View Issue Details

IDProjectCategoryView StatusLast Update
0006846Talerdeployment and operationspublic2021-08-24 16:23
ReporterFlorian Dold Assigned ToMS  
PriorityhighSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.8Fixed in Version0.8 
Summary0006846: use token auth with actual secret token for test/demo merchant instances, provide sandbox instance
DescriptionCurrently the merchant backend is not secured. That was initially intentional, but might cause trouble if somebody decides to mess with instances during a demo.

We should:
1. Generate a random token when bootstraping the environment. Store this token in a plain-text file and read it into an environment variable in ~/activate.
2. The taler-deployment-config-instances script should set up token authentication with this secret token
3. The merchant frontend demos should use this token
4. We should create one special instance named "sandbox" that we create without token auth, but where we forbid administrative endpoints via an nginx whitelist.
TagsNo tags attached.



2021-05-13 09:00

manager   ~0017846

- Sync was recently fixed in this regard, but waits to be tested.

- As for the 4. point: 'sandbox' instance got actually named "Tutorial", and instead of no token got one well-known, which is "sandbox". Those decisions happened after a private discussion.


2021-05-13 09:01

manager   ~0017847

Setting as 'high' as it's close to resolution.


2021-06-10 15:11

manager   ~0017947

Full deployed on demo, the way it is requested here.

Issue History

Date Modified Username Field Change
2021-04-14 14:07 Florian Dold New Issue
2021-04-14 14:07 Florian Dold Status new => assigned
2021-04-14 14:07 Florian Dold Assigned To => MS
2021-05-13 09:00 MS Note Added: 0017846
2021-05-13 09:01 MS Priority normal => high
2021-05-13 09:01 MS Note Added: 0017847
2021-06-10 15:11 MS Status assigned => resolved
2021-06-10 15:11 MS Resolution open => fixed
2021-06-10 15:11 MS Note Added: 0017947
2021-07-30 13:56 Christian Grothoff Fixed in Version => 0.8
2021-07-30 13:59 Christian Grothoff Target Version => 0.8.1
2021-07-30 14:01 Christian Grothoff Target Version 0.8.1 => 0.8
2021-08-24 16:23 Christian Grothoff Status resolved => closed