From 657c4b6377d405640d353a8c5e15dbb6ac59800b Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Thu, 14 Jan 2021 01:47:56 +0100 Subject: [PATCH] merchant exchange confusion test --- .../src/integrationtests/harness.ts | 4 - .../test-merchant-exchange-confusion.ts | 230 ++++++++++++++++++ .../src/integrationtests/test-pay-paid.ts | 9 +- .../src/integrationtests/test-revocation.ts | 5 - .../test-timetravel-withdraw.ts | 2 +- .../src/integrationtests/testrunner.ts | 4 +- 6 files changed, 241 insertions(+), 13 deletions(-) create mode 100644 packages/taler-wallet-cli/src/integrationtests/test-merchant-exchange-confusion.ts diff --git a/packages/taler-wallet-cli/src/integrationtests/harness.ts b/packages/taler-wallet-cli/src/integrationtests/harness.ts index 3bfe85701..6a9d694e9 100644 --- a/packages/taler-wallet-cli/src/integrationtests/harness.ts +++ b/packages/taler-wallet-cli/src/integrationtests/harness.ts @@ -1000,7 +1000,6 @@ export class ExchangeService implements ExchangeServiceInterface { [ "-c", this.configFilename, - ...this.timetravelArgArr, "download", "sign", "upload", @@ -1026,7 +1025,6 @@ export class ExchangeService implements ExchangeServiceInterface { [ "-c", this.configFilename, - ...this.timetravelArgArr, "enable-account", acc, "upload", @@ -1043,7 +1041,6 @@ export class ExchangeService implements ExchangeServiceInterface { [ "-c", this.configFilename, - ...this.timetravelArgArr, "wire-fee", `${i}`, "x-taler-bank", @@ -1066,7 +1063,6 @@ export class ExchangeService implements ExchangeServiceInterface { [ "-c", this.configFilename, - ...this.timetravelArgArr, "revoke-denomination", denomPubHash, "upload", diff --git a/packages/taler-wallet-cli/src/integrationtests/test-merchant-exchange-confusion.ts b/packages/taler-wallet-cli/src/integrationtests/test-merchant-exchange-confusion.ts new file mode 100644 index 000000000..ed070dc96 --- /dev/null +++ b/packages/taler-wallet-cli/src/integrationtests/test-merchant-exchange-confusion.ts @@ -0,0 +1,230 @@ +/* + This file is part of GNU Taler + (C) 2020 Taler Systems S.A. + + GNU Taler is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + GNU Taler; see the file COPYING. If not, see + */ + +/** + * Imports. + */ +import { + BankService, + ExchangeService, + GlobalTestState, + MerchantPrivateApi, + MerchantService, + setupDb, + WalletCli, +} from "./harness"; +import { + withdrawViaBank, + createFaultInjectedMerchantTestkudosEnvironment, + FaultyMerchantTestEnvironment, +} from "./helpers"; +import { + PreparePayResultType, + codecForMerchantOrderStatusUnpaid, + ConfirmPayResultType, + URL, +} from "taler-wallet-core"; +import axios from "axios"; +import { + FaultInjectedExchangeService, + FaultInjectedMerchantService, + FaultInjectionRequestContext, +} from "./faultInjection"; +import { defaultCoinConfig } from "./denomStructures"; + +/** + * Run a test case with a simple TESTKUDOS Taler environment, consisting + * of one exchange, one bank and one merchant. + */ +export async function createConfusedMerchantTestkudosEnvironment( + t: GlobalTestState, +): Promise { + const db = await setupDb(t); + + const bank = await BankService.create(t, { + allowRegistrations: true, + currency: "TESTKUDOS", + database: db.connStr, + httpPort: 8082, + }); + + const exchange = ExchangeService.create(t, { + name: "testexchange-1", + currency: "TESTKUDOS", + httpPort: 8081, + database: db.connStr, + }); + + const merchant = await MerchantService.create(t, { + name: "testmerchant-1", + currency: "TESTKUDOS", + httpPort: 8083, + database: db.connStr, + }); + + const faultyMerchant = new FaultInjectedMerchantService(t, merchant, 9083); + const faultyExchange = new FaultInjectedExchangeService(t, exchange, 9081); + + const exchangeBankAccount = await bank.createExchangeAccount( + "MyExchange", + "x", + ); + exchange.addBankAccount("1", exchangeBankAccount); + + bank.setSuggestedExchange( + faultyExchange, + exchangeBankAccount.accountPaytoUri, + ); + + await bank.start(); + + await bank.pingUntilAvailable(); + + exchange.addOfferedCoins(defaultCoinConfig); + + await exchange.start(); + await exchange.pingUntilAvailable(); + + // Confuse the merchant by adding the non-proxied exchange. + merchant.addExchange(exchange); + + await merchant.start(); + await merchant.pingUntilAvailable(); + + await merchant.addInstance({ + id: "minst1", + name: "minst1", + paytoUris: ["payto://x-taler-bank/minst1"], + }); + + await merchant.addInstance({ + id: "default", + name: "Default Instance", + paytoUris: [`payto://x-taler-bank/merchant-default`], + }); + + console.log("setup done!"); + + const wallet = new WalletCli(t); + + return { + commonDb: db, + exchange, + merchant, + wallet, + bank, + exchangeBankAccount, + faultyMerchant, + faultyExchange, + }; +} + +/** + * Confuse the merchant by having one URL for the same exchange in the config, + * but sending coins from the same exchange with a different URL. + */ +export async function runMerchantExchangeConfusionTest(t: GlobalTestState) { + // Set up test environment + + const { + wallet, + bank, + faultyExchange, + faultyMerchant, + } = await createConfusedMerchantTestkudosEnvironment(t); + + // Withdraw digital cash into the wallet. + + await withdrawViaBank(t, { + wallet, + bank, + exchange: faultyExchange, + amount: "TESTKUDOS:20", + }); + + /** + * ========================================================================= + * Create an order and let the wallet pay under a session ID + * + * We check along the way that the JSON response to /orders/{order_id} + * returns the right thing. + * ========================================================================= + */ + + const merchant = faultyMerchant; + + let orderResp = await MerchantPrivateApi.createOrder(merchant, "default", { + order: { + summary: "Buy me!", + amount: "TESTKUDOS:5", + fulfillment_url: "https://example.com/article42", + }, + }); + + let orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(merchant, { + orderId: orderResp.order_id, + sessionId: "mysession-one", + }); + + t.assertTrue(orderStatus.order_status === "unpaid"); + + t.assertTrue(orderStatus.already_paid_order_id === undefined); + let publicOrderStatusUrl = orderStatus.order_status_url; + + let publicOrderStatusResp = await axios.get(publicOrderStatusUrl, { + validateStatus: () => true, + }); + + if (publicOrderStatusResp.status != 402) { + throw Error( + `expected status 402 (before claiming), but got ${publicOrderStatusResp.status}`, + ); + } + + let pubUnpaidStatus = codecForMerchantOrderStatusUnpaid().decode( + publicOrderStatusResp.data, + ); + + console.log(pubUnpaidStatus); + + let preparePayResp = await wallet.preparePay({ + talerPayUri: pubUnpaidStatus.taler_pay_uri, + }); + + t.assertTrue(preparePayResp.status === PreparePayResultType.PaymentPossible); + + const proposalId = preparePayResp.proposalId; + + publicOrderStatusResp = await axios.get(publicOrderStatusUrl, { + validateStatus: () => true, + }); + + if (publicOrderStatusResp.status != 402) { + throw Error( + `expected status 402 (after claiming), but got ${publicOrderStatusResp.status}`, + ); + } + + pubUnpaidStatus = codecForMerchantOrderStatusUnpaid().decode( + publicOrderStatusResp.data, + ); + + const confirmPayRes = await wallet.confirmPay({ + proposalId: proposalId, + }); + + t.assertTrue(confirmPayRes.type === ConfirmPayResultType.Done); +} diff --git a/packages/taler-wallet-cli/src/integrationtests/test-pay-paid.ts b/packages/taler-wallet-cli/src/integrationtests/test-pay-paid.ts index 4d2706608..136400d9b 100644 --- a/packages/taler-wallet-cli/src/integrationtests/test-pay-paid.ts +++ b/packages/taler-wallet-cli/src/integrationtests/test-pay-paid.ts @@ -45,13 +45,18 @@ export async function runPayPaidTest(t: GlobalTestState) { const { wallet, bank, - exchange, + faultyExchange, faultyMerchant, } = await createFaultInjectedMerchantTestkudosEnvironment(t); // Withdraw digital cash into the wallet. - await withdrawViaBank(t, { wallet, bank, exchange, amount: "TESTKUDOS:20" }); + await withdrawViaBank(t, { + wallet, + bank, + exchange: faultyExchange, + amount: "TESTKUDOS:20", + }); /** * ========================================================================= diff --git a/packages/taler-wallet-cli/src/integrationtests/test-revocation.ts b/packages/taler-wallet-cli/src/integrationtests/test-revocation.ts index ac989855c..0fcf7a932 100644 --- a/packages/taler-wallet-cli/src/integrationtests/test-revocation.ts +++ b/packages/taler-wallet-cli/src/integrationtests/test-revocation.ts @@ -42,16 +42,11 @@ async function revokeAllWalletCoins(req: { for (const coin of coinDump.coins) { usedDenomHashes.add(coin.denom_pub_hash); } - - await exchange.stop(); - for (const x of usedDenomHashes.values()) { await exchange.revokeDenomination(x); } await exchange.keyup(); - - await exchange.start(); await exchange.pingUntilAvailable(); await merchant.stop(); await merchant.start(); diff --git a/packages/taler-wallet-cli/src/integrationtests/test-timetravel-withdraw.ts b/packages/taler-wallet-cli/src/integrationtests/test-timetravel-withdraw.ts index e74a49c95..54b507bcb 100644 --- a/packages/taler-wallet-cli/src/integrationtests/test-timetravel-withdraw.ts +++ b/packages/taler-wallet-cli/src/integrationtests/test-timetravel-withdraw.ts @@ -51,9 +51,9 @@ export async function runTimetravelWithdrawTest(t: GlobalTestState) { await exchange.stop(); exchange.setTimetravel(timetravelDuration); - await exchange.keyup(); await exchange.start(); await exchange.pingUntilAvailable(); + await exchange.keyup(); await merchant.stop(); merchant.setTimetravel(timetravelDuration); diff --git a/packages/taler-wallet-cli/src/integrationtests/testrunner.ts b/packages/taler-wallet-cli/src/integrationtests/testrunner.ts index 3b1ea4966..fbc25168e 100644 --- a/packages/taler-wallet-cli/src/integrationtests/testrunner.ts +++ b/packages/taler-wallet-cli/src/integrationtests/testrunner.ts @@ -47,6 +47,7 @@ import { runTestWithdrawalManualTest } from "./test-withdrawal-manual"; import { runWithdrawalAbortBankTest } from "./test-withdrawal-abort-bank"; import { runWithdrawalBankIntegratedTest } from "./test-withdrawal-bank-integrated"; import M from "minimatch"; +import { runMerchantExchangeConfusionTest } from "./test-merchant-exchange-confusion"; /** * Test runner. @@ -87,6 +88,7 @@ const allTests: TestMainFunction[] = [ runTestWithdrawalManualTest, runWithdrawalAbortBankTest, runWithdrawalBankIntegratedTest, + runMerchantExchangeConfusionTest, ]; export interface TestRunSpec { @@ -118,7 +120,7 @@ export function getTestName(tf: TestMainFunction): string { throw Error("invalid test name, must be 'run${NAME}Test'"); } return res[1] - .replace(/[a-z0-9][A-Z]/, (x) => { + .replace(/[a-z0-9][A-Z]/g, (x) => { return x[0] + "-" + x[1]; }) .toLowerCase();