Skip to content

Latest commit

 

History

History
86 lines (62 loc) · 5.09 KB

Release_notes_2.9.adoc

File metadata and controls

86 lines (62 loc) · 5.09 KB
Raw

Release notes v.2.9

Table of Contents

  • Bugfix: Fix the payment ID transfer flow during payment cancellation

  • Bugfix: Account reference is properly validated during confirmation of funds

  • Bugfix: BankOffered consent after authorisation should allow accesses according to chosen by PSU

  • Extend logging for XS2A

  • Delete isTransactionFeeIndicator method in SpiPaymentInitiationResponse

  • Delete extra constructor in SpiInitiateAisConsentResponse

  • Bugfix: Read or update info by another TPP

  • Bugfix: Fix saving of TPP redirect URIs after payment cancellation

  • Bugfix: Missing validation for 'withBalance' with multiple accounts

  • Delete deprecated columns in crypto_algorithm table

  • Bugfix: field aspspAccountId no longer available for SPI.

  • Bugfix: Xs2a should respond with error 401 'CERTIFICATE_INVALID' if TPP has no appropriate role for requested service

Bugfix: Fix the payment ID transfer flow during payment cancellation

From now on, response to the Payment Cancellation Request (DELETE /v1/{payment-service}/{payment-product}/{paymentId}) will contain links with external (encrypted) payment ID instead of internal one.

Bugfix: Account reference is properly validated during confirmation of funds

From now on, account reference in the Funds Confirmation Request (POST /v1/funds-confirmations) will be properly validated (both account identifier and currency).

Bugfix: BankOffered consent after authorisation should allow accesses according to chosen by PSU

From now on, request for changing AIS Consent accesses in CMS (PUT /psu-api/v1/ais/consent/{consent-id}/save-access) can get combinedServiceIndicator and recurringIndicator parameters. Based on new incoming data of accesses Consent changes AisConsentRequestType field to any of next values:

  • GLOBAL

  • ALL_AVAILABLE_ACCOUNTS

  • DEDICATED_ACCOUNTS

And when TPP requests to Read Account Data with this Consent ID xs2a will respond according to updated authorised accesses.

Extend logging for XS2A

Logs for XS2A Authorisation, AIS, PIS, PIIS and Validation services were extended with covering so-called “unhappy paths”. Logs provides important IDs, but never log request data like payment data or consent accounts. For filtering through specific request each log were specified by X-Request-ID parameter. Logging is used INFO level. You can find other settings at logback-spring.xml. Logs are printed to Console and stored to main project directory “logs” folder. Each day are stored separately at file like 2019-06-19.0.log with 10Mb max size.

Delete isTransactionFeeIndicator method in SpiPaymentInitiationResponse

Method isTransactionFeeIndicator in SpiPaymentInitiationResponse was removed. From now on, use getTransactionFeeIndicator method instead.

Delete extra constructor in SpiInitiateAisConsentResponse

SpiInitiateAisConsentResponse(SpiAccountAccess, boolean) constructor was removed from SpiInitiateAisConsentResponse and SpiInitiateAisConsentResponse(SpiAccountAccess, boolean, String) was replaced with the Lombok @AllArgsConstructor version.

Bugfix: Read or update info by another TPP

From now on, while sending HTTP requests to the XS2A for all components (AIS, or PIIS) where TPP info from certificate is not correct validators will return an error with HTTP code 400 and message 'CONSENT_UNKNOWN'

Feature: Requests with custom 'tpp-qwac-certificate' header

From now on, all HTTP requests to the XS2A could contain custom 'tpp-qwac-certificate' header even if 'mockspi' profile is used

Bugfix: Fix saving of TPP redirect URIs after payment cancellation

Headers TPP-Redirect-URI and TPP-Nok-Redirect-URI for Payment Cancellation Request (DELETE /v1/{payment_service}/{payment_product}/{payment_id}) are stored in tpp_info table. Added validators for headers: tpp-redirect-uri, x-request-id and tpp-explicit-authorisation-preferred for Cancellation Payment Request (DELETE /v1/{payment-service}/{payment-product}/{paymentId}).

Bugfix: Missing validation for 'withBalance' with multiple accounts

From now on, when TPP sends Account List (GET /v1/accounts) request with withBalance parameter and AIS Consent access rights given to dedicated accounts and number of accounts exceeds number of balances, TPP in this case will receive 401 response code with CONSENT_INVALID message.

Delete deprecated columns in crypto_algorithm table

Columns algorithm, version, key_length_in_bytes, hash_iterations, skf_algorithm were deleted in crypto_algorithm table. Corresponding liquibase script file 0068-remove-deprecated-columns-from-crypto-algorithm-table.xml was added.

Bugfix: field aspspAccountId no longer available for SPI.

From now on, the aspspAccoundId field is present on SPI level and can be read by using CMS-PSU-API.

Bugfix: Xs2a should respond with error 401 'CERTIFICATE_INVALID' if TPP has no appropriate role for requested service

From now on, while sending HTTP requests to the XS2A for all components (AIS, PIS or PIIS) where TPP does not have roles for using current endpoint then response contains an error 'CERTIFICATE_INVALID' and HTTP code is 401