0008276: SPA does not validate bank account credentials

ID	Project	Category	View Status	Date Submitted	Last Update

0008276	Taler	merchant backoffice SPA	public	2024-01-28 11:40	2024-04-15 21:32

Reporter	Christian Grothoff	Assigned To	sebasjm
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	fixed
Platform	i7	OS	Debian GNU/Linux	OS Version	squeeze
Product Version	git (master)
Target Version	0.10	Fixed in Version	0.10

Summary	0008276: SPA does not validate bank account credentials
Description	When adding a bank account with a URL and credentials, the SPA accepts anything. At a minimum, /config should be validated when the URL is entered to ensure that the endpoint is correct and actually points to a revenue API. Once username and password have been entered, a HEAD/GET request to an endpoint that requires authentication should be made to ensure that the credentials are correct. Only then the SPA should allow the form to be submitted.
Tags	No tags attached.

Date Modified	Username	Field	Change
2024-01-28 11:40	Christian Grothoff	New Issue
2024-01-28 11:40	Christian Grothoff	Status	new => assigned
2024-01-28 11:40	Christian Grothoff	Assigned To	=> sebasjm
2024-01-28 13:23	Christian Grothoff	Note Added: 0021059
2024-02-10 00:22	Christian Grothoff	Relationship added	child of 0008353
2024-02-10 12:33	Christian Grothoff	Relationship deleted	child of 0008353
2024-02-10 12:33	Christian Grothoff	Relationship added	child of 0008364
2024-04-05 22:53	sebasjm	Status	assigned => resolved
2024-04-05 22:53	sebasjm	Resolution	open => fixed
2024-04-05 22:53	sebasjm	Note Added: 0022129
2024-04-09 13:11	Christian Grothoff	Fixed in Version	=> 0.10
2024-04-15 21:32	Christian Grothoff	Status	resolved => closed

Christian Grothoff 2024-01-28 13:23 manager ~0021059	Also, make sure to enforce that the revenue facade API URL ends with a "/" (before trying to fetch "/config")

sebasjm 2024-04-05 22:53 developer ~0022129	cc3899880