[OB4] [Test] Adding internal consent update API tests

[Ashi1993]

Adding internal consent update API tests

Explain in a few lines the purpose of this pull request

Issue link: required

Doc Issue: Optional, link issue from documentation repository

Applicable Labels: Spec, product, version, type (specify requested labels)

---

Development Checklist

1. Build complete solution with pull request in place.
2. Ran checkstyle plugin with pull request in place.
3. Ran Findbugs plugin with pull request in place.
4. Ran FindSecurityBugs plugin and verified report.
5. Formatted code according to WSO2 code style.
6. Have you verified the PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?
7. Migration scripts written (if applicable).
8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

1. Written unit tests.
2. Verified tests in multiple database environments (if applicable).
3. Tested with BI enabled (if applicable).

Summary by CodeRabbit

• New Features

  • Added consent-update support in the test framework, including an internal-request header and a consent update endpoint.
  • Added multiple consent-update payload builders for full, basic, status-only, and null-authorization scenarios.

• Tests

  • Added a comprehensive internal consent management validation test suite covering happy paths and numerous error/edge cases.
  • Updated test configuration to include the new consent management tests.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d0f8e767-13c6-4c63-b41d-9282c3a709e1

📥 Commits

Reviewing files that changed from the base of the PR and between 285950a and 3f63820.

📒 Files selected for processing (1)

• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy

✅ Files skipped from review due to trivial changes (1)

• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy

---

Walkthrough

Adds internal consent-update support: new constants and payload builders, FSConnectorTest fields and a PUT consent update method, and a comprehensive test class plus testng registration validating internal consent flows and negative scenarios.

Changes

Cohort / File(s)	Summary
Framework: connector & constants fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/FSConnectorTest.groovy, fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/ConnectorTestConstants.groovy	Added consentUpdateResponse and consentUpdatePath fields and doConsentUpdate(String payload, String consentId) to perform PUT /consent; added X_WSO2_INTERNAL_HEADER and CONSENT_UPDATE_PATH constants.
Framework: payload builders fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy	Added four static payload builders for consent updates (full update, status-only, basic update, and update with null authorizationResources).
Tests: internal consent flow fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy	New comprehensive test class exercising internal consent creation, retrieval, internal update, authorization flows, and multiple negative/error scenarios; includes helper to extract lists from responses.
Test config fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/resources/testng.xml	Registered the new internal consent management test class in testng configuration.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Runner
    participant Framework as FSConnectorTest
    participant IS as IdentityServer(API)
    participant Store as ConsentStore/DB

    Test->>Framework: build consent create payload
    Framework->>IS: POST /consent
    IS->>Store: persist consent
    IS-->>Framework: 201 Created (consentID)

    Test->>Framework: build consent update payload
    Framework->>IS: PUT /consent/{consentID} with `x-wso2-internal-request`
    IS->>Store: validate & update consent, create/update authorizations
    IS-->>Framework: 200 OK (updated consent)

    Test->>Framework: GET /consent/{consentID} (internal)
    Framework->>IS: GET with internal header
    IS->>Store: fetch consent
    IS-->>Framework: 200 OK (consent state)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through payloads, headers bright,
PUT and GET beneath the test-run light,
Consent IDs twinkle, states take flight,
Assertions snug and mappings right,
A jubilee of passing tests tonight! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete: the issue link is marked as 'required' but not provided, and critical sections lack content (explanation of purpose, applicable labels, and most checklist items are unchecked).	Add the required issue link, provide a brief explanation of the PR's purpose, specify applicable labels, and complete the development and testing checklists with evidence of validation.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding tests for the internal consent update API, which aligns with the substantial test file additions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy (1)

41-41: Avoid shadowing consentRequestBuilder from FSConnectorTest.

Line 41 redeclares a field already defined in the base class, which can drift behavior between inherited helper methods and local request calls.

♻️ Proposed fix

-    ConsentRequestBuilder consentRequestBuilder = new ConsentRequestBuilder()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`
at line 41, The test redeclares consentRequestBuilder which shadows the field on
the base class FSConnectorTest; remove the local declaration
"ConsentRequestBuilder consentRequestBuilder = new ConsentRequestBuilder()" from
InternalConsentManageFlowValidationTest so the class uses the inherited
consentRequestBuilder instance, and update any local usages to rely on the
base-class field (ensure no other local initializations remain and
imports/constructors are unchanged).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy`:
- Around line 163-192: The receipt field in getAccountConsentUpdatePayload
currently contains hardcoded ISO timestamps causing brittle tests; replace those
literal dates with dynamically generated ISO-8601 strings (e.g., use
ConnectorTestConstants.expirationInstant or Instant.now() /
ConnectorTestConstants helper timestamps formatted to the same pattern) and
inject them into the embedded receipt JSON string (keeping the escaped quotes)
so the receipt's "ExpirationDateTime", "TransactionFromDateTime" and
"TransactionToDateTime" are computed at runtime; update
getAccountConsentUpdatePayload to build those timestamp strings and interpolate
them into the receipt value while preserving existing escaping/JSON structure.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`:
- Around line 78-80: The tests call extractListFromResponse(...) to obtain
authorizationResources and then immediately use authorizationResources.get(0)
(e.g., to set authIdBeforeUpdate) without asserting the list is non-empty; add
an explicit assertion (e.g., assert authorizationResources != null &&
!authorizationResources.isEmpty()) immediately after each
extractListFromResponse call (locations around authorizationResources variable
usage and before any authorizationResources.get(0) access in
InternalConsentManageFlowValidationTest) to fail with a clear message instead of
throwing IndexOutOfBoundsException. Ensure the assertion message clarifies which
response was empty (authorizationResources) and apply this fix to all
occurrences where .get(0) is used (the blocks that set authIdBeforeUpdate and
similar usages).

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/resources/testng.xml`:
- Around line 67-68: The two new test classes
ConsentManageEndpointValidationTest and InternalConsentManageFlowValidationTest
are defined inside a disabled TestNG <test enabled="false"> block so they won't
run; fix by either removing or setting enabled="true" on that <test> block or
move the class entry for InternalConsentManageFlowValidationTest (and/or
ConsentManageEndpointValidationTest if needed) into an existing enabled <test>
section in testng.xml so the classes are executed during the test run.

---

Nitpick comments:
In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`:
- Line 41: The test redeclares consentRequestBuilder which shadows the field on
the base class FSConnectorTest; remove the local declaration
"ConsentRequestBuilder consentRequestBuilder = new ConsentRequestBuilder()" from
InternalConsentManageFlowValidationTest so the class uses the inherited
consentRequestBuilder instance, and update any local usages to rely on the
base-class field (ensure no other local initializations remain and
imports/constructors are unchanged).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4ffce32-54ea-4218-9275-728fd2f7ba6b

📥 Commits

Reviewing files that changed from the base of the PR and between d08c5ec and cce23ac.

📒 Files selected for processing (5)

• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/FSConnectorTest.groovy
• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy
• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/ConnectorTestConstants.groovy
• fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy
• fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/resources/testng.xml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Assert list non-emptiness before indexing into authorizationResources/resources.

At Line 79/93/118/139 you index with .get(0) after only null checks. If the API returns an empty list, the test fails with IndexOutOfBoundsException instead of a meaningful assertion.

✅ Proposed fix pattern

         List<JSONObject> authorizationResources = extractListFromResponse(consentResponse, "authorizationResources")
+        Assert.assertFalse(authorizationResources.isEmpty(), "authorizationResources is empty")
         authIdBeforeUpdate = authorizationResources.get(0).get("authorizationID")

         List<JSONObject> resources = authorizationResources.get(0).get("resources") as List<JSONObject>
         Assert.assertNotNull(resources)
+        Assert.assertFalse(resources.isEmpty(), "resources is empty")
         mappingIdBeforeUpdate = resources.get(0).get("mappingID")

Also applies to: 92-94, 117-121, 134-140

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`
around lines 78 - 80, The tests call extractListFromResponse(...) to obtain
authorizationResources and then immediately use authorizationResources.get(0)
(e.g., to set authIdBeforeUpdate) without asserting the list is non-empty; add
an explicit assertion (e.g., assert authorizationResources != null &&
!authorizationResources.isEmpty()) immediately after each
extractListFromResponse call (locations around authorizationResources variable
usage and before any authorizationResources.get(0) access in
InternalConsentManageFlowValidationTest) to fail with a clear message instead of
throwing IndexOutOfBoundsException. Ensure the assertion message clarifies which
response was empty (authorizationResources) and apply this fix to all
occurrences where .get(0) is used (the blocks that set authIdBeforeUpdate and
similar usages).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

New test classes are added under a disabled TestNG block, so they won’t execute.

Line 67 and Line 68 are inside a <test ... enabled="false"> section (Line 64). This prevents the new internal consent update tests from running.

🛠️ Proposed fix options

-    <test name="Consent Flow Types Validation Flow" parallel="tests" enabled="false" group-by-instances="true">
+    <test name="Consent Flow Types Validation Flow" parallel="tests" enabled="true" group-by-instances="true">

Or move InternalConsentManageFlowValidationTest under an already enabled <test> block.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/resources/testng.xml`
around lines 67 - 68, The two new test classes
ConsentManageEndpointValidationTest and InternalConsentManageFlowValidationTest
are defined inside a disabled TestNG <test enabled="false"> block so they won't
run; fix by either removing or setting enabled="true" on that <test> block or
move the class entry for InternalConsentManageFlowValidationTest (and/or
ConsentManageEndpointValidationTest if needed) into an existing enabled <test>
section in testng.xml so the classes are executed during the test run.

[malshaniS]

Shall we use the datetime variables defined at the beginning of the class without hard coding them. This may fail after sometime.

[Ashi1993]

Fixed in 285950a

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy (1)

78-79: ⚠️ Potential issue | 🟡 Minor

Assert list non-emptiness before indexing into authorizationResources/resources.

Assert.assertNotNull(...) is present, but .get(0) is used without checking emptiness. If the API returns [], these tests fail with IndexOutOfBoundsException instead of a meaningful assertion failure.

✅ Fix pattern to apply at each occurrence

 List<JSONObject> authorizationResources = extractListFromResponse(consentResponse, "authorizationResources")
+Assert.assertFalse(authorizationResources.isEmpty(), "authorizationResources is empty")
 authIdBeforeUpdate = authorizationResources.get(0).get("authorizationID")

 List<JSONObject> resources = authorizationResources.get(0).get("resources") as List<JSONObject>
 Assert.assertNotNull(resources)
+Assert.assertFalse(resources.isEmpty(), "resources is empty")
 mappingIdBeforeUpdate = resources.get(0).get("mappingID")

Also applies to: 92-93, 117-121, 134-139, 320-321, 333-334, 354-355, 367-368, 388-389, 401-402

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`
around lines 78 - 79, The test indexes into authorizationResources (produced by
extractListFromResponse(consentResponse, "authorizationResources")) with .get(0)
without asserting the list is non-empty; update each occurrence (e.g., where
authIdBeforeUpdate is assigned) to first assert the list size > 0 (or
!isEmpty()) using Assert.assertFalse/Assert.assertTrue with a clear message, and
only then call .get(0) to avoid IndexOutOfBoundsException and produce a
meaningful assertion failure.

🧹 Nitpick comments (2)

fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy (1)

70-77: Extract common consent-response assertions into a helper.

The same assertion set is repeated across many tests (updatedTime, consentID, clientID, authorizationResources, status). A shared helper will reduce maintenance overhead and keep failures more consistent.

Also applies to: 88-95, 111-116, 130-137, 327-335, 361-369, 395-403

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`
around lines 70 - 77, Multiple tests duplicate the same set of assertions on
consentResponse; extract them into a reusable helper to reduce duplication. Add
a private helper method in InternalConsentManageFlowValidationTest (e.g.,
assertCommonConsentResponse(Response consentResponse, String expectedStatus))
that checks non-null for updatedTime, consentID, clientID,
authorizationResources and verifies status equals expectedStatus and status code
200 and consentId presence; then replace each repeated block (including the
occurrences around lines 70–77, 88–95, 111–116, 130–137, 327–335, 361–369,
395–403) with a single call to this new helper, passing the appropriate expected
status like "AwaitingAuthorisation".

fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy (1)

171-171: Centralize receipt JSON construction to reduce escaping errors and drift.

The same escaped receipt string is duplicated across methods. A shared builder (Map + JsonOutput) would make these payloads safer and easier to maintain.

Also applies to: 211-211, 224-224

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy`
at line 171, Replace the repeated escaped JSON string for the "receipt" field
with a single builder method in AccountsRequestPayloads that creates a Map (with
keys "Data" -> ["Permissions", "ExpirationDateTime", "TransactionFromDateTime",
"TransactionToDateTime"] and "Risk" -> [:]) and serializes it using
groovy.json.JsonOutput.toJson, injecting
ConnectorTestConstants.expirationInstant / fromInstant / toInstant; update all
places that currently embed the escaped string (including the occurrences at
lines similar to 171, 211, 224) to call this new method so the payloads are
built programmatically and avoid manual escaping/drift.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy`:
- Around line 194-200: The JSON payload strings returned by
getAccountConsentStatusUpdatePayload(String consentId) and
getAccountBasicConsentUpdatePayload(...) include trailing commas before the
closing brace which produces invalid JSON; update both methods (remove the
trailing comma after the last property in each triple-quoted JSON string—e.g.,
remove the comma after "status": "Rejected" in
getAccountConsentStatusUpdatePayload and remove the trailing comma after the
final field in getAccountBasicConsentUpdatePayload) so the returned strings are
valid JSON.

---

Duplicate comments:
In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`:
- Around line 78-79: The test indexes into authorizationResources (produced by
extractListFromResponse(consentResponse, "authorizationResources")) with .get(0)
without asserting the list is non-empty; update each occurrence (e.g., where
authIdBeforeUpdate is assigned) to first assert the list size > 0 (or
!isEmpty()) using Assert.assertFalse/Assert.assertTrue with a clear message, and
only then call .get(0) to avoid IndexOutOfBoundsException and produce a
meaningful assertion failure.

---

Nitpick comments:
In
`@fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy`:
- Line 171: Replace the repeated escaped JSON string for the "receipt" field
with a single builder method in AccountsRequestPayloads that creates a Map (with
keys "Data" -> ["Permissions", "ExpirationDateTime", "TransactionFromDateTime",
"TransactionToDateTime"] and "Risk" -> [:]) and serializes it using
groovy.json.JsonOutput.toJson, injecting
ConnectorTestConstants.expirationInstant / fromInstant / toInstant; update all
places that currently embed the escaped string (including the occurrences at
lines similar to 171, 211, 224) to call this new method so the payloads are
built programmatically and avoid manual escaping/drift.

In
`@fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy`:
- Around line 70-77: Multiple tests duplicate the same set of assertions on
consentResponse; extract them into a reusable helper to reduce duplication. Add
a private helper method in InternalConsentManageFlowValidationTest (e.g.,
assertCommonConsentResponse(Response consentResponse, String expectedStatus))
that checks non-null for updatedTime, consentID, clientID,
authorizationResources and verifies status equals expectedStatus and status code
200 and consentId presence; then replace each repeated block (including the
occurrences around lines 70–77, 88–95, 111–116, 130–137, 327–335, 361–369,
395–403) with a single call to this new helper, passing the appropriate expected
status like "AwaitingAuthorisation".

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a898d390-9883-4703-bba0-d3869b0aa540

📥 Commits

Reviewing files that changed from the base of the PR and between cce23ac and 285950a.

📒 Files selected for processing (2)

• fs-integration-test-suite/accelerator-test-framework/src/main/groovy/org/wso2/financial/services/accelerator/test/framework/constant/AccountsRequestPayloads.groovy
• fs-integration-test-suite/accelerator-tests/is-tests/consent-management/src/test/groovy/org/wso2/financial/services/accelerator/is/test/consent/management/ConsentOperationsFlowTests/InternalConsentManageFlowValidationTest.groovy