feat(dfsp-tx): use auth-service to verify a transaction (#121)

* feat(transaction): start refactor to use `tpr/verifications` * feat: working on verifications types * feat(transaction): start refactor to use `tpr/verifications` * feat(inbound-api): add inbound /tpr/verifications calls * chore: appease linting gods * feat(unit): add handler tests for tpr/verifications * feat(unit): add handler tests for tpr/verifications * feat(unit): finish updating unit tests for verifications call * chore: remove .only
mojaloop · Sep 7, 2021 · f69f226 · f69f226
1 parent 815ac13
commit f69f226
Show file tree

Hide file tree

Showing 8 changed files with 391 additions and 164 deletions.
diff --git a/src/handlers/inbound/index.ts b/src/handlers/inbound/index.ts
@@ -28,6 +28,7 @@
  ******/
 import ThirdpartyRequestsTransactions from './thirdpartyRequests/transactions'
 import ThirdpartyRequestsAuthorizations from './thirdpartyRequests/authorizations'
+import ThirdpartyRequestsVerifications from './thirdpartyRequests/verifications'
 import InboundAuthorizations from './authorizations'
 import InboundConsents from './consents'
 import InboundConsentsId from './consents/{ID}'
@@ -75,4 +76,6 @@ export default {
   PostThirdpartyRequestsAuthorizations: ThirdpartyRequestsAuthorizations.post,
   PutThirdpartyRequestsAuthorizationsById: ThirdpartyRequestsAuthorizations.put,
   PutThirdpartyRequestsAuthorizationsByIdAndError: ThirdpartyRequestsAuthorizations.put,
+  PutThirdpartyRequestsVerificationsById: ThirdpartyRequestsVerifications.put,
+  PutThirdpartyRequestsVerificationsByIdAndError: ThirdpartyRequestsVerifications.put,
 }
diff --git a/src/handlers/inbound/thirdpartyRequests/verifications.ts b/src/handlers/inbound/thirdpartyRequests/verifications.ts
@@ -0,0 +1,62 @@
+/*****
+ License
+ --------------
+ Copyright © 2020 Mojaloop Foundation
+ The Mojaloop files are made available by the Mojaloop Foundation under the Apache License, Version 2.0 (the "License")
+ and you may not use these files except in compliance with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, the Mojaloop files are distributed
+ on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and limitations under the License.
+ Contributors
+ --------------
+ This is the official list of the Mojaloop project contributors for this file.
+ Names of the original copyright holders (individuals or organizations)
+ should be listed with a '*' in the first column. People who have
+ contributed from an organization can be listed under the organization
+ that actually holds the copyright for their contributions (see the
+ Gates Foundation organization for an example). Those individuals should have
+ their names indented and be marked with a '-'. Email address can be added
+ optionally within square brackets <email>.
+ * Gates Foundation
+ - Name Surname <name.surname@gatesfoundation.com>
+
+ - Lewis Daly <lewisd@crosslaketech.com>
+ --------------
+ ******/
+
+import { Request, ResponseObject } from '@hapi/hapi'
+import { Context } from 'openapi-backend'
+import { StateResponseToolkit } from "~/server/plugins/state"
+import { DFSPTransactionModel, DFSPTransactionPhase } from '~/models/dfspTransaction.model'
+import { Message } from '~/shared/pub-sub'
+
+/**
+ * PUT /thirdpartyRequests/verifications/{ID}
+ * 
+ * or 
+ * or 
+ * 
+ * PUT /thirdpartyRequests/verifications/{ID}/error
+ */
+async function put(
+  _context: Context, request: Request, h: StateResponseToolkit
+): Promise<ResponseObject> {
+  const verificationRequestId = request.params.ID
+  // This could be an error payload or ThirdpartyRequestsVerificationsIDPutResponse
+  const verificationResponse = request.payload
+  const publisher = h.getPublisher()
+
+  // load the DFSPTransactionModel based on the verificationRequestId
+  const channel = DFSPTransactionModel.notificationChannel(
+    DFSPTransactionPhase.waitOnVerificationResponseFromSwitchChannel,
+    verificationRequestId
+  )
+  publisher.publish(channel, verificationResponse as Message)
+
+  return h.response().code(200)
+}
+
+export default {
+  put,
+}
diff --git a/src/interface/api-inbound.yaml b/src/interface/api-inbound.yaml
@@ -1354,6 +1354,119 @@ paths:
           $ref: '#/components/responses/501'
         '503':
           $ref: '#/components/responses/503'
+  '/thirdpartyRequests/verifications/{ID}':
+    parameters:
+      - $ref: '#/components/parameters/ID'
+      - $ref: '#/components/parameters/Content-Type'
+      - $ref: '#/components/parameters/Date'
+      - $ref: '#/components/parameters/X-Forwarded-For'
+      - $ref: '#/components/parameters/FSPIOP-Source'
+      - $ref: '#/components/parameters/FSPIOP-Destination'
+      - $ref: '#/components/parameters/FSPIOP-Encryption'
+      - $ref: '#/components/parameters/FSPIOP-Signature'
+      - $ref: '#/components/parameters/FSPIOP-URI'
+      - $ref: '#/components/parameters/FSPIOP-HTTP-Method'
+    put:
+      tags:
+        - thirdpartyRequests
+        - sampled
+      operationId: PutThirdpartyRequestsVerificationsById
+      summary: PutThirdpartyRequestsVerificationsById
+      description: >
+        The HTTP request `PUT /thirdpartyRequests/verifications/{ID}` is used by
+        the Auth-Service to inform
+
+        the DFSP of a successful result in validating the verification of a
+        Thirdparty Transaction Request.
+
+
+        If the validation fails, The Auth-Service MUST use `PUT
+        /thirdpartyRequests/verifications/{ID}/error`
+
+        instead.
+      parameters:
+        - $ref: '#/components/parameters/Content-Length'
+      requestBody:
+        description: The result of validating the Thirdparty Transaction Request
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: >-
+                #/components/schemas/ThirdpartyRequestsVerificationsIDPutResponse
+            example:
+              authenticationResponse: VERIFIED
+      responses:
+        '200':
+          $ref: '#/components/responses/200'
+        '400':
+          $ref: '#/components/responses/400'
+        '401':
+          $ref: '#/components/responses/401'
+        '403':
+          $ref: '#/components/responses/403'
+        '404':
+          $ref: '#/components/responses/404'
+        '405':
+          $ref: '#/components/responses/405'
+        '406':
+          $ref: '#/components/responses/406'
+        '501':
+          $ref: '#/components/responses/501'
+        '503':
+          $ref: '#/components/responses/503'
+  '/thirdpartyRequests/verifications/{ID}/error':
+    parameters:
+      - $ref: '#/components/parameters/ID'
+      - $ref: '#/components/parameters/Content-Type'
+      - $ref: '#/components/parameters/Date'
+      - $ref: '#/components/parameters/X-Forwarded-For'
+      - $ref: '#/components/parameters/FSPIOP-Source'
+      - $ref: '#/components/parameters/FSPIOP-Destination'
+      - $ref: '#/components/parameters/FSPIOP-Encryption'
+      - $ref: '#/components/parameters/FSPIOP-Signature'
+      - $ref: '#/components/parameters/FSPIOP-URI'
+      - $ref: '#/components/parameters/FSPIOP-HTTP-Method'
+    put:
+      tags:
+        - thirdpartyRequests
+        - sampled
+      operationId: PutThirdpartyRequestsVerificationsByIdAndError
+      summary: PutThirdpartyRequestsVerificationsByIdAndError
+      description: >
+        The HTTP request `PUT /thirdpartyRequests/verifications/{ID}/error` is
+        used by the Auth-Service to inform
+
+        the DFSP of a failure in validating or looking up the verification of a
+        Thirdparty Transaction Request.
+      parameters:
+        - $ref: '#/components/parameters/Content-Length'
+      requestBody:
+        description: Error information returned.
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ErrorInformationObject'
+      responses:
+        '200':
+          $ref: '#/components/responses/200'
+        '400':
+          $ref: '#/components/responses/400'
+        '401':
+          $ref: '#/components/responses/401'
+        '403':
+          $ref: '#/components/responses/403'
+        '404':
+          $ref: '#/components/responses/404'
+        '405':
+          $ref: '#/components/responses/405'
+        '406':
+          $ref: '#/components/responses/406'
+        '501':
+          $ref: '#/components/responses/501'
+        '503':
+          $ref: '#/components/responses/503'
   '/thirdpartyRequests/transactions/{ID}/authorizations':
     parameters:
       - $ref: '#/components/parameters/ID'
@@ -3722,6 +3835,20 @@ components:
       required:
         - signedPayloadType
         - authenticationValue
+    ThirdpartyRequestsVerificationsIDPutResponse:
+      title: ThirdpartyRequestsVerificationsIDPutResponse
+      type: object
+      description: >-
+        The object sent in the PUT /thirdpartyRequests/verifications/{ID}
+        request.
+      properties:
+        authenticationResponse:
+          type: string
+          enum:
+            - VERIFIED
+          description: The verification passed
+      required:
+        - authenticationResponse
     ThirdpartyRequestsTransactionsIDAuthorizationsPutResponse:
       title: ThirdpartyRequestsTransactionsIDAuthorizationsPutResponse
       type: object

diff --git a/src/interface/inbound/api_template/api-inbound-template.yaml b/src/interface/inbound/api_template/api-inbound-template.yaml
@@ -55,10 +55,11 @@ paths:
     $ref: '../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_authorizations_ID.yaml'
   /thirdpartyRequests/authorizations/{ID}/error:
     $ref: '../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_authorizations_ID_error.yaml'
+  /thirdpartyRequests/verifications/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID.yaml'
+  /thirdpartyRequests/verifications/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID_error.yaml'
 
-  # /thirdpartyRequests/verifications/{ID}:
-  # /thirdpartyRequests/verifications/{ID}/error:
-  #   $ref: '../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_transactions.yaml'
   # Note: deprecated resource - has been superceded by /thirdpartyRequests/authorizations/{ID}
   # TODO: remove in next major version
   /thirdpartyRequests/transactions/{ID}/authorizations:

diff --git a/src/models/dfspTransaction.interface.ts b/src/models/dfspTransaction.interface.ts
@@ -95,12 +95,15 @@ export interface DFSPTransactionData extends StateData<DFSPTransactionModelState
   requestQuoteRequest?: SDKOutboundAPI.Schemas.quotesPostRequest
   requestQuoteResponse?: SDKOutboundAPI.Schemas.quotesPostResponse
 
-  // used by requestAuthorization & verifyAuthorization
+  // used by requestAuthorization
   requestAuthorizationPostRequest?: tpAPI.Schemas.ThirdpartyRequestsAuthorizationsPostRequest
   requestAuthorizationResponse?: tpAPI.Schemas.ThirdpartyRequestsAuthorizationsIDPutResponse
 
+  // used by verifyAuthorization
+  requestVerificationPostRequest?: tpAPI.Schemas.ThirdpartyRequestsVerificationsPostRequest
+  requestVerificationResponse?: tpAPI.Schemas.ThirdpartyRequestsVerificationsIDPutResponse
+
   // used by requestTransfer
-  // TODO: proper type for transferRequest
   transferRequest?: SDKOutboundAPI.Schemas.simpleTransfersPostRequest
   transferResponse?: SDKOutboundAPI.Schemas.simpleTransfersPostResponse
   transactionRequestPatchUpdate?: tpAPI.Schemas.ThirdpartyRequestsTransactionsIDPatchResponse