test merchant issue reported by MS

packages/taler-wallet-cli/src/integrationtests/harness.ts

@@ -277,7 +277,9 @@ export class GlobalTestState {
   }
 
   assertAxiosError(e: any): asserts e is AxiosError {
-    return e.isAxiosError;
+    if (!e.isAxiosError) {
+      throw Error("expected axios error");
+    }
   }
 
   assertTrue(b: boolean): asserts b {
@@ -1191,6 +1193,14 @@ export class MerchantApiClient {
     });
   }
 
+  async deleteInstance(instanceId: string) {
+    const baseUrl = this.baseUrl;
+    const url = new URL(`private/instances/${instanceId}`);
+    await axios.delete(url.href, {
+      headers: this.makeAuthHeader(),
+    });
+  }
+
   async createInstance(req: MerchantInstanceConfig): Promise<void> {
     const baseUrl = this.baseUrl;
     const url = new URL("private/instances", baseUrl);
@@ -1209,10 +1219,14 @@ export class MerchantApiClient {
 
   async getInstanceFullDetails(instanceId: string): Promise<any> {
     const url = new URL(`private/instances/${instanceId}`, this.baseUrl);
+    try {
       const resp = await axios.get(url.href, {
         headers: this.makeAuthHeader(),
       });
       return resp.data;
+    } catch (e) {
+      throw e;
+    }
   }
 
   makeAuthHeader(): Record<string, string> {

packages/taler-wallet-cli/src/integrationtests/test-merchant-instances.ts

@@ -80,13 +80,23 @@ export async function runMerchantInstancesTest(t: GlobalTestState) {
     },
   });
 
+  // Add an instance, no auth!
+  await merchant.addInstance({
+    id: "myinst",
+    name: "Second Instance",
+    paytoUris: [`payto://x-taler-bank/merchant-default`],
+    auth: {
+      method: "external",
+    },
+  });
+
   let merchantClient = new MerchantApiClient(merchant.makeInstanceBaseUrl(), {
     method: "external",
   });
 
   {
     const r = await merchantClient.getInstances();
-    t.assertDeepEqual(r.instances.length, 1);
+    t.assertDeepEqual(r.instances.length, 2);
   }
 
   // Check that a "malformed" bearer Authorization header gets ignored
@@ -94,7 +104,7 @@ export async function runMerchantInstancesTest(t: GlobalTestState) {
     const url = merchant.makeInstanceBaseUrl();
     const resp = await axios.get(new URL("private/instances", url).href, {
       headers: {
-        "Authorization": "foo bar-baz",
+        Authorization: "foo bar-baz",
       },
     });
     t.assertDeepEqual(resp.status, 200);
@@ -133,8 +143,8 @@ export async function runMerchantInstancesTest(t: GlobalTestState) {
     const resp = await axios.get(new URL("private/instances", url).href, {
       headers: {
         // Note the spaces
-        "Authorization": "Bearer     secret-token:foobar",
-      }
+        Authorization: "Bearer     secret-token:foobar",
+      },
     });
     t.assertDeepEqual(resp.status, 200);
   }
@@ -146,6 +156,24 @@ export async function runMerchantInstancesTest(t: GlobalTestState) {
     // Token should *not* be reported back.
     t.assertDeepEqual(fullDetails.auth.token, undefined);
   }
+
+  // Check that deleting an instance checks the auth
+  // of the default instance.
+  {
+    const unauthMerchantClient = new MerchantApiClient(
+      merchant.makeInstanceBaseUrl(),
+      {
+        method: "external",
+      },
+    );
+
+    const exc = await t.assertThrowsAsync(async () => {
+      await unauthMerchantClient.deleteInstance("");
+    });
+    console.log(exc);
+    t.assertAxiosError(exc);
+    t.assertDeepEqual(exc.response?.status, 403);
+  }
 }
 
 runMerchantInstancesTest.suites = ["merchant"];