Merge pull request #467 from OpenBankingToolkit/feature/36-variable-r…

…ecurring-payments-for-3-1-8-jamie 36: Add filters to test vrp Payments risk and initiation
OpenBankingToolkit · Dec 9, 2021 · 742e63b · 742e63b
2 parents 1d83155 + ca0b17e
commit 742e63b
Show file tree

Hide file tree

Showing 7 changed files with 186 additions and 10 deletions.
diff --git a/forgerock-openbanking-uk-aspsp-common/pom.xml b/forgerock-openbanking-uk-aspsp-common/pom.xml
@@ -182,6 +182,18 @@
 
     <build>
         <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.2.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>pl.project13.maven</groupId>
                 <artifactId>git-commit-id-plugin</artifactId>

diff --git a/.../com/forgerock/openbanking/aspsp/rs/api/payment/v3_1_8/vrp/DomesticVrpsApiController.java b/.../com/forgerock/openbanking/aspsp/rs/api/payment/v3_1_8/vrp/DomesticVrpsApiController.java
@@ -32,12 +32,11 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import uk.org.openbanking.datamodel.vrp.OBDomesticVRPConsentResponse;
-import uk.org.openbanking.datamodel.vrp.OBDomesticVRPDetails;
-import uk.org.openbanking.datamodel.vrp.OBDomesticVRPRequest;
-import uk.org.openbanking.datamodel.vrp.OBDomesticVRPResponse;
+import uk.org.openbanking.datamodel.vrp.*;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
 import java.security.Principal;
 import java.util.Collections;
 
@@ -106,21 +105,24 @@ public ResponseEntity<OBDomesticVRPResponse> domesticVrpPost(
             HttpServletRequest request, Principal principal
     ) throws OBErrorResponseException {
         log.debug("domesticVrpPost() Recieved OBDomesticVrpRequest {}", obDomesticVRPRequest);
-
+        @NotNull @Valid OBDomesticVRPInitiation initiation = obDomesticVRPRequest.getData().getInitiation();
         String consentId = obDomesticVRPRequest.getData().getConsentId();
         log.debug("domesticVrpPost() consentId is {}", consentId);
-        // Need a payment service that gets 'payments' from the rs-store. Payments are actually consents poorly named
+        // Need a consent service that gets 'payments' from the rs-store. Payments are actually consents poorly named
         // :-( -> technical debt
         // TODO Change payments services to consent services?
-        FRDomesticVRPConsent payment = vrpPaymentConsentService.getVrpPayment(consentId);
+        FRDomesticVRPConsent consent = vrpPaymentConsentService.getVrpPayment(consentId);
 
         DomesticVrpPaymentsEndpointWrapper vrpPaymentsEndpointWrapper = rsEndpointWrapperService.vrpPaymentEndpoint();
         vrpPaymentsEndpointWrapper.authorization(authorization);
         vrpPaymentsEndpointWrapper.xFapiFinancialId(rsEndpointWrapperService.getRsConfiguration().financialId);
         vrpPaymentsEndpointWrapper.principal(principal);
+        vrpPaymentsEndpointWrapper.payment(consent);
         vrpPaymentsEndpointWrapper.filters(f -> {
             f.verifyJwsDetachedSignature(xJwsSignature, request);
             f.validateRisk(obDomesticVRPRequest.getRisk());
+            f.checkRequestAndConsentInitiationMatch(initiation, consent);
+            f.checkRequestAndConsentRiskMatch(obDomesticVRPRequest, consent);
         });
         ResponseEntity responseEntity =  vrpPaymentsEndpointWrapper.execute((String tppId) -> {
             HttpHeaders additionalHeaders = new HttpHeaders();

diff --git a/...forgerock/openbanking/aspsp/rs/wrappper/endpoints/DomesticVrpPaymentsEndpointWrapper.java b/...forgerock/openbanking/aspsp/rs/wrappper/endpoints/DomesticVrpPaymentsEndpointWrapper.java
@@ -24,18 +24,24 @@
 import com.forgerock.openbanking.aspsp.rs.api.payment.verifier.OBRisk1Validator;
 import com.forgerock.openbanking.aspsp.rs.wrappper.RSEndpointWrapperService;
 import com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent;
+import com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRWriteDomesticVRPDataInitiation;
 import com.forgerock.openbanking.common.services.store.tpp.TppStoreService;
 import com.forgerock.openbanking.constants.OIDCConstants;
 import com.forgerock.openbanking.constants.OpenBankingConstants;
 import com.forgerock.openbanking.exceptions.OBErrorException;
+import com.forgerock.openbanking.model.error.OBRIErrorType;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
 import uk.org.openbanking.datamodel.payment.OBRisk1;
+import uk.org.openbanking.datamodel.vrp.OBDomesticVRPInitiation;
+import uk.org.openbanking.datamodel.vrp.OBDomesticVRPRequest;
 
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 
+import static com.forgerock.openbanking.common.services.openbanking.converter.vrp.FRDomesticVRPConsentConverter.toOBDomesticVRPInitiation;
+import static com.forgerock.openbanking.common.services.openbanking.converter.vrp.FRDomesticVRPConsentConverter.toOBRisk1;
+
 @Slf4j
 public class DomesticVrpPaymentsEndpointWrapper extends RSEndpointWrapper<DomesticVrpPaymentsEndpointWrapper, DomesticVrpPaymentsEndpointWrapper.DomesticVrpPaymentRestEndpointContent> {
 
@@ -89,6 +95,24 @@ public void validateRisk(OBRisk1 risk) throws OBErrorException {
         }
     }
 
+    public void checkRequestAndConsentInitiationMatch(OBDomesticVRPInitiation requestInitiation, FRDomesticVRPConsent consent)
+            throws OBErrorException {
+        FRWriteDomesticVRPDataInitiation consentFRInitiation = consent.getInitiation();
+        OBDomesticVRPInitiation consentOBInitiation = toOBDomesticVRPInitiation(consentFRInitiation);
+        if(!consentOBInitiation.equals(requestInitiation)){
+            throw new OBErrorException(OBRIErrorType.REQUEST_VRP_INITIATION_DOESNT_MATCH_CONSENT);
+        }
+    }
+
+    public void checkRequestAndConsentRiskMatch(OBDomesticVRPRequest request, FRDomesticVRPConsent frConsent)
+            throws OBErrorException {
+        OBRisk1 requestRisk = request.getRisk();
+        OBRisk1 consentRisk = toOBRisk1(frConsent.getRisk());
+        if(!requestRisk.equals(consentRisk)){
+            throw new OBErrorException(OBRIErrorType.REQUEST_VRP_RISK_DOESNT_MATCH_CONSENT);
+        }
+    }
+
     public interface DomesticVrpPaymentRestEndpointContent {
         ResponseEntity run(String tppId) throws OBErrorException;
     }

diff --git a/...erock/openbanking/aspsp/rs/wrappper/endpoints/DomesticVrpPaymentsEndpointWrapperTest.java b/...erock/openbanking/aspsp/rs/wrappper/endpoints/DomesticVrpPaymentsEndpointWrapperTest.java
@@ -0,0 +1,134 @@
+/**
+ * Copyright 2019 ForgeRock AS.
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.forgerock.openbanking.aspsp.rs.wrappper.endpoints;
+
+import com.forgerock.openbanking.aspsp.rs.api.payment.verifier.OBRisk1Validator;
+import com.forgerock.openbanking.aspsp.rs.wrappper.RSEndpointWrapperService;
+import com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent;
+import com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRWriteDomesticVRPDataInitiation;
+import com.forgerock.openbanking.common.services.openbanking.converter.vrp.FRDomesticVRPConverters;
+import com.forgerock.openbanking.common.services.store.tpp.TppStoreService;
+import com.forgerock.openbanking.exceptions.OBErrorException;
+import com.forgerock.openbanking.integration.test.support.FRVrpTestDataFactory;
+import com.forgerock.openbanking.model.error.OBRIErrorType;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import uk.org.openbanking.datamodel.vrp.OBDomesticVRPInitiation;
+import uk.org.openbanking.datamodel.vrp.OBDomesticVRPRequest;
+import uk.org.openbanking.testsupport.vrp.OBDomesticVRPCommonTestDataFactory;
+import uk.org.openbanking.testsupport.vrp.OBDomesticVRPRequestTestDataFactory;
+
+import static com.forgerock.openbanking.common.services.openbanking.converter.vrp.FRDomesticVRPConsentConverter.toOBRisk1;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.assertj.core.api.AssertionsForClassTypes.catchThrowableOfType;
+
+@RunWith(MockitoJUnitRunner.class)
+public class DomesticVrpPaymentsEndpointWrapperTest {
+
+    @Mock
+    RSEndpointWrapperService endpointWrapperService;
+
+    @Mock
+    TppStoreService tppStoreService;
+
+    @Mock
+    OBRisk1Validator riskValidator;
+
+    @Test
+    public void success_validateRisk() throws OBErrorException {
+        // Given
+        DomesticVrpPaymentsEndpointWrapper domesticVrpPaymentsEndpointWrapper =
+                new DomesticVrpPaymentsEndpointWrapper(endpointWrapperService, tppStoreService, riskValidator);
+        OBDomesticVRPRequest vrpRequest = OBDomesticVRPRequestTestDataFactory.aValidOBDomesticVRPRequest();
+        FRDomesticVRPConsent vrpConsent = FRVrpTestDataFactory.aValidFRDomesticVRPConsent();
+        vrpRequest.setRisk(toOBRisk1(vrpConsent.getRisk()));
+
+        // When
+        domesticVrpPaymentsEndpointWrapper.checkRequestAndConsentRiskMatch(vrpRequest, vrpConsent);
+
+        // Then
+        // If no exception then we're good
+    }
+
+    @Test
+    public void fail_validateRisk() throws OBErrorException {
+        // Given
+        DomesticVrpPaymentsEndpointWrapper domesticVrpPaymentsEndpointWrapper =
+                new DomesticVrpPaymentsEndpointWrapper(endpointWrapperService, tppStoreService, riskValidator);
+        OBDomesticVRPRequest vrpRequest = OBDomesticVRPRequestTestDataFactory.aValidOBDomesticVRPRequest();
+        FRDomesticVRPConsent vrpConsent = FRVrpTestDataFactory.aValidFRDomesticVRPConsent();
+        vrpRequest.setRisk(toOBRisk1(vrpConsent.getRisk()));
+        vrpRequest.getRisk().setMerchantCategoryCode("mismatched Merchange Category Code");
+
+        // When
+        OBErrorException exception =
+                catchThrowableOfType(() ->
+                        domesticVrpPaymentsEndpointWrapper.checkRequestAndConsentRiskMatch(vrpRequest, vrpConsent),
+                        OBErrorException.class);
+
+        // Then
+        assertThat(exception.getObriErrorType()).isEqualTo(OBRIErrorType.REQUEST_VRP_RISK_DOESNT_MATCH_CONSENT);
+    }
+
+    @Test
+    public void success_checkRequestAndConsentInitiationMatch() throws OBErrorException {
+        // Given
+        DomesticVrpPaymentsEndpointWrapper domesticVrpPaymentsEndpointWrapper =
+                new DomesticVrpPaymentsEndpointWrapper(endpointWrapperService, tppStoreService, riskValidator);
+        OBDomesticVRPInitiation requestInitiation = OBDomesticVRPCommonTestDataFactory.aValidOBDomesticVRPInitiation();
+        FRDomesticVRPConsent frConsent = FRVrpTestDataFactory.aValidFRDomesticVRPConsent();
+        FRWriteDomesticVRPDataInitiation matchingInitiation =
+                (FRWriteDomesticVRPDataInitiation) FRDomesticVRPConverters.toFRDomesticVRPInitiation(requestInitiation);
+        frConsent.getVrpDetails().getData().setInitiation(matchingInitiation);
+
+        // When
+        domesticVrpPaymentsEndpointWrapper.checkRequestAndConsentInitiationMatch(requestInitiation, frConsent);
+
+        // Then
+        // If no exception then we're good!
+    }
+
+    @Test
+    public void fail_checkRequestAndConsentInitiationMatch() throws OBErrorException {
+        // Given
+        DomesticVrpPaymentsEndpointWrapper domesticVrpPaymentsEndpointWrapper =
+                new DomesticVrpPaymentsEndpointWrapper(endpointWrapperService, tppStoreService,
+                        riskValidator);
+          // Create the request data
+        OBDomesticVRPInitiation requestInitiation = OBDomesticVRPCommonTestDataFactory.aValidOBDomesticVRPInitiation();
+          // Create an FR Consent with slightly differing initiation data
+        FRDomesticVRPConsent frConsent = FRVrpTestDataFactory.aValidFRDomesticVRPConsent();
+        FRWriteDomesticVRPDataInitiation differentInitiationData =
+                (FRWriteDomesticVRPDataInitiation) FRDomesticVRPConverters.toFRDomesticVRPInitiation(requestInitiation);
+        differentInitiationData.getDebtorAccount().setIdentification("mismatched identification");
+        frConsent.getVrpDetails().getData().setInitiation(differentInitiationData);
+
+        // When
+        OBErrorException exception =
+                catchThrowableOfType(() -> domesticVrpPaymentsEndpointWrapper.checkRequestAndConsentInitiationMatch(
+                        requestInitiation, frConsent), OBErrorException.class);
+
+        // Then
+        assertThat(exception.getObriErrorType()).isEqualTo(OBRIErrorType.REQUEST_VRP_INITIATION_DOESNT_MATCH_CONSENT);
+    }
+}
diff --git a/integration-test-support/pom.xml b/integration-test-support/pom.xml
@@ -120,6 +120,10 @@
             <groupId>com.forgerock.spring.security</groupId>
             <artifactId>spring-security-multi-auth-starter</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.github.jsonzou</groupId>
+            <artifactId>jmockdata</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
diff --git a/...ce/vrp/testdata/FRVrpTestDataFactory.java → ...on/test/support/FRVrpTestDataFactory.java b/...ce/vrp/testdata/FRVrpTestDataFactory.java → ...on/test/support/FRVrpTestDataFactory.java
@@ -18,7 +18,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package com.forgerock.openbanking.common.model.openbanking.persistence.vrp.testdata;
+package com.forgerock.openbanking.integration.test.support;
 
 import com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent;
 import com.github.jsonzou.jmockdata.JMockData;

diff --git a/pom.xml b/pom.xml
@@ -44,7 +44,7 @@
     <url>http://www.forgerock.org</url>
 
     <properties>
-        <ob-common.version>1.2.15-SNAPSHOT</ob-common.version>
+        <ob-common.version>1.2.16-SNAPSHOT</ob-common.version>
         <ob-clients.version>1.2.14</ob-clients.version>
         <ob-jwkms.version>1.2.13</ob-jwkms.version>
         <ob-auth.version>1.1.13</ob-auth.version>