diff --git a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala index 49a9728c2f..96a669c463 100644 --- a/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala +++ b/obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala @@ -2727,6 +2727,23 @@ object SwaggerDefinitionsJSON { created = DateWithDayExampleObject, logo_url = Some(logoURLExample.value) ) + lazy val consumerJsonOnlyForPostResponseV510: ConsumerJsonOnlyForPostResponseV510 = ConsumerJsonOnlyForPostResponseV510( + consumer_id = consumerIdExample.value, + consumer_key = consumerKeyExample.value, + consumer_secret = consumerSecretExample.value, + app_name = appNameExample.value, + app_type = appTypeExample.value, + description = descriptionExample.value, + developer_email = emailExample.value, + company = companyExample.value, + redirect_url = redirectUrlExample.value, + certificate_pem = pem, + certificate_info = Some(certificateInfoJsonV510), + created_by_user = resourceUserJSON, + enabled = true, + created = DateWithDayExampleObject, + logo_url = Some(logoURLExample.value) + ) lazy val createConsumerRequestJsonV510 = CreateConsumerRequestJsonV510( appNameExample.value, diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala index 11b2ff93ae..9390b1dc67 100644 --- a/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala +++ b/obp-api/src/main/scala/code/api/berlin/group/v1_3/AccountInformationServiceAISApi.scala @@ -266,7 +266,7 @@ recurringIndicator: } consumerIdFromConsent = consent.mConsumerId.get consumerIdFromCurrentCall = callContext.map(_.consumer.map(_.consumerId.get).getOrElse("None")).getOrElse("None") - _ <- Helper.booleanToFuture(failMsg = s"$ConsentNotFound $consumerIdFromConsent != $consumerIdFromCurrentCall", failCode = 403, cc = cc.callContext) { + _ <- Helper.booleanToFuture(failMsg = ConsentNotFound, failCode = 403, cc = cc.callContext) { consumerIdFromConsent == consumerIdFromCurrentCall } _ <- Future(Consents.consentProvider.vend.revokeBerlinGroupConsent(consentId)) map { @@ -742,7 +742,7 @@ where the consent was directly managed between ASPSP and PSU e.g. in a re-direct } consumerIdFromConsent = consent.mConsumerId.get consumerIdFromCurrentCall = callContext.map(_.consumer.map(_.consumerId.get).getOrElse("None")).getOrElse("None") - _ <- Helper.booleanToFuture(failMsg = s"$ConsentNotFound $consumerIdFromConsent != $consumerIdFromCurrentCall", failCode = 403, cc = cc.callContext) { + _ <- Helper.booleanToFuture(failMsg = ConsentNotFound, failCode = 403, cc = cc.callContext) { consumerIdFromConsent == consumerIdFromCurrentCall } } yield { diff --git a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala index 39adbe5f8e..ec463c9729 100644 --- a/obp-api/src/main/scala/code/api/util/ConsentUtil.scala +++ b/obp-api/src/main/scala/code/api/util/ConsentUtil.scala @@ -530,25 +530,30 @@ object Consent extends MdcLoggable { } def checkFrequencyPerDay(storedConsent: consent.ConsentTrait) = { - def isSameDay(date1: Date, date2: Date): Boolean = { - val fmt = new SimpleDateFormat("yyyyMMdd") - fmt.format(date1).equals(fmt.format(date2)) - } - var usesSoFarTodayCounter = storedConsent.usesSoFarTodayCounter - storedConsent.recurringIndicator match { - case false => // The consent is for one access to the account data - if(usesSoFarTodayCounter == 0) // Maximum value is "1". - (true, 0) // All good - else - (false, 1) // Exceeded rate limit - case true => // The consent is for recurring access to the account data - if(!isSameDay(storedConsent.usesSoFarTodayCounterUpdatedAt, new Date())) { - usesSoFarTodayCounter = 0 // Reset counter - } - if(usesSoFarTodayCounter < storedConsent.frequencyPerDay) - (true, usesSoFarTodayCounter) // All good - else - (false, storedConsent.frequencyPerDay) // Exceeded rate limit + if(BerlinGroupCheck.isTppRequestsWithoutPsuInvolvement(callContext.requestHeaders)) { + def isSameDay(date1: Date, date2: Date): Boolean = { + val fmt = new SimpleDateFormat("yyyyMMdd") + fmt.format(date1).equals(fmt.format(date2)) + } + + var usesSoFarTodayCounter = storedConsent.usesSoFarTodayCounter + storedConsent.recurringIndicator match { + case false => // The consent is for one access to the account data + if (usesSoFarTodayCounter == 0) // Maximum value is "1". + (true, 0) // All good + else + (false, 1) // Exceeded rate limit + case true => // The consent is for recurring access to the account data + if (!isSameDay(storedConsent.usesSoFarTodayCounterUpdatedAt, new Date())) { + usesSoFarTodayCounter = 0 // Reset counter + } + if (usesSoFarTodayCounter < storedConsent.frequencyPerDay) + (true, usesSoFarTodayCounter) // All good + else + (false, storedConsent.frequencyPerDay) // Exceeded rate limit + } + } else { + (true, 0) // All good } } @@ -1123,9 +1128,9 @@ object Consent extends MdcLoggable { By(MappedConsent.mUserId, consent.userId), // for the same PSU By(MappedConsent.mConsumerId, consent.consumerId), // from the same TPP ).filterNot(_.consentId == consent.consentId) // Exclude current consent - .map{ c => // Set to expired - val changedStatus = c.mStatus(ConsentStatus.expired.toString).mLastActionDate(new Date()).save - if(changedStatus) logger.warn(s"|---> Changed status to ${ConsentStatus.expired.toString} for consent ID: ${c.id}") + .map{ c => // Set to terminatedByTpp + val changedStatus = c.mStatus(ConsentStatus.terminatedByTpp.toString).mLastActionDate(new Date()).save + if(changedStatus) logger.warn(s"|---> Changed status to ${ConsentStatus.terminatedByTpp.toString} for consent ID: ${c.id}") changedStatus }.forall(_ == true) } else { diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 405b7e0971..5cbe6b86b4 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -3097,7 +3097,7 @@ trait APIMethods510 { |-----END CERTIFICATE-----""".stripMargin, Some("logoUrl") ), - consumerJsonV510, + consumerJsonOnlyForPostResponseV510, List( UserNotLoggedIn, UserHasMissingRoles, @@ -3134,7 +3134,7 @@ trait APIMethods510 { callContext ) } yield { - (JSONFactory510.createConsumerJSON(consumer, None), HttpCode.`201`(callContext)) + (JSONFactory510.createConsumerJsonOnlyForPostResponseV510(consumer, None), HttpCode.`201`(callContext)) } } } diff --git a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala index 8d4980bb2a..89f750e4e8 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala @@ -458,6 +458,22 @@ case class ConsumerJsonV510(consumer_id: String, created: Date, logo_url: Option[String] ) +case class ConsumerJsonOnlyForPostResponseV510(consumer_id: String, + consumer_key: String, + consumer_secret: String, + app_name: String, + app_type: String, + description: String, + developer_email: String, + company: String, + redirect_url: String, + certificate_pem: String, + certificate_info: Option[CertificateInfoJsonV510], + created_by_user: ResourceUserJSON, + enabled: Boolean, + created: Date, + logo_url: Option[String] + ) case class ConsumersJsonV510( consumers : List[ConsumerJsonV510] @@ -1094,6 +1110,37 @@ object JSONFactory510 extends CustomJsonFormats { logo_url = if (c.logoUrl.get == null || c.logoUrl.get.isEmpty ) null else Some(c.logoUrl.get) ) } + def createConsumerJsonOnlyForPostResponseV510(c: Consumer, certificateInfo: Option[CertificateInfoJsonV510] = None): ConsumerJsonOnlyForPostResponseV510 = { + + val resourceUserJSON = Users.users.vend.getUserByUserId(c.createdByUserId.toString()) match { + case Full(resourceUser) => ResourceUserJSON( + user_id = resourceUser.userId, + email = resourceUser.emailAddress, + provider_id = resourceUser.idGivenByProvider, + provider = resourceUser.provider, + username = resourceUser.name + ) + case _ => null + } + + ConsumerJsonOnlyForPostResponseV510( + consumer_id = c.consumerId.get, + consumer_key = c.key.get, + consumer_secret = c.secret.get, + app_name = c.name.get, + app_type = c.appType.toString(), + description = c.description.get, + developer_email = c.developerEmail.get, + company = c.company.get, + redirect_url = c.redirectURL.get, + certificate_pem = c.clientCertificate.get, + certificate_info = certificateInfo, + created_by_user = resourceUserJSON, + enabled = c.isActive.get, + created = c.createdAt.get, + logo_url = if (c.logoUrl.get == null || c.logoUrl.get.isEmpty ) null else Some(c.logoUrl.get) + ) + } def createConsumersJson(consumers:List[Consumer]) = { ConsumersJsonV510(consumers.map(createConsumerJSON(_,None))) diff --git a/pom.xml b/pom.xml index b1ab5ea61f..4d96472c8b 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ 2011 2.12 - 2.12.12 + 2.12.20 2.5.32 1.8.2 3.5.0