commit 26f719d5b4064e4b325a1d25b0b7d69704aa5103
parent 13bfc9f8d8eca261e515b4004ab6f24a8b50be1e
Author: Marcello Stanisci <ms@taler.net>
Date: Wed, 29 Apr 2020 22:49:51 +0200
Use the IBAN as search key for bank accounts.
Diffstat:
5 files changed, 41 insertions(+), 12 deletions(-)
diff --git a/integration-tests/test-ebics.py b/integration-tests/test-ebics.py
@@ -121,12 +121,17 @@ assert(
#6 Prepare a payment (via pure Nexus service)
resp = post(
"http://localhost:5001/users/{}/prepare-payment".format(USERNAME),
- json=dict()
+ json=dict(
+ creditorIban="GB33BUKB20201555555555",
+ creditorBic="BUKBGB22",
+ creditorName="Oliver Smith",
+ debitorIban="FR7630006000011234567890189",
+ debitorBic="AGRIFRPP",
+ debitorName="Jacques LaFayette"
+ )
)
assert(resp.status_code == 200)
-
-
#7 Execute such payment via EBICS
#8 Request history again via EBICS
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -428,12 +428,24 @@ fun subscriberHasRights(subscriber: EbicsSubscriberEntity, bankAccount: BankAcco
return row != null
}
+fun getBankAccountFromIban(iban: String): BankAccountEntity {
+ return transaction {
+ BankAccountEntity.find {
+ BankAccountsTable.iban eq iban
+ }.firstOrNull() ?: throw NexusError(
+ HttpStatusCode.NotFound,
+ "Bank account with IBAN '$iban' not found"
+ )
+ }
+}
+
/** Check if the nexus user is allowed to use the claimed bank account. */
-fun userHasRights(subscriber: NexusUserEntity, bankAccount: BankAccountEntity): Boolean {
+fun userHasRights(nexusUser: NexusUserEntity, iban: String): Boolean {
val row = transaction {
+ val bankAccount = getBankAccountFromIban(iban)
UserToBankAccountEntity.find {
UserToBankAccountsTable.bankAccount eq bankAccount.id and
- (UserToBankAccountsTable.nexusUser eq subscriber.id)
+ (UserToBankAccountsTable.nexusUser eq nexusUser.id)
}.firstOrNull()
}
return row != null
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -285,19 +285,17 @@ fun main() {
call.respond(ret)
return@get
}
- post("/users/{id}/accounts/prepare-payment") {
+ post("/users/{id}/prepare-payment") {
val nexusUser = extractNexusUser(call.parameters["id"])
+ val pain001data = call.receive<Pain001Data>()
transaction {
- val accountInfo = expectAcctidTransaction(call.parameters["acctid"])
- if (!userHasRights(nexusUser, accountInfo)) {
+ if (!userHasRights(nexusUser, pain001data.debitorIban)) {
throw NexusError(
HttpStatusCode.BadRequest,
- "Claimed bank account '${accountInfo.id}' doesn't belong to user '${nexusUser.id.value}'!"
+ "User ${nexusUser.id.value} can't access ${pain001data.debitorIban}"
)
}
-
}
- val pain001data = call.receive<Pain001Data>()
createPain001entity(pain001data, nexusUser)
call.respondText(
"Payment instructions persisted in DB",
diff --git a/nexus/src/test/kotlin/PainGeneration.kt b/nexus/src/test/kotlin/PainGeneration.kt
@@ -7,7 +7,6 @@ import org.jetbrains.exposed.sql.transactions.transaction
import org.jetbrains.exposed.sql.SchemaUtils
import org.joda.time.DateTime
import tech.libeufin.util.Amount
-import javax.sql.rowset.serial.SerialBlob
diff --git a/util/src/main/kotlin/JSON.kt b/util/src/main/kotlin/JSON.kt
@@ -0,0 +1,14 @@
+package tech.libeufin.util
+
+/**
+ * (Very) generic information about one payment. Can be
+ * derived from a CAMT response, or from a prepared PAIN
+ * document.
+ */
+data class RawPayment(
+ val creditorIban: String,
+ val debitorIban: String,
+ val amount: String,
+ val subject: String,
+ val date: String
+)
+\ No newline at end of file
