Merge pull request #261 from kontist/feat/verification-of-payee

[KRP-2183] Verification of payee endpoint

Author: MikolajKaminski

npm-shrinkwrap.json

@@ -1,6 +1,6 @@
 {
   "name": "@kontist/mock-solaris",
-  "version": "1.0.170",
+  "version": "1.0.171",
   "description": "Mock Service for Solaris API",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",

package.json

@@ -32,6 +32,7 @@ import * as termsAPI from "./routes/termsAndConditions";
 import * as psd2API from "./routes/psd2";
 import * as postboxItemAPI from "./routes/postbox";
 import * as topUpsAPI from "./routes/topUps";
+import * as verificationOfPayeeAPI from "./routes/verificationOfPayee";
 import * as instantCreditTransferAPI from "./routes/instantCreditTransfer";
 import * as accountOpeningRequestAPI from "./routes/accountOpeningRequest";
 import * as accountClosureRequestAPI from "./routes/accountClosureRequest";
@@ -434,6 +435,12 @@ router.patch(
   safeRequestHandler(taxIdentificationsAPI.updateTaxIdentification)
 );
 
+// VERIFICATION OF PAYEE
+router.post(
+  "/verifications_of_payee",
+  safeRequestHandler(verificationOfPayeeAPI.verifyPayee)
+);
+
 // TRANSACTIONS
 router.post(
   "/persons/:person_id/accounts/:account_id/transactions/sepa_credit_transfer",

src/app.ts

@@ -0,0 +1,9 @@
+// Date is set to 6th October for internal testing
+// The real final start date is 9th October 2025
+const vopStartDate = new Date("2025-10-06");
+
+export const isVerificationOfPayeeRequired = (): boolean => {
+  const currentDate = new Date();
+
+  return currentDate >= vopStartDate;
+};

src/helpers/verificationOfPayee.ts

@@ -19,6 +19,7 @@ import {
 import { createSepaDirectDebitReturn } from "../helpers/sepaDirectDebitReturn";
 import { triggerBookingsWebhook } from "./backoffice";
 import generateID from "../helpers/id";
+import { isVerificationOfPayeeRequired } from "../helpers/verificationOfPayee";
 
 export const DIRECT_DEBIT_REFUND_METHOD = "direct_debit_refund";
 
@@ -146,6 +147,20 @@ export const createSepaCreditTransfer = async (req, res) => {
   const { person_id: personId, account_id: accountId } = req.params;
   const transfer = req.body;
 
+  if (isVerificationOfPayeeRequired() && !transfer.verification_of_payee_id) {
+    return res.status(400).send({
+      errors: [
+        {
+          id: generateID(),
+          status: 400,
+          code: "bad_request",
+          title: "Bad Request",
+          detail: `Verification of payee is required.`,
+        },
+      ],
+    });
+  }
+
   log.debug("createSepaCreditTransfer", {
     body: req.body,
     params: req.params,

src/routes/transactions.ts

@@ -0,0 +1,103 @@
+import _ from "lodash";
+import type { Request, Response } from "express";
+import uuid from "node-uuid";
+import HttpStatusCodes from "http-status";
+
+const nameValidation: RegExp = /^[\p{L}\p{M}\p{N}\p{P}\p{S}\s]+$/u;
+
+const noMatchRegex: RegExp = /no[_ ]match/i;
+const notPossibleRegex: RegExp = /not[_ ]possible/i;
+const closeMatchRegex: RegExp = /close[_ ]match/i;
+
+/**
+ * Creates a verification of Payee
+ *
+ * By default will always return a "MATCH" status.
+ * For other statuses use the appropriate regex patterns in the name field.
+ * - "NO_MATCH": if name contains "no match" or "no_match" - case insensitive
+ * - "VERIFICATION_NOT_POSSIBLE": if name contains "not possible" or "not_possible" - case insensitive
+ * - "CLOSE_MATCH": if name contains "close match" or "close_match" - case insensitive
+ *
+ * @see https://docs.solarisgroup.com/api-reference/digital-banking/sepa-transfers/#tag/Verification-of-Payee/paths/~1v1~1verifications_of_payee/post
+ */
+export const verifyPayee = (req: Request, res: Response) => {
+  const data = _.pick(req.body, ["iban", "name"]);
+  const { iban, name } = data;
+
+  if (!iban) {
+    return res.status(HttpStatusCodes.BAD_REQUEST).send({
+      errors: [
+        {
+          id: uuid.v4(),
+          status: HttpStatusCodes.BAD_REQUEST,
+          code: "bad_request",
+          title: "Bad Request",
+          detail: "IBAN is required.",
+        },
+      ],
+    });
+  }
+
+  if (!name) {
+    return res.status(HttpStatusCodes.BAD_REQUEST).send({
+      errors: [
+        {
+          id: uuid.v4(),
+          status: HttpStatusCodes.BAD_REQUEST,
+          code: "bad_request",
+          title: "Bad Request",
+          detail: "Name is required.",
+        },
+      ],
+    });
+  }
+
+  if (!nameValidation.test(name) || name.length > 140) {
+    return res.status(HttpStatusCodes.BAD_REQUEST).send({
+      errors: [
+        {
+          id: uuid.v4(),
+          status: HttpStatusCodes.BAD_REQUEST,
+          code: "bad_request",
+          title: "Bad Request",
+          detail: "Name is not valid.",
+        },
+      ],
+    });
+  }
+
+  let result: { status: string; suggested_name?: string } = { status: "MATCH" };
+
+  if (noMatchRegex.test(name)) {
+    result = {
+      status: "NO_MATCH",
+    };
+  }
+
+  if (notPossibleRegex.test(name)) {
+    result = {
+      status: "VERIFICATION_NOT_POSSIBLE",
+    };
+  }
+
+  if (closeMatchRegex.test(name)) {
+    result = {
+      status: "CLOSE_MATCH",
+      suggested_name: "Giovanni Kontistini",
+    };
+  }
+
+  const dateNow = new Date();
+  const response = {
+    id: uuid.v4(),
+    payee: {
+      iban,
+      name,
+    },
+    result,
+    created_at: dateNow.toISOString(),
+    expires_at: new Date(dateNow.getTime() + 5 * 60 * 1000).toISOString(),
+  };
+
+  return res.status(HttpStatusCodes.CREATED).send(response);
+};

src/routes/verificationOfPayee.ts

@@ -0,0 +1,26 @@
+import sinon from "sinon";
+import { expect } from "chai";
+
+import { isVerificationOfPayeeRequired } from "../../src/helpers/verificationOfPayee";
+
+describe("isVerificationOfPayeeRequired", () => {
+  let clock;
+
+  afterEach(() => {
+    clock.restore();
+  });
+
+  it("should return true if verification of payee is enabled", () => {
+    // 1st November 2025
+    clock = sinon.useFakeTimers(new Date(2025, 10, 1).getTime());
+
+    expect(isVerificationOfPayeeRequired()).to.be.true;
+  });
+
+  it("should return false if verification of payee is not enabled", () => {
+    // 1st October 2025
+    clock = sinon.useFakeTimers(new Date(2025, 9, 1).getTime());
+
+    expect(isVerificationOfPayeeRequired()).to.be.false;
+  });
+});

tests/helpers/verificationOfPayee.spec.ts

@@ -1,26 +1,27 @@
 import sinon from "sinon";
 import { expect } from "chai";
+import { mockReq, mockRes } from "sinon-express-mock";
 
 import * as db from "../../src/db";
 import * as transactions from "../../src/routes/transactions";
 import { createPerson } from "../../src/routes/persons";
 
 describe("Transactions", () => {
-  let res;
-  const createPersonReq = {
-    body: {},
-    headers: {},
-  };
-
-  beforeEach(async () => {
-    await db.flushDb();
-    res = {
-      status: sinon.stub().callsFake(() => res),
-      send: sinon.stub(),
+  describe("directDebitRefund", () => {
+    let res;
+    const createPersonReq = {
+      body: {},
+      headers: {},
     };
-  });
 
-  describe("directDebitRefund", () => {
+    beforeEach(async () => {
+      await db.flushDb();
+      res = {
+        status: sinon.stub().callsFake(() => res),
+        send: sinon.stub(),
+      };
+    });
+
     const req = (personId) => ({
       params: {
         person_id: personId,
@@ -53,4 +54,34 @@ describe("Transactions", () => {
       });
     });
   });
+
+  describe("createSepaCreditTransfer", () => {
+    let clock;
+
+    after(() => {
+      clock.restore();
+    });
+
+    it("should throw error if verification of payee is required and not passed", async () => {
+      // 1st November 2025
+      clock = sinon.useFakeTimers(new Date(2025, 10, 1).getTime());
+
+      const req = mockReq({
+        params: {
+          person_id: "person-id",
+          account_id: "account-id",
+        },
+        body: {},
+      });
+      const res = mockRes();
+
+      await transactions.createSepaCreditTransfer(req, res);
+
+      expect(res.status.calledWith(400)).to.be.true;
+      expect(res.send.calledOnce).to.be.true;
+      expect(res.send.args[0][0].errors[0].detail).to.deep.equal(
+        "Verification of payee is required."
+      );
+    });
+  });
 });