libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 545ebacc71734b3b6f9a491f7cddf1450fbda5fd
parent b2310a690564857eb7a1b86bbff6033c103eb603
Author: Marcello Stanisci <ms@taler.net>
Date:   Tue, 12 May 2020 18:55:31 +0200

integration test

Admin gets password accepted.

Diffstat:

Mintegration-tests/test-ebics-new.py | 33+++++++++++++++++++++++++++++----


Mnexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt | 8+++++---


2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/integration-tests/test-ebics-new.py b/integration-tests/test-ebics-new.py
@@ -5,6 +5,9 @@ from subprocess import call, Popen, PIPE
 from time import sleep
 import os
 import socket
+import sqlite3
+import hashlib
+import base64
 
 # Steps implemented in this test.
 #
@@ -32,6 +35,11 @@ import socket
 
 # Nexus user details
 USERNAME="person"
+PASSWORD="y"
+USER_AUTHORIZATION_HEADER = "basic {}".format(base64.b64encode(b"person:y").decode("utf-8"))
+
+# Admin authentication
+ADMIN_AUTHORIZATION_HEADER = "basic {}".format(base64.b64encode(b"admin:x").decode("utf-8"))
 
 # EBICS details
 EBICS_URL="http://localhost:5000/ebicsweb"
@@ -89,7 +97,7 @@ for i in range(10):
         sleep(1)
         continue
     break
-
+# Start sandbox
 checkPorts([5000])
 sandbox = Popen(["./gradlew", "sandbox:run"], stdout=PIPE, stderr=PIPE)
 for i in range(10):
@@ -147,16 +155,33 @@ assertResponse(
     )
 )
 
-#1.a
+#1.a, make a new nexus user.
+
+# "Create" the admin user first.
+dbconn = sqlite3.connect("nexus/libeufin-nexus.sqlite3")
+dbconn.execute(
+    "INSERT INTO NexusUsers (id, password) VALUES (?, ?)",
+    ("admin", sqlite3.Binary(hashlib.sha256(b"x").digest()))
+)
+dbconn.commit()
+dbconn.close()
+
 assertResponse(
     post(
-        "http://localhost:5001/users/{}".format(USERNAME),
+        "http://localhost:5001/users",
+        headers=dict(authorization=ADMIN_AUTHORIZATION_HEADER),
         json=dict(
-        password="secret"
+        username=USERNAME,
+        password=PASSWORD
         )
     )
 )
 
+nexus.terminate()
+sandbox.terminate()
+print("All done!")
+exit(44)
+
 #1.b
 assertResponse(
     post(
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -423,13 +423,15 @@ fun extractNexusUser(param: String?): NexusUserEntity {
  * will then be compared with the one kept into the database.
  */
 fun extractUserAndHashedPassword(authorizationHeader: String): Pair<String, ByteArray> {
+    logger.debug("Authenticating: $authorizationHeader")
     val (username, password) = try {
         val split = authorizationHeader.split(" ")
-        val valueUtf8 = String(base64ToBytes(split[1]), Charsets.UTF_8) // newline introduced here: BUG!
-        valueUtf8.split(":")
+        val plainUserAndPass = String(base64ToBytes(split[1]), Charsets.UTF_8)
+        plainUserAndPass.split(":")
     } catch (e: java.lang.Exception) {
         throw NexusError(
-            HttpStatusCode.BadRequest, "invalid Authorization:-header received"
+            HttpStatusCode.BadRequest,
+            "invalid Authorization:-header received"
         )
     }
     return Pair(username, CryptoUtil.hashStringSHA256(password))