gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] branch master updated: Use the IBAN as search key for bank ac

From: gnunet
Subject: [libeufin] branch master updated: Use the IBAN as search key for bank accounts.
Date: Wed, 29 Apr 2020 22:50:35 +0200 
This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository libeufin.

The following commit(s) were added to refs/heads/master by this push:
     new 26f719d  Use the IBAN as search key for bank accounts.
26f719d is described below

commit 26f719d5b4064e4b325a1d25b0b7d69704aa5103
Author: Marcello Stanisci <address@hidden>
AuthorDate: Wed Apr 29 22:49:51 2020 +0200

    Use the IBAN as search key for bank accounts.
---
 integration-tests/test-ebics.py                      | 11 ++++++++---
 nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt | 16 ++++++++++++++--
 nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt    | 10 ++++------
 nexus/src/test/kotlin/PainGeneration.kt              |  1 -
 util/src/main/kotlin/JSON.kt                         | 14 ++++++++++++++
 5 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/integration-tests/test-ebics.py b/integration-tests/test-ebics.py
index 695f581..e135899 100755
--- a/integration-tests/test-ebics.py
+++ b/integration-tests/test-ebics.py
@@ -121,12 +121,17 @@ assert(
 #6 Prepare a payment (via pure Nexus service)
 resp = post(
     "http://localhost:5001/users/{}/prepare-payment".format(USERNAME),
-    json=dict()
+    json=dict(
+        creditorIban="GB33BUKB20201555555555",
+        creditorBic="BUKBGB22",
+        creditorName="Oliver Smith",
+        debitorIban="FR7630006000011234567890189",
+        debitorBic="AGRIFRPP",
+        debitorName="Jacques LaFayette"
+    )
 )
 
 assert(resp.status_code == 200)
 
-
-
 #7 Execute such payment via EBICS
 #8 Request history again via EBICS
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
index 6da439f..78fb2f9 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -428,12 +428,24 @@ fun subscriberHasRights(subscriber: 
EbicsSubscriberEntity, bankAccount: BankAcco
     return row != null
 }
 
+fun getBankAccountFromIban(iban: String): BankAccountEntity {
+    return transaction {
+        BankAccountEntity.find {
+            BankAccountsTable.iban eq iban
+        }.firstOrNull() ?: throw NexusError(
+            HttpStatusCode.NotFound,
+            "Bank account with IBAN '$iban' not found"
+        )
+    }
+}
+
 /** Check if the nexus user is allowed to use the claimed bank account.  */
-fun userHasRights(subscriber: NexusUserEntity, bankAccount: 
BankAccountEntity): Boolean {
+fun userHasRights(nexusUser: NexusUserEntity, iban: String): Boolean {
     val row = transaction {
+        val bankAccount = getBankAccountFromIban(iban)
         UserToBankAccountEntity.find {
             UserToBankAccountsTable.bankAccount eq bankAccount.id and
-                    (UserToBankAccountsTable.nexusUser eq subscriber.id)
+                    (UserToBankAccountsTable.nexusUser eq nexusUser.id)
         }.firstOrNull()
     }
     return row != null
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
index 5094fab..14bd1ea 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -285,19 +285,17 @@ fun main() {
                 call.respond(ret)
                 return@get
             }
-            post("/users/{id}/accounts/prepare-payment") {
+            post("/users/{id}/prepare-payment") {
                 val nexusUser = extractNexusUser(call.parameters["id"])
+                val pain001data = call.receive<Pain001Data>()
                 transaction {
-                    val accountInfo = 
expectAcctidTransaction(call.parameters["acctid"])
-                    if (!userHasRights(nexusUser, accountInfo)) {
+                    if (!userHasRights(nexusUser, pain001data.debitorIban)) {
                         throw NexusError(
                             HttpStatusCode.BadRequest,
-                            "Claimed bank account '${accountInfo.id}' doesn't 
belong to user '${nexusUser.id.value}'!"
+                            "User ${nexusUser.id.value} can't access 
${pain001data.debitorIban}"
                         )
                     }
-
                 }
-                val pain001data = call.receive<Pain001Data>()
                 createPain001entity(pain001data, nexusUser)
                 call.respondText(
                     "Payment instructions persisted in DB",
diff --git a/nexus/src/test/kotlin/PainGeneration.kt 
b/nexus/src/test/kotlin/PainGeneration.kt
index f412db6..0a6e3e1 100644
--- a/nexus/src/test/kotlin/PainGeneration.kt
+++ b/nexus/src/test/kotlin/PainGeneration.kt
@@ -7,7 +7,6 @@ import org.jetbrains.exposed.sql.transactions.transaction
 import org.jetbrains.exposed.sql.SchemaUtils
 import org.joda.time.DateTime
 import tech.libeufin.util.Amount
-import javax.sql.rowset.serial.SerialBlob
 
 
 
diff --git a/util/src/main/kotlin/JSON.kt b/util/src/main/kotlin/JSON.kt
new file mode 100644
index 0000000..db420d8
--- /dev/null
+++ b/util/src/main/kotlin/JSON.kt
@@ -0,0 +1,14 @@
+package tech.libeufin.util
+
+/**
+ * (Very) generic information about one payment.  Can be
+ * derived from a CAMT response, or from a prepared PAIN
+ * document.
+ */
+data class RawPayment(
+    val creditorIban: String,
+    val debitorIban: String,
+    val amount: String,
+    val subject: String,
+    val date: String
+)
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]