security.rs (3542B)
1 /* 2 This file is part of TALER 3 Copyright (C) 2025 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU Affero General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. 12 13 You should have received a copy of the GNU Affero General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 17 use axum::http::{StatusCode, header}; 18 use common::setup; 19 use taler_api::constants::MAX_BODY_LENGTH; 20 use taler_common::{ 21 api_wire::{TransferRequest, TransferResponse}, 22 error_code::ErrorCode, 23 types::{ 24 amount::{Amount, Currency}, 25 base32::Base32, 26 payto::payto, 27 url, 28 }, 29 }; 30 use taler_test_utils::server::TestServer as _; 31 32 mod common; 33 34 #[tokio::test] 35 async fn body_parsing() { 36 let (server, _) = setup().await; 37 let eur: Currency = "EUR".parse().unwrap(); 38 let normal_body = TransferRequest { 39 request_uid: Base32::rand(), 40 amount: Amount::zero(&eur), 41 exchange_base_url: url("https://test.com"), 42 wtid: Base32::rand(), 43 credit_account: payto("payto:://test"), 44 }; 45 46 // Check OK 47 server 48 .post("/taler-wire-gateway/transfer") 49 .json(&normal_body) 50 .deflate() 51 .await 52 .assert_ok_json::<TransferResponse>(); 53 54 // Headers check 55 server 56 .post("/taler-wire-gateway/transfer") 57 .json(&normal_body) 58 .remove(header::CONTENT_TYPE) 59 .await 60 .assert_error_status( 61 ErrorCode::GENERIC_HTTP_HEADERS_MALFORMED, 62 StatusCode::UNSUPPORTED_MEDIA_TYPE, 63 ); 64 server 65 .post("/taler-wire-gateway/transfer") 66 .json(&normal_body) 67 .deflate() 68 .remove(header::CONTENT_ENCODING) 69 .await 70 .assert_error(ErrorCode::GENERIC_JSON_INVALID); 71 server 72 .post("/taler-wire-gateway/transfer") 73 .json(&normal_body) 74 .header(header::CONTENT_TYPE, "invalid") 75 .await 76 .assert_error_status( 77 ErrorCode::GENERIC_HTTP_HEADERS_MALFORMED, 78 StatusCode::UNSUPPORTED_MEDIA_TYPE, 79 ); 80 server 81 .post("/taler-wire-gateway/transfer") 82 .json(&normal_body) 83 .header(header::CONTENT_ENCODING, "deflate") 84 .await 85 .assert_error(ErrorCode::GENERIC_COMPRESSION_INVALID); 86 server 87 .post("/taler-wire-gateway/transfer") 88 .json(&normal_body) 89 .header(header::CONTENT_ENCODING, "invalid") 90 .await 91 .assert_error_status( 92 ErrorCode::GENERIC_HTTP_HEADERS_MALFORMED, 93 StatusCode::UNSUPPORTED_MEDIA_TYPE, 94 ); 95 96 // Body size limit 97 let huge_body = TransferRequest { 98 credit_account: payto(format!( 99 "payto:://test?message={:A<1$}", 100 "payout", MAX_BODY_LENGTH 101 )), 102 ..normal_body 103 }; 104 server 105 .post("/taler-wire-gateway/transfer") 106 .json(&huge_body) 107 .await 108 .assert_error(ErrorCode::GENERIC_UPLOAD_EXCEEDS_LIMIT); 109 server 110 .post("/taler-wire-gateway/transfer") 111 .json(&huge_body) 112 .deflate() 113 .await 114 .assert_error(ErrorCode::GENERIC_UPLOAD_EXCEEDS_LIMIT); 115 }