diff options
Diffstat (limited to 'src/testing/test_merchant_instance_auth.sh')
-rwxr-xr-x | src/testing/test_merchant_instance_auth.sh | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/src/testing/test_merchant_instance_auth.sh b/src/testing/test_merchant_instance_auth.sh new file mode 100755 index 00000000..85857b4f --- /dev/null +++ b/src/testing/test_merchant_instance_auth.sh @@ -0,0 +1,238 @@ +#!/bin/bash +# This file is part of TALER +# Copyright (C) 2014-2023 Taler Systems SA +# +# TALER is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 3, or +# (at your option) any later version. +# +# TALER is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with TALER; see the file COPYING. If not, see +# <http://www.gnu.org/licenses/> +# + +# Cleanup to run whenever we exit +function my_cleanup() +{ + for n in $(jobs -p) + do + kill "$n" 2> /dev/null || true + done + wait + if [ -n "${LAST_RESPONSE+x}" ] + then + rm -f "${LAST_RESPONSE}" + fi +} + +. setup.sh + +setup -c test_template.conf -m +CONF="test_template.conf.edited" +LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX) + +echo -n "Configuring 'default' instance ..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + http://localhost:9966/management/instances \ + -d '{"auth":{"method":"token","token":"secret-token:new_value"},"id":"default","name":"default","user_type":"business","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ + -w "%{http_code}" -s -o /dev/null) + +if [ "$STATUS" != "204" ] +then + exit_fail "Expected 204, instance created. got: $STATUS" >&2 +fi + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + -H 'Authorization: Bearer secret-token:new_value' \ + http://localhost:9966/private/accounts \ + -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/43?receiver-name=user43"}' \ + -w "%{http_code}" -s -o /dev/null) + + +if [ "$STATUS" != "200" ] +then + exit_fail "Expected 200 OK. Got: $STATUS" +fi + +echo " OK" >&2 + +# Kill merchant +kill -TERM "$SETUP_PID" +wait +unset SETUP_PID + +setup -c test_template.conf -ef -u "exchange-account-2" + +NEW_SECRET=secret-token:different_value + +taler-merchant-httpd -a "${NEW_SECRET}" -c "${CONF}" -L DEBUG 2> taler-merchant-httpd.log & +# Install cleanup handler (except for kill -9) +trap my_cleanup EXIT + +echo -n "Waiting for the merchant..." >&2 +# Wait for merchant to be available (usually the slowest) +for n in $(seq 1 50) +do + echo -n "." >&2 + sleep 0.1 + OK=0 + # merchant + wget --waitretry=0 --timeout=1 http://localhost:9966/ -o /dev/null -O /dev/null >/dev/null || continue + OK=1 + break +done + +if [ "x$OK" != "x1" ] +then + exit_fail "Failed to (re)start merchant backend" +fi + +echo -n "Creating order to test auth is ok..." >&2 +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + 'http://localhost:9966/private/orders' \ + -H 'Authorization: Bearer '"$NEW_SECRET" \ + -d '{"order":{"amount":"TESTKUDOS:1","summary":"payme"}}' \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "200" ] +then + cat "$LAST_RESPONSE" >&2 + exit_fail "Expected 200, order created. got: $STATUS" +fi + +ORDER_ID=$(jq -e -r .order_id < "$LAST_RESPONSE") +TOKEN=$(jq -e -r .token < "$LAST_RESPONSE") + +STATUS=$(curl "http://localhost:9966/private/orders/${ORDER_ID}" \ + -H 'Authorization: Bearer '"$NEW_SECRET" \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "200" ] +then + cat "$LAST_RESPONSE" >&2 + exit_fail "Expected 200, getting order info before claming it. got: $STATUS" +fi + +PAY_URL=$(jq -e -r .taler_pay_uri < "$LAST_RESPONSE") + +echo "OK order ${ORDER_ID} with ${TOKEN} and ${PAY_URL}" >&2 + +echo -n "Configuring 'second' instance ..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + -H 'Authorization: Bearer '"$NEW_SECRET" \ + http://localhost:9966/management/instances \ + -d '{"auth":{"method":"token","token":"secret-token:second"},"id":"second","name":"second","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ + -w "%{http_code}" -s -o /dev/null) + +if [ "$STATUS" != "204" ] +then + exit_fail "Expected 204, instance created. got: $STATUS" +fi + +echo "OK" >&2 + +echo -n "Updating 'second' instance token using the 'default' auth token..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + -H 'Authorization: Bearer '"$NEW_SECRET" \ + http://localhost:9966/management/instances/second/auth \ + -d '{"method":"token","token":"secret-token:new_one"}' \ + -w "%{http_code}" -s -o /dev/null) + +if [ "$STATUS" != "204" ] +then + exit_fail "Expected 204, instance auth token changed. got: $STATUS" +fi +NEW_SECRET="secret-token:new_one" +echo " OK" >&2 + + +echo -n "Requesting login token..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + -H 'Authorization: Bearer '"$NEW_SECRET" \ + http://localhost:9966/instances/second/private/token \ + -d '{"scope":"readonly","refreshable":true}' \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "200" ] +then + jq < "$LAST_RESPONSE" >&2 + exit_fail "Expected 200, login token created. got: $STATUS" +fi + +TOKEN=$(jq -e -r .token < "$LAST_RESPONSE") + +echo " OK" >&2 + +echo -n "Using login token..." >&2 + +STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ + -H 'Authorization: Bearer '"$TOKEN" \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "200" ] +then + jq < "$LAST_RESPONSE" >&2 + exit_fail "Expected 200, getting orders. got: $STATUS" +fi + +echo " OK" >&2 + +echo -n "Refreshing login token..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X POST \ + -H 'Authorization: Bearer '"$TOKEN" \ + http://localhost:9966/instances/second/private/token \ + -d '{"scope":"write","refreshable":true}' \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "403" ] +then + jq < "$LAST_RESPONSE" >&2 + exit_fail "Expected 403, refused to upgrade login token. got: $STATUS" +fi + +echo " OK" >&2 + + +echo -n "Deleting login token..." >&2 + +STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ + -H 'Authorization: Bearer '"$TOKEN" \ + http://localhost:9966/instances/second/private/token \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "204" ] +then + jq < "$LAST_RESPONSE" >&2 + exit_fail "Expected 204, login token deleted. got: $STATUS" +fi +echo " OK" >&2 + +echo -n "Using deleted login token..." >&2 + +STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ + -H 'Authorization: Bearer '"$TOKEN" \ + -w "%{http_code}" -s -o "$LAST_RESPONSE") + +if [ "$STATUS" != "401" ] +then + jq < "$LAST_RESPONSE" >&2 + exit_fail "Expected 401, token was deleted. got: $STATUS" +fi + +echo " OK" >&2 + + +echo "Test PASSED" + +exit 0 |