Search in sources :

Example 41 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class AccountAccessConsentPermittedPermissionsFilter method filterByCustomerInfoPermissionRules.

public void filterByCustomerInfoPermissionRules(List<OBExternalPermissions1Code> requestedPermissions) throws OBErrorException {
    log.debug("filterByCustomerInfoPermissionRules() called on implemented service with permissions {}", requestedPermissions);
    if (requestedPermissions.contains(OBExternalPermissions1Code.READCUSTOMERINFOCONSENT)) {
        for (OBExternalPermissions1Code permission : requestedPermissions) {
            if (permission != OBExternalPermissions1Code.READCUSTOMERINFOCONSENT) {
                String errorMessage = "Requests containing the '" + OBExternalPermissions1Code.READCUSTOMERINFOCONSENT.toString() + "' permission should " + "not contain any other permissions. Permissions supplied were '" + requestedPermissions + "'";
                log.info("filterByCustomerInfoPermissionRules(): {}", errorMessage);
                throw new OBErrorException(OBRIErrorType.REQUEST_ACCOUNT_ACCESS_CONSENT_PERMISSIONS_ARE_INVALID, requestedPermissions, errorMessage);
            }
        }
    }
    log.debug("filterByCustomerInfoPermissionRules() called - No issues with permissions.");
}
Also used : OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) OBExternalPermissions1Code(uk.org.openbanking.datamodel.account.OBExternalPermissions1Code)

Example 42 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class AccountsApiEndpointWrapper method getAccountRequest.

public AccountRequest getAccountRequest() throws OBErrorException {
    log.debug("getAccountRequest() called");
    if (accountRequest == null) {
        try {
            log.info("getAccountRequest() Introspecting the access token locally, as it is a JWS");
            String accountRequestId = rsEndpointWrapperService.accessTokenService.getIntentId(accessToken);
            log.info("getAccountRequest() Account request id {}", accountRequestId);
            Optional<AccountRequest> isAccountRequest = rsEndpointWrapperService.accountRequestStore.get(accountRequestId);
            if (!isAccountRequest.isPresent()) {
                log.warn("getAccountRequest() Couldn't not find the account request {}", accountRequestId);
                throw new OBErrorException(OBRIErrorType.ACCOUNT_REQUEST_NOT_FOUND, accountRequestId);
            }
            accountRequest = isAccountRequest.get();
        } catch (ParseException | IOException e) {
            log.warn("Could not parse the claims of the access token '{}'", accessToken.serialize());
            throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
        }
    }
    return accountRequest;
}
Also used : AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) ParseException(java.text.ParseException) IOException(java.io.IOException)

Example 43 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class RCSErrorServiceTest method invalidConsentError.

@Test
public void invalidConsentError() throws Exception {
    // Given
    String consentJWT = "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUFMyNTYifQ.eyJjbGllbnRJZCI6IjM3M2MyYzE3LTczNDEtNDRhMy04NzMyLWIxZGI1ZDBkMTAxMCIsImlzcyI6Imh0dHBzOi8vbWF0bHMuYXMuYXNwc3AuZGV2LW9iLmZvcmdlcm9jay5maW5hbmNpYWw6ODA3NC9vYXV0aDIiLCJjc3JmIjoiSkR5SzM3cFlvQmY1RkJHR1ptYVFnZWhCbUQ3YzNMM2I1cHozSVNNeThTZz0iLCJjbGllbnRfZGVzY3JpcHRpb24iOiIiLCJhdWQiOiJmb3JnZXJvY2stcmNzIiwic2F2ZV9jb25zZW50X2VuYWJsZWQiOmZhbHNlLCJjbGFpbXMiOnsidXNlcl9pbmZvIjp7ImFjciI6eyJ2YWx1ZSI6InVybjpvcGVuYmFua2luZzpwc2QyOnNjYSIsImVzc2VudGlhbCI6dHJ1ZX0sIm9wZW5iYW5raW5nX2ludGVudF9pZCI6eyJ2YWx1ZSI6IlBEU0NfN2I4NWRhMDgtMmZjOC00ZTQxLWI3YjItYjY1MjQ3NDBmMDQiLCJlc3NlbnRpYWwiOnRydWV9fSwiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfSwib3BlbmJhbmtpbmdfaW50ZW50X2lkIjp7InZhbHVlIjoiUERTQ183Yjg1ZGEwOC0yZmM4LTRlNDEtYjdiMi1iNjUyNDc0MGYwNCIsImVzc2VudGlhbCI6dHJ1ZX19fSwic2NvcGVzIjp7ImZ1bmRzY29uZmlybWF0aW9ucyI6ImZ1bmRzY29uZmlybWF0aW9ucyIsImFjY291bnRzIjoiYWNjb3VudHMiLCJvcGVuaWQiOiJvcGVuaWQiLCJwYXltZW50cyI6InBheW1lbnRzIn0sImV4cCI6MTU1MjA1NzQ1NCwiaWF0IjoxNTUyMDU3Mjc0LCJjbGllbnRfbmFtZSI6IkZvclRlc3RfMmU2NzQ0NzMtMzkzYS00MTUyLWFjMjQtZTQ2YzllNzMxZmQ3IiwiY29uc2VudEFwcHJvdmFsUmVkaXJlY3RVcmkiOiJodHRwczovL21hdGxzLmFzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyL2F1dGhvcml6ZT9yZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZjbGllbnRfaWQ9MzczYzJjMTctNzM0MS00NGEzLTg3MzItYjFkYjVkMGQxMDEwJnN0YXRlPTEwZDI2MGJmLWE3ZDktNDQ0YS05MmQ5LTdiN2E1ZjA4ODIwOCZub25jZT0xMGQyNjBiZi1hN2Q5LTQ0NGEtOTJkOS03YjdhNWYwODgyMDgmc2NvcGU9b3BlbmlkJTIwYWNjb3VudHMlMjBwYXltZW50cyUyMGZ1bmRzY29uZmlybWF0aW9ucyZyZWRpcmVjdF91cmk9aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSZ4LW9iLW1vbml0b3Jpbmc9MmU2NzQ0NzMtMzkzYS00MTUyLWFjMjQtZTQ2YzllNzMxZmQ3JmFjcj11cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EmYWNyX3NpZz02NFU0VXRvajJZTDJEM01BdTZfSUJHOUJ0VEpFc214SE9pTzJMcHMwZ0ZJJnJlcXVlc3Q9ZXlKcmFXUWlPaUptTUdVeU9EZzBPR1pqTWpKbU16QTRZbVppTURJeE9UVTRNVGsyWlRabE9XSmpPR1JoTlRjMUlpd2lZV3huSWpvaVVGTXlOVFlpZlEuZXlKaGRXUWlPaUpvZEhSd2N6cGNMMXd2YldGMGJITXVZWE11WVhOd2MzQXVaR1YyTFc5aUxtWnZjbWRsY205amF5NW1hVzVoYm1OcFlXdzZPREEzTkZ3dmIyRjFkR2d5SWl3aWMyTnZjR1VpT2lKdmNHVnVhV1FnWVdOamIzVnVkSE1nY0dGNWJXVnVkSE1nWm5WdVpITmpiMjVtYVhKdFlYUnBiMjV6SWl3aWFYTnpJam9pTXpjell6SmpNVGN0TnpNME1TMDBOR0V6TFRnM016SXRZakZrWWpWa01HUXhNREV3SWl3aVkyeGhhVzF6SWpwN0ltbGtYM1J2YTJWdUlqcDdJbUZqY2lJNmV5SjJZV3gxWlNJNkluVnlianB2Y0dWdVltRnVhMmx1Wnpwd2MyUXlPbk5qWVNJc0ltVnpjMlZ1ZEdsaGJDSTZkSEoxWlgwc0ltOXdaVzVpWVc1cmFXNW5YMmx1ZEdWdWRGOXBaQ0k2ZXlKMllXeDFaU0k2SWxCRVUwTmZOMkk0TldSaE1EZ3RNbVpqT0MwMFpUUXhMV0kzWWpJdFlqWTFNalEzTkRCbU1EUWlMQ0psYzNObGJuUnBZV3dpT25SeWRXVjlmU3dpZFhObGNtbHVabThpT25zaWIzQmxibUpoYm10cGJtZGZhVzUwWlc1MFgybGtJanA3SW5aaGJIVmxJam9pVUVSVFExODNZamcxWkdFd09DMHlabU00TFRSbE5ERXRZamRpTWkxaU5qVXlORGMwTUdZd05DSXNJbVZ6YzJWdWRHbGhiQ0k2ZEhKMVpYMTlmU3dpY21WemNHOXVjMlZmZEhsd1pTSTZJbU52WkdVZ2FXUmZkRzlyWlc0aUxDSnlaV1JwY21WamRGOTFjbWtpT2lKb2RIUndjenBjTDF3dmQzZDNMbWR2YjJkc1pTNWpiMjBpTENKemRHRjBaU0k2SWpFd1pESTJNR0ptTFdFM1pEa3RORFEwWVMwNU1tUTVMVGRpTjJFMVpqQTRPREl3T0NJc0ltVjRjQ0k2TVRVMU1qQTFOemd4TUN3aWJtOXVZMlVpT2lJeE1HUXlOakJpWmkxaE4yUTVMVFEwTkdFdE9USmtPUzAzWWpkaE5XWXdPRGd5TURnaUxDSnBZWFFpT2pFMU5USXdOVGMxTVRBc0ltTnNhV1Z1ZEY5cFpDSTZJak0zTTJNeVl6RTNMVGN6TkRFdE5EUmhNeTA0TnpNeUxXSXhaR0kxWkRCa01UQXhNQ0lzSW1wMGFTSTZJbUUyT0RRM056ZzFMV1UzTm1FdE5HSTROaTFpTkdKbUxXUmxPV1JqWkdReU5HUXlOU0o5LkVvOVZxUjlnOXJUMkNwOWV3Y2VLUVhuaWlQR25TZVZfVzM1SlE0V3RPYzU4X2p2T05MYXlJeXFBYkhyN1NxSzJTZ2hNbTJPTzhLTEw0LU5UY2hvYS1sbS1yY1JRdmM4bHAycWJQTTdHems2R01nWHFVeU5kYll5eEVrUl8wRWE1UlUwckhhdGZRQWM1UGVucmkzT081TVdpbEpPaWpMNWhURHFLTE96Q2w4NTIzUEYwdTlDd3lHSFpGM2ZtQTZpQXp5a21IVEJLZnplSEEyd1p5MW1SUEw5eUJ1TkxHVWZkZndFRUtkUG9SSEt5dEVtb1RWRVg3X2E4eDVZcTVzcjdNTlJvcUMyNjV6WktESEE5c1JNcGJiWmMtc1phb21uT2VVVGthbUpFQW5xMkM2dUliQkx5VmE1MHJwbFJOYmxBUnM0U1l0VWxKbWJHeTIwaVJieGJtUSIsInVzZXJuYW1lIjoiZGF2aWQuaGlnZ2lucyJ9.x129SkRwuGwjMkyE5BD4cmw_Sa7edOiN9kj3p1DJLww2vNyE7HAZPei28xK4l08dVUdip1hwNpR5PwLlEh7znNkiwokAKKdvYsRfkTPdy6WawqllY8FKhVFwlewParrBZZ1E0L4zzIlweKvxNZZ9ERx1SqG3sJ65iBxEIHjKAxiGKmxK-XdWbBll06L-dKx0YpldB3MT68NhTCTvRvPBNfb1_9_342MU6XyE-6rAiWi_tjxJR6v9wT5b6Qd-idsMHiFT-i_aZ_7sTmIVjJoqea3LKPSVYIgXDAreo-fB5wXeIC2yttQy2qERsgyiFrLGQTbBBmV1MLVuoXDr3-8sHw";
    OBErrorException obErrorException = new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID, "No intent ID");
    // When
    ResponseEntity<RedirectionAction> response = rcsErrorService.invalidConsentError(consentJWT, obErrorException);
    // Then
    UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl("https://www.google.com").fragment("error=invalid_request_object&state=10d260bf-a7d9-444a-92d9-7b7a5f088208&error_description=" + String.format(obErrorException.getOBError().getMessage(), obErrorException.getArgs())).encode().build();
    // we expect httpStatus.OK to redirect from UI
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
    RedirectionAction body = Objects.requireNonNull(response.getBody());
    assertThat(body.getRedirectUri()).isEqualTo(uriComponents.toUriString());
}
Also used : RedirectionAction(com.forgerock.openbanking.common.model.rcs.RedirectionAction) UriComponents(org.springframework.web.util.UriComponents) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) Test(org.junit.Test)

Example 44 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class SinglePaymentConsentDecisionDelegate method consentDecision.

@Override
public void consentDecision(String consentDecisionSerialised, boolean decision) throws IOException, OBErrorException {
    SinglePaymentConsentDecision singlePaymentConsentDecision = objectMapper.readValue(consentDecisionSerialised, SinglePaymentConsentDecision.class);
    if (decision) {
        List<FRAccount> accounts = accountsService.get(getUserIDBehindConsent());
        Optional<FRAccount> isAny = accounts.stream().filter(account -> account.getId().equals(singlePaymentConsentDecision.getAccountId())).findAny();
        if (!isAny.isPresent()) {
            log.error("The account selected {} is not own by this user {}. List accounts {}", singlePaymentConsentDecision.getAccountId(), getUserIDBehindConsent(), accounts);
            throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISION_INVALID_ACCOUNT, getUserIDBehindConsent(), singlePaymentConsentDecision.getAccountId(), accounts);
        }
        payment.setStatus(ConsentStatusCode.ACCEPTEDCUSTOMERPROFILE);
        payment.setAccountId(singlePaymentConsentDecision.getAccountId());
        paymentsService.updatePayment(payment);
    } else {
        log.debug("The current payment '{}' has been deny", payment.getId());
        payment.setStatus(ConsentStatusCode.REJECTED);
        paymentsService.updatePayment(payment);
    }
}
Also used : SinglePaymentService(com.forgerock.openbanking.common.services.store.payment.SinglePaymentService) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) OBRIErrorType(com.forgerock.openbanking.model.error.OBRIErrorType) IOException(java.io.IOException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) AccountStoreService(com.forgerock.openbanking.common.services.store.account.AccountStoreService) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) ConsentStatusCode(com.forgerock.openbanking.common.model.openbanking.persistence.payment.ConsentStatusCode) Optional(java.util.Optional) FRPaymentSetup(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRPaymentSetup) ConsentDecisionDelegate(com.forgerock.openbanking.aspsp.rs.rcs.api.rcs.decisions.ConsentDecisionDelegate) SinglePaymentConsentDecision(com.forgerock.openbanking.common.model.rcs.consentdecision.SinglePaymentConsentDecision) FRAccount(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount) FRAccount(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccount) SinglePaymentConsentDecision(com.forgerock.openbanking.common.model.rcs.consentdecision.SinglePaymentConsentDecision) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Example 45 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class RCSCustomerInfoDetailsApi method consentDetails.

@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
    log.debug("Received a Customer info account consent request with consent_request='{}'", remoteConsentRequest);
    log.debug("=> The Customer info account consent id '{}'", consentId);
    Optional<AccountRequest> isCustomerInfoConsent = accountRequestStoreService.get(consentId);
    if (!isCustomerInfoConsent.isPresent()) {
        log.error("The AISP '{}' is referencing an customer info account request {} that doesn't exist", clientId, consentId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, consentId);
    }
    FRAccountAccessConsent customerInfoAccountConsent = (FRAccountAccessConsent) isCustomerInfoConsent.get();
    // Verify the aisp is the same than the one that created this customer info accountRequest ^
    if (!clientId.equals(customerInfoAccountConsent.getClientId())) {
        log.error("The AISP '{}' created the customer info account request '{}' but it's AISP '{}' that is " + "trying to get consent for it.", customerInfoAccountConsent.getClientId(), consentId, clientId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, customerInfoAccountConsent.getClientId(), clientId, consentId);
    }
    Optional<Tpp> isTpp = tppStoreService.findById(customerInfoAccountConsent.getAispId());
    if (!isTpp.isPresent()) {
        log.error("The TPP '{}' (Client ID {}) that created this customer info account consent id '{}' " + "doesn't exist anymore.", customerInfoAccountConsent.getAispId(), clientId, customerInfoAccountConsent.getId());
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, customerInfoAccountConsent.getId());
    }
    Tpp tpp = isTpp.get();
    log.debug("Populate the customer info model with details data");
    customerInfoAccountConsent.setUserId(username);
    accountRequestStoreService.save(customerInfoAccountConsent);
    log.debug("Populate the model with the customer info and consent data");
    log.debug("get the customer info to add it in account consent data.");
    FRCustomerInfo customerInfo = customerInfoRepository.findByUserID(username);
    log.debug("customer info data {}", customerInfo);
    if (customerInfo == null) {
        return rcsErrorService.invalidConsentError(remoteConsentRequest, new OBErrorException(OBRIErrorType.CUSTOMER_INFO_NOT_FOUND));
    }
    customerInfoAccountConsent.setCustomerInfo(customerInfo);
    log.debug("customer info to added in account consent data {}", consentId);
    return ok(CustomerInfoConsentDetails.builder().username(username).merchantName(customerInfoAccountConsent.getAispName()).logo(tpp.getLogo()).clientId(clientId).customerInfo(customerInfoAccountConsent.getCustomerInfo()).build());
}
Also used : FRAccountAccessConsent(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent) AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) Tpp(com.forgerock.openbanking.model.Tpp) FRCustomerInfo(com.forgerock.openbanking.common.model.data.FRCustomerInfo) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Aggregations

OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)69 Test (org.junit.Test)20 ParseException (java.text.ParseException)19 IOException (java.io.IOException)13 OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9 SignedJWT (com.nimbusds.jwt.SignedJWT)9 ResponseEntity (org.springframework.http.ResponseEntity)9 InvalidTokenException (com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)8 Tpp (com.forgerock.openbanking.model.Tpp)8 HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)6 PaymentConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)5 List (java.util.List)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 AccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)4 OIDCConstants (com.forgerock.openbanking.constants.OIDCConstants)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 PermissionDenyException (com.forgerock.openbanking.common.error.exception.PermissionDenyException)3 OAuth2BearerTokenUsageInvalidTokenException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)3 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3