at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)
Current behavior
Right now when you initiate a payment and immediately after this, you make a POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations you get an "Internal Server Error"
Expected behavior
When this workflow is not allowed, then return an business-error. when this workflow might be legal, ensure no NPE is thrown and request returns with a valid response
Steps to reproduce
Initiate payment via e.g. POST on /v1/payments/sepa-credit-transfers with valid payment data
Start payment cancellation-authorisation via POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations with empty json-body
you will receive an HTTP 500
SCA approach
[ x ] Redirect
[ ] Embedded
[ ] Decoupled
XS2A version(s):
8.0
Log files or other additional info
Stacktrace:
java.lang.NullPointerException: null
at java.base/java.lang.String.replace(String.java:2158)
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder$$FastClassBySpringCGLIB$$4872f570.invoke(<generated>)
I debbuged till de.adorsys.psd2.consent.service.AuthorisationServiceInternal.createAuthorisation where authorisationParent.getInternalRequestId(authorisationType) returns null in case of cancellation because PisCommonPaymentData.cancellationInternalRequestId is not set at this time.
Maybe this might be a wrong workflow case. i don't really know, but a NPE is never good ;)
But actually when the Internal-Request-ID is filled (or in my workaround-case set to empty via aspect) then the request returns a valid response
Place where bug appeared
/v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)
Current behavior
/v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations
you get an "Internal Server Error"Expected behavior
Steps to reproduce
/v1/payments/sepa-credit-transfers
with valid payment data/v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations
with empty json-bodySCA approach
XS2A version(s):
Log files or other additional info
I debbuged till
de.adorsys.psd2.consent.service.AuthorisationServiceInternal.createAuthorisation
whereauthorisationParent.getInternalRequestId(authorisationType)
returns null in case of cancellation becausePisCommonPaymentData.cancellationInternalRequestId
is not set at this time.Maybe this might be a wrong workflow case. i don't really know, but a NPE is never good ;) But actually when the Internal-Request-ID is filled (or in my workaround-case set to empty via aspect) then the request returns a valid response