Fix issues found during operation claim integration into mobile token (…

…#943)
wultra · Dec 6, 2023 · 11bc4fb · 11bc4fb
1 parent 7529deb
commit 11bc4fb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/docs/Mobile-Token-API.md b/docs/Mobile-Token-API.md
@@ -395,8 +395,7 @@ Claim an operation for a user.
 ```json
 {
   "requestObject": {
-    "id": "7e0ba60f-bf22-4ff5-b999-2733784e5eaa",
-    "userId": "user12345"
+    "id": "7e0ba60f-bf22-4ff5-b999-2733784e5eaa"
   }
 }
 ```

diff --git a/...server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java b/...server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java
@@ -278,7 +278,8 @@ public Response operationReject(
      */
     public Operation getOperationDetail(String operationId, String language, String userId) throws MobileTokenException, PowerAuthClientException, MobileTokenConfigurationException {
         final OperationDetailResponse operationDetail = getOperationDetailInternal(operationId);
-        if (!userId.equals(operationDetail.getUserId())) {
+        // Check user ID against authenticated user, however skip the check in case operation is not claimed yet
+        if (operationDetail.getUserId() != null && !userId.equals(operationDetail.getUserId())) {
             logger.warn("User ID from operation does not match authenticated user ID.");
             throw new MobileTokenException(ErrorCode.INVALID_REQUEST, "Invalid request");
         }