View Issue Details

IDProjectCategoryView StatusLast Update
0008276Talermerchant backoffice SPApublic2024-04-15 21:32
ReporterChristian Grothoff Assigned Tosebasjm  
Status closedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Version0.10Fixed in Version0.10 
Summary0008276: SPA does not validate bank account credentials
DescriptionWhen adding a bank account with a URL and credentials, the SPA accepts anything.

At a minimum, /config should be validated when the URL is entered to ensure that the endpoint is correct and actually points to a revenue API.

Once username and password have been entered, a HEAD/GET request to an endpoint that requires authentication should be made to ensure that the credentials are correct.

Only then the SPA should allow the form to be submitted.
TagsNo tags attached.


child of 0008364 closedChristian Grothoff test, package and upload merchant 0.10 to ftp and stable Debian/Ubuntu server 


Christian Grothoff

2024-01-28 13:23

manager   ~0021059

Also, make sure to enforce that the revenue facade API URL ends with a "/" (before trying to fetch "/config")


2024-04-05 22:53

developer   ~0022129


Issue History

Date Modified Username Field Change
2024-01-28 11:40 Christian Grothoff New Issue
2024-01-28 11:40 Christian Grothoff Status new => assigned
2024-01-28 11:40 Christian Grothoff Assigned To => sebasjm
2024-01-28 13:23 Christian Grothoff Note Added: 0021059
2024-02-10 00:22 Christian Grothoff Relationship added child of 0008353
2024-02-10 12:33 Christian Grothoff Relationship deleted child of 0008353
2024-02-10 12:33 Christian Grothoff Relationship added child of 0008364
2024-04-05 22:53 sebasjm Status assigned => resolved
2024-04-05 22:53 sebasjm Resolution open => fixed
2024-04-05 22:53 sebasjm Note Added: 0022129
2024-04-09 13:11 Christian Grothoff Fixed in Version => 0.10
2024-04-15 21:32 Christian Grothoff Status resolved => closed