Update to XS2A 2.0.3

- replace expired test cert
- fix invalid IBAN in PIS test (XS2A now validates IBANs for PIS)
- ignore log files from tests (bug)
- fix tests which tried to access transactions/balances with wrong consent
  (worked only because of a bug in XS2A)

Author: isabellaio

.gitignore

@@ -4,7 +4,8 @@ database-migration.sql
 
 ### Services ###
 target
-service/logs
+# current bug: tests create log files here :(
+service/logs/
 .service
 
 ### UI ###

service/pom.xml

@@ -24,7 +24,7 @@
   <properties>
     <java.version>1.8</java.version>
     <lombok.version>1.16.22</lombok.version>
-    <xs2a.version>2.0</xs2a.version>
+    <xs2a.version>2.0.3</xs2a.version>
     <cucumber.version>4.2.0</cucumber.version>
     <testcontainers.version>1.10.1</testcontainers.version>
   </properties>

service/src/test/java/de/adorsys/psd2/sandbox/xs2a/ais/AIS.feature

@@ -126,7 +126,16 @@ Feature: AIS
     Examples:
       | accounts                                      | balances               | transactions           | psu-id         | password | sca-method | tan   | withBalance |
       | DE11760365688833114935;DE13760365689669622432 | DE11760365688833114935 | DE11760365688833114935 | PSU-Successful | 12345    | SMS_OTP    | 54321 | false       |
-      | DE11760365688833114935                        | null                   | null                   | PSU-Successful | 12345    | SMS_OTP    | 54321 | false       |
+
+  Scenario Outline: Get Transactions without permissions in consent
+    Given PSU created a consent on dedicated accounts for account information <accounts>, balances <balances> and transactions <transactions>
+    And PSU authorised the consent with psu-id <psu-id>, password <password>, sca-method <sca-method> and tan <tan>
+    And PSU accesses the account list withBalances false
+    And PSU accesses the transaction list without a valid consent
+    Then the transactions are not accessible
+    Examples:
+      | accounts               | balances | transactions | psu-id         | password | sca-method | tan   |
+      | DE11760365688833114935 | null     | null         | PSU-Successful | 12345    | SMS_OTP    | 54321 |
 
     ################################################################################################
     #                                                                                              #
@@ -142,7 +151,16 @@ Feature: AIS
     Examples:
       | accounts                                      | balances               | transactions           | psu-id         | password | sca-method | tan   | withBalances |
       | DE11760365688833114935;DE13760365689669622432 | DE11760365688833114935 | DE11760365688833114935 | PSU-Successful | 12345    | SMS_OTP    | 54321 | false        |
-      | DE11760365688833114935                        | null                   | null                   | PSU-Successful | 12345    | SMS_OTP    | 54321 | false        |
+
+  Scenario Outline: Get Balance List without permissions in consent
+    Given PSU created a consent on dedicated accounts for account information <accounts>, balances <balances> and transactions <transactions>
+    And PSU authorised the consent with psu-id <psu-id>, password <password>, sca-method <sca-method> and tan <tan>
+    And PSU accesses the account list withBalances false
+    When PSU accesses the balance list without a valid consent
+    Then the balances are not accessible
+    Examples:
+      | accounts               | balances | transactions | psu-id         | password | sca-method | tan   |
+      | DE11760365688833114935 | null     | null         | PSU-Successful | 12345    | SMS_OTP    | 54321 |
 
     ################################################################################################
     #                                                                                              #

service/src/test/java/de/adorsys/psd2/sandbox/xs2a/ais/AisSteps.java

@@ -1,5 +1,6 @@
 package de.adorsys.psd2.sandbox.xs2a.ais;
 
+import static de.adorsys.psd2.xs2a.domain.MessageErrorCode.CONSENT_INVALID;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -52,6 +53,7 @@
 import org.junit.Ignore;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 
 @Ignore("without this ignore intellij tries to run the step files")
@@ -314,12 +316,31 @@ public void getAccountListWithBalance(String withBalance) {
   }
 
   @When("PSU accesses the transaction list")
-  public void getAccountList() {
+  public void getTransactionList() {
     getTransactionList("true");
   }
 
   @When("PSU accesses the transaction list withBalances (.*)")
   public void getTransactionList(String withBalance) {
+    ResponseEntity<TransactionsResponse200Json> response = getTransactions(
+        TransactionsResponse200Json.class, withBalance
+    );
+
+    assertTrue(response.getStatusCode().is2xxSuccessful());
+
+    context.setActualResponse(response);
+  }
+
+  @When("PSU accesses the transaction list without a valid consent")
+  public void getTransactionListWithoutConsent() {
+    ResponseEntity<JsonNode> response = getTransactions(JsonNode.class, "false");
+
+    assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
+
+    context.setActualResponse(response);
+  }
+
+  private <T> ResponseEntity<T> getTransactions(Class<T> clazz, String withBalance) {
     ResponseEntity<AccountList> actualResponse = context.getActualResponse();
     HashMap<String, String> headers = TestUtils.createSession();
     headers.put("Consent-ID", context.getConsentId());
@@ -329,37 +350,47 @@ public void getTransactionList(String withBalance) {
         "?bookingStatus=both&dateFrom=%s&dateTo=%s&withBalance=%s",
         LocalDate.now().minusYears(1), LocalDate.now(), withBalance
     );
-
     context.setWithBalance(Boolean.parseBoolean(withBalance));
 
-    ResponseEntity<TransactionsResponse200Json> response = template.exchange(
+    return template.exchange(
         "accounts/" + context.getAccountId() + "/transactions" + queryParams,
         HttpMethod.GET,
         request.toHttpEntity(),
-        TransactionsResponse200Json.class);
+        clazz);
+  }
+
+  @When("PSU accesses the balance list")
+  public void getBalanceList() {
+    ResponseEntity<ReadAccountBalanceResponse200> response = getBalances(
+        ReadAccountBalanceResponse200.class
+    );
 
     assertTrue(response.getStatusCode().is2xxSuccessful());
 
     context.setActualResponse(response);
   }
 
-  @When("PSU accesses the balance list")
-  public void getBalanceList() {
+  @When("PSU accesses the balance list without a valid consent")
+  public void psuAccessesTheBalanceListWithoutAValidConsent() {
+    ResponseEntity<JsonNode> response = getBalances(JsonNode.class);
+
+    assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
+
+    context.setActualResponse(response);
+  }
+
+  private <T> ResponseEntity<T> getBalances(Class<T> clazz) {
     ResponseEntity<AccountList> actualResponse = context.getActualResponse();
     HashMap<String, String> headers = TestUtils.createSession();
     headers.put("Consent-ID", context.getConsentId());
     Request<?> request = Request.emptyRequest(headers);
     context.setAccountId(actualResponse.getBody().getAccounts().get(0).getResourceId());
 
-    ResponseEntity<ReadAccountBalanceResponse200> response = template.exchange(
+    return template.exchange(
         "accounts/" + context.getAccountId() + "/balances",
         HttpMethod.GET,
         request.toHttpEntity(),
-        ReadAccountBalanceResponse200.class);
-
-    assertTrue(response.getStatusCode().is2xxSuccessful());
-
-    context.setActualResponse(response);
+        clazz);
   }
 
   @When("PSU accesses a single transaction")
@@ -467,6 +498,27 @@ public void receiveErrorMessageAndCode(String errorMessage) {
     assertThat(err.get("text").asText(), containsString("channel independent blocking"));
   }
 
+  @Then("the transactions are not accessible")
+  public void transactionsAreNotAccessible() {
+    assertUnauthorizedBecauseConsentMissingPermissions();
+  }
+
+  @Then("the balances are not accessible")
+  public void balancesAreNotAccessible() {
+    assertUnauthorizedBecauseConsentMissingPermissions();
+  }
+
+  private void assertUnauthorizedBecauseConsentMissingPermissions() {
+    ResponseEntity<JsonNode> actualResponse = context.getActualResponse();
+    JsonNode err = actualResponse.getBody().get("tppMessages").get(0);
+
+    assertEquals(HttpStatus.UNAUTHORIZED, context.getActualResponse().getStatusCode());
+    assertThat(err.get("category").asText(), equalTo(TppMessageCategory.ERROR.toString()));
+    assertThat(err.get("code").asText(), equalTo(CONSENT_INVALID.toString()));
+    assertThat(err.get("text").asText(), containsString(
+        "The consent was created by this TPP but is not valid for the addressed service/resource"));
+  }
+
   private <T> ResponseEntity<T> handleCredentialRequest(Class<T> clazz, String url, String psuId,
       String password) {
     HashMap<String, String> headers = TestUtils.createSession();

service/src/test/java/de/adorsys/psd2/sandbox/xs2a/pis/PIS.feature

@@ -117,7 +117,7 @@ Feature: PIS
     Examples:
       | payment-service | iban                   | payment-product       | code            | category | text                                                              |
       | payments        | DE13760365681209386222 | sepa-credit-transfers | SERVICE_BLOCKED | ERROR    | channel independent blocking                                      |
-      | payments        | DE13760365681209386223 | sepa-credit-transfers | PAYMENT_FAILED  | ERROR    | payment initiation POST request failed during the initial process |
+      | payments        | DE89370400440532013000 | sepa-credit-transfers | PAYMENT_FAILED  | ERROR    | payment initiation POST request failed during the initial process |
 
   Scenario Outline: Initiation of a Single Payment Exceeding the Available Balance
     Given PSU initiated a single payment with iban <iban> and the exceeding amount <amount>

service/src/test/java/de/adorsys/psd2/sandbox/xs2a/util/TestUtils.java

@@ -18,7 +18,6 @@ public class TestUtils {
   public static String getTppQwacCertificate() {
     StringBuilder sb = new StringBuilder();
     try {
-      // TODO: testCertificate will be invalid in a year. Validity = 365 days
       Files.lines(Paths.get("src/test/resources/testData/testCertificate.pem"))
           .forEach(sb::append);
     } catch (IOException e) {

service/src/test/resources/testData/testCertificate.pem

@@ -1 +1 @@
------BEGIN CERTIFICATE-----MIIEBjCCAu6gAwIBAgIEAmCHWTANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkhlc3NlbjESMBAGA1UEBwwJRnJhbmtmdXJ0MRUwEwYDVQQKDAxBdXRob3JpdHkgQ0ExCzAJBgNVBAsMAklUMSEwHwYDVQQDDBhBdXRob3JpdHkgQ0EgRG9tYWluIE5hbWUxGTAXBgkqhkiG9w0BCQEWCmNhQHRlc3QuZGUwHhcNMTgwODE3MDcxNzAyWhcNMTgwOTAzMDc1NzMxWjB6MRMwEQYDVQQDDApUUFAgU2FtcGxlMQwwCgYDVQQKDANvcmcxCzAJBgNVBAsMAm91MRAwDgYDVQQGEwdHZXJtYW55MQ8wDQYDVQQIDAZCYXllcm4xEjAQBgNVBAcMCU51cmVtYmVyZzERMA8GA1UEYQwIMTIzNDU5ODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMMnLvNLvqxkHbxdcWRcyUrZ4oy++R/7hWMiWH4U+5kLTLICnlFofN3EgIuP5hZz9Zm8aPoJkr8Y1xEyP8X4a5YTFtMmrXwAOgW6BVTaBeO7eV6Me1yc2NawzWMNp0Zz/Lsnrmj2h7/dRYaYofFHjWPFRW+gjVwv95NFhcD9+H5rr+fMwoci0ERFvy70TYnLfuRrG1BpYOwEV+wVFRIciXE3CKjEh2wbz1Yr4DhD+6FtOElU8VPkWqGRZmr1n54apuLrxL9vIbt7qsaQirsUp5ez2SFGFTydUv+WqZaPGzONVptAymOfTcIsgcxDWx/liKlpdqwyXpJaOIrrXcEnQ1AgMBAAGjeTB3MHUGCCsGAQUFBwEDBGkwZwYGBACBmCcCMF0wTDARBgcEAIGYJwEBDAZQU1BfQVMwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9BSTARBgcEAIGYJwEEDAZQU1BfSUMMBEF1dGgMBzEyMTkwODgwDQYJKoZIhvcNAQELBQADggEBAKrHWMriNquiC1vfNKkJFPINi2T2J5FmRQfamrkzS3AI5zPPXx32MzbrTkQb+Zl7qTvClmIFpDG45YC+JVYz+4/gMSJChJfW+JYtyW/Am6eeIYZ1sk+VPvXgxuTA0aZLQsVHsaeTHnQ7lZzN3S0Ao5O35AGKqBITu6Mo1t4WglNJLZHZ0iFL92yfezfV7LF9JYAD/6JFVTeuBwKKHNjPupjeVBku/C7qVDbogo1Ubiowt+hMMPLVLPjxe6Xo9SUtkGj3+5ID4Z8NGHDaaF2IGVGaJkHK9+PYTYEBRDsbc1GwgzTzbds5lao6eMyepL/Kl7iUNtn3Vox/XiSymunGCmQ=-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----MIIEwzCCAqugAwIBAgIEU7Cs0TANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQkFWQVJJQTESMBAGA1UEBwwJTnVyZW1iZXJnMSIwIAYDVQQKDBlUcnVzdCBTZXJ2aWNlIFByb3ZpZGVyIEFHMR8wHQYDVQQLDBZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MCAXDTE5MDMwODA5NTUwOFoYDzIxMTkwMjEyMDAwMDAwWjBNMRAwDgYDVQQKDAdhZG9yc3lzMQkwBwYDVQQDDAAxEDAOBgNVBAYTB0dlcm1hbnkxHDAaBgNVBGEME1BTRERFLUZBS0VOQ0EtMTIzNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqVF+8OMHL3ACe48OHht+inbvzPoFiv0UkY8boDqe9D6NRR/439lqZZf7zOJOtjUtghS4kaCrkXvkoLecYO4G92Y+aw28kHMlD6MAgqIZ04SntdY4OXZ3VOz5HxNUe/6YS0I/AcMAm67hs554x2Kks6pz3fzLbJVatrZR+p4JWazl8mq3YcU+ZbsmMZGNUGFeMG9ewrCZR5tWDxd7s6QFlbKc42M+eA41LQJv74ja+hcPd1eEJFDyTM6/h7EEHwdlmZ13KTw15qpihBC1T6IGYV7V3w861HGfetaKLY/XE7bnz/XOogF5UIDVHJcgZJOVN2Uni1LVNR8bRTf2CafEZAgMBAAGjfjB8MHoGCCsGAQUFBwEDBG4wbAYGBACBmCcCMGIwOTARBgcEAIGYJwEDDAZQU1BfQUkwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQQMBlBTUF9JQwwZVHJ1c3QgU2VydmljZSBQcm92aWRlciBBRwwKREUtRkFLRU5DQTANBgkqhkiG9w0BAQsFAAOCAgEAS7PuvXeoi+osrx1tNK9emIUEqwLFnRPTpW1D9ITT//6avMjJ+xSxCTqW9MXZQ5Yfosu/tM5ja7lVGrdcRz80evLVjA6rVd/YWyuUhJieNlAk+VcmG0xL3muSRjR0CgFx3IT+jCgfZY/l9LCMwRzrvmlGgbwFd5Qf/ySANuP+Wz0G0rCC4pAdASzngY279/a9vS30UG7C8D2Y72v91/qUu055pWHjGplOLSXNu0Hwq/XxEG0+fjqPKBRe6wdEaIbGHxXrWQjVBFhQJoUJwQcX4pAahKeseq8VMSf+HEYPVvYGmRhk8jvlm5r0W5TvxAn1AE6DCb7Y9ku2wLM0S9I81zipdEJ5J5u6hqgcdvOfL5NRc5cOV9MLmLrztPIeDYbJW28DZBDvzsnt7/679OzMqAWHY/UGDRqyF+CpTgBWhKguDLsMFMqoThaXWqBMuYMyxUw1J2VSDIkihgXEVWpS/1RQMDAuQI5oFiGNEVsWFGJqCVo06+PKY4JSv62cL4OVX8s0p7G8UhAd+An1fbGdnHkXnr/P8EyLJppnGtTXAAgzvtuAkM6ZTvjH+r2cKAeGVLVxGD3aNJaUU/WskZzmGokZQeDqRU0bV73fhPwcuc2dyq5Zi3uQ9VKBHzvKQ5f1hDF/b/R20uB/SbqGzpTwpvHmAAXWWlUnUU4GvSDuWNI=-----END CERTIFICATE-----

service/src/test/resources/xs2a-application-test.properties

@@ -5,6 +5,7 @@ spring.datasource.password=cms
 
 liquibase.enabled=true
 logging.level.de.adorsys=DEBUG
+logging.level.root=INFO
 
 sandbox.scaapproach=redirect
 server_key=test123