diff options
author | Antoine A <> | 2024-02-06 15:00:32 +0100 |
---|---|---|
committer | Antoine A <> | 2024-02-06 15:00:32 +0100 |
commit | cbdb013d76bf404930055eabc85165a870318a3a (patch) | |
tree | 93f9486341e2d20fe57ceece0e7b5cd8906b1be4 | |
parent | 07f6ac8554b92194acf1d8a9ac1e00d31c83c1e5 (diff) | |
download | libeufin-cbdb013d76bf404930055eabc85165a870318a3a.tar.gz libeufin-cbdb013d76bf404930055eabc85165a870318a3a.tar.bz2 libeufin-cbdb013d76bf404930055eabc85165a870318a3a.zip |
More payto uri check on account creation
-rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt | 10 | ||||
-rw-r--r-- | bank/src/test/kotlin/CoreBankApiTest.kt | 9 | ||||
-rw-r--r-- | bank/src/test/kotlin/PaytoTest.kt | 20 |
3 files changed, 38 insertions, 1 deletions
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt index 7007eb80..0914222e 100644 --- a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt +++ b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt @@ -188,6 +188,8 @@ suspend fun createAccount( when (cfg.wireMethod) { WireMethod.IBAN -> { + if (req.payto_uri != null && !(req.payto_uri is IbanPayto)) + throw badRequest("Expected an IBAN payto uri") var retry = if (req.payto_uri == null) IBAN_ALLOCATION_RETRY_COUNTER else 0 while (true) { @@ -217,7 +219,15 @@ suspend fun createAccount( } } WireMethod.X_TALER_BANK -> { + if (req.payto_uri != null) { + if (!(req.payto_uri is XTalerBankPayto)) + throw badRequest("Expected an IBAN payto uri") + else if (req.payto_uri.username != req.username) + throw badRequest("Expected a payto uri for '${req.username}' got one for 'req.payto_uri.username'") + } + val internalPayto = XTalerBankPayto.forUsername(req.username) + val res = db.account.create( login = req.username, name = req.name, diff --git a/bank/src/test/kotlin/CoreBankApiTest.kt b/bank/src/test/kotlin/CoreBankApiTest.kt index 1e087a05..4dda7872 100644 --- a/bank/src/test/kotlin/CoreBankApiTest.kt +++ b/bank/src/test/kotlin/CoreBankApiTest.kt @@ -296,6 +296,15 @@ class CoreBankAccountsApiTest { client.get("/accounts/bar") { pwAuth("admin") }.assertNotFound(TalerErrorCode.BANK_UNKNOWN_ACCOUNT) + // Testing bad payto kind + client.post("/accounts") { + json(req) { + "username" to "bar" + "password" to "bar-password" + "name" to "Mr Bar" + "payto_uri" to "payto://x-taler-bank/bank.hostname.test/bar" + } + }.assertBadRequest() // Check cashout payto receiver name logic client.post("/accounts") { diff --git a/bank/src/test/kotlin/PaytoTest.kt b/bank/src/test/kotlin/PaytoTest.kt index 635d864f..a5211194 100644 --- a/bank/src/test/kotlin/PaytoTest.kt +++ b/bank/src/test/kotlin/PaytoTest.kt @@ -45,7 +45,7 @@ class PaytoTest { assertEquals("payto://x-taler-bank/bank.hostname.test/john?receiver-name=John", it.internal_payto_uri) } - // Check payto_uri is ignored + // Bad IBAN payto client.post("/accounts") { json { "username" to "foo" @@ -53,6 +53,24 @@ class PaytoTest { "name" to "Jane" "payto_uri" to IbanPayto.rand() } + }.assertBadRequest() + // Bad payto username + client.post("/accounts") { + json { + "username" to "foo" + "password" to "foo-password" + "name" to "Jane" + "payto_uri" to "payto://x-taler-bank/bank.hostname.test/not-foo" + } + }.assertBadRequest() + // Check Ok + client.post("/accounts") { + json { + "username" to "foo" + "password" to "foo-password" + "name" to "Jane" + "payto_uri" to "payto://x-taler-bank/bank.hostname.test/foo" + } }.assertOkJson<RegisterAccountResponse> { assertEquals("payto://x-taler-bank/bank.hostname.test/foo?receiver-name=Jane", it.internal_payto_uri) } |