mirror of
https://github.com/we-promise/sure.git
synced 2026-06-05 18:59:04 +00:00
fe47c918bb
Decoupled/MFA banks (e.g. VR Bank in Holstein) were hard-blocked because the authorize flow aborted whenever auth_methods[0] was DECOUPLED. Enable Banking's hosted /auth page actually coordinates decoupled SCA and redirects back with a code, so route these banks through it instead: - Provider#start_authorization accepts and forwards an auth_method param - EnableBankingItem#select_auth_method picks the best method (REDIRECT > DECOUPLED > EMBEDDED), filtering by psu_type and skipping hidden methods - Shared begin_authorization! re-fetches ASPSP metadata on each authorize and reauthorize, so the method is always re-derived (no persistence required) - Remove the DECOUPLED block in the controller Also stop the integration from constantly reporting "session expired": - Only a session-level GET /sessions 401/404 flips the connection to requires_update; per-account 401/404 are retried and no longer kill the whole connection - Reconcile session_expires_at from the API's access.valid_until on every sync - Treat an expired session as a graceful requires_update state instead of raising a bare error No schema changes. Adds covering tests.
67 lines
2.2 KiB
Ruby
67 lines
2.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
require "openssl"
|
|
|
|
class EnableBankingItemsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
sign_in users(:family_admin)
|
|
@family = families(:dylan_family)
|
|
@item = @family.enable_banking_items.create!(
|
|
name: "Test Connection",
|
|
country_code: "DE",
|
|
application_id: "test_app_id",
|
|
client_certificate: OpenSSL::PKey::RSA.new(2048).to_pem
|
|
)
|
|
end
|
|
|
|
test "select_bank exposes ASPSP BIC in the searchable data attribute" do
|
|
Provider::EnableBanking.any_instance.stubs(:get_aspsps).returns(
|
|
aspsps: [
|
|
{
|
|
name: "ING-DiBa AG",
|
|
country: "DE",
|
|
bic: "INGDDEFF",
|
|
beta: false,
|
|
psu_types: [ "personal" ],
|
|
auth_methods: [ { approach: "REDIRECT" } ]
|
|
}
|
|
]
|
|
)
|
|
|
|
get select_bank_enable_banking_item_url(@item)
|
|
|
|
assert_response :success
|
|
haystack = @response.body[/data-bank-search="([^"]*)"/, 1]
|
|
assert haystack, "Expected list items to render a data-bank-search attribute the client filter reads from"
|
|
assert_includes haystack, "ingddeff",
|
|
"Expected the searchable data attribute to include the BIC so users can find banks by BIC code"
|
|
assert_includes haystack, "ing-diba ag",
|
|
"Expected the searchable data attribute to still include the bank name (existing name-search behavior)"
|
|
end
|
|
|
|
test "authorize no longer blocks decoupled banks and proceeds to the hosted auth page" do
|
|
Provider::EnableBanking.any_instance.stubs(:get_aspsps).returns(
|
|
aspsps: [
|
|
{
|
|
name: "VR Bank in Holstein",
|
|
country: "DE",
|
|
psu_types: [ "personal" ],
|
|
auth_methods: [ { name: "decoupled_app", approach: "DECOUPLED" } ]
|
|
}
|
|
]
|
|
)
|
|
Provider::EnableBanking.any_instance.stubs(:start_authorization).returns(
|
|
url: "https://api.enablebanking.com/auth/redirect/abc",
|
|
authorization_id: "auth_1"
|
|
)
|
|
|
|
post authorize_enable_banking_item_url(@item),
|
|
params: { aspsp_name: "VR Bank in Holstein", psu_type: "personal" }
|
|
|
|
assert_redirected_to "https://api.enablebanking.com/auth/redirect/abc"
|
|
assert_nil flash[:alert]
|
|
assert_equal "DECOUPLED", @item.reload.aspsp_auth_approach
|
|
end
|
|
end
|