def test_interactive_deposit_bad_issuer( client, acc1_usd_withdrawal_transaction_factory): withdraw = acc1_usd_withdrawal_transaction_factory() payload = interactive_jwt_payload(withdraw, "withdraw") payload["iss"] = "bad iss" encoded_token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256") token = encoded_token.decode("ascii") response = client.get(f"{WEBAPP_PATH}?token={token}") assert "Invalid token issuer" in str(response.content) assert response.status_code == 403
def test_interactive_deposit_bad_issuer(client, acc1_usd_deposit_transaction_factory): deposit = acc1_usd_deposit_transaction_factory() payload = interactive_jwt_payload(deposit, "deposit") payload["iss"] = "bad iss" encoded_token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256") token = encoded_token.decode("ascii") response = client.get(f"/transactions/deposit/webapp?token={token}") assert "Invalid token issuer" in str(response.content) assert response.status_code == 403
def test_interactive_deposit_no_transaction( client, acc1_usd_deposit_transaction_factory ): deposit = acc1_usd_deposit_transaction_factory() payload = interactive_jwt_payload(deposit, "deposit") deposit.delete() # remove from database token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get(f"{WEBAPP_PATH}?token={token}") assert "Transaction for account not found" in str(response.content) assert response.status_code == 403
def test_interactive_withdraw_pending_anchor(mock_after_form_validation, client): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create(asset=usd, kind=Transaction.KIND.withdrawal, protocol=Transaction.PROTOCOL.sep24) payload = interactive_jwt_payload(withdraw, "withdraw") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode("ascii") response = client.get(f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}") assert response.status_code == 200 assert client.session["authenticated"] is True response = client.get(f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}") assert response.status_code == 403 assert "Unexpected one-time auth token" in str(response.content) def mark_as_pending_anchor(_, transaction): transaction.status = Transaction.STATUS.pending_anchor transaction.save() mock_after_form_validation.side_effect = mark_as_pending_anchor response = client.post( f"{WEBAPP_PATH}/submit" f"?transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}", {"amount": 200.0}, ) assert response.status_code == 302 assert client.session["authenticated"] is False withdraw.refresh_from_db() assert withdraw.status == Transaction.STATUS.pending_anchor
def test_interactive_withdraw_bad_issuer(client): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create(asset=usd) payload = interactive_jwt_payload(withdraw, "withdraw") payload["iss"] = "bad iss" token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode() response = client.get(f"{WEBAPP_PATH}?token={token}") assert "Invalid token issuer" in str(response.content) assert response.status_code == 403
def test_interactive_withdraw_success(client): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create( asset=usd, kind=Transaction.KIND.withdrawal, protocol=Transaction.PROTOCOL.sep24 ) payload = interactive_jwt_payload(withdraw, "withdraw") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}" ) assert response.status_code == 200 assert client.session["authenticated"] is True response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}" ) assert response.status_code == 403 assert "Unexpected one-time auth token" in str(response.content) response = client.post( f"{WEBAPP_PATH}/submit" f"?transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}", {"amount": 200.0}, ) assert response.status_code == 302 assert client.session["authenticated"] is False
def test_interactive_withdraw_no_transaction(client): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create(asset=usd, kind=Transaction.KIND.withdrawal) payload = interactive_jwt_payload(withdraw, "withdraw") withdraw.delete() # remove from database token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get(f"{WEBAPP_PATH}?token={token}") assert "Transaction for account not found" in str(response.content) assert response.status_code == 403
def test_withdraw_interactive_complete(mock_interactive_url, client): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create( asset=usd, status=Transaction.STATUS.incomplete, kind=Transaction.KIND.withdrawal, ) payload = interactive_jwt_payload(withdraw, "withdraw") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) mock_interactive_url.return_value = "https://test.com/customFlow" response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}" ) assert response.status_code == 302 mock_interactive_url.assert_called_once() assert client.session["authenticated"] is True response = client.get( WITHDRAW_PATH + "/complete", {"transaction_id": withdraw.id, "callback": "test.com/callback"}, ) assert response.status_code == 302 redirect_to_url = response.get("Location") assert "more_info" in redirect_to_url assert "callback=test.com%2Fcallback" in redirect_to_url withdraw.refresh_from_db() assert withdraw.status == Transaction.STATUS.pending_user_transfer_start
def test_interactive_withdraw_post_no_content_tx_incomplete( mock_content_for_template, mock_form_for_transaction, client ): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, withdrawal_enabled=True, distribution_seed=Keypair.random().secret, ) withdraw = Transaction.objects.create( asset=usd, kind=Transaction.KIND.withdrawal, status=Transaction.STATUS.incomplete, ) mock_form_for_transaction.return_value = None mock_content_for_template.return_value = {"test": "value"} payload = interactive_jwt_payload(withdraw, "withdraw") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={withdraw.id}" f"&asset_code={usd.code}" ) assert response.status_code == 200 assert client.session["authenticated"] is True response = client.post( f"{WEBAPP_PATH}/submit" f"?transaction_id={withdraw.id}" f"&asset_code={withdraw.asset.code}" ) assert response.status_code == 500 assert "The anchor did not provide content, unable to serve page." in str( response.content )
def test_interactive_deposit_post_no_content_tx_complete( mock_content_for_template, mock_form_for_transaction, client ): usd = Asset.objects.create( code="USD", issuer=Keypair.random().public_key, sep24_enabled=True, deposit_enabled=True, ) deposit = Transaction.objects.create( asset=usd, kind=Transaction.KIND.deposit, status=Transaction.STATUS.completed ) mock_form_for_transaction.return_value = None mock_content_for_template.return_value = {"test": "value"} payload = interactive_jwt_payload(deposit, "deposit") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={deposit.id}" f"&asset_code={usd.code}" ) assert response.status_code == 200 assert client.session["authenticated"] is True response = client.post( f"{WEBAPP_PATH}/submit" f"?transaction_id={deposit.id}" f"&asset_code={deposit.asset.code}" ) assert response.status_code == 422 assert ( "The anchor did not provide content, is the interactive flow already complete?" in str(response.content) )
def test_interactive_deposit_success(client, acc1_usd_deposit_transaction_factory): deposit = acc1_usd_deposit_transaction_factory() deposit.amount_in = None deposit.save() payload = interactive_jwt_payload(deposit, "deposit") token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode( "ascii" ) response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={deposit.id}" f"&asset_code={deposit.asset.code}" ) assert response.status_code == 200 assert client.session["authenticated"] is True response = client.get( f"{WEBAPP_PATH}" f"?token={token}" f"&transaction_id={deposit.id}" f"&asset_code={deposit.asset.code}" ) assert response.status_code == 403 assert "Unexpected one-time auth token" in str(response.content) response = client.post( f"{WEBAPP_PATH}/submit" f"?transaction_id={deposit.id}" f"&asset_code={deposit.asset.code}", {"amount": 200.0}, ) assert response.status_code == 302 assert client.session["authenticated"] is False