View Issue Details

IDProjectCategoryView StatusLast Update
0006838Talermechant backendpublic2021-04-09 16:46
ReporterFlorian Dold Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Summary0006838: merchant backend regressions in merchant-instances-urls and merchant-instances integration tests
Description$ taler-wallet-cli testing run-integrationtests 'merchant-instances-urls'
[...]
checking http://localhost:8083/instances/foo/config, expected 404, got 200

=> Clearly, the backend is giving a 200 in response for a GET request for a non-existing instance. I'm suspecting a recent change related to handling OPTIONS introduced this regression.

$ taler-wallet-cli testing run-integrationtests 'merchant-instances'
[...]
requesting instances with auth { method: 'external' }
FATAL: test failed with exception Error: expected axios error
  at [...]integrationtests/test-merchant-instances.ts:131:5

=> Axios is the HTTP client library. The request that *should* fail is a GET request for "/private/instances" (implicit default instance).
=> The request should fail, because a few lines before [2], the auth was changed from "external" to "token".
=> Instead, the request succeeds, even though the MerchantApiClient has not been updated with the new credentials. It still uses

[1] https://git.taler.net/wallet-core.git/tree/packages/taler-wallet-cli/src/integrationtests/test-merchant-instances.ts#n131
[2] https://git.taler.net/wallet-core.git/tree/packages/taler-wallet-cli/src/integrationtests/test-merchant-instances.ts#n118
TagsNo tags attached.

Activities

Christian Grothoff

2021-04-09 14:57

manager   ~0017718

4f8cb89..89a3d27 fixes the /config 404 issue.

Christian Grothoff

2021-04-09 16:31

manager   ~0017719

I cannot reproduce the other issue. I used Curl to change the default authentication checks, and the backend then correctly requires authentication.

$ curl -X POST -d '{ "method":"token","token":"secret-token:foo" }' http://localhost:8080/private/auth
$ curl -H 'Authorization: Bearer secret-token:foo' -X GET http://localhost:8080/private/instances
{
  "instances": [
    {
      "name": "default",
      "id": "default",
      "merchant_pub": "JZADNDX1RJDZVJNJCG55KFV9QPGYNCG4RRHG7J1N90SQHZVZKTBG",
      "payment_targets": [
        "x-taler-bank"
      ],
      "deleted": false
    }
  ]
}
$ curl -H 'Authorization: Bearer secret-token:fbar' -X GET http://localhost:8080/private/instances
{
  "code": 2015,
  "hint": "The merchant refused the request due to lack of authorization.",
  "detail": "Check 'Authorization' header"
}
$ curl http://localhost:8080/private/instances
{
  "code": 2015,
  "hint": "The merchant refused the request due to lack of authorization.",
  "detail": "Check 'Authorization' header"
}

Christian Grothoff

2021-04-09 16:32

manager   ~0017720

test-merchant-walletharness.sh fails, but it says because of _lack_ of authentication, not because a request is allowed.

Florian Dold

2021-04-09 16:46

manager   ~0017723

This was indeed a bogus test assertion, fixed in f30f923e

The merchant integration tests are now passing again for me.

Issue History

Date Modified Username Field Change
2021-04-08 16:36 Florian Dold New Issue
2021-04-08 16:36 Florian Dold Status new => assigned
2021-04-08 16:36 Florian Dold Assigned To => Christian Grothoff
2021-04-09 14:57 Christian Grothoff Note Added: 0017718
2021-04-09 16:31 Christian Grothoff Note Added: 0017719
2021-04-09 16:32 Christian Grothoff Note Added: 0017720
2021-04-09 16:32 Christian Grothoff Assigned To Christian Grothoff => Florian Dold
2021-04-09 16:32 Christian Grothoff Status assigned => feedback
2021-04-09 16:46 Florian Dold Assigned To Florian Dold => Christian Grothoff
2021-04-09 16:46 Florian Dold Status feedback => resolved
2021-04-09 16:46 Florian Dold Resolution open => fixed
2021-04-09 16:46 Florian Dold Note Added: 0017723