diff --git a/src/testing/.gitignore b/src/testing/.gitignore index e18e900ae..7bdd9a1e2 100644 --- a/src/testing/.gitignore +++ b/src/testing/.gitignore @@ -8,6 +8,8 @@ test_taler_exchange_aggregator-postgres test_taler_exchange_wirewatch-postgres test_exchange_api_revocation_cs test_exchange_api_revocation_rsa +test_exchange_api_age_restriction_cs +test_exchange_api_age_restriction_rsa report* test_exchange_management_api_cs test_exchange_management_api_rsa diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am index 068d94590..42408ad58 100644 --- a/src/testing/Makefile.am +++ b/src/testing/Makefile.am @@ -156,6 +156,8 @@ check_PROGRAMS = \ test_bank_api_with_fakebank \ test_exchange_api_cs \ test_exchange_api_rsa \ + test_exchange_api_age_restriction_cs \ + test_exchange_api_age_restriction_rsa \ test_exchange_api_keys_cherry_picking_cs \ test_exchange_api_keys_cherry_picking_rsa \ test_exchange_api_revocation_cs \ @@ -281,6 +283,40 @@ test_exchange_api_rsa_LDADD = \ -ljansson \ $(XLIB) +test_exchange_api_age_restriction_cs_SOURCES = \ + test_exchange_api_age_restriction.c +test_exchange_api_age_restriction_cs_LDADD = \ + libtalertesting.la \ + $(top_builddir)/src/lib/libtalerexchange.la \ + $(LIBGCRYPT_LIBS) \ + $(top_builddir)/src/bank-lib/libtalerfakebank.la \ + $(top_builddir)/src/bank-lib/libtalerbank.la \ + $(top_builddir)/src/json/libtalerjson.la \ + $(top_builddir)/src/util/libtalerutil.la \ + $(top_builddir)/src/extensions/libtalerextensions.la \ + -lgnunettesting \ + -lgnunetcurl \ + -lgnunetutil \ + -ljansson \ + $(XLIB) + +test_exchange_api_age_restriction_rsa_SOURCES = \ + test_exchange_api_age_restriction.c +test_exchange_api_age_restriction_rsa_LDADD = \ + libtalertesting.la \ + $(top_builddir)/src/lib/libtalerexchange.la \ + $(LIBGCRYPT_LIBS) \ + $(top_builddir)/src/bank-lib/libtalerfakebank.la \ + $(top_builddir)/src/bank-lib/libtalerbank.la \ + $(top_builddir)/src/json/libtalerjson.la \ + $(top_builddir)/src/util/libtalerutil.la \ + $(top_builddir)/src/extensions/libtalerextensions.la \ + -lgnunettesting \ + -lgnunetcurl \ + -lgnunetutil \ + -ljansson \ + $(XLIB) + test_exchange_p2p_cs_SOURCES = \ test_exchange_p2p.c test_exchange_p2p_cs_LDADD = \ @@ -554,6 +590,9 @@ EXTRA_DIST = \ test_exchange_api.conf \ test_exchange_api-cs.conf \ test_exchange_api-rsa.conf \ + test_exchange_api_age_restiction.conf \ + test_exchange_api_age_restiction-cs.conf \ + test_exchange_api_age_restiction-rsa.conf \ test_exchange_api_twisted.conf \ test_exchange_api_twisted-cs.conf \ test_exchange_api_twisted-rsa.conf \ diff --git a/src/testing/test_exchange_api-rsa.conf b/src/testing/test_exchange_api_age_restriction-cs.conf similarity index 74% rename from src/testing/test_exchange_api-rsa.conf rename to src/testing/test_exchange_api_age_restriction-cs.conf index c7f48447b..b80696fb2 100644 --- a/src/testing/test_exchange_api-rsa.conf +++ b/src/testing/test_exchange_api_age_restriction-cs.conf @@ -1,4 +1,4 @@ # This file is in the public domain. # +@INLINE@ coins-cs.conf @INLINE@ test_exchange_api.conf -@INLINE@ coins-rsa.conf diff --git a/src/testing/test_exchange_api_age_restriction-rsa.conf b/src/testing/test_exchange_api_age_restriction-rsa.conf new file mode 100644 index 000000000..30d75090f --- /dev/null +++ b/src/testing/test_exchange_api_age_restriction-rsa.conf @@ -0,0 +1,4 @@ +# This file is in the public domain. +# +@INLINE@ test_exchange_api_age_restriction.conf +@INLINE@ coins-rsa.conf diff --git a/src/testing/test_exchange_api_age_restriction.c b/src/testing/test_exchange_api_age_restriction.c new file mode 100644 index 000000000..2e62b7c79 --- /dev/null +++ b/src/testing/test_exchange_api_age_restriction.c @@ -0,0 +1,359 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3, or + (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, see + +*/ +/** + * @file testing/test_exchange_api_age_restriction.c + * @brief testcase to test exchange's age-restrictrition related HTTP API interfaces + * @author Özgür Kesim + */ +#include "platform.h" +#include "taler_util.h" +#include "taler_signatures.h" +#include "taler_exchange_service.h" +#include "taler_json_lib.h" +#include +#include +#include +#include "taler_bank_service.h" +#include "taler_fakebank_lib.h" +#include "taler_testing_lib.h" +#include "taler_extensions.h" + +/** + * Configuration file we use. One (big) configuration is used + * for the various components for this test. + */ +static char *config_file; + +/** + * Our credentials. + */ +static struct TALER_TESTING_Credentials cred; + +/** + * Some tests behave differently when using CS as we cannot + * re-use the coin private key for different denominations + * due to the derivation of it with the /csr values. Hence + * some tests behave differently in CS mode, hence this + * flag. + */ +static bool uses_cs; + +/** + * Execute the taler-exchange-wirewatch command with + * our configuration file. + * + * @param label label to use for the command. + */ +#define CMD_EXEC_WIREWATCH(label) \ + TALER_TESTING_cmd_exec_wirewatch2 (label, config_file, "exchange-account-2") + +/** + * Execute the taler-exchange-aggregator, closer and transfer commands with + * our configuration file. + * + * @param label label to use for the command. + */ +#define CMD_EXEC_AGGREGATOR(label) \ + TALER_TESTING_cmd_sleep ("sleep-before-aggregator", 2), \ + TALER_TESTING_cmd_exec_aggregator (label "-aggregator", config_file), \ + TALER_TESTING_cmd_exec_transfer (label "-transfer", config_file) + + +/** + * Run wire transfer of funds from some user's account to the + * exchange. + * + * @param label label to use for the command. + * @param amount amount to transfer, i.e. "EUR:1" + */ +#define CMD_TRANSFER_TO_EXCHANGE(label,amount) \ + TALER_TESTING_cmd_admin_add_incoming (label, amount, \ + &cred.ba, \ + cred.user42_payto) + +/** + * Main function that will tell the interpreter what commands to + * run. + * + * @param cls closure + * @param is interpreter we use to run commands + */ +static void +run (void *cls, + struct TALER_TESTING_Interpreter *is) +{ + (void) cls; + /** + * Test withdrawal with age restriction. Success is expected (because the + * amount is below the kyc threshold ), so it MUST be + * called _after_ TALER_TESTING_cmd_exec_offline_sign_extensions is called, + * i. e. age restriction is activated in the exchange! + * + * TODO: create a test that tries to withdraw coins with age restriction but + * (expectedly) fails because the exchange doesn't support age restriction + * yet. + */ + struct TALER_TESTING_Command withdraw_age[] = { + /** + * Move money to the exchange's bank account. + */ + CMD_TRANSFER_TO_EXCHANGE ("create-reserve-age", + "EUR:6.01"), + TALER_TESTING_cmd_check_bank_admin_transfer ("check-create-reserve-age", + "EUR:6.01", + cred.user42_payto, + cred.exchange_payto, + "create-reserve-age"), + /** + * Make a reserve exist, according to the previous + * transfer. + */ + CMD_EXEC_WIREWATCH ("wirewatch-age"), + /** + * Withdraw EUR:5. + */ + TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-age-1", + "create-reserve-age", + "EUR:5", + 13, + MHD_HTTP_OK), + + TALER_TESTING_cmd_end () + }; + + struct TALER_TESTING_Command spend_age[] = { + /** + * Spend the coin. + */ + TALER_TESTING_cmd_deposit ("deposit-simple-age", + "withdraw-coin-age-1", + 0, + cred.user42_payto, + "{\"items\":[{\"name\":\"ice cream\",\"value\":1}]}", + GNUNET_TIME_UNIT_ZERO, + "EUR:4.99", + MHD_HTTP_OK), + TALER_TESTING_cmd_deposit_replay ("deposit-simple-replay-age", + "deposit-simple-age", + MHD_HTTP_OK), + TALER_TESTING_cmd_end () + }; + + + struct TALER_TESTING_Command refresh_age[] = { + /* Fill reserve with EUR:5, 1ct is for fees. */ + CMD_TRANSFER_TO_EXCHANGE ("refresh-create-reserve-age-1", + "EUR:6.01"), + TALER_TESTING_cmd_check_bank_admin_transfer ( + "ck-refresh-create-reserve-age-1", + "EUR:6.01", + cred.user42_payto, + cred.exchange_payto, + "refresh-create-reserve-age-1"), + /** + * Make previous command effective. + */ + CMD_EXEC_WIREWATCH ("wirewatch-age-2"), + /** + * Withdraw EUR:7 with age restriction for age 13. + */ + TALER_TESTING_cmd_withdraw_amount ("refresh-withdraw-coin-age-1", + "refresh-create-reserve-age-1", + "EUR:5", + 13, + MHD_HTTP_OK), + /* Try to partially spend (deposit) 1 EUR of the 5 EUR coin + * (in full) (merchant would receive EUR:0.99 due to 1 ct + * deposit fee) + */ + TALER_TESTING_cmd_deposit ("refresh-deposit-partial-age", + "refresh-withdraw-coin-age-1", + 0, + cred.user42_payto, + "{\"items\":[{\"name\":\"ice cream\",\"value\":\"EUR:1\"}]}", + GNUNET_TIME_UNIT_ZERO, + "EUR:1", + MHD_HTTP_OK), + /** + * Melt the rest of the coin's value + * (EUR:4.00 = 3x EUR:1.03 + 7x EUR:0.13) */ + TALER_TESTING_cmd_melt_double ("refresh-melt-age-1", + "refresh-withdraw-coin-age-1", + MHD_HTTP_OK, + NULL), + /** + * Complete (successful) melt operation, and + * withdraw the coins + */ + TALER_TESTING_cmd_refresh_reveal ("refresh-reveal-age-1", + "refresh-melt-age-1", + MHD_HTTP_OK), + /** + * Do it again to check idempotency + */ + TALER_TESTING_cmd_refresh_reveal ("refresh-reveal-age-1-idempotency", + "refresh-melt-age-1", + MHD_HTTP_OK), + /** + * Test that /refresh/link works + */ + TALER_TESTING_cmd_refresh_link ("refresh-link-age-1", + "refresh-reveal-age-1", + MHD_HTTP_OK), + /** + * Try to spend a refreshed EUR:1 coin + */ + TALER_TESTING_cmd_deposit ("refresh-deposit-refreshed-age-1a", + "refresh-reveal-age-1-idempotency", + 0, + cred.user42_payto, + "{\"items\":[{\"name\":\"ice cream\",\"value\":3}]}", + GNUNET_TIME_UNIT_ZERO, + "EUR:1", + MHD_HTTP_OK), + /** + * Try to spend a refreshed EUR:0.1 coin + */ + TALER_TESTING_cmd_deposit ("refresh-deposit-refreshed-age-1b", + "refresh-reveal-age-1", + 3, + cred.user43_payto, + "{\"items\":[{\"name\":\"ice cream\",\"value\":3}]}", + GNUNET_TIME_UNIT_ZERO, + "EUR:0.1", + MHD_HTTP_OK), + /* Test running a failing melt operation (same operation + * again must fail) */ + TALER_TESTING_cmd_melt ("refresh-melt-failing-age", + "refresh-withdraw-coin-age-1", + MHD_HTTP_CONFLICT, + NULL), + /* Test running a failing melt operation (on a coin that + was itself revealed and subsequently deposited) */ + TALER_TESTING_cmd_melt ("refresh-melt-failing-age-2", + "refresh-reveal-age-1", + MHD_HTTP_CONFLICT, + NULL), + TALER_TESTING_cmd_end () + }; + + /** + * Test with age-withdraw, after kyc process has set a birthdate + */ + struct TALER_TESTING_Command age_withdraw[] = { + CMD_TRANSFER_TO_EXCHANGE ("create-reserve-1", + "EUR:20.02"), + TALER_TESTING_cmd_check_bank_admin_transfer ( + "check-create-reserve-1", + "EUR:20.02", + cred.user42_payto, + cred.exchange_payto, + "create-reserve-1"), + CMD_EXEC_WIREWATCH ("wirewatch-age-withdraw-1"), + TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-lacking-kyc", + "create-reserve-1", + "EUR:5", + 0, /* age restriction off */ + MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS), + TALER_TESTING_cmd_check_kyc_get ("check-kyc-withdraw", + "withdraw-coin-1-lacking-kyc", + MHD_HTTP_ACCEPTED), + TALER_TESTING_cmd_proof_kyc_oauth2 ("proof-kyc", + "withdraw-coin-1-lacking-kyc", + "kyc-provider-test-oauth2", + "pass", + MHD_HTTP_SEE_OTHER), + TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-with-kyc", + "create-reserve-1", + "EUR:5", + 0, /* age restriction off */ + MHD_HTTP_OK), + /* Attestations above are bound to the originating *bank* account, + not to the reserve (!). Hence, they are NOT found here! */ + TALER_TESTING_cmd_reserve_get_attestable ("reserve-get-attestable", + "create-reserve-1", + MHD_HTTP_NOT_FOUND, + NULL), + TALER_TESTING_cmd_end (), + }; + + { + struct TALER_TESTING_Command commands[] = { + TALER_TESTING_cmd_run_fakebank ("run-fakebank", + cred.cfg, + "exchange-account-2"), + TALER_TESTING_cmd_system_start ("start-taler", + config_file, + "-e", + NULL), + TALER_TESTING_cmd_get_exchange ("get-exchange", + cred.cfg, + NULL, + true, + true), + TALER_TESTING_cmd_oauth_with_birthdate ("oauth-service-with-birthdate", + "2022-00-00", /* enough for a while */ + 6666), + TALER_TESTING_cmd_batch ("withdraw-age", + withdraw_age), + TALER_TESTING_cmd_batch ("spend-age", + spend_age), + TALER_TESTING_cmd_batch ("refresh-age", + refresh_age), + TALER_TESTING_cmd_batch ("age-withdraw", + age_withdraw), + /* End the suite. */ + TALER_TESTING_cmd_end () + }; + + TALER_TESTING_run (is, + commands); + } +} + + +int +main (int argc, + char *const *argv) +{ + (void) argc; + { + char *cipher; + + cipher = GNUNET_TESTING_get_testname_from_underscore (argv[0]); + GNUNET_assert (NULL != cipher); + uses_cs = (0 == strcmp (cipher, + "cs")); + GNUNET_asprintf (&config_file, + "test_exchange_api_age_restriction-%s.conf", + cipher); + GNUNET_free (cipher); + } + return TALER_TESTING_main (argv, + "INFO", + config_file, + "exchange-account-2", + TALER_TESTING_BS_FAKEBANK, + &cred, + &run, + NULL); +} + + +/* end of test_exchange_api_age_restriction.c */ diff --git a/src/testing/test_exchange_api_age_restriction.conf b/src/testing/test_exchange_api_age_restriction.conf new file mode 100644 index 000000000..37e7fc308 --- /dev/null +++ b/src/testing/test_exchange_api_age_restriction.conf @@ -0,0 +1,92 @@ +# This file is in the public domain. +# + +[PATHS] +TALER_TEST_HOME = test_exchange_api_home/ + +[taler] +CURRENCY = EUR +CURRENCY_ROUND_UNIT = EUR:0.01 + +[auditor] +BASE_URL = "http://localhost:8083/" +PORT = 8083 +PUBLIC_KEY = T0XJ9QZ59YDN7QG3RE40SB2HY7W0ASR1EKF4WZDGZ1G159RSQC80 +TINY_AMOUNT = EUR:0.01 + +[auditordb-postgres] +CONFIG = "postgres:///talercheck" + +[bank] +HTTP_PORT = 8082 + +[exchange] +TERMS_ETAG = tos +PRIVACY_ETAG = 0 +AML_THRESHOLD = EUR:1000000 +PORT = 8081 +MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG +DB = postgres +BASE_URL = "http://localhost:8081/" +EXPIRE_SHARD_SIZE ="300 ms" +EXPIRE_IDLE_SLEEP_INTERVAL ="1 s" + +[exchangedb-postgres] +CONFIG = "postgres:///talercheck" + +[taler-exchange-secmod-cs] +LOOKAHEAD_SIGN = "24 days" + +[taler-exchange-secmod-rsa] +LOOKAHEAD_SIGN = "24 days" + +[taler-exchange-secmod-eddsa] +LOOKAHEAD_SIGN = "24 days" +DURATION = "14 days" + + +[exchange-account-1] +PAYTO_URI = "payto://x-taler-bank/localhost/42?receiver-name=42" +ENABLE_DEBIT = YES +ENABLE_CREDIT = YES + +[exchange-accountcredentials-1] +WIRE_GATEWAY_AUTH_METHOD = none +WIRE_GATEWAY_URL = "http://localhost:8082/42/" + +[exchange-account-2] +PAYTO_URI = "payto://x-taler-bank/localhost/2?receiver-name=2" +ENABLE_DEBIT = YES +ENABLE_CREDIT = YES + +[exchange-accountcredentials-2] +WIRE_GATEWAY_AUTH_METHOD = basic +USERNAME = Exchange +PASSWORD = x +WIRE_GATEWAY_URL = "http://localhost:8082/2/" + + +[kyc-provider-test-oauth2] +COST = 0 +LOGIC = oauth2 +USER_TYPE = INDIVIDUAL +PROVIDED_CHECKS = DUMMY +KYC_OAUTH2_VALIDITY = forever +KYC_OAUTH2_TOKEN_URL = http://localhost:6666/oauth/v2/token +KYC_OAUTH2_AUTHORIZE_URL = http://localhost:6666/oauth/v2/login +KYC_OAUTH2_INFO_URL = http://localhost:6666/api/user/me +KYC_OAUTH2_CLIENT_ID = taler-exchange +KYC_OAUTH2_CLIENT_SECRET = exchange-secret +KYC_OAUTH2_POST_URL = http://example.com/ +KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"full_name":"{{last_name}}, {{first_name}}","birthdate":"{{birthdate}}"}" + +[kyc-legitimization-withdraw] +OPERATION_TYPE = WITHDRAW +REQUIRED_CHECKS = DUMMY +THRESHOLD = EUR:15 +TIMEFRAME = 1d + + +[exchange-extension-age_restriction] +ENABLED = YES +#AGE_GROUPS = "8:10:12:14:16:18:21"