From 11bc4fb8223fa61350ff5b44333a029d9241b038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 6 Dec 2023 14:45:55 +0100 Subject: [PATCH] Fix issues found during operation claim integration into mobile token (#943) --- docs/Mobile-Token-API.md | 3 +-- .../app/enrollmentserver/impl/service/MobileTokenService.java | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/Mobile-Token-API.md b/docs/Mobile-Token-API.md index 2647df518..d155655e3 100644 --- a/docs/Mobile-Token-API.md +++ b/docs/Mobile-Token-API.md @@ -395,8 +395,7 @@ Claim an operation for a user. ```json { "requestObject": { - "id": "7e0ba60f-bf22-4ff5-b999-2733784e5eaa", - "userId": "user12345" + "id": "7e0ba60f-bf22-4ff5-b999-2733784e5eaa" } } ``` diff --git a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java index b2f87be5a..5f27018c6 100644 --- a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java +++ b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/impl/service/MobileTokenService.java @@ -278,7 +278,8 @@ public Response operationReject( */ public Operation getOperationDetail(String operationId, String language, String userId) throws MobileTokenException, PowerAuthClientException, MobileTokenConfigurationException { final OperationDetailResponse operationDetail = getOperationDetailInternal(operationId); - if (!userId.equals(operationDetail.getUserId())) { + // Check user ID against authenticated user, however skip the check in case operation is not claimed yet + if (operationDetail.getUserId() != null && !userId.equals(operationDetail.getUserId())) { logger.warn("User ID from operation does not match authenticated user ID."); throw new MobileTokenException(ErrorCode.INVALID_REQUEST, "Invalid request"); }