diff options
Diffstat (limited to 'packages/taler-harness/src/integrationtests/test-merchant-exchange-confusion.ts')
| -rw-r--r-- | packages/taler-harness/src/integrationtests/test-merchant-exchange-confusion.ts | 246 |
1 files changed, 246 insertions, 0 deletions
diff --git a/packages/taler-harness/src/integrationtests/test-merchant-exchange-confusion.ts b/packages/taler-harness/src/integrationtests/test-merchant-exchange-confusion.ts new file mode 100644 index 000000000..35e3267b1 --- /dev/null +++ b/packages/taler-harness/src/integrationtests/test-merchant-exchange-confusion.ts @@ -0,0 +1,246 @@ +/* + This file is part of GNU Taler + (C) 2020 Taler Systems S.A. + + GNU Taler is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + GNU Taler; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ + +/** + * Imports. + */ +import { + codecForMerchantOrderStatusUnpaid, + ConfirmPayResultType, + MerchantApiClient, + PreparePayResultType, +} from "@gnu-taler/taler-util"; +import { WalletApiOperation } from "@gnu-taler/taler-wallet-core"; +import { URL } from "url"; +import { defaultCoinConfig } from "../harness/denomStructures.js"; +import { + FaultInjectedExchangeService, + FaultInjectedMerchantService, +} from "../harness/faultInjection.js"; +import { + BankService, + ExchangeService, + generateRandomPayto, + GlobalTestState, + harnessHttpLib, + MerchantService, + setupDb, +} from "../harness/harness.js"; +import { + createWalletDaemonWithClient, + FaultyMerchantTestEnvironment, + withdrawViaBankV2, +} from "../harness/helpers.js"; + +/** + * Run a test case with a simple TESTKUDOS Taler environment, consisting + * of one exchange, one bank and one merchant. + */ +export async function createConfusedMerchantTestkudosEnvironment( + t: GlobalTestState, +): Promise<FaultyMerchantTestEnvironment> { + const db = await setupDb(t); + + const bank = await BankService.create(t, { + allowRegistrations: true, + currency: "TESTKUDOS", + database: db.connStr, + httpPort: 8082, + }); + + const exchange = ExchangeService.create(t, { + name: "testexchange-1", + currency: "TESTKUDOS", + httpPort: 8081, + database: db.connStr, + }); + + const merchant = await MerchantService.create(t, { + name: "testmerchant-1", + currency: "TESTKUDOS", + httpPort: 8083, + database: db.connStr, + }); + + const faultyMerchant = new FaultInjectedMerchantService(t, merchant, 9083); + const faultyExchange = new FaultInjectedExchangeService(t, exchange, 9081); + + // Base URL must contain port that the proxy is listening on. + await exchange.modifyConfig(async (config) => { + config.setString("exchange", "base_url", "http://localhost:9081/"); + }); + + const exchangeBankAccount = await bank.createExchangeAccount( + "myexchange", + "x", + ); + exchange.addBankAccount("1", exchangeBankAccount); + + bank.setSuggestedExchange( + faultyExchange, + exchangeBankAccount.accountPaytoUri, + ); + + await bank.start(); + + await bank.pingUntilAvailable(); + + exchange.addOfferedCoins(defaultCoinConfig); + + await exchange.start(); + await exchange.pingUntilAvailable(); + + // Confuse the merchant by adding the non-proxied exchange. + merchant.addExchange(exchange); + + await merchant.start(); + await merchant.pingUntilAvailable(); + + await merchant.addInstanceWithWireAccount({ + id: "default", + name: "Default Instance", + paytoUris: [generateRandomPayto("merchant-default")], + }); + + await merchant.addInstanceWithWireAccount({ + id: "minst1", + name: "minst1", + paytoUris: [generateRandomPayto("minst1")], + }); + + console.log("setup done!"); + + const { walletClient } = await createWalletDaemonWithClient(t, { + name: "default", + }); + + return { + commonDb: db, + exchange, + merchant, + walletClient, + bank, + exchangeBankAccount, + faultyMerchant, + faultyExchange, + }; +} + +/** + * Confuse the merchant by having one URL for the same exchange in the config, + * but sending coins from the same exchange with a different URL. + */ +export async function runMerchantExchangeConfusionTest(t: GlobalTestState) { + // Set up test environment + + const { walletClient, bank, faultyExchange, faultyMerchant } = + await createConfusedMerchantTestkudosEnvironment(t); + + // Withdraw digital cash into the wallet. + + const wres = await withdrawViaBankV2(t, { + walletClient, + bank, + exchange: faultyExchange, + amount: "TESTKUDOS:20", + }); + + await wres.withdrawalFinishedCond; + + /** + * ========================================================================= + * Create an order and let the wallet pay under a session ID + * + * We check along the way that the JSON response to /orders/{order_id} + * returns the right thing. + * ========================================================================= + */ + + const merchant = faultyMerchant; + + const merchantClient = new MerchantApiClient(merchant.makeInstanceBaseUrl()); + + let orderResp = await merchantClient.createOrder({ + order: { + summary: "Buy me!", + amount: "TESTKUDOS:5", + fulfillment_url: "https://example.com/article42", + }, + }); + + let orderStatus = await merchantClient.queryPrivateOrderStatus({ + orderId: orderResp.order_id, + sessionId: "mysession-one", + }); + + t.assertTrue(orderStatus.order_status === "unpaid"); + + t.assertTrue(orderStatus.already_paid_order_id === undefined); + let publicOrderStatusUrl = orderStatus.order_status_url; + + let publicOrderStatusResp = await harnessHttpLib.fetch(publicOrderStatusUrl); + + if (publicOrderStatusResp.status != 402) { + throw Error( + `expected status 402 (before claiming), but got ${publicOrderStatusResp.status}`, + ); + } + + let pubUnpaidStatus = codecForMerchantOrderStatusUnpaid().decode( + await publicOrderStatusResp.json(), + ); + + console.log(pubUnpaidStatus); + + let preparePayResp = await walletClient.call( + WalletApiOperation.PreparePayForUri, + { + talerPayUri: pubUnpaidStatus.taler_pay_uri, + }, + ); + + t.assertTrue(preparePayResp.status === PreparePayResultType.PaymentPossible); + + const proposalId = preparePayResp.proposalId; + + const orderUrlWithHash = new URL(publicOrderStatusUrl); + orderUrlWithHash.searchParams.set( + "h_contract", + preparePayResp.contractTermsHash, + ); + + console.log("requesting", orderUrlWithHash.href); + + publicOrderStatusResp = await harnessHttpLib.fetch(orderUrlWithHash.href); + + if (publicOrderStatusResp.status != 402) { + throw Error( + `expected status 402 (after claiming), but got ${publicOrderStatusResp.status}`, + ); + } + + pubUnpaidStatus = codecForMerchantOrderStatusUnpaid().decode( + await publicOrderStatusResp.json(), + ); + + const confirmPayRes = await walletClient.call(WalletApiOperation.ConfirmPay, { + proposalId: proposalId, + }); + + t.assertTrue(confirmPayRes.type === ConfirmPayResultType.Done); +} + +runMerchantExchangeConfusionTest.suites = ["merchant"]; |