test_merchant_instance_auth.sh (13954B)
1 #!/bin/bash 2 # This file is part of TALER 3 # Copyright (C) 2014-2023 Taler Systems SA 4 # 5 # TALER is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as 7 # published by the Free Software Foundation; either version 3, or 8 # (at your option) any later version. 9 # 10 # TALER is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public 16 # License along with TALER; see the file COPYING. If not, see 17 # <http://www.gnu.org/licenses/> 18 # 19 20 # Cleanup to run whenever we exit 21 function my_cleanup() 22 { 23 for n in $(jobs -p) 24 do 25 kill "$n" 2> /dev/null || true 26 done 27 wait 28 if [ -n "${LAST_RESPONSE+x}" ] 29 then 30 rm -f "${LAST_RESPONSE}" 31 fi 32 } 33 34 . setup.sh 35 36 setup -c test_template.conf -m 37 CONF="test_template.conf.edited" 38 LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX) 39 40 echo -n "Configuring 'admin' instance ..." >&2 41 42 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 43 http://localhost:9966/management/instances \ 44 -d '{"auth":{"method":"token","password":"new_pw"},"id":"admin","name":"default","user_type":"business","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 45 -w "%{http_code}" -s -o /dev/null) 46 47 if [ "$STATUS" != "204" ] 48 then 49 exit_fail "Expected 204, instance created. got: $STATUS" >&2 50 fi 51 52 53 BASIC_AUTH=$(echo -n admin:new_pw | base64) 54 55 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 56 -H "Authorization: Basic $BASIC_AUTH" \ 57 http://localhost:9966/private/token \ 58 -d '{"scope":"spa"}' \ 59 -w "%{http_code}" -s -o $LAST_RESPONSE) 60 61 62 if [ "$STATUS" != "200" ] 63 then 64 exit_fail "Expected 200 OK. Got: $STATUS" 65 fi 66 67 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 68 69 echo " OK" >&2 70 71 echo -n "Setting up bank account..." >&2 72 73 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 74 -H "Authorization: Bearer $TOKEN" \ 75 http://localhost:9966/private/accounts \ 76 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/43?receiver-name=user43"}' \ 77 -w "%{http_code}" -s -o /dev/null) 78 79 80 if [ "$STATUS" != "200" ] 81 then 82 exit_fail "Expected 200 OK. Got: $STATUS" 83 fi 84 85 echo " OK" >&2 86 87 # Kill merchant 88 kill -TERM "$SETUP_PID" 89 wait 90 unset SETUP_PID 91 92 setup -c test_template.conf \ 93 -ef \ 94 -u "exchange-account-2" \ 95 -r "merchant-exchange-default" 96 97 NEW_SECRET="different_value" 98 99 taler-merchant-exchangekeyupdate \ 100 -c "${CONF}" \ 101 -L DEBUG \ 102 -t \ 103 2> taler-merchant-exchangekeyupdate2.log 104 taler-merchant-passwd \ 105 -c "${CONF}" \ 106 -L DEBUG \ 107 "$NEW_SECRET" \ 108 2> taler-merchant-passwd.log 109 taler-merchant-httpd \ 110 -c "${CONF}" \ 111 -L DEBUG \ 112 2> taler-merchant-httpd2.log & 113 # Install cleanup handler (except for kill -9) 114 trap my_cleanup EXIT 115 116 echo -n "Waiting for the merchant..." >&2 117 # Wait for merchant to be available (usually the slowest) 118 for n in $(seq 1 50) 119 do 120 echo -n "." >&2 121 sleep 0.1 122 OK=0 123 # merchant 124 wget --waitretry=0 \ 125 --timeout=1 \ 126 http://localhost:9966/ \ 127 -o /dev/null \ 128 -O /dev/null \ 129 >/dev/null || continue 130 OK=1 131 break 132 done 133 134 if [ "x$OK" != "x1" ] 135 then 136 exit_fail "Failed to (re)start merchant backend" 137 fi 138 139 echo " OK" >&2 140 141 BASIC_AUTH=$(echo -n "admin:$NEW_SECRET" | base64) 142 143 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 144 -H "Authorization: Basic $BASIC_AUTH" \ 145 http://localhost:9966/private/token \ 146 -d '{"scope":"spa"}' \ 147 -w "%{http_code}" -s -o $LAST_RESPONSE) 148 149 150 if [ "$STATUS" != "200" ] 151 then 152 exit_fail "Expected 200 OK. Got: $STATUS" 153 fi 154 155 TOKEN=$(jq -e -r .access_token < $LAST_RESPONSE) 156 157 echo -n "Making sure merchant KYC data is current ..." >&2 158 159 taler-merchant-kyccheck \ 160 -c "${CONF}" \ 161 -L DEBUG \ 162 -t \ 163 2> taler-merchant-kyccheck.log 164 165 sleep 1 166 echo " OK" 167 168 echo -n "Creating order to test auth is ok..." >&2 169 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 170 'http://localhost:9966/private/orders' \ 171 -H 'Authorization: Bearer '"$TOKEN" \ 172 -d '{"order":{"amount":"TESTKUDOS:1","summary":"payme"}}' \ 173 -w "%{http_code}" -s -o "$LAST_RESPONSE") 174 175 if [ "$STATUS" != "200" ] 176 then 177 cat "$LAST_RESPONSE" >&2 178 exit_fail "Expected 200, order created. got: $STATUS" 179 fi 180 181 ORDER_ID=$(jq -e -r .order_id < "$LAST_RESPONSE") 182 ORD_TOKEN=$(jq -e -r .token < "$LAST_RESPONSE") 183 184 STATUS=$(curl "http://localhost:9966/private/orders/${ORDER_ID}" \ 185 -H 'Authorization: Bearer '"$TOKEN" \ 186 -w "%{http_code}" -s -o "$LAST_RESPONSE") 187 188 if [ "$STATUS" != "200" ] 189 then 190 cat "$LAST_RESPONSE" >&2 191 exit_fail "Expected 200, getting order info before claming it. got: $STATUS" 192 fi 193 194 PAY_URL=$(jq -e -r .taler_pay_uri < "$LAST_RESPONSE") 195 196 echo "OK order ${ORDER_ID} with ${ORD_TOKEN} and ${PAY_URL}" >&2 197 198 echo -n "Configuring 'second' instance ..." >&2 199 200 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 201 -H 'Authorization: Bearer '"$TOKEN" \ 202 http://localhost:9966/management/instances \ 203 -d '{"auth":{"method":"token","password":"second"},"id":"second","name":"second","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 204 -w "%{http_code}" -s -o /dev/null) 205 206 if [ "$STATUS" != "204" ] 207 then 208 exit_fail "Expected 204, instance created. got: $STATUS" 209 fi 210 211 echo "OK" >&2 212 213 echo -n "Configuring 'third' instance ..." >&2 214 215 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 216 -H 'Authorization: Bearer '"$TOKEN" \ 217 http://localhost:9966/management/instances \ 218 -d '{"auth":{"method":"token","password":"third"},"id":"third","name":"third","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' \ 219 -w "%{http_code}" -s -o /dev/null) 220 221 if [ "$STATUS" != "204" ] 222 then 223 exit_fail "Expected 204, instance created. got: $STATUS" 224 fi 225 226 echo "OK" >&2 227 228 echo -n "Updating 'second' instance token using the 'new_one' auth token..." >&2 229 230 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 231 -H 'Authorization: Bearer '"$TOKEN" \ 232 http://localhost:9966/management/instances/second/auth \ 233 -d '{"method":"token","password":"new_one"}' \ 234 -w "%{http_code}" -s -o /dev/null) 235 236 if [ "$STATUS" != "204" ] 237 then 238 exit_fail "Expected 204, instance auth token changed. got: $STATUS" 239 fi 240 NEW_SECRET="new_one" 241 echo " OK" >&2 242 243 BASIC_AUTH2=$(echo -n second:$NEW_SECRET | base64) 244 245 echo -n "Requesting login token..." >&2 246 247 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 248 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 249 http://localhost:9966/instances/second/private/token \ 250 -d '{"scope":"readonly","refreshable":true}' \ 251 -w "%{http_code}" -s -o "$LAST_RESPONSE") 252 253 if [ "$STATUS" != "200" ] 254 then 255 jq < "$LAST_RESPONSE" >&2 256 exit_fail "Expected 200, login token created. got: $STATUS" 257 fi 258 259 TOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 260 261 echo " OK" >&2 262 263 echo -n "Requesting login token... (spa)" >&2 264 265 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 266 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 267 http://localhost:9966/instances/second/private/token \ 268 -d '{"scope":"spa"}' \ 269 -w "%{http_code}" -s -o "$LAST_RESPONSE") 270 271 if [ "$STATUS" != "200" ] 272 then 273 jq < "$LAST_RESPONSE" >&2 274 exit_fail "Expected 200, login token created. got: $STATUS" 275 fi 276 277 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 278 279 echo " OK" >&2 280 281 echo -n "Using login token..." >&2 282 283 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 284 -H 'Authorization: Bearer '"$TOKEN" \ 285 -w "%{http_code}" -s -o "$LAST_RESPONSE") 286 287 if [ "$STATUS" != "200" ] 288 then 289 jq < "$LAST_RESPONSE" >&2 290 exit_fail "Expected 200, getting orders. got: $STATUS" 291 fi 292 293 echo " OK" >&2 294 295 echo -n "Updating 'second' instance token using the 'second' auth token..." >&2 296 297 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 298 -H 'Authorization: Bearer '"$RWTOKEN" \ 299 http://localhost:9966/instances/second/private/auth \ 300 -d '{"method":"token","password":"again"}' \ 301 -w "%{http_code}" -s -o "$LAST_RESPONSE") 302 303 BASIC_AUTH2=$(echo -n second:again | base64) 304 305 if [ "$STATUS" != "204" ] 306 then 307 cat $LAST_RESPONSE 308 exit_fail "Expected 204, instance not authorized. got: $STATUS" 309 fi 310 311 echo " OK" >&2 312 313 echo -n "Updating 'third' instance token using the 'second' auth token..." >&2 314 315 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 316 -H 'Authorization: Bearer '"$RWTOKEN" \ 317 http://localhost:9966/management/instances/third/auth \ 318 -d '{"method":"token","password":"new_one"}' \ 319 -w "%{http_code}" -s -o /dev/null) 320 321 if [ "$STATUS" != "401" ] 322 then 323 exit_fail "Expected 401, instance not authorized. got: $STATUS" 324 fi 325 326 echo " OK" >&2 327 328 echo -n "Refreshing login token... (expected failure)" >&2 329 330 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 331 -H 'Authorization: Bearer '"$TOKEN" \ 332 http://localhost:9966/instances/second/private/token \ 333 -d '{"scope":"spa","refreshable":true}' \ 334 -w "%{http_code}" -s -o "$LAST_RESPONSE") 335 336 if [ "$STATUS" != "403" ] 337 then 338 jq < "$LAST_RESPONSE" >&2 339 exit_fail "Expected 403, refused to upgrade login token. got: $STATUS" 340 fi 341 342 echo " OK" >&2 343 344 echo -n "Refreshing login token... (expected failure)" >&2 345 346 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 347 -H 'Authorization: Bearer '"$RWTOKEN" \ 348 http://localhost:9966/instances/second/private/token \ 349 -d '{"scope":"spa","refreshable":true}' \ 350 -w "%{http_code}" -s -o "$LAST_RESPONSE") 351 352 if [ "$STATUS" != "401" ] 353 then 354 jq < "$LAST_RESPONSE" >&2 355 exit_fail "Expected 401, refused to upgrade login token. got: $STATUS" 356 fi 357 358 echo " OK" >&2 359 360 echo -n "Creating refreshable login token..." >&2 361 362 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 363 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 364 http://localhost:9966/instances/second/private/token \ 365 -d '{"scope":"spa:refreshable"}' \ 366 -w "%{http_code}" -s -o "$LAST_RESPONSE") 367 368 if [ "$STATUS" != "200" ] 369 then 370 jq < "$LAST_RESPONSE" >&2 371 exit_fail "Expected 200, login token created. got: $STATUS" 372 fi 373 374 RWTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 375 376 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 377 -H 'Authorization: Bearer '"$RWTOKEN" \ 378 http://localhost:9966/instances/second/private/token \ 379 -d '{"scope":"spa","refreshable":true}' \ 380 -w "%{http_code}" -s -o "$LAST_RESPONSE") 381 382 if [ "$STATUS" != "200" ] 383 then 384 jq < "$LAST_RESPONSE" >&2 385 exit_fail "Expected 200. got: $STATUS" 386 fi 387 388 echo " OK" >&2 389 390 391 echo -n "Requesting another login token... (read)" >&2 392 393 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 394 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 395 http://localhost:9966/instances/second/private/token \ 396 -d '{"scope":"readonly", "refreshable": false}' \ 397 -w "%{http_code}" -s -o "$LAST_RESPONSE") 398 399 if [ "$STATUS" != "200" ] 400 then 401 jq < "$LAST_RESPONSE" >&2 402 exit_fail "Expected 200, login token created. got: $STATUS" 403 fi 404 405 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 406 407 echo " OK" >&2 408 409 echo -n "Requesting another login token... (read:refreshable)" >&2 410 411 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 412 -H 'Authorization: Basic '"$BASIC_AUTH2" \ 413 http://localhost:9966/instances/second/private/token \ 414 -d '{"scope":"readonly:refreshable", "description": "readonly but refreshable"}' \ 415 -w "%{http_code}" -s -o "$LAST_RESPONSE") 416 417 if [ "$STATUS" != "200" ] 418 then 419 jq < "$LAST_RESPONSE" >&2 420 exit_fail "Expected 200, login token created. got: $STATUS" 421 fi 422 423 RTOKEN=$(jq -e -r .access_token < "$LAST_RESPONSE") 424 425 echo " OK" >&2 426 427 echo "Getting last 2 login tokens." >&2 428 429 STATUS=$(curl -H "Content-Type: application/json" \ 430 -H "Authorization: Bearer $RWTOKEN" \ 431 'http://localhost:9966/instances/second/private/tokens?limit=-2' \ 432 -w "%{http_code}" -s -o $LAST_RESPONSE) 433 434 if [ "$STATUS" != "200" ] 435 then 436 jq < "$LAST_RESPONSE" >&2 437 exit_fail "Expected 200 OK. Got: $STATUS" 438 fi 439 440 TOKEN_SERIAL=$(jq -e -r .tokens[0].serial < "$LAST_RESPONSE") 441 442 echo -n "Deleting second login token by serial..." >&2 443 444 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 445 -H 'Authorization: Bearer '"$RWTOKEN" \ 446 http://localhost:9966/instances/second/private/tokens/$TOKEN_SERIAL \ 447 -w "%{http_code}" -s -o "$LAST_RESPONSE") 448 449 if [ "$STATUS" != "204" ] 450 then 451 jq < "$LAST_RESPONSE" >&2 452 exit_fail "Expected 204, login token deleted. got: $STATUS" 453 fi 454 echo " OK" >&2 455 456 echo -n "Using deleted login token $RTOKEN..." >&2 457 458 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 459 -H 'Authorization: Bearer '"$RTOKEN" \ 460 -w "%{http_code}" -s -o "$LAST_RESPONSE") 461 462 if [ "$STATUS" != "401" ] 463 then 464 jq < "$LAST_RESPONSE" >&2 465 exit_fail "Expected 401, token was deleted. got: $STATUS" 466 fi 467 468 echo " OK" >&2 469 470 471 echo -n "Deleting login token..." >&2 472 473 STATUS=$(curl -H "Content-Type: application/json" -X DELETE \ 474 -H 'Authorization: Bearer '"$TOKEN" \ 475 http://localhost:9966/instances/second/private/token \ 476 -w "%{http_code}" -s -o "$LAST_RESPONSE") 477 478 if [ "$STATUS" != "204" ] 479 then 480 jq < "$LAST_RESPONSE" >&2 481 exit_fail "Expected 204, login token deleted. got: $STATUS" 482 fi 483 echo " OK" >&2 484 485 echo -n "Using deleted login token..." >&2 486 487 STATUS=$(curl "http://localhost:9966/instances/second/private/orders" \ 488 -H 'Authorization: Bearer '"$TOKEN" \ 489 -w "%{http_code}" -s -o "$LAST_RESPONSE") 490 491 if [ "$STATUS" != "401" ] 492 then 493 jq < "$LAST_RESPONSE" >&2 494 exit_fail "Expected 401, token was deleted. got: $STATUS" 495 fi 496 497 echo " OK" >&2 498 499 500 echo "Test PASSED" 501 502 exit 0