commit 3c748c658c9f540da28c4d72910bb98aea4fc52d
parent 3270a115d8670a2de5f57f279ee4973ffaf97799
Author: Henrique Chan Carvalho Machado <henriqueccmachado@tecnico.ulisboa.pt>
Date: Wed, 5 Nov 2025 00:12:26 +0100
oauth2_gateway: add integration test for notification endpoint
Diffstat:
3 files changed, 116 insertions(+), 11 deletions(-)
diff --git a/oauth2_gateway/scripts/test_integration.sh b/oauth2_gateway/scripts/test_integration.sh
@@ -3,6 +3,7 @@
set -e
GATEWAY_URL="http://localhost:9090"
+VERIFIER_URL="http://localhost:8080"
CLIENT_ID="test-exchange-001"
SCOPE="age_over_18"
QR_CODE_FILE="oauth2gw_qr_code.png"
@@ -13,14 +14,15 @@ echo "================================================================"
echo ""
echo "Prerequisites:"
echo " - OAuth2 Gateway running at $GATEWAY_URL"
-echo " - Swiyu Verifier running"
+echo " - Swiyu Verifier running at $VERIFIER_URL"
+echo " - Verifier configured with WEBHOOK_CALLBACK_URI=$GATEWAY_URL/notification"
echo " - Test database seeded with test-exchange-001 client"
echo " - qrencode installed (for QR code generation)"
echo ""
echo "================================================================"
echo ""
-echo "[1/2] Testing /setup endpoint..."
+echo "[1/4] Testing /setup endpoint..."
SETUP_RESPONSE=$(curl -s -X POST "$GATEWAY_URL/setup/$CLIENT_ID" \
-H "Content-Type: application/json" \
-d "{\"scope\": \"$SCOPE\"}")
@@ -35,7 +37,7 @@ fi
echo "SUCCESS: Received nonce: $NONCE"
echo ""
-echo "[2/2] Testing /authorize endpoint..."
+echo "[2/4] Testing /authorize endpoint..."
AUTHORIZE_RESPONSE=$(curl -s -X GET "$GATEWAY_URL/authorize/$NONCE")
echo "Response: $AUTHORIZE_RESPONSE"
@@ -65,6 +67,105 @@ echo ""
open "$QR_CODE_FILE"
+echo ""
+echo "[3/4] Waiting for user to scan QR code with wallet..."
+echo "Please scan the QR code and complete the verification in your wallet."
+echo "Waiting 60 seconds for verification to complete..."
+echo ""
+
+# Poll for session status changes
+MAX_WAIT=60
+ELAPSED=0
+INITIAL_STATUS=""
+
+while [ $ELAPSED -lt $MAX_WAIT ]; do
+ # Check session status by querying verifier
+ VERIFIER_STATUS=$(curl -s "$VERIFIER_URL/management/api/verifications/$VERIFICATION_ID" | jq -r '.state' 2>/dev/null || echo "PENDING")
+
+ if [ -z "$INITIAL_STATUS" ]; then
+ INITIAL_STATUS="$VERIFIER_STATUS"
+ echo "Initial verification status: $INITIAL_STATUS"
+ fi
+
+ if [ "$VERIFIER_STATUS" != "PENDING" ] && [ "$VERIFIER_STATUS" != "null" ]; then
+ echo "Verification status changed to: $VERIFIER_STATUS"
+ break
+ fi
+
+ echo -n "."
+ sleep 20
+ ELAPSED=$((ELAPSED + 20))
+done
+
+echo ""
+echo ""
+
+if [ "$VERIFIER_STATUS" = "PENDING" ] || [ "$VERIFIER_STATUS" = "null" ]; then
+ echo "WARNING: Verification still pending after $MAX_WAIT seconds"
+ echo "Skipping webhook test - you can complete verification later"
+else
+ echo "SUCCESS: Verification completed with status: $VERIFIER_STATUS"
+ echo ""
+ echo "[4/4] Testing webhook notification..."
+ echo "Waiting for Swiyu Verifier to send webhook to Gateway..."
+ echo "Webhook should be sent within the configured interval (typically 5-30 seconds)."
+ echo ""
+
+ # Wait for webhook to be sent and processed (webhook interval + processing time)
+ echo "Waiting 15 seconds for webhook delivery and processing..."
+ sleep 15
+
+ # Check if webhook was processed by querying the database
+ echo ""
+ echo "Verifying webhook was processed..."
+
+ SESSION_STATUS=$(psql -h localhost -p 5432 -U oauth2gw -d oauth2gw -tAc "SELECT status FROM oauth2gw.verification_sessions WHERE nonce = '$NONCE';" 2>/dev/null || echo "")
+
+ if [ -n "$SESSION_STATUS" ]; then
+ echo "Session status in database: $SESSION_STATUS"
+
+ if [ "$VERIFIER_STATUS" = "SUCCESS" ] && [ "$SESSION_STATUS" = "verified" ]; then
+ echo "SUCCESS: Webhook processed correctly - session marked as verified"
+ elif [ "$VERIFIER_STATUS" = "FAILED" ] && [ "$SESSION_STATUS" = "failed" ]; then
+ echo "SUCCESS: Webhook processed correctly - session marked as failed"
+ else
+ echo "WARNING: Session status '$SESSION_STATUS' doesn't match expected state for verifier status '$VERIFIER_STATUS'"
+ echo "Check Gateway logs for webhook processing details"
+ fi
+ else
+ echo "INFO: Could not query database to verify webhook processing"
+ echo "Check Gateway logs manually for:"
+ echo " - 'Webhook received from Swiyu: verification_id=$VERIFICATION_ID'"
+ echo " - 'Updated session ... status to Verified' (if SUCCESS)"
+ echo " - 'Updated session ... status to Failed' (if FAILED)"
+ fi
+fi
+
+echo ""
+echo "================================================================"
+echo "Integration test completed"
echo "================================================================"
-echo "Integration test completed successfully"
+echo ""
+echo "Summary:"
+echo " [OK] /setup endpoint: Created session with nonce"
+echo " [OK] /authorize endpoint: Got verification URL from Swiyu"
+if [ "$VERIFIER_STATUS" = "SUCCESS" ]; then
+ echo " [OK] User verification: Completed successfully"
+ if [ -n "$SESSION_STATUS" ] && [ "$SESSION_STATUS" = "verified" ]; then
+ echo " [OK] Webhook notification: Session status updated to verified"
+ else
+ echo " [!!] Webhook notification: Could not verify - check Gateway logs"
+ fi
+elif [ "$VERIFIER_STATUS" = "FAILED" ]; then
+ echo " [FAIL] User verification: Failed"
+ if [ -n "$SESSION_STATUS" ] && [ "$SESSION_STATUS" = "failed" ]; then
+ echo " [OK] Webhook notification: Session status updated to failed"
+ else
+ echo " [!!] Webhook notification: Could not verify - check Gateway logs"
+ fi
+else
+ echo " [WAIT] User verification: Still pending (timeout after ${MAX_WAIT}s)"
+ echo " - Complete verification manually and webhook will be sent"
+fi
+echo ""
echo "================================================================"
diff --git a/oauth2_gateway/tests/api_tests.rs b/oauth2_gateway/tests/api_tests.rs
@@ -157,10 +157,14 @@ async fn test_authorize_successful_flow_with_mocked_swiyu() {
Mock::given(method("POST"))
.and(path("/management/api/verifications"))
.respond_with(ResponseTemplate::new(200).set_body_json(json!({
- "verificationId": "550e8400-e29b-41d4-a716-446655440000",
+ "id": "550e8400-e29b-41d4-a716-446655440000",
"verification_url": "https://wallet.example.com/verify?request=abc123",
"verification_deeplink": "swiyu://verify/abc123",
- "state": "PENDING"
+ "state": "PENDING",
+ "presentation_definition": {
+ "id": "test-pd-id",
+ "input_descriptors": []
+ }
})))
.mount(&mock_server)
.await;
diff --git a/oauth2_gateway/tests/db_tests.rs b/oauth2_gateway/tests/db_tests.rs
@@ -259,7 +259,7 @@ async fn test_session_status_transitions() {
assert_eq!(session.status, db::sessions::SessionStatus::Pending);
// Transition to authorized
- db::sessions::update_session_authorized(
+ db::sessions::set_session_authorized(
&pool,
session.id,
"https://verifier.example.com/verify?request=abc",
@@ -279,7 +279,7 @@ async fn test_session_status_transitions() {
assert!(updated.authorized_at.is_some());
// Transition to verified
- db::sessions::mark_session_verified(&pool, session.id)
+ db::sessions::update_session_status_with_timestamp(&pool, session.id, db::sessions::SessionStatus::Verified)
.await
.unwrap();
@@ -292,7 +292,7 @@ async fn test_session_status_transitions() {
assert!(verified.verified_at.is_some());
// Transition to completed
- db::sessions::mark_session_completed(&pool, session.id)
+ db::sessions::update_session_status_with_timestamp(&pool, session.id, db::sessions::SessionStatus::Completed)
.await
.unwrap();
@@ -334,7 +334,7 @@ async fn test_session_lookup_by_request_id() {
.unwrap();
// Update with request_id
- db::sessions::update_session_authorized(
+ db::sessions::set_session_authorized(
&pool,
session.id,
"https://verify.url",
@@ -708,7 +708,7 @@ async fn test_old_session_deletion() {
.unwrap();
// Mark as completed
- db::sessions::mark_session_completed(&pool, session.id)
+ db::sessions::update_session_status_with_timestamp(&pool, session.id, db::sessions::SessionStatus::Completed)
.await
.unwrap();
