Release_notes_5.0.adoc

Release notes v.5.0

Table of Contents

• ASPSP profile was refactored and REQUIRES MIGRATION!

• Bugfix: TPP domain validator ignores non-domain tppName field

• Removed deprecated frequencyPerDay for PiisConsent

• Bugfix: statuses of obsoleted AIS consents

• Removed column tpp_info_id from authorisation_template table

• Provided multilevel SCA for Establish Consent in Redirect approach

• Bugfix: changed link for update PSU data without password

• Removed deprecated TppInfo from PiisConsent

• Bugfix: changed link for update PSU data without password for payment cancellation

• Updated enum MessageErrorCode

• Added indexes to the CMS database

• Bugfix: providing incorrect request body on PIIS consent creation in CMS-ASPSP-API results in Internal Server Error

• Bugfix: SupportedTransactionApplicationTypes in profile should be String

• Extended XS2A with Austria requirements to payment products

• Bugfix: incorrect error code in response for ReadAccountList for consent which was revoked by PSU

• Bugfix: incorrect TransactionId in read transaction details leads to internal server error

• Bugfix: only Pending transactions should be available in getTransactionList response when query param set to "pending"

ASPSP profile was refactored and REQUIRES MIGRATION!

bank_profile.yml file was updated to a new format. The ASPSP profile WON’T WORK without migration to the new format. This ASPSP profile YAML file update includes the following changes:

• all properties were grouped into ais, pis, piis and common categories

• some properties were renamed to the more appropriate names

• some default values were changed

The description of a new bank_profile.yml file can be found here: https://github.com/adorsys/xs2a/tree/develop/aspsp-profile. The migration to the new format can be performed either manually or by using a new POST /api/v1/aspsp-profile/convert-profile/aspsp-settings migration controller. In the HTTP body, it takes the content of the old bank_profile.yml and returns the new version of ASPSP profile. This response can be inserted in the bank_profile.yml file instead of old content. To enable this endpoint, the debug_mode profile for aspsp-profile-server application should be enabled. The migration sequence of actions if the following:

• launch application with debug_mode profile active

• select POST /api/v1/aspsp-profile/convert-profile/aspsp-settings and copy the content of current bank_profile.yml file to the its body

• replace the content of bank_profile.yml with the response of the endpoint call

• restart aspsp-profile-server (debug_mode profile is not needed anymore)

Bugfix: TPP domain validator ignores non-domain tppName field

From now on, if tppName is not a proper domain name, it will be ignored by XS2A in TPP domain validation. Before, java IllegalArgumentException was thrown by the validator.

Removed deprecated frequencyPerDay for PiisConsent

From now on, the deprecated field frequencyPerDay has been removed from CreatePiisConsentRequest, PiisConsentEntity, and PiisConsent. The field has also been removed from the piis_consent table.

Bugfix: statuses of obsoleted AIS consents

Some changes were made in AIS consents statuses switching: obsoleted consents that were not confirmed with authorisation now get status REJECTED (before it was EXPIRED). When new AIS consent for account for one TPP and one PSU is created with reccuringIndicator=true, old authorised consents get status TERMINATED_BY_TPP, but old unauthorised consents get status REJECTED. The same works for consents with multilevelSca set to true: if old consents have PARTIALLY_AUTHORISED status - they obtain REJECTED status.

Removed column tpp_info_id from authorisation_template table

From now on, tpp_info_id column has been removed from authorisation_template table.

Provided multilevel SCA for Establish Consent in Redirect approach

New method CmsPsuAisServiceInternal::authorisePartiallyConsent was added to CMS-PSU-API to authorise AIS Consent partially (POST /psu-api/v1/ais/consent/{consent-id}/authorise-partially-consent).

Bugfix: changed link for update PSU data without password

From now on, after sending the update PSU data request (PUT /v1/consents/{consentId}/authorisations/{authorisationId}) with PSU-ID header but with no body, the response contains updatePsuAuthentication link. This works if you start the authorisation in EMBEDDED approach explicitly.

Removed deprecated TppInfo from PiisConsent

From now on, the deprecated field tppInfo is removed from PiisConsentEntity, PiisConsent, and CreatePiisConsentRequest. Also, all data has been migrated from tppInfo column to tppAuthorisationNumber column in piis_consent table.

Bugfix: changed link for update PSU data without password for payment cancellation

From now on, after sending the update PSU data request for payment cancellation (PUT /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{cancellationId}) with PSU-ID header but with no body, the response contains updatePsuAuthentication link. This works if you start the authorisation for payment cancellation in EMBEDDED approach.

Updated enum MessageErrorCode

From now on, enum MessageErrorCode contains new values: PARAMETER_NOT_CONSISTENT, REFERENCE_MIX_INVALID, REFERENCE_STATUS_INVALID, ROLE_INVALID.

Added indexes to the CMS database

Several indexes were added to the CMS database to increase performance:

• index on external_id in ais_consent table

• index on payment_id in pis_common_payment table

• index on payment_id in pis_payment_data table

• index on tpp_info_id in tpp_info_role table

Bugfix: providing incorrect request body on PIIS consent creation in CMS-ASPSP-API results in Internal Server Error

From now on, when you try to create PIIS consent POST /aspsp-api/v1/piis/consents with incorrect request body, you’ll get status 400 Bad request and message Http message is not readable.

Bugfix: SupportedTransactionApplicationTypes in profile should be String

From now on, the field supportedTransactionApplicationTypes is a String. Also, the endpoint GET /v1/accounts/{account-id}/balances now responds with 401 Unauthorized - CONSENT_INVALID, if providing an empty account-id.

Extended XS2A with Austria requirements to payment products

Payment validation was extended for supporting different countries. Technically all rules for payment have been transferred to application.properties in the format validation.payment.<field>.<rule>. Available rules for field:

• use - required, optional <default>, skip, none.

• maxLength - max fields length (0 by default)

From now on, new configuration properties for payment validation should be added in application.properties and provided bean realization into spring context (PaymentValidationConfig). To extend configuration for another country create new application-<country>.properties and override proper properties. To apply new file add <country> to active profiles for application.

By default, configuration is for Germany and configuration for Austria was added as well.

Bugfix: incorrect error code in response for ReadAccountList for consent which was revoked by PSU

From now on, when you try to get Account List for consent which was revoked by PSU with request GET /v1/accounts you will get response code 401 'CONSENT_INVALID' with text Consent was revoked by PSU

Bugfix: incorrect TransactionId in read transaction details leads to internal server error

From now on, if TPP provides incorrect transaction ID in read transaction details GET /v1/accounts/{account-id}/transactions/{resourceId} it will receive 403 response code with RESOURCE_UNKNOWN message.

Bugfix: only Pending transactions should be available in getTransactionList response when query param set to "pending"

From now on, the query parameter bookingStatus in GET /v1/accounts/{account-id}/transactions is capable of filtering. The endpoint returns only those types of transactions, whose bookingStatus equals the parameters value.