diff options
author | ms <ms@taler.net> | 2021-11-22 20:19:02 +0100 |
---|---|---|
committer | ms <ms@taler.net> | 2021-11-22 20:19:02 +0100 |
commit | 5ee703cb9c51378ae86cd4a54305486fe1099c3a (patch) | |
tree | 197c8a5659110ffd7b1b7f9f7ec9c55572ed55e4 | |
parent | 7aff41bc86bfffc10783506cc0404e3aeabc8da0 (diff) | |
download | deployment-5ee703cb9c51378ae86cd4a54305486fe1099c3a.tar.gz deployment-5ee703cb9c51378ae86cd4a54305486fe1099c3a.tar.bz2 deployment-5ee703cb9c51378ae86cd4a54305486fe1099c3a.zip |
taler-local, registering users via Access API
-rwxr-xr-x | bin/WIP/taler-local | 160 |
1 files changed, 96 insertions, 64 deletions
diff --git a/bin/WIP/taler-local b/bin/WIP/taler-local index e26610b..1d52129 100755 --- a/bin/WIP/taler-local +++ b/bin/WIP/taler-local @@ -28,6 +28,7 @@ import subprocess import time import random import logging +import json from os import listdir from os.path import isdir, join from pathlib import Path @@ -523,6 +524,7 @@ class TalerReverseProxy(Flask): ) except Exception as error: self.logger.error(error) + self.logger.error(f"Failing request was: {request.get_data()}") return "Could not connect to upstream", 500 self.logger.debug(f"Upstream responds: {resp.text}") @@ -548,25 +550,21 @@ class TalerReverseProxy(Flask): return self -# Defining certain globals here because 'prepare', -# 'launch' and 'withdraw' need them. -LOG_DIR = TALER_ROOT_DIR / "logs" -UNIX_SOCKETS_DIR = TALER_ROOT_DIR / "sockets" +# Globals sharead accross multiple sub-commands: +# needed to configure and launch the reverse proxy. REV_PROXY_NETLOC = "localhost:8080" REV_PROXY_PROTO = "http" -NEXUS_DB_FILE = "/tmp/nexus.sqlite" -SANDBOX_DB_FILE = "/tmp/sandbox.sqlite" REV_PROXY_URL = f"{REV_PROXY_PROTO}://{REV_PROXY_NETLOC}" -SANDBOX_ADMIN_USERNAME = "admin" -SANDBOX_ADMIN_PASSWORD = "secret" -EXCHANGE_BANK_ACCOUNT_SANDBOX = "exchange-account-sandbox" +UNIX_SOCKETS_DIR = TALER_ROOT_DIR / "sockets" +LOG_DIR = TALER_ROOT_DIR / "logs" +# needed to create the customer's bank account and +# to let them subsequently withdraw via the Access API. CUSTOMER_BANK_ACCOUNT = "sandbox-account-customer" +CUSTOMER_BANK_PASSWORD = "secret" +# needed along preparation and later to withdraw via +# the Access API. CURRENCY = "EUR" -# FIXME: see whether the hard-coded proxy can be replaced -# by a Nginx instance, and the Command class can be replaced -# by tasking SystemD to launch and stop the services along -# the preparation. @cli.command() def prepare(): @@ -699,46 +697,68 @@ def prepare(): ], env ).run() - + + def get_sandbox_account_info( + sandbox_url, + bank_account_label, + password, + ): + customer_env = os.environ.copy() + customer_env["LIBEUFIN_SANDBOX_USERNAME"] = bank_account_label + customer_env["LIBEUFIN_SANDBOX_PASSWORD"] = password + demobank_url = urljoin_nodrop(sandbox_url, "/demobanks/default") + r = Command([ + "libeufin-cli", "sandbox", + "--sandbox-url", demobank_url, + "demobank", "info", + "--bank-account", bank_account_label], + env = customer_env, + capture_stdout=True + ).run() + print("MEGA DEBUG " + r) + return json.loads(r) + def prepare_sandbox_account( sandbox_url, ebics_host_id, ebics_partner_id, ebics_user_id, person_name, + # This value is BOTH a username + # and a bank account label. bank_account_name, bank_account_iban, - env + password ): + demobank_url = urljoin_nodrop(sandbox_url, "/demobanks/default") + user_env = os.environ.copy() + user_env["LIBEUFIN_SANDBOX_USERNAME"] = bank_account_name + user_env["LIBEUFIN_SANDBOX_PASSWORD"] = password Command( [ "libeufin-cli", "sandbox", - "--sandbox-url", sandbox_url, - "ebicssubscriber", "create", - "--host-id", ebics_host_id, - "--partner-id", ebics_partner_id, - "--user-id", ebics_user_id + "--sandbox-url", demobank_url, + "demobank", "register" ], - env + env = user_env ).run() - Command( - [ - "libeufin-cli", "sandbox", - "--sandbox-url", sandbox_url, - "ebicsbankaccount", "create", - "--iban", bank_account_iban, - "--bic", "ABCDEFGH", - "--person-name", person_name, - "--account-name", bank_account_name, - "--ebics-user-id", ebics_user_id, - "--ebics-host-id", ebics_host_id, - "--ebics-partner-id", ebics_partner_id, + admin_env = os.environ.copy() + admin_env["LIBEUFIN_SANDBOX_USERNAME"] = SANDBOX_ADMIN_USERNAME + admin_env["LIBEUFIN_SANDBOX_PASSWORD"] = SANDBOX_ADMIN_PASSWORD + Command([ + "libeufin-cli", "sandbox", + "--sandbox-url", demobank_url, + "demobank", "new-ebicssubscriber", + "--host-id", ebics_host_id, + "--partner-id", ebics_partner_id, + "--user-id", ebics_user_id, + "--bank-account", bank_account_name ], - env + env = admin_env ).run() - WIRE_METHOD = "iban" + WIRE_METHOD = "iban" # euFin URLs SANDBOX_URL = REV_PROXY_URL + "/sandbox" NEXUS_URL = REV_PROXY_URL + "/nexus" @@ -771,6 +791,9 @@ def prepare(): EXCHANGE_NEXUS_PASSWORD = "exchange-nexus-password" FRONTENDS_API_TOKEN = "secret-token:secret" TALER_MERCHANT_TOKEN = "secret-token:secret" + ALL_INSTANCES_BANK_PASSWORD = "secret" + EXCHANGE_BANK_ACCOUNT_SANDBOX = "exchange-account-sandbox" + EXCHANGE_BANK_ACCOUNT_PASSWORD = "secret" # EBICS EBICS_HOST_ID = "ebicsDeployedHost" @@ -781,7 +804,11 @@ def prepare(): # euFin EXCHANGE_BANK_ACCOUNT_NEXUS = "exchange-imported-account-nexus" EXCHANGE_BANK_CONNECTION = "exchange-ebics-connection" + NEXUS_DB_FILE = "/tmp/nexus.sqlite" + SANDBOX_DB_FILE = "/tmp/sandbox.sqlite" EXCHANGE_FACADE_NAME = "exchange-taler-facade" + SANDBOX_ADMIN_USERNAME = "admin" + SANDBOX_ADMIN_PASSWORD = "secret" class Command: def __init__( @@ -1228,14 +1255,6 @@ Logs: {rev_proxy.get_log_filename()}" "download", "sign", "upload" ]).run() print(" OK") - EXCHANGE_PAYTO=mc.sections["exchange-account-1"]["payto_uri"] - print_nn(f"exchange-offline: enabling {EXCHANGE_PAYTO}...") - Command([ - "taler-exchange-offline", - "-c", CFG_OUTDIR / "taler.conf", - "enable-account", EXCHANGE_PAYTO, "upload"] - ).run() - print(" OK") # Set up wire fees for next 5 years NOW = datetime.now() YEAR = NOW.year @@ -1255,11 +1274,6 @@ Logs: {rev_proxy.get_log_filename()}" custom_name="set-wire-fee" ).run() print(" OK") - print_nn("Stopping exchange HTTP daemon and crypto helpers...") - exchange_rsa_handle.stop() - exchange_eddsa_handle.stop() - exchange_handle.stop() - print(" OK") print_nn("Reset and init auditor DB..") Command([ "taler-auditor-dbinit", @@ -1286,7 +1300,8 @@ Logs: {rev_proxy.get_log_filename()}" if error.errno != errno.ENOENT: raise error print(" OK") - + + # This step transparantly creates a default demobank. print_nn("Launching Sandbox...") sandbox_handle = Command( [ @@ -1330,11 +1345,34 @@ Logs: {rev_proxy.get_log_filename()}" person_name="Exchange Owner", bank_account_name=EXCHANGE_BANK_ACCOUNT_SANDBOX, bank_account_iban=IBAN_EXCHANGE, - env=get_sandbox_cli_env( - SANDBOX_ADMIN_USERNAME, - SANDBOX_ADMIN_PASSWORD, - ) + password=EXCHANGE_BANK_ACCOUNT_PASSWORD + ) + print(" OK") + print_nn("Getting exchange payto-URI from the bank.") + exchange_bank_account_info=get_sandbox_account_info( + SANDBOX_URL, + EXCHANGE_BANK_ACCOUNT_SANDBOX, + EXCHANGE_BANK_ACCOUNT_PASSWORD ) + EXCHANGE_PAYTO = exchange_bank_account_info["paytoUri"] + print(" OK") + print_nn("Specify own payto-URI to exchange's configuration.") + Command([ + "taler-config", "-s", "exchange-account-1", + "-o", "payto_uri", "-V", EXCHANGE_PAYTO + ]).run() + print(" OK") + print_nn(f"exchange-offline: enabling {EXCHANGE_PAYTO}...") + Command([ + "taler-exchange-offline", + "-c", CFG_OUTDIR / "taler.conf", + "enable-account", EXCHANGE_PAYTO, "upload"] + ).run() + print(" OK") + print_nn("Stopping exchange HTTP daemon and crypto helpers...") + exchange_rsa_handle.stop() + exchange_eddsa_handle.stop() + exchange_handle.stop() print(" OK") # Give each instance a Sandbox account (note: 'default') @@ -1348,12 +1386,9 @@ Logs: {rev_proxy.get_log_filename()}" ebics_partner_id="unusedMerchantEbicsPartnerId", ebics_user_id=f"unused{instance_id}EbicsUserId", person_name=f"Shop Owner of {instance_id}", - bank_account_name=f"sandbox-account-{instance_id}", + bank_account_name=f"sandbox-account-{instance_id.lower()}", bank_account_iban=iban, - env=get_sandbox_cli_env( - SANDBOX_ADMIN_USERNAME, - SANDBOX_ADMIN_PASSWORD, - ) + password=ALL_INSTANCES_BANK_PASSWORD ) print(" OK") print_nn("Create Customer account at Sandbox...") @@ -1365,10 +1400,7 @@ Logs: {rev_proxy.get_log_filename()}" person_name="Customer Person", bank_account_name=CUSTOMER_BANK_ACCOUNT, bank_account_iban=IBAN_CUSTOMER, - env=get_sandbox_cli_env( - SANDBOX_ADMIN_USERNAME, - SANDBOX_ADMIN_PASSWORD, - ) + password=CUSTOMER_BANK_PASSWORD ) print(" OK") print_nn("Make Nexus superuser ...") @@ -1761,7 +1793,7 @@ def withdraw(): resp = requests.post(REV_PROXY_URL + f"/sandbox/demobanks/default/access-api/accounts/{CUSTOMER_BANK_ACCOUNT}/withdrawals", json = dict(amount=CURRENCY + ":5"), - auth = requests.auth.HTTPBasicAuth(SANDBOX_ADMIN_USERNAME, SANDBOX_ADMIN_PASSWORD) + auth = requests.auth.HTTPBasicAuth(CUSTOMER_BANK_ACCOUNT, CUSTOMER_BANK_PASSWORD) ) try: resp.raise_for_status() @@ -1780,7 +1812,7 @@ def withdraw(): print_nn("Confirm withdrawal operation at the bank...") resp = requests.post(REV_PROXY_URL + f"/sandbox/demobanks/default/access-api/accounts/{CUSTOMER_BANK_ACCOUNT}/withdrawals/{withdrawal_id}/confirm", - auth = requests.auth.HTTPBasicAuth(SANDBOX_ADMIN_USERNAME, SANDBOX_ADMIN_PASSWORD) + auth = requests.auth.HTTPBasicAuth(CUSTOMER_BANK_ACCOUNT, CUSTOMER_BANK_PASSWORD) ) try: resp.raise_for_status() |