No issues with permissions.");
}
Also used :
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
OBExternalPermissions1Code(uk.org.openbanking.datamodel.account.OBExternalPermissions1Code)
Example 42 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapper method getAccountRequest.
public AccountRequest getAccountRequest() throws OBErrorException {
log.debug("getAccountRequest() called");
if (accountRequest == null) {
try {
log.info("getAccountRequest() Introspecting the access token locally, as it is a JWS");
String accountRequestId = rsEndpointWrapperService.accessTokenService.getIntentId(accessToken);
log.info("getAccountRequest() Account request id {}", accountRequestId);
Optional<AccountRequest> isAccountRequest = rsEndpointWrapperService.accountRequestStore.get(accountRequestId);
if (!isAccountRequest.isPresent()) {
log.warn("getAccountRequest() Couldn't not find the account request {}", accountRequestId);
throw new OBErrorException(OBRIErrorType.ACCOUNT_REQUEST_NOT_FOUND, accountRequestId);
}
accountRequest = isAccountRequest.get();
} catch (ParseException | IOException e) {
log.warn("Could not parse the claims of the access token '{}'", accessToken.serialize());
throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
}
}
return accountRequest;
}
Also used :
AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
ParseException(java.text.ParseException)
IOException(java.io.IOException)
Example 43 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class RCSErrorServiceTest method invalidConsentError.
@Test
public void invalidConsentError() throws Exception {
// Given
String consentJWT = "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUFMyNTYifQ.eyJjbGllbnRJZCI6IjM3M2MyYzE3LTczNDEtNDRhMy04NzMyLWIxZGI1ZDBkMTAxMCIsImlzcyI6Imh0dHBzOi8vbWF0bHMuYXMuYXNwc3AuZGV2LW9iLmZvcmdlcm9jay5maW5hbmNpYWw6ODA3NC9vYXV0aDIiLCJjc3JmIjoiSkR5SzM3cFlvQmY1RkJHR1ptYVFnZWhCbUQ3YzNMM2I1cHozSVNNeThTZz0iLCJjbGllbnRfZGVzY3JpcHRpb24iOiIiLCJhdWQiOiJmb3JnZXJvY2stcmNzIiwic2F2ZV9jb25zZW50X2VuYWJsZWQiOmZhbHNlLCJjbGFpbXMiOnsidXNlcl9pbmZvIjp7ImFjciI6eyJ2YWx1ZSI6InVybjpvcGVuYmFua2luZzpwc2QyOnNjYSIsImVzc2VudGlhbCI6dHJ1ZX0sIm9wZW5iYW5raW5nX2ludGVudF9pZCI6eyJ2YWx1ZSI6IlBEU0NfN2I4NWRhMDgtMmZjOC00ZTQxLWI3YjItYjY1MjQ3NDBmMDQiLCJlc3NlbnRpYWwiOnRydWV9fSwiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfSwib3BlbmJhbmtpbmdfaW50ZW50X2lkIjp7InZhbHVlIjoiUERTQ183Yjg1ZGEwOC0yZmM4LTRlNDEtYjdiMi1iNjUyNDc0MGYwNCIsImVzc2VudGlhbCI6dHJ1ZX19fSwic2NvcGVzIjp7ImZ1bmRzY29uZmlybWF0aW9ucyI6ImZ1bmRzY29uZmlybWF0aW9ucyIsImFjY291bnRzIjoiYWNjb3VudHMiLCJvcGVuaWQiOiJvcGVuaWQiLCJwYXltZW50cyI6InBheW1lbnRzIn0sImV4cCI6MTU1MjA1NzQ1NCwiaWF0IjoxNTUyMDU3Mjc0LCJjbGllbnRfbmFtZSI6IkZvclRlc3RfMmU2NzQ0NzMtMzkzYS00MTUyLWFjMjQtZTQ2YzllNzMxZmQ3IiwiY29uc2VudEFwcHJvdmFsUmVkaXJlY3RVcmkiOiJodHRwczovL21hdGxzLmFzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyL2F1dGhvcml6ZT9yZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZjbGllbnRfaWQ9MzczYzJjMTctNzM0MS00NGEzLTg3MzItYjFkYjVkMGQxMDEwJnN0YXRlPTEwZDI2MGJmLWE3ZDktNDQ0YS05MmQ5LTdiN2E1ZjA4ODIwOCZub25jZT0xMGQyNjBiZi1hN2Q5LTQ0NGEtOTJkOS03YjdhNWYwODgyMDgmc2NvcGU9b3BlbmlkJTIwYWNjb3VudHMlMjBwYXltZW50cyUyMGZ1bmRzY29uZmlybWF0aW9ucyZyZWRpcmVjdF91cmk9aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSZ4LW9iLW1vbml0b3Jpbmc9MmU2NzQ0NzMtMzkzYS00MTUyLWFjMjQtZTQ2YzllNzMxZmQ3JmFjcj11cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EmYWNyX3NpZz02NFU0VXRvajJZTDJEM01BdTZfSUJHOUJ0VEpFc214SE9pTzJMcHMwZ0ZJJnJlcXVlc3Q9ZXlKcmFXUWlPaUptTUdVeU9EZzBPR1pqTWpKbU16QTRZbVppTURJeE9UVTRNVGsyWlRabE9XSmpPR1JoTlRjMUlpd2lZV3huSWpvaVVGTXlOVFlpZlEuZXlKaGRXUWlPaUpvZEhSd2N6cGNMMXd2YldGMGJITXVZWE11WVhOd2MzQXVaR1YyTFc5aUxtWnZjbWRsY205amF5NW1hVzVoYm1OcFlXdzZPREEzTkZ3dmIyRjFkR2d5SWl3aWMyTnZjR1VpT2lKdmNHVnVhV1FnWVdOamIzVnVkSE1nY0dGNWJXVnVkSE1nWm5WdVpITmpiMjVtYVhKdFlYUnBiMjV6SWl3aWFYTnpJam9pTXpjell6SmpNVGN0TnpNME1TMDBOR0V6TFRnM016SXRZakZrWWpWa01HUXhNREV3SWl3aVkyeGhhVzF6SWpwN0ltbGtYM1J2YTJWdUlqcDdJbUZqY2lJNmV5SjJZV3gxWlNJNkluVnlianB2Y0dWdVltRnVhMmx1Wnpwd2MyUXlPbk5qWVNJc0ltVnpjMlZ1ZEdsaGJDSTZkSEoxWlgwc0ltOXdaVzVpWVc1cmFXNW5YMmx1ZEdWdWRGOXBaQ0k2ZXlKMllXeDFaU0k2SWxCRVUwTmZOMkk0TldSaE1EZ3RNbVpqT0MwMFpUUXhMV0kzWWpJdFlqWTFNalEzTkRCbU1EUWlMQ0psYzNObGJuUnBZV3dpT25SeWRXVjlmU3dpZFhObGNtbHVabThpT25zaWIzQmxibUpoYm10cGJtZGZhVzUwWlc1MFgybGtJanA3SW5aaGJIVmxJam9pVUVSVFExODNZamcxWkdFd09DMHlabU00TFRSbE5ERXRZamRpTWkxaU5qVXlORGMwTUdZd05DSXNJbVZ6YzJWdWRHbGhiQ0k2ZEhKMVpYMTlmU3dpY21WemNHOXVjMlZmZEhsd1pTSTZJbU52WkdVZ2FXUmZkRzlyWlc0aUxDSnlaV1JwY21WamRGOTFjbWtpT2lKb2RIUndjenBjTDF3dmQzZDNMbWR2YjJkc1pTNWpiMjBpTENKemRHRjBaU0k2SWpFd1pESTJNR0ptTFdFM1pEa3RORFEwWVMwNU1tUTVMVGRpTjJFMVpqQTRPREl3T0NJc0ltVjRjQ0k2TVRVMU1qQTFOemd4TUN3aWJtOXVZMlVpT2lJeE1HUXlOakJpWmkxaE4yUTVMVFEwTkdFdE9USmtPUzAzWWpkaE5XWXdPRGd5TURnaUxDSnBZWFFpT2pFMU5USXdOVGMxTVRBc0ltTnNhV1Z1ZEY5cFpDSTZJak0zTTJNeVl6RTNMVGN6TkRFdE5EUmhNeTA0TnpNeUxXSXhaR0kxWkRCa01UQXhNQ0lzSW1wMGFTSTZJbUUyT0RRM056ZzFMV1UzTm1FdE5HSTROaTFpTkdKbUxXUmxPV1JqWkdReU5HUXlOU0o5LkVvOVZxUjlnOXJUMkNwOWV3Y2VLUVhuaWlQR25TZVZfVzM1SlE0V3RPYzU4X2p2T05MYXlJeXFBYkhyN1NxSzJTZ2hNbTJPTzhLTEw0LU5UY2hvYS1sbS1yY1JRdmM4bHAycWJQTTdHems2R01nWHFVeU5kYll5eEVrUl8wRWE1UlUwckhhdGZRQWM1UGVucmkzT081TVdpbEpPaWpMNWhURHFLTE96Q2w4NTIzUEYwdTlDd3lHSFpGM2ZtQTZpQXp5a21IVEJLZnplSEEyd1p5MW1SUEw5eUJ1TkxHVWZkZndFRUtkUG9SSEt5dEVtb1RWRVg3X2E4eDVZcTVzcjdNTlJvcUMyNjV6WktESEE5c1JNcGJiWmMtc1phb21uT2VVVGthbUpFQW5xMkM2dUliQkx5VmE1MHJwbFJOYmxBUnM0U1l0VWxKbWJHeTIwaVJieGJtUSIsInVzZXJuYW1lIjoiZGF2aWQuaGlnZ2lucyJ9.x129SkRwuGwjMkyE5BD4cmw_Sa7edOiN9kj3p1DJLww2vNyE7HAZPei28xK4l08dVUdip1hwNpR5PwLlEh7znNkiwokAKKdvYsRfkTPdy6WawqllY8FKhVFwlewParrBZZ1E0L4zzIlweKvxNZZ9ERx1SqG3sJ65iBxEIHjKAxiGKmxK-XdWbBll06L-dKx0YpldB3MT68NhTCTvRvPBNfb1_9_342MU6XyE-6rAiWi_tjxJR6v9wT5b6Qd-idsMHiFT-i_aZ_7sTmIVjJoqea3LKPSVYIgXDAreo-fB5wXeIC2yttQy2qERsgyiFrLGQTbBBmV1MLVuoXDr3-8sHw";
OBErrorException obErrorException = new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID, "No intent ID");
// When
ResponseEntity<RedirectionAction> response = rcsErrorService.invalidConsentError(consentJWT, obErrorException);
// Then
UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl("https://www.google.com").fragment("error=invalid_request_object&state=10d260bf-a7d9-444a-92d9-7b7a5f088208&error_description=" + String.format(obErrorException.getOBError().getMessage(), obErrorException.getArgs())).encode().build();
// we expect httpStatus.OK to redirect from UI
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
RedirectionAction body = Objects.requireNonNull(response.getBody());
assertThat(body.getRedirectUri()).isEqualTo(uriComponents.toUriString());
}
Also used :
RedirectionAction(com.forgerock.openbanking.common.model.rcs.RedirectionAction)
UriComponents(org.springframework.web.util.UriComponents)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Test(org.junit.Test)
Example 44 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class SinglePaymentConsentDecisionDelegate method consentDecision.
@Override
public void consentDecision(String consentDecisionSerialised, boolean decision) throws IOException, OBErrorException {
SinglePaymentConsentDecision singlePaymentConsentDecision = objectMapper.readValue(consentDecisionSerialised, SinglePaymentConsentDecision.class);
if (decision) {
List<FRAccount> accounts = accountsService.get(getUserIDBehindConsent());
Optional<FRAccount> isAny = accounts.stream().filter(account -> account.getId().equals(singlePaymentConsentDecision.getAccountId())).findAny();
if (!isAny.isPresent()) {
log.error("The account selected {} is not own by this user {}. List accounts {}", singlePaymentConsentDecision.getAccountId(), getUserIDBehindConsent(), accounts);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISION_INVALID_ACCOUNT, getUserIDBehindConsent(), singlePaymentConsentDecision.getAccountId(), accounts);
}
payment.setStatus(ConsentStatusCode.ACCEPTEDCUSTOMERPROFILE);
payment.setAccountId(singlePaymentConsentDecision.getAccountId());
paymentsService.updatePayment(payment);
} else {
log.debug("The current payment '{}' has been deny", payment.getId());
payment.setStatus(ConsentStatusCode.REJECTED);
paymentsService.updatePayment(payment);
}
}
Also used :
SinglePaymentService(com.forgerock.openbanking.common.services.store.payment.SinglePaymentService)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
OBRIErrorType(com.forgerock.openbanking.model.error.OBRIErrorType)
IOException(java.io.IOException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
AccountStoreService(com.forgerock.openbanking.common.services.store.account.AccountStoreService)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
ConsentStatusCode(com.forgerock.openbanking.common.model.openbanking.persistence.payment.ConsentStatusCode)
Optional(java.util.Optional)
FRPaymentSetup(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRPaymentSetup)
ConsentDecisionDelegate(com.forgerock.openbanking.aspsp.rs.rcs.api.rcs.decisions.ConsentDecisionDelegate)
SinglePaymentConsentDecision(com.forgerock.openbanking.common.model.rcs.consentdecision.SinglePaymentConsentDecision)
FRAccount(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount)
FRAccount(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount)
SinglePaymentConsentDecision(com.forgerock.openbanking.common.model.rcs.consentdecision.SinglePaymentConsentDecision)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Example 45 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class RCSCustomerInfoDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a Customer info account consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The Customer info account consent id '{}'", consentId);
Optional<AccountRequest> isCustomerInfoConsent = accountRequestStoreService.get(consentId);
if (!isCustomerInfoConsent.isPresent()) {
log.error("The AISP '{}' is referencing an customer info account request {} that doesn't exist", clientId, consentId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, consentId);
}
FRAccountAccessConsent customerInfoAccountConsent = (FRAccountAccessConsent) isCustomerInfoConsent.get();
// Verify the aisp is the same than the one that created this customer info accountRequest ^
if (!clientId.equals(customerInfoAccountConsent.getClientId())) {
log.error("The AISP '{}' created the customer info account request '{}' but it's AISP '{}' that is " + "trying to get consent for it.", customerInfoAccountConsent.getClientId(), consentId, clientId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, customerInfoAccountConsent.getClientId(), clientId, consentId);
}
Optional<Tpp> isTpp = tppStoreService.findById(customerInfoAccountConsent.getAispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this customer info account consent id '{}' " + "doesn't exist anymore.", customerInfoAccountConsent.getAispId(), clientId, customerInfoAccountConsent.getId());
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, customerInfoAccountConsent.getId());
}
Tpp tpp = isTpp.get();
log.debug("Populate the customer info model with details data");
customerInfoAccountConsent.setUserId(username);
accountRequestStoreService.save(customerInfoAccountConsent);
log.debug("Populate the model with the customer info and consent data");
log.debug("get the customer info to add it in account consent data.");
FRCustomerInfo customerInfo = customerInfoRepository.findByUserID(username);
log.debug("customer info data {}", customerInfo);
if (customerInfo == null) {
return rcsErrorService.invalidConsentError(remoteConsentRequest, new OBErrorException(OBRIErrorType.CUSTOMER_INFO_NOT_FOUND));
}
customerInfoAccountConsent.setCustomerInfo(customerInfo);
log.debug("customer info to added in account consent data {}", consentId);
return ok(CustomerInfoConsentDetails.builder().username(username).merchantName(customerInfoAccountConsent.getAispName()).logo(tpp.getLogo()).clientId(clientId).customerInfo(customerInfoAccountConsent.getCustomerInfo()).build());
}
Also used :
FRAccountAccessConsent(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent)
AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)
Tpp(com.forgerock.openbanking.model.Tpp)
FRCustomerInfo(com.forgerock.openbanking.common.model.data.FRCustomerInfo)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Aggregations
OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)69
Test (org.junit.Test)20
ParseException (java.text.ParseException)19
IOException (java.io.IOException)13
OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9
SignedJWT (com.nimbusds.jwt.SignedJWT)9
ResponseEntity (org.springframework.http.ResponseEntity)9
InvalidTokenException (com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)8
Tpp (com.forgerock.openbanking.model.Tpp)8
HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)6
PaymentConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)5
List (java.util.List)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
AccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)4
OIDCConstants (com.forgerock.openbanking.constants.OIDCConstants)4
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4
PermissionDenyException (com.forgerock.openbanking.common.error.exception.PermissionDenyException)3
OAuth2BearerTokenUsageInvalidTokenException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)3
OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3
