wallet-core: fix repurchase, add test

The repurchase logic was broken if we already had previously detected a repurchase for the same fulfullment URL.
author: Florian Dold <florian@dold.me> 2024-09-23 22:36:18 +0200
committer: Florian Dold <florian@dold.me> 2024-09-23 22:36:23 +0200
commit: 4cb0ada16cc3c0b156d4809d81376b0f7007adf8 (patch)
tree: 85e08e33c37cba1b7c69ac02b0c510dc23720315
parent: cc74057905904b22322f59256993d04adfe713d0 (diff)
3 files changed, 190 insertions, 20 deletions
diff --git a/packages/taler-harness/src/integrationtests/test-repurchase.ts b/packages/taler-harness/src/integrationtests/test-repurchase.ts
new file mode 100644
index 000000000..3a26bcc72
--- /dev/null
+++ b/packages/taler-harness/src/integrationtests/test-repurchase.ts
@@ -0,0 +1,148 @@
+/*
+ This file is part of GNU Taler
+ (C) 2023 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Imports.
+ */
+import {
+  ConfirmPayResultType,
+  MerchantApiClient,
+  PreparePayResultType,
+  TalerMerchantApi,
+} from "@gnu-taler/taler-util";
+import { WalletApiOperation } from "@gnu-taler/taler-wallet-core";
+import { GlobalTestState } from "../harness/harness.js";
+import {
+  useSharedTestkudosEnvironment,
+  withdrawViaBankV2,
+} from "../harness/helpers.js";
+
+export async function runRepurchaseTest(t: GlobalTestState) {
+  // Set up test environment
+
+  const { walletClient, bank, exchange, merchant } =
+    await useSharedTestkudosEnvironment(t);
+
+  // Withdraw digital cash into the wallet.
+
+  await withdrawViaBankV2(t, {
+    walletClient,
+    bank,
+    exchange,
+    amount: "TESTKUDOS:20",
+  });
+
+  await walletClient.call(WalletApiOperation.TestingWaitTransactionsFinal, {});
+
+  const order = {
+    summary: "Buy me!",
+    amount: "TESTKUDOS:5",
+    fulfillment_url: "taler://fulfillment-success/thx",
+  } satisfies TalerMerchantApi.Order;
+
+  const merchantClient = new MerchantApiClient(merchant.makeInstanceBaseUrl());
+
+  const orderOneResp = await merchantClient.createOrder({
+    order: {
+      summary: "Buy me",
+      amount: "TESTKUDOS:5",
+      fulfillment_url: "https://example.com/test",
+    },
+  });
+
+  let orderOneStatus = await merchantClient.queryPrivateOrderStatus({
+    orderId: orderOneResp.order_id,
+    sessionId: "session1",
+  });
+
+  t.assertTrue(orderOneStatus.order_status === "unpaid");
+
+  const preparePayOneResult = await walletClient.call(
+    WalletApiOperation.PreparePayForUri,
+    {
+      talerPayUri: orderOneStatus.taler_pay_uri,
+    },
+  );
+
+  t.assertTrue(
+    preparePayOneResult.status === PreparePayResultType.PaymentPossible,
+  );
+
+  const r2 = await walletClient.call(WalletApiOperation.ConfirmPay, {
+    transactionId: preparePayOneResult.transactionId,
+  });
+
+  t.assertTrue(r2.type === ConfirmPayResultType.Done);
+
+  const orderTwoResp = await merchantClient.createOrder({
+    order: {
+      summary: "Buy me",
+      amount: "TESTKUDOS:5",
+      fulfillment_url: "https://example.com/test",
+    },
+  });
+
+  let orderTwoStatus = await merchantClient.queryPrivateOrderStatus({
+    orderId: orderTwoResp.order_id,
+    sessionId: "session2",
+  });
+
+  t.assertTrue(orderTwoStatus.order_status === "unpaid");
+
+  const preparePayTwoResult = await walletClient.call(
+    WalletApiOperation.PreparePayForUri,
+    {
+      talerPayUri: orderTwoStatus.taler_pay_uri,
+    },
+  );
+
+  // Repurchase should be detected
+  t.assertTrue(
+    preparePayTwoResult.status === PreparePayResultType.AlreadyConfirmed,
+  );
+
+  // Order three
+
+  const orderThreeResp = await merchantClient.createOrder({
+    order: {
+      summary: "Buy me",
+      amount: "TESTKUDOS:5",
+      fulfillment_url: "https://example.com/test",
+    },
+  });
+
+  let orderThreeStatus = await merchantClient.queryPrivateOrderStatus({
+    orderId: orderThreeResp.order_id,
+    // Go back to session1
+    sessionId: "session1",
+  });
+
+  t.assertTrue(orderThreeStatus.order_status === "unpaid");
+
+  const preparePayThreeResult = await walletClient.call(
+    WalletApiOperation.PreparePayForUri,
+    {
+      talerPayUri: orderThreeStatus.taler_pay_uri,
+    },
+  );
+
+  // Repurchase should be detected
+  t.assertTrue(
+    preparePayThreeResult.status === PreparePayResultType.AlreadyConfirmed,
+  );
+}
+
+runRepurchaseTest.suites = ["wallet"];
diff --git a/packages/taler-harness/src/integrationtests/testrunner.ts b/packages/taler-harness/src/integrationtests/testrunner.ts
index e0f6ee65b..5b36d6145 100644
--- a/packages/taler-harness/src/integrationtests/testrunner.ts
+++ b/packages/taler-harness/src/integrationtests/testrunner.ts
@@ -96,6 +96,7 @@ import { runRefundAutoTest } from "./test-refund-auto.js";
 import { runRefundGoneTest } from "./test-refund-gone.js";
 import { runRefundIncrementalTest } from "./test-refund-incremental.js";
 import { runRefundTest } from "./test-refund.js";
+import { runRepurchaseTest } from "./test-repurchase.js";
 import { runRevocationTest } from "./test-revocation.js";
 import { runSimplePaymentTest } from "./test-simple-payment.js";
 import { runStoredBackupsTest } from "./test-stored-backups.js";
@@ -272,6 +273,7 @@ const allTests: TestMainFunction[] = [
   runKycDepositDepositKyctransferTest,
   runWithdrawalPrepareTest,
   runAccountRestrictionsTest,
+  runRepurchaseTest,
 ];
 
 export interface TestRunSpec {
diff --git a/packages/taler-wallet-core/src/pay-merchant.ts b/packages/taler-wallet-core/src/pay-merchant.ts
index 8744fc5d1..4ed82b10f 100644
--- a/packages/taler-wallet-core/src/pay-merchant.ts
+++ b/packages/taler-wallet-core/src/pay-merchant.ts
@@ -891,7 +891,8 @@ async function processDownloadProposal(
 
   if (proposal.purchaseStatus != PurchaseStatus.PendingDownloadingProposal) {
     logger.error(
-      `unexpected state ${proposal.purchaseStatus}/${PurchaseStatus[proposal.purchaseStatus]
+      `unexpected state ${proposal.purchaseStatus}/${
+        PurchaseStatus[proposal.purchaseStatus]
       } for ${ctx.transactionId} in processDownloadProposal`,
     );
     return TaskRunResult.finished();
@@ -1075,22 +1076,29 @@ async function processDownloadProposal(
         fulfillmentUrl &&
         (fulfillmentUrl.startsWith("http://") ||
           fulfillmentUrl.startsWith("https://"));
-      let otherPurchase: PurchaseRecord | undefined;
+      let repurchase: PurchaseRecord | undefined = undefined;
+      const otherPurchases =
+        await tx.purchases.indexes.byFulfillmentUrl.getAll(fulfillmentUrl);
       if (isResourceFulfillmentUrl) {
-        otherPurchase =
-          await tx.purchases.indexes.byFulfillmentUrl.get(fulfillmentUrl);
+        for (const otherPurchase of otherPurchases) {
+          if (
+            otherPurchase.purchaseStatus == PurchaseStatus.Done ||
+            otherPurchase.purchaseStatus == PurchaseStatus.PendingPaying ||
+            otherPurchase.purchaseStatus == PurchaseStatus.PendingPayingReplay
+          ) {
+            repurchase = otherPurchase;
+            break;
+          }
+        }
       }
+
       // FIXME: Adjust this to account for refunds, don't count as repurchase
       // if original order is refunded.
-      if (
-        otherPurchase &&
-        (otherPurchase.purchaseStatus == PurchaseStatus.Done ||
-          otherPurchase.purchaseStatus == PurchaseStatus.PendingPaying ||
-          otherPurchase.purchaseStatus == PurchaseStatus.PendingPayingReplay)
-      ) {
+
+      if (repurchase) {
         logger.warn("repurchase detected");
         p.purchaseStatus = PurchaseStatus.DoneRepurchaseDetected;
-        p.repurchaseProposalId = otherPurchase.proposalId;
+        p.repurchaseProposalId = repurchase.proposalId;
         await tx.purchases.put(p);
       } else {
         p.purchaseStatus = p.shared
@@ -1151,7 +1159,8 @@ async function createOrReusePurchase(
     oldProposal.claimToken === claimToken
   ) {
     logger.info(
-      `Found old proposal (status=${PurchaseStatus[oldProposal.purchaseStatus]
+      `Found old proposal (status=${
+        PurchaseStatus[oldProposal.purchaseStatus]
       }) for order ${orderId} at ${merchantBaseUrl}`,
     );
     if (oldProposal.purchaseStatus === PurchaseStatus.DialogShared) {
@@ -1211,6 +1220,10 @@ async function createOrReusePurchase(
   const { priv, pub } = noncePair;
   const proposalId = encodeCrock(getRandomBytes(32));
 
+  logger.info(
+    `created new proposal for ${orderId} at ${merchantBaseUrl} session ${sessionId}`,
+  );
+
   const proposalRecord: PurchaseRecord = {
     download: undefined,
     noncePriv: priv,
@@ -1648,8 +1661,8 @@ async function checkPaymentByProposalId(
   }
 
   if (
-    purchase.purchaseStatus === PurchaseStatus.Done &&
-    purchase.lastSessionId !== sessionId
+    purchase.purchaseStatus === PurchaseStatus.Done ||
+    purchase.purchaseStatus === PurchaseStatus.PendingPayingReplay
   ) {
     logger.trace(
       "automatically re-submitting payment with different session ID",
@@ -1708,11 +1721,7 @@ async function checkPaymentByProposalId(
       talerUri,
     };
   } else {
-    const paid =
-      purchase.purchaseStatus === PurchaseStatus.Done ||
-      purchase.purchaseStatus === PurchaseStatus.PendingQueryingRefund ||
-      purchase.purchaseStatus === PurchaseStatus.FinalizingQueryingAutoRefund ||
-      purchase.purchaseStatus === PurchaseStatus.PendingQueryingAutoRefund;
+    const paid = isPurchasePaid(purchase);
     const download = await expectProposalDownload(wex, purchase);
     return {
       status: PreparePayResultType.AlreadyConfirmed,
@@ -1731,6 +1740,15 @@ async function checkPaymentByProposalId(
   }
 }
 
+function isPurchasePaid(purchase: PurchaseRecord): boolean {
+  return (
+    purchase.purchaseStatus === PurchaseStatus.Done ||
+    purchase.purchaseStatus === PurchaseStatus.PendingQueryingRefund ||
+    purchase.purchaseStatus === PurchaseStatus.FinalizingQueryingAutoRefund ||
+    purchase.purchaseStatus === PurchaseStatus.PendingQueryingAutoRefund
+  );
+}
+
 export async function getContractTermsDetails(
   wex: WalletExecutionContext,
   proposalId: string,
@@ -1897,7 +1915,9 @@ export async function checkPayForTemplate(
     if (cfg.detail) {
       throw TalerError.fromUncheckedDetail(cfg.detail);
     } else {
-      throw TalerError.fromException(new Error("failed to get merchant remote config"))
+      throw TalerError.fromException(
+        new Error("failed to get merchant remote config"),
+      );
     }
   }
author	Florian Dold <florian@dold.me>	2024-09-23 22:36:18 +0200
committer	Florian Dold <florian@dold.me>	2024-09-23 22:36:23 +0200
commit	4cb0ada16cc3c0b156d4809d81376b0f7007adf8 (patch)
tree	85e08e33c37cba1b7c69ac02b0c510dc23720315
parent	cc74057905904b22322f59256993d04adfe713d0 (diff)