diff --git a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala index 4a865039d9..6656a09d37 100644 --- a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala +++ b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala @@ -294,7 +294,8 @@ class Boot extends MdcLoggable { SYSTEM_READ_TRANSACTIONS_DEBITS_VIEW_ID, SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID, SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID, - SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID + SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID, + SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID ) for { systemView <- viewSetUKOpenBanking diff --git a/obp-api/src/main/scala/code/api/OAuth2.scala b/obp-api/src/main/scala/code/api/OAuth2.scala index e78befb655..0fdadbccf7 100644 --- a/obp-api/src/main/scala/code/api/OAuth2.scala +++ b/obp-api/src/main/scala/code/api/OAuth2.scala @@ -165,7 +165,7 @@ object OAuth2Login extends RestHelper with MdcLoggable { hydraAdmin.createOAuth2Client(oAuth2Client) } else if(!CertificateUtil.comparePemX509Certificates(certInConsumer, cert)) { // Cannot mat.ch the value from PSD2-CERT header and the database value Consumer.clientCertificate - logger.debug("Cert in Consumer: " + certInConsumer) + logger.debug(s"Cert in Consumer with the name ***${foundConsumer.name}*** : " + certInConsumer) logger.debug("Cert in Request: " + cert) logger.debug(s"Token: $value") logger.debug(s"Client ID: ${introspectOAuth2Token.getClientId}") diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala index 39696ca321..cfde8412ed 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala @@ -188,7 +188,9 @@ As a last option, an ASPSP might in addition accept a command with access rights callContext.flatMap(_.consumer).map(_.consumerId.get), Some(validUntil), callContext - ) + ) map { + i => connectorEmptyResponse(i, callContext) + } _ <- Future(Consents.consentProvider.vend.setJsonWebToken(createdConsent.consentId, consentJWT)) map { i => connectorEmptyResponse(i, callContext) } @@ -570,7 +572,7 @@ Reads account data from a given card account addressed by "account-id". _ <- passesPsd2Aisp(callContext) (bankAccount: BankAccount, callContext) <- NewStyle.function.getBankAccountByAccountId(accountId, callContext) (bank, callContext) <- NewStyle.function.getBank(bankAccount.bankId, callContext) - viewId = ViewId(SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID) + viewId = ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) bankIdAccountId = BankIdAccountId(bankAccount.bankId, bankAccount.accountId) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) params <- Future { createQueriesByHttpParams(callContext.get.requestHeaders)} map { diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala index 84b95f4d89..a953825243 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala @@ -568,15 +568,12 @@ Check the transaction status of a payment initiation.""", } (toAccount, callContext) <- NewStyle.function.getToBankAccountByIban(toAccountIban, callContext) - viewId = ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) + viewId = ViewId(SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID) bankIdAccountId = BankIdAccountId(fromAccount.bankId, fromAccount.accountId) view <- NewStyle.function.checkAccountAccessAndGetView(viewId, bankIdAccountId, Full(u), callContext) - - _ <- if (view.canAddTransactionRequestToAnyAccount) - Future.successful(Full(Unit)) - else - NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest) - + _ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest, cc = callContext) { + view.canAddTransactionRequestToAnyAccount + } // Prevent default value for transaction request type (at least). _ <- Helper.booleanToFuture(s"From Account Currency is ${fromAccount.currency}, but Requested Transaction Currency is: ${transDetailsJson.instructedAmount.currency}", cc = callContext) { transDetailsJson.instructedAmount.currency == fromAccount.currency diff --git a/obp-api/src/main/scala/code/api/constant/constant.scala b/obp-api/src/main/scala/code/api/constant/constant.scala index f18b76a2c0..b5f73bdfea 100644 --- a/obp-api/src/main/scala/code/api/constant/constant.scala +++ b/obp-api/src/main/scala/code/api/constant/constant.scala @@ -60,6 +60,7 @@ object Constant extends MdcLoggable { final val SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID = "ReadAccountsBerlinGroup" final val SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID = "ReadBalancesBerlinGroup" final val SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID = "ReadTransactionsBerlinGroup" + final val SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID = "InitiatePaymentsBerlinGroup" //This is used for the canRevokeAccessToViews_ and canGrantAccessToViews_ fields of SYSTEM_OWNER_VIEW_ID or SYSTEM_STANDARD_VIEW_ID. final val DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS = @@ -78,7 +79,8 @@ object Constant extends MdcLoggable { SYSTEM_READ_TRANSACTIONS_DETAIL_VIEW_ID:: SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID:: SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID:: - SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID :: Nil + SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID :: + SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID :: Nil //We allow CBS side to generate views by getBankAccountsForUser.viewsToGenerate filed. // viewsToGenerate can be any views, and OBP will check the following list, to make sure only allowed views are generated @@ -92,7 +94,8 @@ object Constant extends MdcLoggable { SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID:: SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID:: SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID:: - SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID :: Nil + SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID :: + SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID :: Nil //These are the default incoming and outgoing account ids. we will create both during the boot.scala. final val INCOMING_SETTLEMENT_ACCOUNT_ID = "OBP-INCOMING-SETTLEMENT-ACCOUNT" diff --git a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala index 73e20cfd4a..3b89e9da73 100644 --- a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala +++ b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala @@ -669,7 +669,7 @@ object Consent extends MdcLoggable { consentId: String, consumerId: Option[String], validUntil: Option[Date], - callContext: Option[CallContext]): Future[String] = { + callContext: Option[CallContext]): Future[Box[String]] = { val currentTimeInSeconds = System.currentTimeMillis / 1000 val validUntilTimeInSeconds = validUntil match { @@ -731,10 +731,14 @@ object Consent extends MdcLoggable { views = views, access = Some(consent.access) ) - implicit val formats = CustomJsonFormats.formats - val jwtPayloadAsJson = compactRender(Extraction.decompose(json)) - val jwtClaims: JWTClaimsSet = JWTClaimsSet.parse(jwtPayloadAsJson) - CertificateUtil.jwtWithHmacProtection(jwtClaims, secret) + if(views.isEmpty) { + Empty + } else { + implicit val formats = CustomJsonFormats.formats + val jwtPayloadAsJson = compactRender(Extraction.decompose(json)) + val jwtClaims: JWTClaimsSet = JWTClaimsSet.parse(jwtPayloadAsJson) + Full(CertificateUtil.jwtWithHmacProtection(jwtClaims, secret)) + } } } diff --git a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala index f8f813a57d..7d91435f5f 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala @@ -309,8 +309,8 @@ case class AccountsBalancesJsonV400(accounts:List[AccountBalanceJsonV400]) case class BalanceJsonV400(`type`: String, currency: String, amount: String) case class AccountBalanceJsonV400( - account_id: String, bank_id: String, + account_id: String, account_routings: List[AccountRouting], label: String, balances: List[BalanceJsonV400] diff --git a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala index 5b34388171..022cfc9100 100644 --- a/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala +++ b/obp-api/src/main/scala/code/api/v5_0_0/APIMethods500.scala @@ -945,6 +945,8 @@ trait APIMethods500 { //Here are all the VRP consent request (bankId, accountId, viewId, counterpartyId) <- if (isVRPConsentRequest) { val postConsentRequestJsonV510 = json.parse(createdConsentRequest.payload).extract[code.api.v5_1_0.PostVRPConsentRequestJsonV510] + + // TODO Add routing scheme as well. In case IBAN is provided this will not work. val fromBankIdAccountId = BankIdAccountId(BankId(postConsentRequestJsonV510.from_account.bank_routing.address), AccountId(postConsentRequestJsonV510.from_account.account_routing.address)) val vrpViewId = s"_VRP-${UUID.randomUUID.toString}".dropRight(5)// to make sure the length of the viewId is 36. diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala index 7ba6d8b5d0..c5a4bf58a9 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala @@ -1111,6 +1111,7 @@ def restoreSomeSessions(): Unit = { } def isObpProvider(user: AuthUser) = { + // TODO Consider does http://host should match https://host in development mode user.getProvider() == Constant.localIdentityProvider } diff --git a/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala b/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala index d5760d2c94..7ec94f219c 100644 --- a/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala +++ b/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala @@ -411,10 +411,27 @@ trait OBPDataImport extends MdcLoggable { val readAccountsBerlinGroupView = Views.views.vend.getOrCreateSystemView(SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID).asInstanceOf[Box[ViewType]] val readBalancesBerlinGroupView = Views.views.vend.getOrCreateSystemView(SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID).asInstanceOf[Box[ViewType]] val readTransactionsBerlinGroupView = Views.views.vend.getOrCreateSystemView(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID).asInstanceOf[Box[ViewType]] - - - - List(accountFirehose, ownerView, accountantsView, auditorsView, publicView, readAccountsBasicView, readAccountsDetailView, readBalancesView, readTransactionsBasicView, readTransactionsDebitsView, readTransactionsDetailView, readAccountsBerlinGroupView, readBalancesBerlinGroupView, readTransactionsBerlinGroupView).flatten + val initiatePaymentsBerlinGroupView = Views.views.vend.getOrCreateSystemView(SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID).asInstanceOf[Box[ViewType]] + + + + List( + accountFirehose, + ownerView, + accountantsView, + auditorsView, + publicView, + readAccountsBasicView, + readAccountsDetailView, + readBalancesView, + readTransactionsBasicView, + readTransactionsDebitsView, + readTransactionsDetailView, + readAccountsBerlinGroupView, + readBalancesBerlinGroupView, + readTransactionsBerlinGroupView, + initiatePaymentsBerlinGroupView + ).flatten } diff --git a/obp-api/src/main/scala/code/views/MapperViews.scala b/obp-api/src/main/scala/code/views/MapperViews.scala index aedb244391..c28a5063e0 100644 --- a/obp-api/src/main/scala/code/views/MapperViews.scala +++ b/obp-api/src/main/scala/code/views/MapperViews.scala @@ -903,9 +903,12 @@ object MapperViews extends Views with MdcLoggable { .canSeeOtherBankRoutingAddress_(true) .canSeeOtherAccountRoutingScheme_(true) .canSeeOtherAccountRoutingAddress_(true) + + // TODO Allow use only for certain cases .canAddTransactionRequestToOwnAccount_(true) //added following two for payments .canAddTransactionRequestToAnyAccount_(true) .canAddTransactionRequestToBeneficiary_(true) + .canSeeAvailableViewsForBankAccount_(false) .canSeeTransactionRequests_(false) .canSeeTransactionRequestTypes_(false) @@ -921,7 +924,7 @@ object MapperViews extends Views with MdcLoggable { viewId match { case SYSTEM_OWNER_VIEW_ID | SYSTEM_STANDARD_VIEW_ID => - entity + entity // Make additional setup to the existing view .canSeeAvailableViewsForBankAccount_(true) .canSeeTransactionRequests_(true) .canSeeTransactionRequestTypes_(true) @@ -931,12 +934,12 @@ object MapperViews extends Views with MdcLoggable { .canGrantAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) .canRevokeAccessToViews_(DEFAULT_CAN_GRANT_AND_REVOKE_ACCESS_TO_VIEWS.mkString(",")) case SYSTEM_STAGE_ONE_VIEW_ID => - entity + entity // Make additional setup to the existing view .canSeeTransactionDescription_(false) .canAddTransactionRequestToAnyAccount_(false) .canAddTransactionRequestToBeneficiary_(false) case SYSTEM_MANAGE_CUSTOM_VIEWS_VIEW_ID => - entity + entity // Make additional setup to the existing view .canRevokeAccessToCustomViews_(true) .canGrantAccessToCustomViews_(true) .canCreateCustomView_(true) @@ -944,8 +947,40 @@ object MapperViews extends Views with MdcLoggable { .canUpdateCustomView_(true) .canGetCustomView_(true) case SYSTEM_FIREHOSE_VIEW_ID => - entity + entity // Make additional setup to the existing view .isFirehose_(true) + case SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID | + SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID => + create // A new one + .isSystem_(true) + .isFirehose_(false) + .name_(StringHelpers.capify(viewId)) + .view_id(viewId) + .description_(viewId) + case SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID => + create // A new one + .isSystem_(true) + .isFirehose_(false) + .name_(StringHelpers.capify(viewId)) + .view_id(viewId) + .description_(viewId) + .canSeeTransactionThisBankAccount_(true) + .canSeeTransactionOtherBankAccount_(true) + .canSeeTransactionAmount_(true) + .canSeeTransactionCurrency_(true) + .canSeeTransactionBalance_(true) + .canSeeTransactionStartDate_(true) + .canSeeTransactionFinishDate_(true) + .canSeeTransactionDescription_(true) + case SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID => + create // A new one + .isSystem_(true) + .isFirehose_(false) + .name_(StringHelpers.capify(viewId)) + .view_id(viewId) + .description_(viewId) + .canAddTransactionRequestToAnyAccount_(true) + .canAddTransactionRequestToBeneficiary_(true) case _ => entity } diff --git a/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala b/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala index 845f6c6e2a..30a06c382a 100644 --- a/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala +++ b/obp-api/src/test/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApiTest.scala @@ -1,7 +1,7 @@ package code.api.berlin.group.v1_3 import code.api.Constant -import code.api.Constant.SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID +import code.api.Constant.{SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID} import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3._ import code.api.builder.AccountInformationServiceAISApi.APIMethods_AccountInformationServiceAISApi import code.api.util.APIUtil @@ -212,7 +212,7 @@ class AccountInformationServiceAISApiTest extends BerlinGroupServerSetupV1_3 wit testAccountId.value, resourceUser1.userId, user1, - PostViewJsonV400(view_id = SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID, is_system = true) + PostViewJsonV400(view_id = SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID, is_system = true) ) val requestGet = (V1_3_BG / "card-accounts" / testAccountId.value / "transactions").GET <@ (user1) diff --git a/obp-api/src/test/scala/code/api/berlin/group/v1_3/BerlinGroupServerSetupV1_3.scala b/obp-api/src/test/scala/code/api/berlin/group/v1_3/BerlinGroupServerSetupV1_3.scala index 27e56a94fe..5963e41a8c 100644 --- a/obp-api/src/test/scala/code/api/berlin/group/v1_3/BerlinGroupServerSetupV1_3.scala +++ b/obp-api/src/test/scala/code/api/berlin/group/v1_3/BerlinGroupServerSetupV1_3.scala @@ -23,6 +23,7 @@ trait BerlinGroupServerSetupV1_3 extends ServerSetupWithTestData { Views.views.vend.getOrCreateSystemView(SYSTEM_READ_ACCOUNTS_BERLIN_GROUP_VIEW_ID) Views.views.vend.getOrCreateSystemView(Constant.SYSTEM_READ_BALANCES_BERLIN_GROUP_VIEW_ID) Views.views.vend.getOrCreateSystemView(Constant.SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID) + Views.views.vend.getOrCreateSystemView(Constant.SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID) } def grantUserAccessToViewViaEndpoint(bankId: String, diff --git a/obp-api/src/test/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApiTest.scala b/obp-api/src/test/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApiTest.scala index 4114ef160a..277b9e7426 100644 --- a/obp-api/src/test/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApiTest.scala +++ b/obp-api/src/test/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApiTest.scala @@ -2,7 +2,7 @@ package code.api.berlin.group.v1_3 import code.api.BerlinGroup.ScaStatus import code.api.Constant -import code.api.Constant.SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID +import code.api.Constant.{SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID, SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID} import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{CancellationJsonV13, InitiatePaymentResponseJson, StartPaymentAuthorisationJson} import code.api.berlin.group.v1_3.model.{PsuData, ScaStatusResponse, UpdatePsuAuthenticationResponse} import code.api.berlin.group.v1_3.JSONFactory_BERLIN_GROUP_1_3.{CancellationJsonV13, ErrorMessagesBG, InitiatePaymentResponseJson, StartPaymentAuthorisationJson} @@ -206,7 +206,8 @@ class PaymentInitiationServicePISApiTest extends BerlinGroupServerSetupV1_3 with } private def grantAccountAccess(acountRoutingIbanFrom: BankAccountRouting) = { - Views.views.vend.systemView(ViewId(SYSTEM_READ_TRANSACTIONS_BERLIN_GROUP_VIEW_ID)).flatMap(view => + org.scalameta.logger.elem(Views.views.vend.systemView(ViewId(SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID))) + Views.views.vend.systemView(ViewId(SYSTEM_INITIATE_PAYMENTS_BERLIN_GROUP_VIEW_ID)).flatMap(view => // Grant account access Views.views.vend.grantAccessToSystemView(acountRoutingIbanFrom.bankId, acountRoutingIbanFrom.accountId,