Merge pull request #2486 from constantine2nd/develop

Berlin Group Consent Flow
OpenBankProject · Feb 3, 2025 · 8fbd566 · 8fbd566
2 parents 90751cd + 6e0dcdd
commit 8fbd566
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala b/obp-api/src/main/scala/code/api/berlin/group/v1_3/JSONFactory_BERLIN_GROUP_1_3.scala
@@ -529,13 +529,18 @@ object JSONFactory_BERLIN_GROUP_1_3 extends CustomJsonFormats {
 
     getPropsValue("psu_authentication_method") match {
       case Full("redirection") =>
-        val scaRedirectUrl = getPropsValue("psu_authentication_method_sca_redirect_url")
+        val scaRedirectUrlPattern = getPropsValue("psu_authentication_method_sca_redirect_url")
           .openOr(MissingPropsValueAtThisInstance + "psu_authentication_method_sca_redirect_url")
+        val scaRedirectUrl =
+          if(scaRedirectUrlPattern.contains("PLACEHOLDER"))
+            scaRedirectUrlPattern.replace("PLACEHOLDER", consent.consentId)
+          else
+            s"$scaRedirectUrlPattern/${consent.consentId}"
         PostConsentResponseJson(
           consentId = consent.consentId,
           consentStatus = consent.status.toLowerCase(),
           _links = ConsentLinksV13(
-            scaRedirect = Some(Href(s"$scaRedirectUrl/${consent.consentId}")),
+            scaRedirect = Some(Href(s"$scaRedirectUrl")),
             status = Some(Href(s"/v1.3/consents/${consent.consentId}/status")),
             scaStatus = Some(Href(s"/v1.3/consents/${consent.consentId}/authorisations/AUTHORISATIONID")),
           )

diff --git a/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala b/obp-api/src/main/scala/code/snippet/BerlinGroupConsent.scala
@@ -48,12 +48,13 @@ import scala.collection.immutable
 class BerlinGroupConsent extends MdcLoggable with RestHelper with APIMethods510 with APIMethods500 with APIMethods310 {
   protected implicit override def formats: Formats = CustomJsonFormats.formats
 
-  private object otpValue extends RequestVar("123456")
+  private object otpValue extends SessionVar("123")
   private object redirectUriValue extends SessionVar("")
 
   def confirmBerlinGroupConsentRequest: CssSel = {
     callGetConsentByConsentId() match {
       case Full(consent) =>
+        otpValue.set(consent.challenge)
         val json: GetConsentResponseJson = createGetConsentResponseJson(consent)
         val consumer = Consumers.consumers.vend.getConsumerByConsumerId(consent.consumerId)
         val consentJwt: Box[ConsentJWT] = JwtUtil.getSignedPayloadAsJson(consent.jsonWebToken).map(parse(_)
@@ -117,15 +118,20 @@ class BerlinGroupConsent extends MdcLoggable with RestHelper with APIMethods510
   }
   private def confirmConsentRequestProcessSca() = {
     val consentId = ObpS.param("CONSENT_ID") openOr ("")
-    Consents.consentProvider.vend.updateConsentStatus(consentId, ConsentStatus.valid)
-    S.redirectTo(
-      s"$redirectUriValue?CONSENT_ID=${consentId}"
-    )
+    Consents.consentProvider.vend.getConsentByConsentId(consentId) match {
+      case Full(consent) if otpValue.is == consent.challenge =>
+        Consents.consentProvider.vend.updateConsentStatus(consentId, ConsentStatus.valid)
+        S.redirectTo(
+          s"$redirectUriValue?CONSENT_ID=${consentId}"
+        )
+      case _ =>
+        S.error("Wrong OTP value")
+    }
   }
 
 
   def confirmBgConsentRequest: CssSel = {
-    "#otp-value" #> SHtml.textElem(otpValue) &
+    "#otp-value" #> SHtml.text(otpValue, otpValue(_)) &
       "type=submit" #> SHtml.onSubmitUnit(confirmConsentRequestProcessSca)
   }