View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010448Talerlibeufin-bankpublic2025-09-23 13:072025-09-23 13:54
Reportersebasjm Assigned ToAntoine A  
PrioritynormalSeveritycrashReproducibilityalways
Status assignedResolutionopen 
Product Versiongit (master) 
Target Versiongit (master) 
Summary0010448: UUID string too large [dev/antoinea/2fa-v2]
DescriptionSep 23 07:56:13 libeufin-bank[103265]: 23-Sep-2025T07:56:13.789 4YQFCR2WB3 DEBUG libeufin-bank-api - IllegalArgumentException: UUID string too large
Sep 23 07:56:13 libeufin-bank[103265]: at java.base/java.util.UUID.fromString1(UUID.java:266)
Sep 23 07:56:13 libeufin-bank[103265]: at java.base/java.util.UUID.fromString(UUID.java:260)
Sep 23 07:56:13 libeufin-bank[103265]: at tech.libeufin.bank.api.CoreBankApiKt$coreBankAccountsApi$3$1.invokeSuspend(CoreBankApi.kt:933)
Sep 23 07:56:13 libeufin-bank[103265]: at tech.libeufin.bank.api.CoreBankApiKt$coreBankAccountsApi$3$1.invoke(CoreBankApi.kt)
Sep 23 07:56:13 libeufin-bank[103265]: at tech.libeufin.bank.api.CoreBankApiKt$coreBankAccountsApi$3$1.invoke(CoreBankApi.kt)
Sep 23 07:56:13 libeufin-bank[103265]: at io.ktor.server.routing.RoutingNode$buildPipeline$1$1.invokeSuspend(RoutingNode.kt:126)
Sep 23 07:56:13 libeufin-bank[103265]: at io.ktor.server.routing.RoutingNode$buildPipeline$1$1.invoke(RoutingNode.kt)
Sep 23 07:56:13 libeufin-bank[103265]: at io.ktor.server.routing.RoutingNode$buildPipeline$1$1.invoke(RoutingNode.kt)
Sep 23 07:56:13 libeufin-bank[103265]: at io.ktor.util.pipeline.PipelineJvmKt.pipelineStartCoroutineUninterceptedOrReturn(PipelineJvm.kt:15)
Sep 23 07:56:13 libeufin-bank[103265]: at io.ktor.util.pipeline.SuspendFunctionGun.loop(SuspendFunctionGun.kt:131)
Steps To Reproduce/////////////////////
// update merchant: tan channel from email to sms
////////////////////

curl 'http://bank.taler.test/accounts/merchant' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: authorization,content-type' \
  -H 'Access-Control-Request-Method: PATCH' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant' \
  -X 'PATCH' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Authorization: Bearer secret-token:BJDQ2YEDGY59QTT8XPAH5MBA653R37MAWNWBWAXE19GYQH4QBVF0' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --data-raw '{"cashout_payto_uri":null,"tan_channel":"sms"}' \
  --insecure ;

// RESPONSE 202 Accepted

{
    "challenges": [
        {
            "challenge_id": "07be95a8-c0f7-4393-9324-64fe0280bcf6",
            "tan_channel": "email",
            "tan_info": "qwe@qwe.com"
        }
    ],
    "combi_and": false
}

/////////////////////
// update merchant: received a email challenge, send the code
////////////////////

curl 'http://bank.taler.test/accounts/merchant/challenge/07be95a8-c0f7-4393-9324-64fe0280bcf6' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: content-type' \
  -H 'Access-Control-Request-Method: POST' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant/challenge/07be95a8-c0f7-4393-9324-64fe0280bcf6' \
  -X 'POST' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 0' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;

// RESPONSE 204 No Content

/////////////////////
// update merchant: confirm and solve challenge
////////////////////

curl 'http://bank.taler.test/accounts/merchant/challenge/07be95a8-c0f7-4393-9324-64fe0280bcf6/confirm' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: content-type' \
  -H 'Access-Control-Request-Method: POST' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant/challenge/07be95a8-c0f7-4393-9324-64fe0280bcf6/confirm' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --data-raw '{"tan":"69566342"}' \
  --insecure ;

// RESPONSE 204 No Content

/////////////////////
// update merchant: all channels solved, repeat the update
////////////////////

curl 'http://bank.taler.test/accounts/merchant' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: authorization,content-type,taler-challenge-ids' \
  -H 'Access-Control-Request-Method: PATCH' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant' \
  -X 'PATCH' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Authorization: Bearer secret-token:BJDQ2YEDGY59QTT8XPAH5MBA653R37MAWNWBWAXE19GYQH4QBVF0' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Taler-Challenge-Ids: 07be95a8-c0f7-4393-9324-64fe0280bcf6' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --data-raw '{"cashout_payto_uri":null,"tan_channel":"sms"}' \
  --insecure ;

// RESPONSE 202 Accepted

{
    "challenges": [
        {
            "challenge_id": "1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be",
            "tan_channel": "sms",
            "tan_info": "+4545"
        }
    ],
    "combi_and": true
}


/////////////////////
// update merchant: received and sms challenge, send the code
////////////////////

curl 'http://bank.taler.test/accounts/merchant/challenge/1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: content-type' \
  -H 'Access-Control-Request-Method: POST' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant/challenge/1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be' \
  -X 'POST' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 0' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;

// RESPONSE 204 No Content

/////////////////////
// update merchant: confirm the sms challenge
////////////////////


curl 'http://bank.taler.test/accounts/merchant/challenge/1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be/confirm' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: content-type' \
  -H 'Access-Control-Request-Method: POST' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant/challenge/1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be/confirm' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --data-raw '{"tan":"08702129"}' \
  --insecure ;

// RESPONSE 204 No Content

/////////////////////
// update merchant: repeat the operation
////////////////////

curl 'http://bank.taler.test/accounts/merchant' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Access-Control-Request-Headers: authorization,content-type,taler-challenge-ids' \
  -H 'Access-Control-Request-Method: PATCH' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --insecure ;
curl 'http://bank.taler.test/accounts/merchant' \
  -X 'PATCH' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Authorization: Bearer secret-token:BJDQ2YEDGY59QTT8XPAH5MBA653R37MAWNWBWAXE19GYQH4QBVF0' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  -H 'Referer: http://localhost:8080/' \
  -H 'Taler-Challenge-Ids: 07be95a8-c0f7-4393-9324-64fe0280bcf6, 1ae6bb74-2cc6-40ef-ab7f-29a130d7e3be' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
  --data-raw '{"cashout_payto_uri":null,"tan_channel":"sms"}' \
  --insecure ;

// RESPONSE 500 Internal Server Error

{"code":5110,"hint":"UUID string too large"}
TagsNo tags attached.

Relationships

related to 0010250 assignedsebasjm body of tan_challenges stores passwords in the clear? 

Activities

Antoine A

2025-09-23 13:43

developer   ~0025986

You added a space between the comma and the second id, that causes the error. Is merchant accepting that ?

sebasjm

2025-09-23 13:54

developer   ~0025989

> Is merchant accepting that ?

Yes

Issue History

Date Modified Username Field Change
2025-09-23 13:07 sebasjm New Issue
2025-09-23 13:07 sebasjm Status new => assigned
2025-09-23 13:07 sebasjm Assigned To => Antoine A
2025-09-23 13:08 sebasjm Summary UUID string too large => UUID string too large [dev/antoinea/2fa-v2]
2025-09-23 13:11 sebasjm Relationship added related to 0010250
2025-09-23 13:43 Antoine A Note Added: 0025986
2025-09-23 13:54 sebasjm Note Added: 0025989