From aad1d146c2e8e5223125a1e89259ec3315e6272f Mon Sep 17 00:00:00 2001
From: Stas Dmytryshyn <iqpirat@gmail.com>
Date: Mon, 18 Dec 2023 15:44:40 +0100
Subject: [PATCH] feat: ack expired err code (#1548)

* feat: ack expired err code

* fix: test
---
 pkg/restapi/v1/oidc4ci/controller_test.go     | 34 +++++++++++++++++++
 .../oidc4ci/oidc4ci_acknowledgement.go        |  4 ++-
 .../oidc4ci/oidc4ci_acknowledgement_test.go   |  5 +--
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/pkg/restapi/v1/oidc4ci/controller_test.go b/pkg/restapi/v1/oidc4ci/controller_test.go
index e069cc1df..7659b82cf 100644
--- a/pkg/restapi/v1/oidc4ci/controller_test.go
+++ b/pkg/restapi/v1/oidc4ci/controller_test.go
@@ -2201,6 +2201,40 @@ func TestController_Ack(t *testing.T) {
 		err := controller.OidcAcknowledgement(echo.New().NewContext(req, rec))
 		assert.ErrorContains(t, err, "missing access token")
 	})
+
+	t.Run("ack expired", func(t *testing.T) {
+		mockOAuthProvider := NewMockOAuth2Provider(gomock.NewController(t))
+
+		ackMock := NewMockAckService(gomock.NewController(t))
+		mockOAuthProvider.EXPECT().NewAccessRequest(gomock.Any(), gomock.Any(), gomock.Any()).
+			Return(&fosite.AccessRequest{}, nil).AnyTimes()
+		controller := oidc4ci.NewController(&oidc4ci.Config{
+			OAuth2Provider: mockOAuthProvider,
+			AckService:     ackMock,
+			Tracer:         trace.NewNoopTracerProvider().Tracer(""),
+		})
+
+		ackMock.EXPECT().Ack(gomock.Any(), gomock.Any()).
+			Return(oidc4cisrv.ErrAckExpired)
+
+		req := httptest.NewRequest(http.MethodPost, "/", bytes.NewBuffer([]byte(`{
+			"credentials" : [{"ack_id" : "tx_id", "status" : "status", "error_description" : "err_txt"}]
+		}`)))
+		req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
+		req.Header.Set("Authorization", "Bearer xxxx")
+
+		rec := httptest.NewRecorder()
+
+		err := controller.OidcAcknowledgement(echo.New().NewContext(req, rec))
+		assert.NoError(t, err)
+		assert.Equal(t, http.StatusBadRequest, rec.Code)
+
+		var bd oidc4ci.AckErrorResponse
+		b, _ := io.ReadAll(rec.Body)
+
+		assert.NoError(t, json.Unmarshal(b, &bd))
+		assert.Equal(t, "expired_ack_id", bd.Error)
+	})
 }
 
 func TestController_OidcRegisterClient(t *testing.T) {
diff --git a/pkg/service/oidc4ci/oidc4ci_acknowledgement.go b/pkg/service/oidc4ci/oidc4ci_acknowledgement.go
index f53cbd321..e42d58508 100644
--- a/pkg/service/oidc4ci/oidc4ci_acknowledgement.go
+++ b/pkg/service/oidc4ci/oidc4ci_acknowledgement.go
@@ -19,6 +19,8 @@ type AckService struct {
 	cfg *AckServiceConfig
 }
 
+var ErrAckExpired = errors.New("expired_ack_id")
+
 type AckServiceConfig struct {
 	AckStore   ackStore
 	EventSvc   eventService
@@ -89,7 +91,7 @@ func (s *AckService) HandleAckNotFound(
 		return err
 	}
 
-	return errors.New("ack expired")
+	return ErrAckExpired
 }
 
 // Ack acknowledges the interaction.
diff --git a/pkg/service/oidc4ci/oidc4ci_acknowledgement_test.go b/pkg/service/oidc4ci/oidc4ci_acknowledgement_test.go
index ff096e4c9..54904eb1b 100644
--- a/pkg/service/oidc4ci/oidc4ci_acknowledgement_test.go
+++ b/pkg/service/oidc4ci/oidc4ci_acknowledgement_test.go
@@ -106,7 +106,8 @@ func TestAckFallback(t *testing.T) {
 			ErrorText:        "some-random-text",
 			IssuerIdentifier: "https://someurl/some_issuer/v1.0",
 		})
-		assert.ErrorContains(t, err, "ack expired")
+		assert.ErrorIs(t, err, oidc4ci.ErrAckExpired)
+		assert.Equal(t, err.Error(), "expired_ack_id") // do not change this error code. wallet-sdk.
 	})
 
 	t.Run("success with short identifier", func(t *testing.T) {
@@ -157,7 +158,7 @@ func TestAckFallback(t *testing.T) {
 			ErrorText:        "some-random-text",
 			IssuerIdentifier: "some_issuer/v1.0",
 		})
-		assert.ErrorContains(t, err, "ack expired")
+		assert.ErrorContains(t, err, "expired_ack_id")
 	})
 
 	t.Run("no store", func(t *testing.T) {