Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NeedTANResponse is not marked as decoupled when multiple responses are sent by bank #179

Open
jeriox opened this issue Dec 9, 2024 · 2 comments
Open

NeedTANResponse is not marked as decoupled when multiple responses are sent by bank #179

jeriox opened this issue Dec 9, 2024 · 2 comments

Comments

@jeriox
Copy link

jeriox commented Dec 9, 2024

Describe the bug
When using the new DKB FinTS server, the SCA fails. This is due to the TAN process 2 being used, although it should be process S using a confirmation within the DKB app. This is due to the fact that client.init_tan_response.decoupled is False. This issue is caused by DKB sending two tan segments:

fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
    header = fints.formals.SegmentHeader('HIRMS', 3, 2, 5), # Segmentkopf
    responses = [ # Rückmeldung
	              fints.formals.Response( # Rückmeldung
	                  code = '3955',
	                  reference_element = None,
	                  text = 'Sicherheitsfreigabe erfolgt über anderen Kanal',
	              ),
	              fints.formals.Response( # Rückmeldung
	                  code = '0030',
	                  reference_element = None,
	                  text = 'Auftrag empfangen - Sicherheitsfreigabe erforderlich',
	              ),
	      ],
),

In

python-fints/fints/dialog.py

Line 88 in 0dc1a80

for resp in retval.responses(tan_seg):
, all tan segments are looped. As the 3955 response comes first, client.init_tan_response is set correctly to a decoupled process. However, when the second response is parsed, it is set to a non-decoupled process due to code 0030. The HITAN segment only contains one segment:

fints.segments.auth.HITAN7( # Zwei-Schritt-TAN-Einreichung Rückmeldung, version 7
    header = fints.formals.SegmentHeader('HITAN', 4, 7, 5), # Segmentkopf
    tan_process = '4', # TAN-Prozess
    task_reference = 'DKB_171GzcQzKGj95PVI1gWiPFSUmA', # Auftragsreferenz
    challenge = 'Bitte mit der DKB-App bestätigen.', # Challenge
    tan_medium_name = 'Nothing A065 2312160558', # Bezeichnung des TAN-Mediums
   ),

Bank I tested this with
Name of the bank: DKB
FinTS URL: https://fints.dkb.de/fints

Expected behavior
client.init_tan_response.decoupled is set to true if any of the tan segments contains code 3955

Code required to reproduce
Can be reproduced with the troubleshooting script.

Log output / error message
See above.

Additional context
DKB switched to a new FinTS server under a new URL a few weeks ago. The old one is deprecated. @raphaelm I would be happy to contribute a PR if you specified the desired behaviour esp. in regard to how other banks handle this
@jeriox jeriox mentioned this issue Dec 9, 2024
Open
@raphaelm
Copy link
Owner

raphaelm commented Dec 9, 2024

Yeah, I think the decoupled should be set to true in that case

@jeriox
Copy link
Author

jeriox commented Dec 9, 2024

Yeah, I think the decoupled should be set to true in that case

Cool. Do you know whether other banks also send multiple tan segments? In this case it would work to just look at the first tan segment that has an appropriate code and then return the response, but if there were other banks which send segments in order 0030 and then 3955 it could be necessary to look at all segments and return a decoupled response if one of them was 3955

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raphaelm @jeriox