Example 91 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class RCSDomesticStandingOrderDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The payment id '{}'", consentId);
log.debug("Populate the model with the payment and consent data");
FRDomesticStandingOrderConsent domesticConsent = paymentService.getPayment(consentId);
// Only show the debtor account if specified in consent
if (domesticConsent.getInitiation().getDebtorAccount() != null) {
Optional<AccountWithBalance> matchingUserAccount = accountService.findAccountByIdentification(domesticConsent.getInitiation().getDebtorAccount().getIdentification(), accounts);
if (!matchingUserAccount.isPresent()) {
log.error("The PISP '{}' created the payment request '{}' but the debtor account: {} on the payment consent " + " is not one of the user's accounts: {}.", domesticConsent.getPispId(), consentId, domesticConsent.getInitiation().getDebtorAccount(), accounts);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_DEBTOR_ACCOUNT_NOT_FOUND, domesticConsent.getPispId(), consentId, accounts);
}
accounts = Collections.singletonList(matchingUserAccount.get());
}
Optional<Tpp> isTpp = tppStoreService.findById(domesticConsent.getPispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", domesticConsent.getPispId(), clientId, consentId);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, consentId);
}
Tpp tpp = isTpp.get();
// Verify the pisp is the same than the one that created this payment ^
verifyTppCreatedPayment(clientId, isTpp.get().getClientId(), consentId);
// Associate the payment to this user
domesticConsent.setUserId(username);
paymentService.updatePayment(domesticConsent);
FRWriteDomesticStandingOrderDataInitiation domesticStandingOrder = domesticConsent.getInitiation();
OBStandingOrder6 standingOrder = new OBStandingOrder6().accountId(domesticConsent.getAccountId()).standingOrderId(domesticConsent.getId()).finalPaymentAmount(toOBActiveOrHistoricCurrencyAndAmount4(domesticStandingOrder.getFinalPaymentAmount())).finalPaymentDateTime(domesticStandingOrder.getFinalPaymentDateTime()).firstPaymentAmount(toOBActiveOrHistoricCurrencyAndAmount2(domesticStandingOrder.getFirstPaymentAmount())).firstPaymentDateTime(domesticStandingOrder.getFirstPaymentDateTime()).nextPaymentDateTime(domesticStandingOrder.getRecurringPaymentDateTime()).nextPaymentAmount(toOBActiveOrHistoricCurrencyAndAmount3(domesticStandingOrder.getRecurringPaymentAmount())).frequency(domesticStandingOrder.getFrequency()).creditorAccount(toOBCashAccount51(domesticStandingOrder.getCreditorAccount())).reference(domesticStandingOrder.getReference());
return ResponseEntity.ok(DomesticStandingOrderPaymentConsentDetails.builder().standingOrder(standingOrder).accounts(accounts).username(username).logo(tpp.getLogo()).merchantName(domesticConsent.getPispName()).clientId(clientId).paymentReference(Optional.ofNullable(domesticConsent.getInitiation().getReference()).orElse("")).build());
}
Also used :
FRWriteDomesticStandingOrderDataInitiation(com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteDomesticStandingOrderDataInitiation)
Tpp(com.forgerock.openbanking.model.Tpp)
FRDomesticStandingOrderConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticStandingOrderConsent)
AccountWithBalance(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)
OBStandingOrder6(uk.org.openbanking.datamodel.account.OBStandingOrder6)
Example 92 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class RCSConsentDecisionApiController method decision.
/**
* @param consentDecisionSerialised
* @param ssoToken
* @return
* @throws OBErrorException
*/
@Override
public ResponseEntity decision(@RequestBody String consentDecisionSerialised, @CookieValue(value = "${am.cookie.name}") String ssoToken) throws OBErrorException {
log.debug("decisionAccountSharing() consentDecisionSerialised is {}", consentDecisionSerialised);
// Send a Consent response JWT to the initial request, which is define in the code
if (consentDecisionSerialised == null || consentDecisionSerialised.isEmpty()) {
log.debug("Consent decision is empty");
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_DECISION_EMPTY);
}
ConsentDecision consentDecision;
try {
consentDecision = objectMapper.readValue(consentDecisionSerialised, ConsentDecision.class);
} catch (IOException e) {
log.error("Remote consent decisions invalid", e);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISIONS_FORMAT, e.getMessage());
}
String consentRequestJwt = consentDecision.getConsentJwt();
if (consentRequestJwt == null || consentRequestJwt.isEmpty() || consentRequestJwt.isBlank()) {
log.error("Remote consent decisions invalid - consentRequestJwt is null ");
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISIONS_FORMAT, "consentRequestJwt was null or " + "empty");
}
try {
try {
log.debug("Received an accept consent request");
// TODO check token but ignore if it's expired
// cryptoApiClient.validateJws(consentDecision.getConsentJwt(),
// amOpenBankingConfiguration.getIssuerID(), amOpenBankingConfiguration.jwksUri);
SignedJWT consentContextJwt = (SignedJWT) JWTParser.parse(consentRequestJwt);
boolean decision = RCSConstants.Decision.ALLOW.equals(consentDecision.getDecision());
log.debug("The decision is '{}'", decision);
// here is a good time to actually save that the consent has been approved by our resource owner
Claims claims = JwsClaimsUtils.getClaims(consentContextJwt);
String intentId = claims.getIdTokenClaims().get(OpenBankingConstants.IdTokenClaim.INTENT_ID).getValue();
String csrf = consentContextJwt.getJWTClaimsSet().getStringClaim(RCSConstants.Claims.CSRF);
String clientId = consentContextJwt.getJWTClaimsSet().getStringClaim(RCSConstants.Claims.CLIENT_ID);
List<String> scopes = new ArrayList<>(consentContextJwt.getJWTClaimsSet().getJSONObjectClaim(RCSConstants.Claims.SCOPES).keySet());
String redirectUri = consentContextJwt.getJWTClaimsSet().getStringClaim(OIDCConstants.OIDCClaim.CONSENT_APPROVAL_REDIRECT_URI);
ConsentDecisionDelegate consentDecisionDelegate = intentTypeService.getConsentDecision(intentId);
if (consentDecisionDelegate == null) {
log.error("No Consent Decision Delegate available from the intent type Service.");
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID, "Invalid intent ID? '" + intentId + "'");
}
// Verify consent is own by the right TPP
String tppIdBehindConsent = consentDecisionDelegate.getTppIdBehindConsent();
Optional<Tpp> isTpp = tppStoreService.findById(tppIdBehindConsent);
if (isTpp.isEmpty()) {
log.error("The TPP '{}' that created this intent id '{}' doesn't exist anymore.", tppIdBehindConsent, intentId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, tppIdBehindConsent, intentId, clientId);
}
if (!clientId.equals(isTpp.get().getClientId())) {
log.error("The TPP '{}' created the account request '{}' but it's TPP '{}' that is trying to get" + " consent for it.", tppIdBehindConsent, intentId, clientId);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, tppIdBehindConsent, intentId, clientId);
}
// Verify consent decision is send by the same user
Map<String, String> profile = userProfileService.getProfile(ssoToken, amOpenBankingConfiguration.endpointUserProfile, amOpenBankingConfiguration.cookieName);
String username = profile.get(amOpenBankingConfiguration.userProfileId);
String userIdBehindConsent = consentDecisionDelegate.getUserIDBehindConsent();
if (!username.equals(userIdBehindConsent)) {
log.error("The consent was associated with user '{}' but now, its user '{}' that " + "send the consent decision.", userIdBehindConsent, username);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISION_INVALID_USER, userIdBehindConsent, username);
}
// Call the right decision delegate, cased on the intent type
consentDecisionDelegate.consentDecision(consentDecisionSerialised, decision);
log.debug("Redirect the resource owner to the original oauth2/openid request but this time, with the " + "consent response jwt '{}'.", consentContextJwt.toString());
String consentJwt = rcsService.generateRCSConsentResponse(rcsConfiguration, amOpenBankingConfiguration, csrf, decision, scopes, clientId);
ResponseEntity responseEntity = rcsService.sendRCSResponseToAM(ssoToken, RedirectionAction.builder().redirectUri(redirectUri).consentJwt(consentJwt).requestMethod(HttpMethod.POST).build());
log.debug("Response received from AM: {}", responseEntity);
if (responseEntity.getStatusCode() != HttpStatus.FOUND) {
log.error("When sending the consent response {} to AM, it failed to returned a 302. response '{}' ", consentJwt, responseEntity);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
} else if (locationContainsError(responseEntity.getHeaders().getLocation())) {
log.error("When sending the consent response {} to AM, it failed. response '{}' ", consentJwt, responseEntity);
return rcsErrorService.invalidConsentError(responseEntity.getHeaders().getLocation());
}
ResponseEntity rewrittenResponseEntity = null;
try {
rewrittenResponseEntity = jwtOverridingService.rewriteIdTokenFragmentInLocationHeader(responseEntity);
} catch (AccessTokenReWriteException e) {
log.info("decisionAccountSharing() Failed to re-write id_token", e);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
}
String location = rewrittenResponseEntity.getHeaders().getFirst("Location");
log.debug("The redirection to the consent page should be in the location '{}'", location);
return ResponseEntity.ok(RedirectionAction.builder().redirectUri(location).build());
} catch (JOSEException e) {
log.error("Could not generate consent context JWT", e);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_RESPONSE_FAILURE);
} catch (ParseException e) {
log.error("Could not parse the JWT", e);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_REQUEST_FORMAT);
} catch (IOException e) {
log.error("Remote consent decisions invalid", e);
throw new OBErrorException(OBRIErrorType.RCS_CONSENT_DECISIONS_FORMAT, e.getMessage());
}
} catch (OBErrorException e) {
return rcsErrorService.invalidConsentError(consentRequestJwt, e);
}
}
Also used :
Claims(com.forgerock.openbanking.model.claim.Claims)
ArrayList(java.util.ArrayList)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
IOException(java.io.IOException)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ResponseEntity(org.springframework.http.ResponseEntity)
Tpp(com.forgerock.openbanking.model.Tpp)
AccessTokenReWriteException(com.forgerock.openbanking.common.error.exception.AccessTokenReWriteException)
ConsentDecision(com.forgerock.openbanking.common.model.rcs.consentdecision.ConsentDecision)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
Example 93 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class RCSFundsConfirmationDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The payment id '{}'", consentId);
log.debug("Populate the model with the payment and consent data");
FRFundsConfirmationConsent consent = fundsConfirmationService.getConsent(consentId);
// Verify that the 'DebtorAccount' matches one of the accounts of the user and define as the selected account.
Optional<AccountWithBalance> matchingUserAccount = accountService.findAccountByIdentification(consent.getDebtorAccount().getIdentification(), accounts);
if (!matchingUserAccount.isPresent()) {
log.error("The PISP '{}' created the funds confirmation request '{}' but the debtor account: {} on the consent " + " is not one of the user's accounts: {}.", consent.getPispId(), consentId, consent.getDebtorAccount(), accounts);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_FUNDS_CONFIRMATION_REQUEST, consent.getPispId(), consentId, clientId);
}
Optional<Tpp> isTpp = tppStoreService.findById(consent.getPispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", consent.getPispId(), clientId, consentId);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, consentId);
}
Tpp tpp = isTpp.get();
// Verify the pisp is the same than the one that created this payment ^
verifyTppCreatedPayment(clientId, isTpp.get().getClientId(), consentId);
// Associate the payment to this user
consent.setUserId(username);
fundsConfirmationService.updateConsent(consent);
return ResponseEntity.ok(FundsConfirmationConsentDetails.builder().expirationDateTime(consent.getFundsConfirmationConsent().getExpirationDateTime()).accounts(Collections.singletonList(matchingUserAccount.get())).username(username).logo(tpp.getLogo()).merchantName(consent.getPispName()).clientId(clientId).build());
}
Also used :
Tpp(com.forgerock.openbanking.model.Tpp)
FRFundsConfirmationConsent(com.forgerock.openbanking.common.model.openbanking.persistence.funds.FRFundsConfirmationConsent)
AccountWithBalance(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)
Example 94 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class RCSInternationalStandingOrderPaymentDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The payment id '{}'", consentId);
log.debug("Populate the model with the payment and consent data");
FRInternationalStandingOrderConsent payment = paymentService.getPayment(consentId);
Optional<Tpp> isTpp = tppStoreService.findById(payment.getPispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", payment.getPispId(), clientId, consentId);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, consentId);
}
Tpp tpp = isTpp.get();
// Only show the debtor account if specified in consent
if (payment.getInitiation().getDebtorAccount() != null) {
Optional<AccountWithBalance> matchingUserAccount = accountService.findAccountByIdentification(payment.getInitiation().getDebtorAccount().getIdentification(), accounts);
if (!matchingUserAccount.isPresent()) {
log.error("The PISP '{}' created the payment request '{}' but the debtor account: {} on the payment consent " + " is not one of the user's accounts: {}.", payment.getPispId(), consentId, payment.getInitiation().getDebtorAccount(), accounts);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_DEBTOR_ACCOUNT_NOT_FOUND, payment.getPispId(), consentId, accounts);
}
accounts = Collections.singletonList(matchingUserAccount.get());
}
// Verify the pisp is the same than the one that created this payment ^
verifyTppCreatedPayment(clientId, isTpp.get().getClientId(), consentId);
// Associate the payment to this user
payment.setUserId(username);
paymentService.updatePayment(payment);
FRWriteInternationalStandingOrderDataInitiation initiation = payment.getInitiation();
OBStandingOrder5 standingOrder = new OBStandingOrder5().accountId(payment.getAccountId()).standingOrderId(payment.getId()).finalPaymentAmount(toAccountOBActiveOrHistoricCurrencyAndAmount(initiation.getInstructedAmount())).finalPaymentDateTime(initiation.getFinalPaymentDateTime()).firstPaymentAmount(toAccountOBActiveOrHistoricCurrencyAndAmount(initiation.getInstructedAmount())).firstPaymentDateTime(initiation.getFirstPaymentDateTime()).nextPaymentDateTime(initiation.getFirstPaymentDateTime()).nextPaymentAmount(toAccountOBActiveOrHistoricCurrencyAndAmount(initiation.getInstructedAmount())).frequency(initiation.getFrequency()).creditorAccount(toOBCashAccount5(initiation.getCreditorAccount())).reference(initiation.getReference());
return ResponseEntity.ok(InternationalStandingOrderPaymentConsentDetails.builder().standingOrder(standingOrder).accounts(accounts).logo(tpp.getLogo()).username(username).merchantName(payment.getPispName()).clientId(clientId).currencyOfTransfer(initiation.getCurrencyOfTransfer()).paymentReference(Optional.ofNullable(payment.getInitiation().getReference()).orElse("")).build());
}
Also used :
FRInternationalStandingOrderConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRInternationalStandingOrderConsent)
Tpp(com.forgerock.openbanking.model.Tpp)
FRWriteInternationalStandingOrderDataInitiation(com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteInternationalStandingOrderDataInitiation)
AccountWithBalance(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)
OBStandingOrder5(uk.org.openbanking.datamodel.account.OBStandingOrder5)
Example 95 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class RCSSinglePaymentDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The payment id '{}'", consentId);
log.debug("Populate the model with the payment and consent data");
FRPaymentSetup payment = singlePaymentService.getPayment(consentId);
Optional<Tpp> isTpp = tppStoreService.findById(payment.getPispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", payment.getPispId(), clientId, consentId);
return rcsErrorService.invalidConsentError(remoteConsentRequest, OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, consentId);
}
Tpp tpp = isTpp.get();
// Verify the pisp is the same than the one that created this payment ^
verifyTppCreatedPayment(clientId, isTpp.get().getClientId(), consentId);
// Associate the payment to this user
payment.setUserId(username);
singlePaymentService.updatePayment(payment);
return ResponseEntity.ok(SinglePaymentConsentDetails.builder().instructedAmount(toOBActiveOrHistoricCurrencyAndAmount(payment.getInitiation().getInstructedAmount())).accounts(accounts).username(username).logo(tpp.getLogo()).merchantName(payment.getPispName()).clientId(clientId).pispName(payment.getPispName()).paymentReference(Optional.ofNullable(payment.getInitiation().getRemittanceInformation()).map(FRRemittanceInformation::getReference).orElse("")).build());
}
Also used :
FRRemittanceInformation(com.forgerock.openbanking.common.model.openbanking.domain.payment.common.FRRemittanceInformation)
Tpp(com.forgerock.openbanking.model.Tpp)
FRPaymentSetup(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRPaymentSetup)
Aggregations
Tpp (com.forgerock.openbanking.model.Tpp)131
ConsentStatusEntry (com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)39
Test (org.junit.Test)28
OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)19
Before (org.junit.Before)13
SpringSecForTest (com.forgerock.openbanking.integration.test.support.SpringSecForTest)12
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12
JacksonObjectMapper (kong.unirest.JacksonObjectMapper)11
OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)9
OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)9
OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9
AccountWithBalance (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)8
URI (java.net.URI)8
FRInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRInternationalStandingOrderConsent)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)7
FRWriteInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteInternationalStandingOrderConsent)6
FRDomesticConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticConsent)6
FRDomesticScheduledConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticScheduledConsent)6
FRDomesticStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticStandingOrderConsent)6
