test_merchant_instance_auth.sh (13668B)
1 #!/bin/bash 2 # This file is part of TALER 3 # Copyright (C) 2014-2023 Taler Systems SA 4 # 5 # TALER is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as 7 # published by the Free Software Foundation; either version 3, or 8 # (at your option) any later version. 9 # 10 # TALER is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public 16 # License along with TALER; see the file COPYING. If not, see 17 # <http://www.gnu.org/licenses/> 18 # 19 20 # Cleanup to run whenever we exit 21 function my_cleanup() 22 { 23 for n in $(jobs -p) 24 do 25 kill "$n" 2> /dev/null || true 26 done 27 wait 28 if [ -n "${LAST_RESPONSE+x}" ] 29 then 30 rm -f "${LAST_RESPONSE}" 31 fi 32 } 33 34 . setup.sh 35 36 setup -c test_template.conf -m 37 CONF="test_template.conf.edited" 38 LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX) 39 40 echo -n "Configuring 'admin' instance ..." >&2 41 42 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 43 http://localhost:9966/management/instances \ 44 -d '{"auth":{"method":"token","password":"new_pw"},"id":"admin","name":"default","user_type":"business","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 45 -w "%{http_code}" -s -o /dev/null) 46 47 if [ "$STATUS" != "204" ] 48 then 49 exit_fail "Expected 204, instance created. got: $STATUS" >&2 50 fi 51 52 53 BASIC_AUTH=$(echo -n admin:new_pw | base64) 54 55 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 56 -H "Authorization: Basic $BASIC_AUTH" \ 57 http://localhost:9966/private/token \ 58 -d '{"scope":"spa"}' \ 59 -w "%{http_code}" -s -o $LAST_RESPONSE) 60 61 62 if [ "$STATUS" != "200" ] 63 then 64 exit_fail "Expected 200 OK. Got: $STATUS" 65 fi 66 67 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 68 69 echo " OK" >&2 70 71 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 72 -H "Authorization: Bearer $TOKEN" \ 73 http://localhost:9966/private/accounts \ 74 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/43?receiver-name=user43"}' \ 75 -w "%{http_code}" -s -o /dev/null) 76 77 78 if [ "$STATUS" != "200" ] 79 then 80 exit_fail "Expected 200 OK. Got: $STATUS" 81 fi 82 83 echo " OK" >&2 84 85 # Kill merchant 86 kill -TERM "$SETUP_PID" 87 wait 88 unset SETUP_PID 89 90 setup -c test_template.conf \ 91 -ef \ 92 -u "exchange-account-2" \ 93 -r "merchant-exchange-default" 94 95 NEW_SECRET="different_value" 96 97 taler-merchant-exchangekeyupdate \ 98 -c "${CONF}" \ 99 -L DEBUG \ 100 2> taler-merchant-exchangekeyupdate2.log & 101 taler-merchant-passwd \ 102 -c "${CONF}" \ 103 -L DEBUG \ 104 "$NEW_SECRET" \ 105 2> taler-merchant-passwd.log 106 taler-merchant-httpd \ 107 -c "${CONF}" \ 108 -L DEBUG \ 109 2> taler-merchant-httpd2.log & 110 # Install cleanup handler (except for kill -9) 111 trap my_cleanup EXIT 112 113 echo -n "Waiting for the merchant..." >&2 114 # Wait for merchant to be available (usually the slowest) 115 for n in $(seq 1 50) 116 do 117 echo -n "." >&2 118 sleep 0.1 119 OK=0 120 # merchant 121 wget --waitretry=0 \ 122 --timeout=1 \ 123 http://localhost:9966/ \ 124 -o /dev/null \ 125 -O /dev/null \ 126 >/dev/null || continue 127 OK=1 128 break 129 done 130 131 if [ "x$OK" != "x1" ] 132 then 133 exit_fail "Failed to (re)start merchant backend" 134 fi 135 136 echo " OK" >&2 137 138 BASIC_AUTH=$(echo -n "admin:$NEW_SECRET" | base64) 139 140 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 141 -H "Authorization: Basic $BASIC_AUTH" \ 142 http://localhost:9966/private/token \ 143 -d '{"scope":"spa"}' \ 144 -w "%{http_code}" -s -o $LAST_RESPONSE) 145 146 147 if [ "$STATUS" != "200" ] 148 then 149 exit_fail "Expected 200 OK. Got: $STATUS" 150 fi 151 152 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 153 154 echo -n "Creating order to test auth is ok..." >&2 155 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 156 'http://localhost:9966/private/orders' \ 157 -H 'Authorization: Bearer '"$TOKEN" \ 158 -d '{"order":{"amount":"TESTKUDOS:1","summary":"payme"}}' \ 159 -w "%{http_code}" -s -o "$LAST_RESPONSE") 160 161 if [ "$STATUS" != "200" ] 162 then 163 cat "$LAST_RESPONSE" >&2 164 exit_fail "Expected 200, order created. got: $STATUS" 165 fi 166 167 ORDER_ID=$(jq -e -r .order_id < "$LAST_RESPONSE") 168 ORD_TOKEN=$(jq -e -r .token < "$LAST_RESPONSE") 169 170 STATUS=$(curl "http://localhost:9966/private/orders/${ORDER_ID}" \ 171 -H 'Authorization: Bearer '"$TOKEN" \ 172 -w "%{http_code}" -s -o "$LAST_RESPONSE") 173 174 if [ "$STATUS" != "200" ] 175 then 176 cat "$LAST_RESPONSE" >&2 177 exit_fail "Expected 200, getting order info before claming it. got: $STATUS" 178 fi 179 180 PAY_URL=$(jq -e -r .taler_pay_uri < "$LAST_RESPONSE") 181 182 echo "OK order ${ORDER_ID} with ${ORD_TOKEN} and ${PAY_URL}" >&2 183 184 echo -n "Configuring 'second' instance ..." >&2 185 186 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 187 -H 'Authorization: Bearer '"$TOKEN" \ 188 http://localhost:9966/management/instances \ 189 -d '{"auth":{"method":"token","password":"second"},"id":"second","name":"second","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 190 -w "%{http_code}" -s -o /dev/null) 191 192 if [ "$STATUS" != "204" ] 193 then 194 exit_fail "Expected 204, instance created. got: $STATUS" 195 fi 196 197 echo "OK" >&2 198 199 echo -n "Configuring 'third' instance ..." >&2 200 201 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 202 -H 'Authorization: Bearer '"$TOKEN" \ 203 http://localhost:9966/management/instances \ 204 -d '{"auth":{"method":"token","password":"third"},"id":"third","name":"third","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 205 -w "%{http_code}" -s -o /dev/null) 206 207 if [ "$STATUS" != "204" ] 208 then 209 exit_fail "Expected 204, instance created. got: $STATUS" 210 fi 211 212 echo "OK" >&2 213 214 echo -n "Updating 'second' instance token using the 'new_one' auth token..." >&2 215 216 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 217 -H 'Authorization: Bearer '"$TOKEN" \ 218 http://localhost:9966/management/instances/second/auth \ 219 -d '{"method":"token","password":"new_one"}' \ 220 -w "%{http_code}" -s -o /dev/null) 221 222 if [ "$STATUS" != "204" ] 223 then 224 exit_fail "Expected 204, instance auth token changed. got: $STATUS" 225 fi 226 NEW_SECRET="new_one" 227 echo " OK" >&2 228 229 BASIC_AUTH2=$(echo -n second:$NEW_SECRET | base64) 230 231 echo -n "Requesting login token..." >&2 232 233 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 234 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 235 http://localhost:9966/instances/second/private/token \ 236 -d '{"scope":"readonly","refreshable":true}' \ 237 -w "%{http_code}" -s -o "$LAST_RESPONSE") 238 239 if [ "$STATUS" != "200" ] 240 then 241 jq < "$LAST_RESPONSE" >&2 242 exit_fail "Expected 200, login token created. got: $STATUS" 243 fi 244 245 TOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 246 247 echo " OK" >&2 248 249 echo -n "Requesting login token... (spa)" >&2 250 251 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 252 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 253 http://localhost:9966/instances/second/private/token \ 254 -d '{"scope":"spa"}' \ 255 -w "%{http_code}" -s -o "$LAST_RESPONSE") 256 257 if [ "$STATUS" != "200" ] 258 then 259 jq < "$LAST_RESPONSE" >&2 260 exit_fail "Expected 200, login token created. got: $STATUS" 261 fi 262 263 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 264 265 echo " OK" >&2 266 267 echo -n "Using login token..." >&2 268 269 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 270 -H 'Authorization: Bearer '"$TOKEN" \ 271 -w "%{http_code}" -s -o "$LAST_RESPONSE") 272 273 if [ "$STATUS" != "200" ] 274 then 275 jq < "$LAST_RESPONSE" >&2 276 exit_fail "Expected 200, getting orders. got: $STATUS" 277 fi 278 279 echo " OK" >&2 280 281 echo -n "Updating 'second' instance token using the 'second' auth token..." >&2 282 283 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 284 -H 'Authorization: Bearer '"$RWTOKEN" \ 285 http://localhost:9966/instances/second/private/auth \ 286 -d '{"method":"token","password":"again"}' \ 287 -w "%{http_code}" -s -o "$LAST_RESPONSE") 288 289 BASIC_AUTH2=$(echo -n second:again | base64) 290 291 if [ "$STATUS" != "204" ] 292 then 293 cat $LAST_RESPONSE 294 exit_fail "Expected 204, instance not authorized. got: $STATUS" 295 fi 296 297 echo " OK" >&2 298 299 echo -n "Updating 'third' instance token using the 'second' auth token..." >&2 300 301 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 302 -H 'Authorization: Bearer '"$RWTOKEN" \ 303 http://localhost:9966/management/instances/third/auth \ 304 -d '{"method":"token","password":"new_one"}' \ 305 -w "%{http_code}" -s -o /dev/null) 306 307 if [ "$STATUS" != "401" ] 308 then 309 exit_fail "Expected 401, instance not authorized. got: $STATUS" 310 fi 311 312 echo " OK" >&2 313 314 echo -n "Refreshing login token... (expected failure)" >&2 315 316 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 317 -H 'Authorization: Bearer '"$TOKEN" \ 318 http://localhost:9966/instances/second/private/token \ 319 -d '{"scope":"spa","refreshable":true}' \ 320 -w "%{http_code}" -s -o "$LAST_RESPONSE") 321 322 if [ "$STATUS" != "403" ] 323 then 324 jq < "$LAST_RESPONSE" >&2 325 exit_fail "Expected 403, refused to upgrade login token. got: $STATUS" 326 fi 327 328 echo " OK" >&2 329 330 echo -n "Refreshing login token... (expected failure)" >&2 331 332 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 333 -H 'Authorization: Bearer '"$RWTOKEN" \ 334 http://localhost:9966/instances/second/private/token \ 335 -d '{"scope":"spa","refreshable":true}' \ 336 -w "%{http_code}" -s -o "$LAST_RESPONSE") 337 338 if [ "$STATUS" != "401" ] 339 then 340 jq < "$LAST_RESPONSE" >&2 341 exit_fail "Expected 401, refused to upgrade login token. got: $STATUS" 342 fi 343 344 echo " OK" >&2 345 346 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 347 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 348 http://localhost:9966/instances/second/private/token \ 349 -d '{"scope":"spa:refreshable"}' \ 350 -w "%{http_code}" -s -o "$LAST_RESPONSE") 351 352 if [ "$STATUS" != "200" ] 353 then 354 jq < "$LAST_RESPONSE" >&2 355 exit_fail "Expected 200, login token created. got: $STATUS" 356 fi 357 358 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 359 360 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 361 -H 'Authorization: Bearer '"$RWTOKEN" \ 362 http://localhost:9966/instances/second/private/token \ 363 -d '{"scope":"spa","refreshable":true}' \ 364 -w "%{http_code}" -s -o "$LAST_RESPONSE") 365 366 if [ "$STATUS" != "200" ] 367 then 368 jq < "$LAST_RESPONSE" >&2 369 exit_fail "Expected 200. got: $STATUS" 370 fi 371 372 echo " OK" >&2 373 374 375 echo -n "Requesting another login token... (read)" >&2 376 377 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 378 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 379 http://localhost:9966/instances/second/private/token \ 380 -d '{"scope":"readonly", "refreshable": false}' \ 381 -w "%{http_code}" -s -o "$LAST_RESPONSE") 382 383 if [ "$STATUS" != "200" ] 384 then 385 jq < "$LAST_RESPONSE" >&2 386 exit_fail "Expected 200, login token created. got: $STATUS" 387 fi 388 389 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 390 391 echo " OK" >&2 392 393 echo -n "Requesting another login token... (read:refreshable)" >&2 394 395 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 396 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 397 http://localhost:9966/instances/second/private/token \ 398 -d '{"scope":"readonly:refreshable", "description": "readonly but refreshable"}' \ 399 -w "%{http_code}" -s -o "$LAST_RESPONSE") 400 401 if [ "$STATUS" != "200" ] 402 then 403 jq < "$LAST_RESPONSE" >&2 404 exit_fail "Expected 200, login token created. got: $STATUS" 405 fi 406 407 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 408 409 echo " OK" >&2 410 411 echo "Getting last 2 login tokens." >&2 412 413 STATUS=$(curl -H "Content-Type: application/json" \ 414 -H "Authorization: Bearer $RWTOKEN" \ 415 'http://localhost:9966/instances/second/private/tokens?limit=-2' \ 416 -w "%{http_code}" -s -o $LAST_RESPONSE) 417 418 if [ "$STATUS" != "200" ] 419 then 420 jq < "$LAST_RESPONSE" >&2 421 exit_fail "Expected 200 OK. Got: $STATUS" 422 fi 423 424 TOKEN_SERIAL=$(jq -e -r .tokens[0].serial < "$LAST_RESPONSE") 425 426 echo -n "Deleting second login token by serial..." >&2 427 428 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 429 -H 'Authorization: Bearer '"$RWTOKEN" \ 430 http://localhost:9966/instances/second/private/tokens/$TOKEN_SERIAL \ 431 -w "%{http_code}" -s -o "$LAST_RESPONSE") 432 433 if [ "$STATUS" != "204" ] 434 then 435 jq < "$LAST_RESPONSE" >&2 436 exit_fail "Expected 204, login token deleted. got: $STATUS" 437 fi 438 echo " OK" >&2 439 440 echo -n "Using deleted login token $RTOKEN..." >&2 441 442 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 443 -H 'Authorization: Bearer '"$RTOKEN" \ 444 -w "%{http_code}" -s -o "$LAST_RESPONSE") 445 446 if [ "$STATUS" != "401" ] 447 then 448 jq < "$LAST_RESPONSE" >&2 449 exit_fail "Expected 401, token was deleted. got: $STATUS" 450 fi 451 452 echo " OK" >&2 453 454 455 echo -n "Deleting login token..." >&2 456 457 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 458 -H 'Authorization: Bearer '"$TOKEN" \ 459 http://localhost:9966/instances/second/private/token \ 460 -w "%{http_code}" -s -o "$LAST_RESPONSE") 461 462 if [ "$STATUS" != "204" ] 463 then 464 jq < "$LAST_RESPONSE" >&2 465 exit_fail "Expected 204, login token deleted. got: $STATUS" 466 fi 467 echo " OK" >&2 468 469 echo -n "Using deleted login token..." >&2 470 471 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 472 -H 'Authorization: Bearer '"$TOKEN" \ 473 -w "%{http_code}" -s -o "$LAST_RESPONSE") 474 475 if [ "$STATUS" != "401" ] 476 then 477 jq < "$LAST_RESPONSE" >&2 478 exit_fail "Expected 401, token was deleted. got: $STATUS" 479 fi 480 481 echo " OK" >&2 482 483 484 echo "Test PASSED" 485 486 exit 0