test_merchant_instance_auth.sh (14106B)
1 #!/usr/bin/env bash 2 # This file is part of TALER 3 # Copyright (C) 2014-2023 Taler Systems SA 4 # 5 # TALER is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as 7 # published by the Free Software Foundation; either version 3, or 8 # (at your option) any later version. 9 # 10 # TALER is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public 16 # License along with TALER; see the file COPYING. If not, see 17 # <http://www.gnu.org/licenses/> 18 # 19 20 # Cleanup to run whenever we exit 21 function my_cleanup() 22 { 23 for n in $(jobs -p) 24 do 25 kill "$n" 2> /dev/null || true 26 done 27 wait 28 if [ -n "${LAST_RESPONSE+x}" ] 29 then 30 rm -f "${LAST_RESPONSE}" 31 fi 32 } 33 34 . setup.sh 35 36 setup -c test_template.conf -m 37 CONF="test_template.conf.edited" 38 LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX) 39 40 echo -n "Configuring 'admin' instance ..." >&2 41 42 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 43 http://localhost:9966/management/instances \ 44 -d '{"auth":{"method":"token","password":"new_pw"},"id":"admin","name":"default","user_type":"business","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 45 -w "%{http_code}" -s -o /dev/null) 46 47 if [ "$STATUS" != "204" ] 48 then 49 exit_fail "Expected 204, instance created. got: $STATUS" >&2 50 fi 51 52 53 BASIC_AUTH=$(echo -n admin:new_pw | base64) 54 55 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 56 -H "Authorization: Basic $BASIC_AUTH" \ 57 http://localhost:9966/private/token \ 58 -d '{"scope":"spa"}' \ 59 -w "%{http_code}" -s -o $LAST_RESPONSE) 60 61 62 if [ "$STATUS" != "200" ] 63 then 64 exit_fail "Expected 200 OK. Got: $STATUS" 65 fi 66 67 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 68 69 echo " OK" >&2 70 71 echo -n "Setting up bank account..." >&2 72 73 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 74 -H "Authorization: Bearer $TOKEN" \ 75 http://localhost:9966/private/accounts \ 76 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/43?receiver-name=user43"}' \ 77 -w "%{http_code}" -s -o /dev/null) 78 79 80 if [ "$STATUS" != "200" ] 81 then 82 exit_fail "Expected 200 OK. Got: $STATUS" 83 fi 84 85 echo " OK" >&2 86 87 # Kill merchant 88 kill -TERM "$SETUP_PID" 89 wait 90 unset SETUP_PID 91 92 setup -c test_template.conf \ 93 -ef \ 94 -u "exchange-account-2" \ 95 -r "merchant-exchange-default" 96 97 NEW_SECRET="different_value" 98 99 taler-merchant-exchangekeyupdate \ 100 -c "${CONF}" \ 101 -L DEBUG \ 102 -t \ 103 2> taler-merchant-exchangekeyupdate2.log 104 taler-merchant-passwd \ 105 -c "${CONF}" \ 106 -L DEBUG \ 107 "$NEW_SECRET" \ 108 2> taler-merchant-passwd.log 109 taler-merchant-httpd \ 110 -c "${CONF}" \ 111 -L DEBUG \ 112 2> taler-merchant-httpd2.log & 113 # Install cleanup handler (except for kill -9) 114 trap my_cleanup EXIT 115 116 echo -n "Waiting for the merchant..." >&2 117 # Wait for merchant to be available (usually the slowest) 118 for n in $(seq 1 50) 119 do 120 echo -n "." >&2 121 sleep 0.1 122 OK=0 123 # merchant 124 wget --waitretry=0 \ 125 --timeout=1 \ 126 http://localhost:9966/ \ 127 -o /dev/null \ 128 -O /dev/null \ 129 >/dev/null || continue 130 OK=1 131 break 132 done 133 134 if [ "x$OK" != "x1" ] 135 then 136 exit_fail "Failed to (re)start merchant backend" 137 fi 138 139 echo " OK" >&2 140 141 BASIC_AUTH=$(echo -n "admin:$NEW_SECRET" | base64) 142 143 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 144 -H "Authorization: Basic $BASIC_AUTH" \ 145 http://localhost:9966/private/token \ 146 -d '{"scope":"spa"}' \ 147 -w "%{http_code}" -s -o $LAST_RESPONSE) 148 149 150 if [ "$STATUS" != "200" ] 151 then 152 exit_fail "Expected 200 OK. Got: $STATUS" 153 fi 154 155 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 156 157 echo -n "Making sure merchant KYC data is current ..." >&2 158 159 taler-merchant-kyccheck \ 160 -c "${CONF}" \ 161 -L DEBUG \ 162 -t \ 163 2> taler-merchant-kyccheck.log 164 165 sleep 1 166 echo " OK" 167 168 echo -n "Creating order to test auth is ok..." >&2 169 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 170 'http://localhost:9966/private/orders' \ 171 -H 'Authorization: Bearer '"$TOKEN" \ 172 -d '{"order":{"amount":"TESTKUDOS:1","summary":"payme"}}' \ 173 -w "%{http_code}" -s -o "$LAST_RESPONSE") 174 175 if [ "$STATUS" != "200" ] 176 then 177 cat "$LAST_RESPONSE" >&2 178 exit_fail "Expected 200, order created. got: $STATUS" 179 fi 180 181 ORDER_ID=$(jq -e -r .order_id < "$LAST_RESPONSE") 182 ORD_TOKEN=$(jq -e -r .token < "$LAST_RESPONSE") 183 184 STATUS=$(curl "http://localhost:9966/private/orders/${ORDER_ID}" \ 185 -H 'Authorization: Bearer '"$TOKEN" \ 186 -w "%{http_code}" -s -o "$LAST_RESPONSE") 187 188 if [ "$STATUS" != "200" ] 189 then 190 cat "$LAST_RESPONSE" >&2 191 exit_fail "Expected 200, getting order info before claming it. got: $STATUS" 192 fi 193 194 PAY_URL=$(jq -e -r .taler_pay_uri < "$LAST_RESPONSE") 195 196 echo "OK order ${ORDER_ID} with ${ORD_TOKEN} and ${PAY_URL}" >&2 197 198 echo -n "Configuring 'second' instance ..." >&2 199 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 200 -H 'Authorization: Bearer '"$TOKEN" \ 201 http://localhost:9966/management/instances \ 202 -d '{"auth":{"method":"token","password":"second"},"id":"second","name":"second","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 203 -w "%{http_code}" -s -o "$LAST_RESPONSE") 204 205 if [ "$STATUS" != "204" ] 206 then 207 cat "$LAST_RESPONSE" >&2 208 exit_fail "Expected 204, instance created. got: $STATUS" 209 fi 210 211 echo "OK" >&2 212 213 echo -n "Configuring 'third' instance ..." >&2 214 215 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 216 -H 'Authorization: Bearer '"$TOKEN" \ 217 http://localhost:9966/management/instances \ 218 -d '{"auth":{"method":"token","password":"third"},"id":"third","name":"third","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 219 -w "%{http_code}" -s -o "$LAST_RESPONSE") 220 221 if [ "$STATUS" != "204" ] 222 then 223 cat "$LAST_RESPONSE" >&2 224 exit_fail "Expected 204, instance created. got: $STATUS" 225 fi 226 227 echo "OK" >&2 228 229 echo -n "Updating 'second' instance token using the 'new_one' auth token..." >&2 230 231 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 232 -H 'Authorization: Bearer '"$TOKEN" \ 233 http://localhost:9966/management/instances/second/auth \ 234 -d '{"method":"token","password":"new_one"}' \ 235 -w "%{http_code}" -s -o "$LAST_RESPONSE") 236 237 if [ "$STATUS" != "204" ] 238 then 239 cat "$LAST_RESPONSE" >&2 240 exit_fail "Expected 204, instance auth token changed. got: $STATUS" 241 fi 242 NEW_SECRET="new_one" 243 echo " OK" >&2 244 245 BASIC_AUTH2=$(echo -n second:$NEW_SECRET | base64) 246 247 echo -n "Requesting login token..." >&2 248 249 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 250 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 251 http://localhost:9966/instances/second/private/token \ 252 -d '{"scope":"readonly","refreshable":true}' \ 253 -w "%{http_code}" -s -o "$LAST_RESPONSE") 254 255 if [ "$STATUS" != "200" ] 256 then 257 jq < "$LAST_RESPONSE" >&2 258 exit_fail "Expected 200, login token created. got: $STATUS" 259 fi 260 261 TOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 262 263 echo " OK" >&2 264 265 echo -n "Requesting login token... (spa)" >&2 266 267 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 268 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 269 http://localhost:9966/instances/second/private/token \ 270 -d '{"scope":"spa"}' \ 271 -w "%{http_code}" -s -o "$LAST_RESPONSE") 272 273 if [ "$STATUS" != "200" ] 274 then 275 jq < "$LAST_RESPONSE" >&2 276 exit_fail "Expected 200, login token created. got: $STATUS" 277 fi 278 279 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 280 281 echo " OK" >&2 282 283 echo -n "Using login token..." >&2 284 285 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 286 -H 'Authorization: Bearer '"$TOKEN" \ 287 -w "%{http_code}" -s -o "$LAST_RESPONSE") 288 289 if [ "$STATUS" != "200" ] 290 then 291 jq < "$LAST_RESPONSE" >&2 292 exit_fail "Expected 200, getting orders. got: $STATUS" 293 fi 294 295 echo " OK" >&2 296 297 echo -n "Updating 'second' instance token using the 'second' auth token..." >&2 298 299 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 300 -H 'Authorization: Bearer '"$RWTOKEN" \ 301 http://localhost:9966/instances/second/private/auth \ 302 -d '{"method":"token","password":"again"}' \ 303 -w "%{http_code}" -s -o "$LAST_RESPONSE") 304 305 BASIC_AUTH2=$(echo -n second:again | base64) 306 307 if [ "$STATUS" != "204" ] 308 then 309 cat $LAST_RESPONSE >&2 310 exit_fail "Expected 204, instance not authorized. got: $STATUS" 311 fi 312 313 echo " OK" >&2 314 315 echo -n "Updating 'third' instance token using the 'second' auth token..." >&2 316 317 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 318 -H 'Authorization: Bearer '"$RWTOKEN" \ 319 http://localhost:9966/management/instances/third/auth \ 320 -d '{"method":"token","password":"new_one"}' \ 321 -w "%{http_code}" -s -o "$LAST_RESPONSE") 322 323 if [ "$STATUS" != "401" ] 324 then 325 cat $LAST_RESPONSE >&2 326 exit_fail "Expected 401, instance not authorized. got: $STATUS" 327 fi 328 329 echo " OK" >&2 330 331 echo -n "Refreshing login token... (expected failure)" >&2 332 333 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 334 -H 'Authorization: Bearer '"$TOKEN" \ 335 http://localhost:9966/instances/second/private/token \ 336 -d '{"scope":"spa","refreshable":true}' \ 337 -w "%{http_code}" -s -o "$LAST_RESPONSE") 338 339 if [ "$STATUS" != "403" ] 340 then 341 jq < "$LAST_RESPONSE" >&2 342 exit_fail "Expected 403, refused to upgrade login token. got: $STATUS" 343 fi 344 345 echo " OK" >&2 346 347 echo -n "Refreshing login token... (expected failure)" >&2 348 349 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 350 -H 'Authorization: Bearer '"$RWTOKEN" \ 351 http://localhost:9966/instances/second/private/token \ 352 -d '{"scope":"spa","refreshable":true}' \ 353 -w "%{http_code}" -s -o "$LAST_RESPONSE") 354 355 if [ "$STATUS" != "401" ] 356 then 357 jq < "$LAST_RESPONSE" >&2 358 exit_fail "Expected 401, refused to upgrade login token. got: $STATUS" 359 fi 360 361 echo " OK" >&2 362 363 echo -n "Creating refreshable login token..." >&2 364 365 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 366 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 367 http://localhost:9966/instances/second/private/token \ 368 -d '{"scope":"spa:refreshable"}' \ 369 -w "%{http_code}" -s -o "$LAST_RESPONSE") 370 371 if [ "$STATUS" != "200" ] 372 then 373 jq < "$LAST_RESPONSE" >&2 374 exit_fail "Expected 200, login token created. got: $STATUS" 375 fi 376 377 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 378 379 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 380 -H 'Authorization: Bearer '"$RWTOKEN" \ 381 http://localhost:9966/instances/second/private/token \ 382 -d '{"scope":"spa","refreshable":true}' \ 383 -w "%{http_code}" -s -o "$LAST_RESPONSE") 384 385 if [ "$STATUS" != "200" ] 386 then 387 jq < "$LAST_RESPONSE" >&2 388 exit_fail "Expected 200. got: $STATUS" 389 fi 390 391 echo " OK" >&2 392 393 394 echo -n "Requesting another login token... (read)" >&2 395 396 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 397 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 398 http://localhost:9966/instances/second/private/token \ 399 -d '{"scope":"readonly", "refreshable": false}' \ 400 -w "%{http_code}" -s -o "$LAST_RESPONSE") 401 402 if [ "$STATUS" != "200" ] 403 then 404 jq < "$LAST_RESPONSE" >&2 405 exit_fail "Expected 200, login token created. got: $STATUS" 406 fi 407 408 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 409 410 echo " OK" >&2 411 412 echo -n "Requesting another login token... (read:refreshable)" >&2 413 414 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 415 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 416 http://localhost:9966/instances/second/private/token \ 417 -d '{"scope":"readonly:refreshable", "description": "readonly but refreshable"}' \ 418 -w "%{http_code}" -s -o "$LAST_RESPONSE") 419 420 if [ "$STATUS" != "200" ] 421 then 422 jq < "$LAST_RESPONSE" >&2 423 exit_fail "Expected 200, login token created. got: $STATUS" 424 fi 425 426 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 427 428 echo " OK" >&2 429 430 echo "Getting last 2 login tokens." >&2 431 432 STATUS=$(curl -H "Content-Type: application/json" \ 433 -H "Authorization: Bearer $RWTOKEN" \ 434 'http://localhost:9966/instances/second/private/tokens?limit=-2' \ 435 -w "%{http_code}" -s -o $LAST_RESPONSE) 436 437 if [ "$STATUS" != "200" ] 438 then 439 jq < "$LAST_RESPONSE" >&2 440 exit_fail "Expected 200 OK. Got: $STATUS" 441 fi 442 443 TOKEN_SERIAL=$(jq -e -r .tokens[0].serial < "$LAST_RESPONSE") 444 445 echo -n "Deleting second login token by serial..." >&2 446 447 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 448 -H 'Authorization: Bearer '"$RWTOKEN" \ 449 http://localhost:9966/instances/second/private/tokens/$TOKEN_SERIAL \ 450 -w "%{http_code}" -s -o "$LAST_RESPONSE") 451 452 if [ "$STATUS" != "204" ] 453 then 454 jq < "$LAST_RESPONSE" >&2 455 exit_fail "Expected 204, login token deleted. got: $STATUS" 456 fi 457 echo " OK" >&2 458 459 echo -n "Using deleted login token $RTOKEN..." >&2 460 461 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 462 -H 'Authorization: Bearer '"$RTOKEN" \ 463 -w "%{http_code}" -s -o "$LAST_RESPONSE") 464 465 if [ "$STATUS" != "401" ] 466 then 467 jq < "$LAST_RESPONSE" >&2 468 exit_fail "Expected 401, token was deleted. got: $STATUS" 469 fi 470 471 echo " OK" >&2 472 473 474 echo -n "Deleting login token..." >&2 475 476 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 477 -H 'Authorization: Bearer '"$TOKEN" \ 478 http://localhost:9966/instances/second/private/token \ 479 -w "%{http_code}" -s -o "$LAST_RESPONSE") 480 481 if [ "$STATUS" != "204" ] 482 then 483 jq < "$LAST_RESPONSE" >&2 484 exit_fail "Expected 204, login token deleted. got: $STATUS" 485 fi 486 echo " OK" >&2 487 488 echo -n "Using deleted login token..." >&2 489 490 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 491 -H 'Authorization: Bearer '"$TOKEN" \ 492 -w "%{http_code}" -s -o "$LAST_RESPONSE") 493 494 if [ "$STATUS" != "401" ] 495 then 496 jq < "$LAST_RESPONSE" >&2 497 exit_fail "Expected 401, token was deleted. got: $STATUS" 498 fi 499 500 echo " OK" >&2 501 502 503 echo "Test PASSED" 504 505 exit 0