Adding consent_items which is a denomralisation of the JWT so we don't

have to extract the JWT in order to query the bank_id (for get my
consents at bank). Also pagination defaults to 50 rows.

Author: simonredfern

obp-api/src/main/scala/bootstrap/liftweb/Boot.scala

@@ -63,7 +63,7 @@ import code.branches.MappedBranch
 import code.cardattribute.MappedCardAttribute
 import code.cards.{MappedPhysicalCard, PinReset}
 import code.connectormethod.ConnectorMethod
-import code.consent.{ConsentRequest, MappedConsent}
+import code.consent.{ConsentRequest, MappedConsent, MappedConsentItems}
 import code.consumer.Consumers
 import code.model.Consumer
 import code.context.{MappedConsentAuthContext, MappedUserAuthContext, MappedUserAuthContextUpdate}
@@ -1120,6 +1120,7 @@ object ToSchemify {
     MappedCustomerIdMapping,
     MappedProductAttribute,
     MappedConsent,
+    MappedConsentItems,
     ConsentRequest,
     MigrationScriptLog,
     MethodRouting,

obp-api/src/main/scala/code/api/ResourceDocs1_4_0/SwaggerDefinitionsJSON.scala

@@ -4601,7 +4601,7 @@ object SwaggerDefinitionsJSON {
     last_action_date = dateExample.value,
     last_usage_date = dateTimeExample.value,
     jwt = jwtExample.value,
-    jwt_payload = Some(consentJWT),
+    jwt_payload = """{"createdByUserId":"user-id","sub":"subject","iss":"issuer","aud":"audience","jti":"jwt-id","iat":1611749820,"nbf":1611749820,"exp":1611753420,"request_headers":[],"name":null,"email":null,"entitlements":[],"views":[],"access":null}""",
     api_standard = "Berlin Group",
     api_version = "v1.3",
   )

obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala

@@ -25,7 +25,7 @@ import code.api.v3_0_0.{CreateViewJsonV300, JSONFactory300}
 import code.api.v3_1_0.JSONFactory310._
 import code.bankconnectors.rest.RestConnector_vMar2019
 import code.bankconnectors.{Connector, LocalMappedConnector}
-import code.consent.{ConsentStatus, Consents, MappedConsent}
+import code.consent.{ConsentStatus, Consents, DoobieConsentQueries, MappedConsent}
 import code.consumer.Consumers
 import code.entitlement.Entitlement
 import code.loginattempts.LoginAttempt
@@ -3726,6 +3726,10 @@ trait APIMethods310 {
         |
         |${userAuthenticationMessage(true)}
         |
+        |1 limit (for pagination: defaults to 50)  eg:limit=200
+        |
+        |2 offset (for pagination: zero index, defaults to 0) eg: offset=10
+        |
       """.stripMargin,
       EmptyBody,
       consentsJsonV310,
@@ -3739,12 +3743,32 @@ trait APIMethods310 {
     lazy val getConsents: OBPEndpoint = {
       case "banks" :: BankId(bankId) :: "my" :: "consents" :: Nil JsonGet _ => {
         cc => implicit val ec = EndpointContext(Some(cc))
+          val url = cc.url
+          val limitParam = APIUtil.getHttpRequestUrlParam(url, "limit") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(50)
+            case _ => 50
+          }
+          val offsetParam = APIUtil.getHttpRequestUrlParam(url, "offset") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(0)
+            case _ => 0
+          }
           for {
             (Full(user), callContext) <- authenticatedAccess(cc)
             (_, callContext) <- NewStyle.function.getBank(bankId, callContext)
-            consents <- Future(Consents.consentProvider.vend.getConsentsByUser(user.userId))
+            rows <- Future {
+              DoobieConsentQueries.getConsentsByUserAndBank(
+                userId = user.userId,
+                bankId = bankId.value,
+                status = None,
+                limit = limitParam,
+                offset = offsetParam,
+                sortField = "created_date",
+                sortDirection = "desc"
+              )
+            }
           } yield {
-            (JSONFactory310.createConsentsJsonV310(consents), HttpCode.`200`(callContext))
+            val consents = rows.map(r => ConsentJsonV310(r.consentId, r.jwt.getOrElse(""), r.status))
+            (ConsentsJsonV310(consents), HttpCode.`200`(callContext))
           }
       }
     }

obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala

@@ -42,7 +42,7 @@ import code.authtypevalidation.JsonAuthTypeValidation
 import code.bankconnectors.LocalMappedConnectorInternal._
 import code.bankconnectors.{Connector, DynamicConnector, InternalConnector, LocalMappedConnectorInternal}
 import code.connectormethod.{JsonConnectorMethod, JsonConnectorMethodMethodBody}
-import code.consent.{ConsentStatus, Consents}
+import code.consent.{ConsentStatus, Consents, DoobieConsentQueries}
 import code.dynamicEntity.DynamicEntityCommons
 import code.dynamicMessageDoc.JsonDynamicMessageDoc
 import code.dynamicResourceDoc.JsonDynamicResourceDoc
@@ -11479,6 +11479,10 @@ trait APIMethods400 extends MdcLoggable {
          |
          |${userAuthenticationMessage(true)}
          |
+         |1 limit (for pagination: defaults to 50)  eg:limit=200
+         |
+         |2 offset (for pagination: zero index, defaults to 0) eg: offset=10
+         |
       """.stripMargin,
       EmptyBody,
       consentsJsonV400,
@@ -11494,19 +11498,33 @@ trait APIMethods400 extends MdcLoggable {
       case "banks" :: BankId(bankId) :: "my" :: "consents" :: Nil JsonGet _ => {
         cc =>
           implicit val ec = EndpointContext(Some(cc))
+          val url = cc.url
+          val limitParam = getHttpRequestUrlParam(url, "limit") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(50)
+            case _ => 50
+          }
+          val offsetParam = getHttpRequestUrlParam(url, "offset") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(0)
+            case _ => 0
+          }
           for {
-            consents <- Future {
-              Consents.consentProvider.vend
-                .getConsentsByUser(cc.userId)
-                .sortBy(i => (i.creationDateTime, i.apiStandard))
-                .reverse
+            rows <- Future {
+              DoobieConsentQueries.getConsentsByUserAndBank(
+                userId = cc.userId,
+                bankId = bankId.value,
+                status = None,
+                limit = limitParam,
+                offset = offsetParam,
+                sortField = "created_date",
+                sortDirection = "desc"
+              )
             }
           } yield {
-            val consentsOfBank = Consent.filterByBankId(consents, bankId)
-            (
-              JSONFactory400.createConsentsJsonV400(consentsOfBank),
-              HttpCode.`200`(cc)
-            )
+            val consents = rows.map(r => ConsentJsonV400(
+              r.consentId, r.jwt.getOrElse(""), r.status,
+              r.apiStandard.getOrElse(""), r.apiVersion.getOrElse("")
+            ))
+            (ConsentsJsonV400(consents), HttpCode.`200`(cc))
           }
       }
     }

obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala

@@ -1803,10 +1803,23 @@ trait APIMethods510 {
       "Get My Consents at Bank",
       s"""
          |
-         |This endpoint gets the Consents created by a current User.
+         |This endpoint gets the Consents created by a current User at the specified Bank.
          |
          |${userAuthenticationMessage(true)}
          |
+         |1 limit (for pagination: defaults to 50)  eg:limit=200
+         |
+         |2 offset (for pagination: zero index, defaults to 0) eg: offset=10
+         |
+         |3 status  (ignore if omitted)
+         |
+         |4 sort_by (defaults to created_date:desc)  eg: sort_by=created_date:desc
+         |
+         |Note: This endpoint only returns consents that explicitly reference the specified BANK_ID.
+         |Consents created before the consent_items join table was introduced will not appear in results.
+         |
+         |eg: /banks/BANK_ID/my/consents?limit=10&offset=0&sort_by=created_date:desc
+         |
       """.stripMargin,
       EmptyBody,
       consentsInfoJsonV510,
@@ -1821,26 +1834,42 @@ trait APIMethods510 {
       case "banks" :: BankId(bankId) :: "my" :: "consents" :: Nil JsonGet _ => {
         cc =>
           implicit val ec = EndpointContext(Some(cc))
+          val url = cc.url
+          val limitParam = getHttpRequestUrlParam(url, "limit") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(50)
+            case _ => 50
+          }
+          val offsetParam = getHttpRequestUrlParam(url, "offset") match {
+            case s if s.nonEmpty => scala.util.Try(s.toInt).getOrElse(0)
+            case _ => 0
+          }
+          val statusParam = getHttpRequestUrlParam(url, "status") match {
+            case s if s.nonEmpty => Some(s)
+            case _ => None
+          }
+          val sortByParam = getHttpRequestUrlParam(url, "sort_by") match {
+            case s if s.nonEmpty => s
+            case _ => "created_date:desc"
+          }
+          val sortParts = sortByParam.split(":").map(_.trim.toLowerCase)
+          val sortField = sortParts(0)
+          val sortDirection = sortParts.lift(1).getOrElse("desc")
           for {
+            (Full(u), callContext) <- authenticatedAccess(cc)
             rows <- Future {
-              DoobieConsentQueries.getAllConsentsByUser(cc.userId)
+              DoobieConsentQueries.getConsentsByUserAndBank(
+                userId = u.userId,
+                bankId = bankId.value,
+                status = statusParam,
+                limit = limitParam,
+                offset = offsetParam,
+                sortField = sortField,
+                sortDirection = sortDirection
+              )
             }
           } yield {
-            // Bank filtering requires JWT decoding — done in Scala
-            val filteredRows = rows.filter { row =>
-              row.jwt.exists { jwt =>
-                val jwtPayload: Box[ConsentJWT] = JwtUtil.getSignedPayloadAsJson(jwt).map(parse(_).extract[ConsentJWT])
-                jwtPayload match {
-                  case Full(c) if c.views.isEmpty => true
-                  case Full(c) if c.views.map(_.bank_id).contains(bankId.value) => true
-                  case Full(c) if c.entitlements.exists(_.bank_id.isEmpty()) => true
-                  case Full(c) if c.entitlements.map(_.bank_id).contains(bankId.value) => true
-                  case _ => false
-                }
-              }
-            }
-            val consents = filteredRows.map(rowToConsentInfoJsonV510)
-            (ConsentsInfoJsonV510(consents), HttpCode.`200`(cc))
+            val consents = rows.map(rowToConsentInfoJsonV510)
+            (ConsentsInfoJsonV510(consents), HttpCode.`200`(callContext))
           }
       }
     }
@@ -1903,7 +1932,7 @@ trait APIMethods510 {
           val sortDirection = sortParts.lift(1).getOrElse("desc")
           for {
             (Full(u), callContext) <- authenticatedAccess(cc)
-            (rows, _) <- Future {
+            rows <- Future {
               DoobieConsentQueries.getConsentsByUser(
                 userId = u.userId,
                 status = statusParam,
@@ -1920,14 +1949,6 @@ trait APIMethods510 {
     }
 
     private def rowToConsentInfoJsonV510(row: DoobieConsentQueries.ConsentRow): ConsentInfoJsonV510 = {
-      // Use pre-computed jwt_payload from DB; fall back to parsing jwt if not yet populated
-      val jwtPayload: Box[ConsentJWT] = row.jwtPayload match {
-        case Some(payload) => tryo(parse(payload).extract[ConsentJWT])
-        case None => row.jwt match {
-          case Some(jwt) => JwtUtil.getSignedPayloadAsJson(jwt).map(parse(_).extract[ConsentJWT])
-          case None => Empty
-        }
-      }
       ConsentInfoJsonV510(
         consent_reference_id = row.consentReferenceId.toString,
         consent_id = row.consentId,
@@ -1939,7 +1960,7 @@ trait APIMethods510 {
         last_usage_date =
           row.lastUsageDate.map(d => new java.text.SimpleDateFormat(DateWithSeconds).format(d)).orNull,
         jwt = row.jwt.orNull,
-        jwt_payload = jwtPayload,
+        jwt_payload = row.jwtPayload.orNull,
         api_standard = row.apiStandard.orNull,
         api_version = row.apiVersion.orNull
       )

obp-api/src/main/scala/code/api/v5_1_0/JSONFactory5.1.0.scala

@@ -172,7 +172,7 @@ case class ConsentInfoJsonV510(consent_reference_id: String,
                                last_action_date: String,
                                last_usage_date: String,
                                jwt: String,
-                               jwt_payload: Box[ConsentJWT],
+                               jwt_payload: String,
                                api_standard: String,
                                api_version: String,
                               )
@@ -1007,9 +1007,6 @@ object JSONFactory510 extends CustomJsonFormats with MdcLoggable {
 
     ConsentsInfoJsonV510(
       consents.map { c =>
-        val jwtPayload: Box[ConsentJWT] =
-          JwtUtil.getSignedPayloadAsJson(c.jsonWebToken).map(parse(_).extract[ConsentJWT])
-
         ConsentInfoJsonV510(
           consent_reference_id = c.consentReferenceId,
           consent_id = c.consentId,
@@ -1021,7 +1018,7 @@ object JSONFactory510 extends CustomJsonFormats with MdcLoggable {
           last_usage_date =
             if (c.usesSoFarTodayCounterUpdatedAt != null) new SimpleDateFormat(DateWithSeconds).format(c.usesSoFarTodayCounterUpdatedAt) else null,
           jwt = c.jsonWebToken,
-          jwt_payload = jwtPayload,
+          jwt_payload = null,
           api_standard = c.apiStandard,
           api_version = c.apiVersion
         )