View Issue Details

IDProjectCategoryView StatusLast Update
0006838Talermechant backendpublic2021-04-09 16:46
ReporterFlorian Dold Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Summary0006838: merchant backend regressions in merchant-instances-urls and merchant-instances integration tests
Description$ taler-wallet-cli testing run-integrationtests 'merchant-instances-urls'
checking http://localhost:8083/instances/foo/config, expected 404, got 200

=> Clearly, the backend is giving a 200 in response for a GET request for a non-existing instance. I'm suspecting a recent change related to handling OPTIONS introduced this regression.

$ taler-wallet-cli testing run-integrationtests 'merchant-instances'
requesting instances with auth { method: 'external' }
FATAL: test failed with exception Error: expected axios error
  at [...]integrationtests/test-merchant-instances.ts:131:5

=> Axios is the HTTP client library. The request that *should* fail is a GET request for "/private/instances" (implicit default instance).
=> The request should fail, because a few lines before [2], the auth was changed from "external" to "token".
=> Instead, the request succeeds, even though the MerchantApiClient has not been updated with the new credentials. It still uses

TagsNo tags attached.


Christian Grothoff

2021-04-09 14:57

manager   ~0017718

4f8cb89..89a3d27 fixes the /config 404 issue.

Christian Grothoff

2021-04-09 16:31

manager   ~0017719

I cannot reproduce the other issue. I used Curl to change the default authentication checks, and the backend then correctly requires authentication.

$ curl -X POST -d '{ "method":"token","token":"secret-token:foo" }' http://localhost:8080/private/auth
$ curl -H 'Authorization: Bearer secret-token:foo' -X GET http://localhost:8080/private/instances
  "instances": [
      "name": "default",
      "id": "default",
      "payment_targets": [
      "deleted": false
$ curl -H 'Authorization: Bearer secret-token:fbar' -X GET http://localhost:8080/private/instances
  "code": 2015,
  "hint": "The merchant refused the request due to lack of authorization.",
  "detail": "Check 'Authorization' header"
$ curl http://localhost:8080/private/instances
  "code": 2015,
  "hint": "The merchant refused the request due to lack of authorization.",
  "detail": "Check 'Authorization' header"

Christian Grothoff

2021-04-09 16:32

manager   ~0017720 fails, but it says because of _lack_ of authentication, not because a request is allowed.

Florian Dold

2021-04-09 16:46

manager   ~0017723

This was indeed a bogus test assertion, fixed in f30f923e

The merchant integration tests are now passing again for me.

Issue History

Date Modified Username Field Change
2021-04-08 16:36 Florian Dold New Issue
2021-04-08 16:36 Florian Dold Status new => assigned
2021-04-08 16:36 Florian Dold Assigned To => Christian Grothoff
2021-04-09 14:57 Christian Grothoff Note Added: 0017718
2021-04-09 16:31 Christian Grothoff Note Added: 0017719
2021-04-09 16:32 Christian Grothoff Note Added: 0017720
2021-04-09 16:32 Christian Grothoff Assigned To Christian Grothoff => Florian Dold
2021-04-09 16:32 Christian Grothoff Status assigned => feedback
2021-04-09 16:46 Florian Dold Assigned To Florian Dold => Christian Grothoff
2021-04-09 16:46 Florian Dold Status feedback => resolved
2021-04-09 16:46 Florian Dold Resolution open => fixed
2021-04-09 16:46 Florian Dold Note Added: 0017723