POST on cancellation-authorisations immediately after payment-intiation brings NPE

benmoeARZ commented 3 years ago

Place where bug appeared

/v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)

Current behavior

Right now when you initiate a payment and immediately after this, you make a POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations you get an "Internal Server Error"

Expected behavior

When this workflow is not allowed, then return an business-error. when this workflow might be legal, ensure no NPE is thrown and request returns with a valid response

Steps to reproduce

Initiate payment via e.g. POST on /v1/payments/sepa-credit-transfers with valid payment data
Start payment cancellation-authorisation via POST on /v1/payments/sepa-credit-transfers/{{paymentId}}/cancellation-authorisations with empty json-body
you will receive an HTTP 500

SCA approach

[ x ] Redirect
[ ] Embedded
[ ] Decoupled

XS2A version(s):

8.0

Log files or other additional info

Stacktrace:

java.lang.NullPointerException: null
at java.base/java.lang.String.replace(String.java:2158)
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder.buildPaymentCancellationScaRedirectLink(RedirectLinkBuilder.java:126)
at de.adorsys.psd2.xs2a.web.RedirectLinkBuilder$$FastClassBySpringCGLIB$$4872f570.invoke(<generated>)

I debbuged till de.adorsys.psd2.consent.service.AuthorisationServiceInternal.createAuthorisation where authorisationParent.getInternalRequestId(authorisationType) returns null in case of cancellation because PisCommonPaymentData.cancellationInternalRequestId is not set at this time.

Maybe this might be a wrong workflow case. i don't really know, but a NPE is never good ;) But actually when the Internal-Request-ID is filled (or in my workaround-case set to empty via aspect) then the request returns a valid response

ViraHavrylenko commented 3 years ago

Hello @benmoeARZ , we'll take a look.

andriimurashkin commented 3 years ago

Fixed in versions 8.4 and 9.3.

FYI @benmoeARZ

adorsys / xs2a