Merge branch 'release-5.12'

Author: clovisgakam

.env

@@ -1,6 +1,6 @@
 QWAC_CERTIFICATE_MOCK=-----BEGIN CERTIFICATE-----MIIFNjCCAx6gAwIBAgIERd3y8TANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQkFWQVJJQTESMBAGA1UEBwwJTnVyZW1iZXJnMSIwIAYDVQQKDBlUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyIEFHMR8wHQYDVQQLDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MB4XDTIwMDMwNTEzMzk1MFoXDTMwMDMwMzAwMDAwMFowgcExITAfBgNVBAoMGEZpY3Rpb25hbCBDb3Jwb3JhdGlvbiBBRzElMCMGCgmSJomT8ixkARkWFXB1YmxpYy5jb3Jwb3JhdGlvbi5kZTEfMB0GA1UECwwWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEQMA4GA1UEBhMHR2VybWFueTEPMA0GA1UECAwGQmF5ZXJuMRIwEAYDVQQHDAlOdXJlbWJlcmcxHTAbBgNVBGEMFFBTRERFLUZBS0VOQ0EtODdCMkFDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHAdLWn7pEAlD5daEjKv7hE4FW+vMJRrA/Bw2M/Zsu8VFfW1ARmbTgTy7rGLFBK/Y2SToEj60+5GEkCgCvi+vI/Bdykk8XqjpVsJjTW67np1b2Av8F61zvCnn2UOxBtXBHCzR1j2yz2om1IMYieGu/cDTWLNkbuoGSnj0dq4CbHp2f8ch++goffqLRXr642j8cVlqZYsapB8y+Z8IydbtNBd/XAmRTAprmdRv9B4PC7P+lIYX8QbXw77f+9/2Kty7oVHtjle+GnTR8wH5nCiMQsA9V564/34lKwuEkzuryV1HzitQ/X7FSZoiSQRTxbxjVO+xdzI3hjF2FZjVvkqywIDAQABo34wfDB6BggrBgEFBQcBAwRuMGwGBgQAgZgnAjBiMDkwEQYHBACBmCcBAwwGUFNQX0FJMBEGBwQAgZgnAQIMBlBTUF9QSTARBgcEAIGYJwEEDAZQU1BfSUMMGVRydXN0IFNlcnZpY2UgUHJvdmlkZXIgQUcMCkRFLUZBS0VOQ0EwDQYJKoZIhvcNAQELBQADggIBACKUQc3O3TOFG8tWk4sQd3f9SGlOcBOMekSXCxRgskcYkjhWW4+EN1FYzlGuXPfq1yngKaM3ss9yCDVep0MFa4hDJ/hzSSD5upExzwWDkUa97AHCjZd39W6kLaCMAc5vTbR9r7zBvMKBcAmhZ9mWCvrvbHUOURv5yBfrrEk4AM1Vakf5l+fWP4JhA779+7JlwpQRpy5dgqROwKQ2L634d2osgXUV4CkqhSUQ5LcYI4uBFyKnM0pyGaNYdKhBC95J0y5GYa7NpKJNZXf+clTbe33gCt2SFSOMa7CV5NYpnohS201uNd/ffWLzGtFBnHLNpX8qTfFc16mtIcJo6Iiof2CYgfYAyJByBC1gZHf1wAtfQzAn6JcEaJzmehXKKl9x7X62aaGan7l+MblUT65Gd+Yed+rXLF6svefbrcIbZwt/W+v1fbfnip9QEFPV3VLjg0vk9Y30ftZCcFRSHLD3mdxcVEtmVxDDxyzDUwXF7J/mi4RQhZBb3OtwwEIWC2zUaycNMZWJRI+RqfLvanlDFFMoYeSZKTFf8jS/PPcfpKOAiTGu21iuuv+gYxh/rgjW419w26ya+Q3jabaz3E9Im/opSU5sQ9W92ALA14J9VZs6v8BVmqKTB5APKfeTYoXg9MjP9fjVM/hP26kIgQVs5Bz15ov8uQlQC+OTO+2y5ozs-----END CERTIFICATE-----
-SANDBOX_VERSION=5.11
-LEDGERS_VERSION=4.12
-XS2A_CONNECTOR_VERSION=11.4
-XS2A_ASPSP_PROFILE_VERSION=11.4
-XS2A_CONSENT_MANAGEMENT_VERSION=11.4
+SANDBOX_VERSION=5.12
+LEDGERS_VERSION=4.13
+XS2A_CONNECTOR_VERSION=11.5
+XS2A_ASPSP_PROFILE_VERSION=11.5
+XS2A_CONSENT_MANAGEMENT_VERSION=11.5

developer-portal-ui/info.json

@@ -1,5 +1,5 @@
 {
   "name": "developer-portal",
-  "version": "5.11",
+  "version": "5.12",
   "build_number": "null"
 }

docs/release_notes/Release_notes_5.12.md

@@ -0,0 +1,16 @@
+# Release notes v.5.12
+
+Current version consists of following components:
+
+1. **Ledgers v.4.13**
+2. **XS2A v.11.5**
+3. **ASPSP-Profile v.11.5**
+4. **Consent-Management v.11.5**
+5. **XS2A Connector-Examples v.11.5**
+
+-   Security vulnerability: set commons-io version 2.8.0
+-   Use pair of tokens (access and refresh) for session
+-   Used `OkHttpClient` as a feign client to avoid 302 redirect error
+-   TPP-UI. Show specific account details depending on backend
+-   Fix OBA: "Back to TPP page" button 403 error
+-   Upgraded commons-validator version to 1.7

integration-tests/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>de.adorsys.psd2.sandbox</groupId>
 		<artifactId>psd2-dynamic-sandbox</artifactId>
-		<version>5.11</version>
+		<version>5.12</version>
 		<relativePath>..</relativePath>
 	</parent>
 
@@ -83,6 +83,11 @@
 			<scope>test</scope>
 		</dependency>
 
+        <dependency>
+            <groupId>io.github.openfeign</groupId>
+            <artifactId>feign-okhttp</artifactId>
+        </dependency>
+
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>

integration-tests/src/main/java/de/adorsys/ledgers/xs2a/client/FeignConfig.java

@@ -1,9 +1,13 @@
 package de.adorsys.ledgers.xs2a.client;
 
-import feign.Request;
+import feign.Client;
+import okhttp3.Interceptor;
+import okhttp3.Response;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpStatus;
 
+import java.io.IOException;
 import java.util.concurrent.TimeUnit;
 
 @Configuration
@@ -15,9 +19,32 @@ public NullHeaderInterceptor nullHeaderInterceptor() {
     }
 
     @Bean
-    public Request.Options options() {
-        return new Request.Options(10, TimeUnit.SECONDS,
-                                   60, TimeUnit.SECONDS,
-                                   false);
+    public Client feignClient(okhttp3.OkHttpClient client) {
+        return new feign.okhttp.OkHttpClient(client);
+    }
+
+    @Bean
+    public okhttp3.OkHttpClient okHttpClient() {
+        return new okhttp3.OkHttpClient.Builder()
+                   .connectTimeout(60, TimeUnit.SECONDS)
+                   .readTimeout(60, TimeUnit.SECONDS)
+                   .writeTimeout(60, TimeUnit.SECONDS)
+                   .followRedirects(false)
+                   .followSslRedirects(false)
+                   .retryOnConnectionFailure(true)
+                   .addInterceptor(new RedirectInterceptor())
+                   .build();
+    }
+
+    static class RedirectInterceptor implements Interceptor {
+        @Override
+        public Response intercept(Interceptor.Chain chain) throws IOException {
+            var request = chain.request();
+            var response = chain.proceed(request);
+            if (HttpStatus.FOUND.value() == response.code()) {
+                return response.newBuilder().code(HttpStatus.OK.value()).build();
+            }
+            return response;
+        }
     }
 }

integration-tests/src/test/java/de/adorsys/ledgers/xs2a/test/ctk/FeignConfig.java

@@ -1,11 +1,14 @@
 package de.adorsys.ledgers.xs2a.test.ctk;
 
-import feign.Request;
+import feign.Client;
+import feign.Logger;
+import okhttp3.Interceptor;
+import okhttp3.Response;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpStatus;
 
-import feign.Logger;
-
+import java.io.IOException;
 import java.util.concurrent.TimeUnit;
 
 @Configuration
@@ -16,9 +19,32 @@ Logger.Level feignLoggerLevel() {
     }
 
     @Bean
-    public Request.Options options() {
-        return new Request.Options(10, TimeUnit.SECONDS,
-                                   60, TimeUnit.SECONDS,
-                                   false);
+    public Client feignClient(okhttp3.OkHttpClient client) {
+        return new feign.okhttp.OkHttpClient(client);
+    }
+
+    @Bean
+    public okhttp3.OkHttpClient okHttpClient() {
+        return new okhttp3.OkHttpClient.Builder()
+                   .connectTimeout(60, TimeUnit.SECONDS)
+                   .readTimeout(60, TimeUnit.SECONDS)
+                   .writeTimeout(60, TimeUnit.SECONDS)
+                   .followRedirects(false)
+                   .followSslRedirects(false)
+                   .retryOnConnectionFailure(true)
+                   .addInterceptor(new RedirectInterceptor())
+                   .build();
+    }
+
+    static class RedirectInterceptor implements Interceptor {
+        @Override
+        public Response intercept(Interceptor.Chain chain) throws IOException {
+            var request = chain.request();
+            var response = chain.proceed(request);
+            if (HttpStatus.FOUND.value() == response.code()) {
+                return response.newBuilder().code(HttpStatus.OK.value()).build();
+            }
+            return response;
+        }
     }
 }

integration-tests/src/test/resources/application.yml

@@ -1,4 +1,6 @@
 feign:
+  okhttp:
+    enabled: true
   client:
     config:
       default:
@@ -8,6 +10,6 @@ feign:
 
 # logging.level.root: WARN
 # logging.level.org.springframework.boot: WARN
-# logging.level.de.adorsys: WARN        
-logging.level.de.adorsys.ledgers.xs2a: DEBUG        
-logging.level.de.adorsys.ledgers.oba.rest: DEBUG
+# logging.level.de.adorsys: WARN
+logging.level.de.adorsys.ledgers.xs2a: DEBUG
+logging.level.de.adorsys.ledgers.oba.rest: DEBUG

oba-ui/info.json

@@ -1,5 +1,5 @@
 {
   "name": "oba-ui",
-  "version": "5.11",
+  "version": "5.12",
   "build_number": "null"
 }

oba-ui/src/app/ais/result-page/result-page.component.html

@@ -70,13 +70,13 @@ <h3 class="card-title font-weight-bold">Sorry</h3>
             <div class="form-group my-3 d-flex justify-content-between">
               <a
                 class="flex-fill btn btn-secondary button-icon d-flex align-items-center mr-2"
-                [href]="devPortalLink"
+                (click)="redirectToDevPortal()"
               >
                 <span class="mx-auto">To Developer portal</span>
               </a>
               <a
                 class="flex-fill btn btn-primary button-icon d-flex align-items-center"
-                [href]="ref"
+                (click)="redirectToTpp()"
               >
                 <span class="mx-auto">Back to TPP page</span>
               </a>

oba-ui/src/app/ais/result-page/result-page.component.ts

@@ -5,6 +5,8 @@ import { ConsentAuthorizeResponse } from '../../api/models/consent-authorize-res
 import { AisService } from '../../common/services/ais.service';
 import { SettingsService } from '../../common/services/settings.service';
 import { ShareDataService } from '../../common/services/share-data.service';
+import { PSUAISProvidesAccessToOnlineBankingAccountFunctionalityService } from '../../api/services/psuaisprovides-access-to-online-banking-account-functionality.service';
+import { AuthService } from '../../common/services/auth.service';
 
 @Component({
   selector: 'app-result-page',
@@ -14,15 +16,16 @@ import { ShareDataService } from '../../common/services/share-data.service';
 export class ResultPageComponent implements OnInit, OnDestroy {
   public authResponse: ConsentAuthorizeResponse;
   public scaStatus: string;
-  public ref: string;
+  public aisDoneRequest: PSUAISProvidesAccessToOnlineBankingAccountFunctionalityService.AisDoneUsingGETParams;
   public devPortalLink: string;
 
   constructor(
     private router: Router,
     private route: ActivatedRoute,
     private aisService: AisService,
     private settingService: SettingsService,
-    private shareService: ShareDataService
+    private shareService: ShareDataService,
+    private authService: AuthService
   ) {}
 
   public ngOnInit(): void {
@@ -38,9 +41,12 @@ export class ResultPageComponent implements OnInit, OnDestroy {
         oauth2 = false;
       }
 
-      this.ref =
-        `/oba-proxy/ais/${params.encryptedConsentId}/authorisation/${params.authorisationId}` +
-        `/done?oauth2=${oauth2}`;
+      this.aisDoneRequest = {
+        encryptedConsentId: params.encryptedConsentId,
+        authorisationId: params.authorisationId,
+        oauth2: oauth2,
+        authConfirmationCode: null,
+      };
     });
 
     // get consent data from shared service
@@ -50,14 +56,29 @@ export class ResultPageComponent implements OnInit, OnDestroy {
           this.authResponse = authResponse;
           this.scaStatus = this.authResponse.scaStatus;
           if (authResponse.authConfirmationCode) {
-            this.ref =
-              this.ref +
-              `&authConfirmationCode=${authResponse.authConfirmationCode}`;
+            this.aisDoneRequest.authConfirmationCode =
+              authResponse.authConfirmationCode;
           }
         });
       }
     });
   }
 
+  redirectToDevPortal() {
+    if (this.devPortalLink) {
+      this.authService.clearSession();
+      window.location.href = this.devPortalLink;
+    }
+  }
+
+  redirectToTpp() {
+    this.aisService.aisDone(this.aisDoneRequest).subscribe((resp) => {
+      if (resp.redirectUrl) {
+        this.authService.clearSession();
+        window.location.href = resp.redirectUrl;
+      }
+    });
+  }
+
   ngOnDestroy(): void {}
 }