test_merchant_mfa.sh (10562B)
1 #!/bin/bash 2 # This file is part of TALER 3 # Copyright (C) 2025 Taler Systems SA 4 # 5 # TALER is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as 7 # published by the Free Software Foundation; either version 3, or 8 # (at your option) any later version. 9 # 10 # TALER is distributed in the hope that it will be useful, but 11 # WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public 16 # License along with TALER; see the file COPYING. If not, see 17 # <http://www.gnu.org/licenses/> 18 # 19 set -eu 20 21 . setup.sh 22 23 24 # Launch system. 25 setup \ 26 -c "test_merchant_mfa.conf" \ 27 -m 28 LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX) 29 30 echo -n "Configuring a merchant admin instance ..." 31 32 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 33 -H 'Authorization: Bearer secret-token:super_secret' \ 34 http://localhost:9966/management/instances \ 35 -d '{"auth":{"method":"external"},"id":"admin","name":"default","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 50000000},"default_pay_delay":{"d_us": 60000000}}' \ 36 -w "%{http_code}" -s \ 37 -o "$LAST_RESPONSE") 38 39 if [ "$STATUS" != "204" ] 40 then 41 jq < "$LAST_RESPONSE" 42 exit_fail "Expected 204 ok, instance created. got: $STATUS" 43 fi 44 45 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 46 -H 'Authorization: Bearer secret-token:super_secret' \ 47 http://localhost:9966/private/accounts \ 48 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/43?receiver-name=user43"}' \ 49 -w "%{http_code}" -s \ 50 -o "$LAST_RESPONSE") 51 52 53 if [ "$STATUS" != "200" ] 54 then 55 jq < "$LAST_RESPONSE" 56 exit_fail "Expected 200 OK. Got: $STATUS" 57 fi 58 59 echo -n "Self-provision instance ..." 60 61 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 62 http://localhost:9966/instances \ 63 -d '{"auth":{"method":"token", "password":"pass1234"},"id":"self","name":"default","phone_number":"1234","email":"self@example.com","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 50000000},"default_pay_delay":{"d_us": 60000000}}' \ 64 -w "%{http_code}" -s \ 65 -o "$LAST_RESPONSE") 66 67 if [ "$STATUS" != "202" ] 68 then 69 jq < "$LAST_RESPONSE" 70 exit_fail "Expected 202 Accepted. Got: $STATUS" 71 fi 72 73 C1=$(jq -r .challenges[0].challenge_id < "$LAST_RESPONSE") 74 C2=$(jq -r .challenges[1].challenge_id < "$LAST_RESPONSE") 75 76 echo -n "Requesting challenge $C1 " 77 78 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 79 "http://localhost:9966/challenge/$C1" \ 80 -d '{}' \ 81 -w "%{http_code}" -s \ 82 -o "$LAST_RESPONSE") 83 84 if [ "$STATUS" != "204" ] 85 then 86 jq < "$LAST_RESPONSE" 87 exit_fail "Expected 204 OK. Got: $STATUS" 88 fi 89 echo "OK" 90 91 TAN=$(cat /tmp/test-merchant-sms-tan.txt | head -n1) 92 ADDR=$(cat /tmp/test-merchant-sms-address.txt) 93 94 if [ "$ADDR" != "1234" ] 95 then 96 exit_fail "Expected address '1234'. Got: $ADDR" 97 fi 98 99 echo -n "Sending challenge $C1 solution " 100 101 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 102 "http://localhost:9966/challenge/$C1/confirm" \ 103 -d '{"tan":"'"$TAN"'"}' \ 104 -w "%{http_code}" -s \ 105 -o "$LAST_RESPONSE") 106 107 if [ "$STATUS" != "204" ] 108 then 109 jq < "$LAST_RESPONSE" 110 exit_fail "Expected 204 OK. Got: $STATUS" 111 fi 112 echo "OK" 113 114 115 echo -n "Requesting challenge $C2 " 116 117 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 118 "http://localhost:9966/challenge/$C2" \ 119 -d '{}' \ 120 -w "%{http_code}" -s \ 121 -o "$LAST_RESPONSE") 122 123 if [ "$STATUS" != "204" ] 124 then 125 jq < "$LAST_RESPONSE" 126 exit_fail "Expected 204 OK. Got: $STATUS" 127 fi 128 echo "OK" 129 130 TAN=$(cat /tmp/test-merchant-email-tan.txt | head -n1) 131 132 echo -n "Sending challenge $C2 solution " 133 134 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 135 "http://localhost:9966/challenge/$C2/confirm" \ 136 -d '{"tan":"'"$TAN"'"}' \ 137 -w "%{http_code}" -s \ 138 -o "$LAST_RESPONSE") 139 140 if [ "$STATUS" != "204" ] 141 then 142 jq < "$LAST_RESPONSE" 143 exit_fail "Expected 204 OK. Got: $STATUS" 144 fi 145 echo "OK" 146 147 148 echo -n "Retrying instance creation with other body " 149 150 STATUS=$(curl \ 151 -H "Content-Type: application/json" \ 152 -H "Taler-Challenge-Ids: $C1,$C2" \ 153 -X POST \ 154 http://localhost:9966/instances \ 155 -d '{"auth":{"method":"external"},"id":"self","name":"change","phone_number":"1234","email":"self@example.com","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 50000000},"default_pay_delay":{"d_us": 60000000}}' \ 156 -w "%{http_code}" -s \ 157 -o "$LAST_RESPONSE") 158 159 if [ "$STATUS" != "202" ] 160 then 161 jq < "$LAST_RESPONSE" 162 exit_fail "Expected 202 Accepted. Got: $STATUS" 163 fi 164 echo "OK" 165 166 167 168 echo -n "Retrying instance creation with original body " 169 170 STATUS=$(curl \ 171 -H "Content-Type: application/json" \ 172 -H "Taler-Challenge-Ids: $C1,$C2" \ 173 -X POST \ 174 http://localhost:9966/instances \ 175 -d '{"auth":{"method":"token", "password":"pass1234"},"id":"self","name":"default","phone_number":"1234","email":"self@example.com","address":{},"jurisdiction":{},"use_stefan":true,"default_wire_transfer_delay":{"d_us" : 50000000},"default_pay_delay":{"d_us": 60000000}}' \ 176 -w "%{http_code}" -s \ 177 -o "$LAST_RESPONSE") 178 179 if [ "$STATUS" != "204" ] 180 then 181 jq < "$LAST_RESPONSE" 182 exit_fail "Expected 204 OK. Got: $STATUS" 183 fi 184 185 echo "OK" 186 187 188 echo -n "Unauthorized trigger MFA to add bank account " 189 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 190 -H 'Authorization: Bearer secret-token:bad_password' \ 191 http://localhost:9966/instances/self/private/accounts \ 192 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/44?receiver-name=user44"}' \ 193 -w "%{http_code}" -s \ 194 -o "$LAST_RESPONSE") 195 196 if [ "$STATUS" != "401" ] 197 then 198 jq < "$LAST_RESPONSE" 199 exit_fail "Expected 401 Forbidden. Got: $STATUS" 200 fi 201 202 echo " OK" 203 204 205 echo -n "Trigger MFA to add bank account with 2-FA authorization " 206 STATUS=$(curl \ 207 -H "Content-Type: application/json" \ 208 -X POST \ 209 -H 'Authorization: Bearer secret-token:pass1234' \ 210 http://localhost:9966/instances/self/private/accounts \ 211 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/44?receiver-name=user44"}' \ 212 -w "%{http_code}" -s \ 213 -o "$LAST_RESPONSE") 214 215 if [ "$STATUS" != "202" ] 216 then 217 jq < "$LAST_RESPONSE" 218 exit_fail "Expected 202 Accepted. Got: $STATUS" 219 fi 220 221 echo " OK" 222 223 224 C1=$(jq -r .challenges[1].challenge_id < "$LAST_RESPONSE") 225 226 echo -n "Requesting challenge $C1 " 227 228 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 229 "http://localhost:9966/challenge/$C1" \ 230 -d '{}' \ 231 -w "%{http_code}" -s \ 232 -o "$LAST_RESPONSE") 233 234 if [ "$STATUS" != "204" ] 235 then 236 jq < "$LAST_RESPONSE" 237 exit_fail "Expected 204 OK. Got: $STATUS" 238 fi 239 echo "OK" 240 241 TAN=$(cat /tmp/test-merchant-sms-tan.txt | head -n1) 242 ADDR=$(cat /tmp/test-merchant-sms-address.txt) 243 244 if [ "$ADDR" != "1234" ] 245 then 246 exit_fail "Expected address '1234'. Got: $ADDR" 247 fi 248 249 echo -n "Sending challenge $C1 solution " 250 251 STATUS=$(curl \ 252 -H "Content-Type: application/json" \ 253 -X POST \ 254 "http://localhost:9966/challenge/$C1/confirm" \ 255 -d '{"tan":"'"$TAN"'"}' \ 256 -w "%{http_code}" -s \ 257 -o "$LAST_RESPONSE") 258 259 if [ "$STATUS" != "204" ] 260 then 261 jq < "$LAST_RESPONSE" 262 exit_fail "Expected 204 OK. Got: $STATUS" 263 fi 264 echo "OK" 265 266 echo -n "Finally, add bank account " 267 STATUS=$(curl \ 268 -X POST \ 269 -H "Content-Type: application/json" \ 270 -H "Taler-Challenge-Ids: $C1" \ 271 -H 'Authorization: Bearer secret-token:pass1234' \ 272 http://localhost:9966/instances/self/private/accounts \ 273 -d '{"payto_uri":"payto://x-taler-bank/localhost:8082/44?receiver-name=user44"}' \ 274 -w "%{http_code}" -s \ 275 -o "$LAST_RESPONSE") 276 277 if [ "$STATUS" != "200" ] 278 then 279 jq < "$LAST_RESPONSE" 280 exit_fail "Expected 200 OK. Got: $STATUS" 281 fi 282 283 echo " OK" 284 285 286 echo -n "Begin forgotten password reset " 287 STATUS=$(curl \ 288 -X POST \ 289 -H "Content-Type: application/json" \ 290 http://localhost:9966/instances/self/forgot-password \ 291 -d '{"method":"token","password":"amnesia"}' \ 292 -w "%{http_code}" -s \ 293 -o "$LAST_RESPONSE") 294 295 if [ "$STATUS" != "202" ] 296 then 297 jq < "$LAST_RESPONSE" 298 exit_fail "Expected 202 Accepted. Got: $STATUS" 299 fi 300 301 echo " OK" 302 303 C1=$(jq -r .challenges[0].challenge_id < "$LAST_RESPONSE") 304 C2=$(jq -r .challenges[1].challenge_id < "$LAST_RESPONSE") 305 306 echo -n "Requesting challenge $C1 " 307 308 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 309 "http://localhost:9966/challenge/$C1" \ 310 -d '{}' \ 311 -w "%{http_code}" -s \ 312 -o "$LAST_RESPONSE") 313 314 if [ "$STATUS" != "204" ] 315 then 316 jq < "$LAST_RESPONSE" 317 exit_fail "Expected 204 OK. Got: $STATUS" 318 fi 319 echo "OK" 320 321 TAN=$(cat /tmp/test-merchant-sms-tan.txt | head -n1) 322 ADDR=$(cat /tmp/test-merchant-sms-address.txt) 323 324 if [ "$ADDR" != "1234" ] 325 then 326 exit_fail "Expected address '1234'. Got: $ADDR" 327 fi 328 329 echo -n "Sending challenge $C1 solution " 330 331 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 332 "http://localhost:9966/challenge/$C1/confirm" \ 333 -d '{"tan":"'"$TAN"'"}' \ 334 -w "%{http_code}" -s \ 335 -o "$LAST_RESPONSE") 336 337 if [ "$STATUS" != "204" ] 338 then 339 jq < "$LAST_RESPONSE" 340 exit_fail "Expected 204 OK. Got: $STATUS" 341 fi 342 echo "OK" 343 344 345 echo -n "Requesting challenge $C2 " 346 347 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 348 "http://localhost:9966/challenge/$C2" \ 349 -d '{}' \ 350 -w "%{http_code}" -s \ 351 -o "$LAST_RESPONSE") 352 353 if [ "$STATUS" != "204" ] 354 then 355 jq < "$LAST_RESPONSE" 356 exit_fail "Expected 204 OK. Got: $STATUS" 357 fi 358 echo "OK" 359 360 TAN=$(cat /tmp/test-merchant-email-tan.txt | head -n1) 361 362 echo -n "Sending challenge $C2 solution " 363 364 STATUS=$(curl -H "Content-Type: application/json" -X POST \ 365 "http://localhost:9966/challenge/$C2/confirm" \ 366 -d '{"tan":"'"$TAN"'"}' \ 367 -w "%{http_code}" -s \ 368 -o "$LAST_RESPONSE") 369 370 if [ "$STATUS" != "204" ] 371 then 372 jq < "$LAST_RESPONSE" 373 exit_fail "Expected 204 OK. Got: $STATUS" 374 fi 375 echo "OK" 376 377 echo -n "Complete password reset " 378 STATUS=$(curl \ 379 -X POST \ 380 -H "Content-Type: application/json" \ 381 -H "Taler-Challenge-Ids: $C1,$C2" \ 382 http://localhost:9966/instances/self/forgot-password \ 383 -d '{"method":"token","password":"amnesia"}' \ 384 -w "%{http_code}" -s \ 385 -o "$LAST_RESPONSE") 386 387 if [ "$STATUS" != "204" ] 388 then 389 jq < "$LAST_RESPONSE" 390 exit_fail "Expected 204 No content. Got: $STATUS" 391 fi 392 393 echo " OK" 394 395 396 397 398 399 echo "TEST PASSED" 400 401 exit 0