HMAI - Added validation to transaction transfer POST (#731)

tomwatkins1994 · web-flow · commit edec71b514b8 · 2025-03-07T16:46:06.000Z
* Added validation to data class

* Add test for validation
diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/TransactionsController.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/TransactionsController.kt
@@ -302,7 +302,7 @@ class TransactionsController(
     @Parameter(description = "The ID of the prison that holds the account") @PathVariable prisonId: String,
     @Parameter(description = "The HMPPS ID of the person") @PathVariable hmppsId: String,
     @RequestAttribute filters: ConsumerFilters?,
-    @RequestBody transactionTransferRequest: TransactionTransferRequest,
+    @Valid @RequestBody transactionTransferRequest: TransactionTransferRequest,
   ): DataResponse<TransactionTransferCreateResponse?> {
     val response = postTransactionTransferForPersonService.execute(prisonId, hmppsId, transactionTransferRequest, filters)
 
diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/models/hmpps/TransactionTransferRequest.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/models/hmpps/TransactionTransferRequest.kt
@@ -1,21 +1,27 @@
 package uk.gov.justice.digital.hmpps.hmppsintegrationapi.models.hmpps
 
 import io.swagger.v3.oas.annotations.media.Schema
+import jakarta.validation.constraints.NotBlank
 
 data class TransactionTransferRequest(
+  @field:NotBlank(message = "Description must not be blank")
   @Schema(description = "Description of the transaction.")
   val description: String,
   @Schema(
     description = "Amount of money in pence, must be positive.",
     example = "1234",
   )
   val amount: Int,
+  @field:NotBlank(message = "Client transaction ID must not be blank")
   @Schema(description = "Client Transaction Id.")
   val clientTransactionId: String,
+  @field:NotBlank(message = "Client unique ref must not be blank")
   @Schema(description = "A reference unique to the client making the post. Maximum size 64 characters, only alphabetic, numeric, '-' and '_' are allowed.")
   val clientUniqueRef: String,
+  @field:NotBlank(message = "From account must not be blank")
   @Schema(description = "The account to move money from. Must be 'spends'.", example = "spends")
   val fromAccount: String,
+  @field:NotBlank(message = "To account must not be blank")
   @Schema(description = "The account to move money to. Must be 'savings'.", example = "savings")
   val toAccount: String,
 ) {
diff --git a/src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/TransactionsControllerTest.kt b/src/test/kotlin/uk/gov/justice/digital/hmpps/hmppsintegrationapi/controllers/v1/TransactionsControllerTest.kt
@@ -53,8 +53,6 @@ class TransactionsControllerTest(
       val basePath = "/v1/prison/$prisonId/prisoners/$hmppsId"
       val transactionsPath = "$basePath/accounts/$accountCode/transactions"
       val transactionPath = "$basePath/transactions/$clientUniqueRef"
-      val postTransactionPath = "$basePath/transactions"
-      val postTransactionTransferPath = "$postTransactionPath/transfer"
       val mockMvc = IntegrationAPIMockMvc(springMockMvc)
 
       val type = "CANT"
@@ -64,7 +62,6 @@ class TransactionsControllerTest(
       val postClientUniqueRef = "CLIENT121131-0_11"
       val fromAccount = "spends"
       val toAccount = "savings"
-      val exampleTransactionTransfer = TransactionTransferRequest(description, amount, clientTransactionId, postClientUniqueRef, fromAccount, toAccount)
 
       val transactions =
         Transactions(
@@ -225,6 +222,7 @@ class TransactionsControllerTest(
       }
 
       describe("POST transaction") {
+        val postTransactionPath = "$basePath/transactions"
         val exampleTransaction = TransactionRequest(type, description, amount, clientTransactionId, postClientUniqueRef)
 
         it("returns a response with a transaction ID") {
@@ -327,117 +325,133 @@ class TransactionsControllerTest(
         }
       }
 
-      // Post transaction transfer
+      describe("POST transaction/transfer") {
+        val postTransactionTransferPath = "$basePath/transactions/transfer"
+        val exampleTransactionTransfer = TransactionTransferRequest(description, amount, clientTransactionId, postClientUniqueRef, fromAccount, toAccount)
 
-      it("returns a response with a transaction ID, debit and credit transaction IDs") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
-        ).thenReturn(
-          Response(transactionTransferCreateResponse),
-        )
+        it("returns a response with a transaction ID, debit and credit transaction IDs") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
+          ).thenReturn(
+            Response(transactionTransferCreateResponse),
+          )
 
-        val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
+          val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
 
-        result.response.contentAsString.shouldContain(
-          """
-          {
-            "data": {
-               "debitTransactionId": "6179604-1",
-               "creditTransactionId": "6179604-1",
-               "transactionId": "6179604"
+          result.response.contentAsString.shouldContain(
+            """
+            {
+              "data": {
+                 "debitTransactionId": "6179604-1",
+                 "creditTransactionId": "6179604-1",
+                 "transactionId": "6179604"
+              }
             }
-          }
-          """.removeWhitespaceAndNewlines(),
-        )
-      }
+            """.removeWhitespaceAndNewlines(),
+          )
+        }
 
-      it("POST transfer - returns a 200 status code when successful") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
-        ).thenReturn(
-          Response(transactionTransferCreateResponse),
-        )
+        it("returns a 200 status code when successful") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
+          ).thenReturn(
+            Response(transactionTransferCreateResponse),
+          )
 
-        val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
+          val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
 
-        result.response.status.shouldBe(HttpStatus.OK.value())
-      }
+          result.response.status.shouldBe(HttpStatus.OK.value())
+        }
 
-      // Prison filter rejection test
-      it("POST transfer - returns 400 if prison filter is not matched") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, ConsumerFilters(prisons = listOf("XYZ"))),
-        ).thenReturn(
-          Response(
-            data = null,
-            errors =
-              listOf(
-                UpstreamApiError(
-                  causedBy = UpstreamApi.NOMIS,
-                  type = UpstreamApiError.Type.BAD_REQUEST,
+        it("returns 400 if prison filter is not matched") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, ConsumerFilters(prisons = listOf("XYZ"))),
+          ).thenReturn(
+            Response(
+              data = null,
+              errors =
+                listOf(
+                  UpstreamApiError(
+                    causedBy = UpstreamApi.NOMIS,
+                    type = UpstreamApiError.Type.BAD_REQUEST,
+                  ),
                 ),
-              ),
-          ),
-        )
+            ),
+          )
 
-        val result = mockMvc.performAuthorisedPostWithCN(postTransactionTransferPath, "limited-prisons", exampleTransactionTransfer)
+          val result = mockMvc.performAuthorisedPostWithCN(postTransactionTransferPath, "limited-prisons", exampleTransactionTransfer)
 
-        result.response.status.shouldBe(HttpStatus.BAD_REQUEST.value())
-      }
+          result.response.status.shouldBe(HttpStatus.BAD_REQUEST.value())
+        }
 
-      it("POST transfers - calls the API with the correct filters") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, ConsumerFilters(prisons = listOf("XYZ"))),
-        ).thenReturn(
-          Response(transactionTransferCreateResponse),
-        )
+        it("returns 400 if request body validation does not succeed") {
+          val invalidTransactionTransfer = TransactionTransferRequest(description = "", amount, clientTransactionId = "", clientUniqueRef = "", fromAccount = "", toAccount = "")
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
+          ).thenReturn(
+            Response(transactionTransferCreateResponse),
+          )
+
+          val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, invalidTransactionTransfer)
+          result.response.run {
+            status.shouldBe(HttpStatus.BAD_REQUEST.value())
+            contentAsJson<ValidationErrorResponse>().validationErrors.shouldContainAll("Description must not be blank", "Client transaction ID must not be blank", "Client unique ref must not be blank", "From account must not be blank", "To account must not be blank")
+          }
+        }
 
-        val result = mockMvc.performAuthorisedPostWithCN(postTransactionTransferPath, "limited-prisons", exampleTransactionTransfer)
+        it("calls the API with the correct filters") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, ConsumerFilters(prisons = listOf("XYZ"))),
+          ).thenReturn(
+            Response(transactionTransferCreateResponse),
+          )
 
-        result.response.status.shouldBe(HttpStatus.OK.value())
-      }
+          val result = mockMvc.performAuthorisedPostWithCN(postTransactionTransferPath, "limited-prisons", exampleTransactionTransfer)
 
-      // bad request
-      it("POST transfer - returns a 400 BAD REQUEST status code when there is an invalid HMPPS ID or incorrect prison, or an invalid request body") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
-        ).thenReturn(
-          Response(
-            data = null,
-            errors =
-              listOf(
-                UpstreamApiError(
-                  causedBy = UpstreamApi.NOMIS,
-                  type = UpstreamApiError.Type.BAD_REQUEST,
+          result.response.status.shouldBe(HttpStatus.OK.value())
+        }
+
+        it("returns a 400 BAD REQUEST status code when there is an invalid HMPPS ID or incorrect prison, or an invalid request body") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
+          ).thenReturn(
+            Response(
+              data = null,
+              errors =
+                listOf(
+                  UpstreamApiError(
+                    causedBy = UpstreamApi.NOMIS,
+                    type = UpstreamApiError.Type.BAD_REQUEST,
+                  ),
                 ),
-              ),
-          ),
-        )
+            ),
+          )
 
-        val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
+          val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
 
-        result.response.status.shouldBe(HttpStatus.BAD_REQUEST.value())
-      }
+          result.response.status.shouldBe(HttpStatus.BAD_REQUEST.value())
+        }
 
-      it("POST transfer - returns a 409 CONFLICT status code when there is a duplicate transaction requested") {
-        whenever(
-          postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
-        ).thenReturn(
-          Response(
-            data = null,
-            errors =
-              listOf(
-                UpstreamApiError(
-                  causedBy = UpstreamApi.NOMIS,
-                  type = UpstreamApiError.Type.CONFLICT,
+        it("returns a 409 CONFLICT status code when there is a duplicate transaction requested") {
+          whenever(
+            postTransactionTransferForPersonService.execute(prisonId, hmppsId, exampleTransactionTransfer, null),
+          ).thenReturn(
+            Response(
+              data = null,
+              errors =
+                listOf(
+                  UpstreamApiError(
+                    causedBy = UpstreamApi.NOMIS,
+                    type = UpstreamApiError.Type.CONFLICT,
+                  ),
                 ),
-              ),
-          ),
-        )
+            ),
+          )
 
-        val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
+          val result = mockMvc.performAuthorisedPost(postTransactionTransferPath, exampleTransactionTransfer)
 
-        result.response.status.shouldBe(HttpStatus.CONFLICT.value())
+          result.response.status.shouldBe(HttpStatus.CONFLICT.value())
+        }
       }
     },
   )
