1 files changed, 63 insertions, 33 deletions

diff --git a/packages/taler-harness/src/index.ts b/packages/taler-harness/src/index.ts
index 2dcde39b9..0f282e123 100644
--- a/packages/taler-harness/src/index.ts
+++ b/packages/taler-harness/src/index.ts
@@ -34,6 +34,7 @@ import {
   TalerMerchantInstanceHttpClient,
   TalerMerchantManagementHttpClient,
   TransactionsResponse,
+  createAccessToken,
   decodeCrock,
   encodeCrock,
   generateIban,
@@ -55,7 +56,8 @@ import {
   WalletApiOperation,
 } from "@gnu-taler/taler-wallet-core";
 import {
-  downloadExchangeInfo, topupReserveWithBank,
+  downloadExchangeInfo,
+  topupReserveWithBank,
 } from "@gnu-taler/taler-wallet-core/dbless";
 import { deepStrictEqual } from "assert";
 import fs from "fs";
@@ -614,7 +616,10 @@ deploymentCli
     },
   )
   .maybeOption("bankToken", ["--bank-admin-token"], clk.STRING, {
-    help: "libeufin bank admin's password if the account creation is restricted",
+    help: "libeufin bank admin's token if the account creation is restricted",
+  })
+  .maybeOption("bankPassword", ["--bank-admin-password"], clk.STRING, {
+    help: "libeufin bank admin's password if the account creation is restricted, it will override --bank-admin-token",
   })
   .requiredOption("name", ["--legal-name"], clk.STRING, {
     help: "legal name of the merchant",
@@ -638,10 +643,13 @@ deploymentCli
     help: "if everything worked ok, change the password of the accounts at the end",
   })
   .action(async (args) => {
-    const managementToken = args.provisionBankMerchant
-      .merchantToken as AccessToken;
-    const bankAdminPassword = args.provisionBankMerchant
-      .bankToken as AccessToken;
+    const managementToken = createAccessToken(
+      args.provisionBankMerchant.merchantToken,
+    );
+    const bankAdminPassword = args.provisionBankMerchant.bankPassword;
+    const bankAdminTokenArg = args.provisionBankMerchant.bankToken
+      ? createAccessToken(args.provisionBankMerchant.bankToken)
+      : undefined;
     const id = args.provisionBankMerchant.id;
     const name = args.provisionBankMerchant.name;
     const email = args.provisionBankMerchant.email;
@@ -694,21 +702,48 @@ deploymentCli
       return;
     }
 
+    let bankAdminToken: AccessToken | undefined;
+    if (bankAdminPassword) {
+      const adminAuth = new TalerAuthenticationHttpClient(
+        bank.getAuthenticationAPI("admin").href,
+        httpLib,
+      );
+
+      const resp = await adminAuth.createAccessTokenBasic(
+        "admin",
+        bankAdminPassword,
+        {
+          scope: "write",
+          duration: {
+            d_us: 1000 * 1000 * 10, //10 secs
+          },
+          refreshable: false,
+        },
+      );
+      if (resp.type === "fail") {
+        logger.error(`could not get bank admin token from password.`);
+        return;
+      }
+      bankAdminToken = resp.body.access_token;
+    } else {
+      bankAdminToken = bankAdminTokenArg;
+    }
+
     /**
      * create bank account
      */
     let accountPayto: PaytoString;
     {
-      const resp = await bank.createAccount(bankAdminPassword, {
+      const resp = await bank.createAccount(bankAdminToken, {
         name: name,
         password: password,
         username: id,
         contact_data:
           email || phone
             ? {
-              email: email,
-              phone: phone,
-            }
+                email: email,
+                phone: phone,
+              }
             : undefined,
       });
 
@@ -730,7 +765,7 @@ deploymentCli
         address: {},
         auth: {
           method: "token",
-          token: `secret-token:${password}`,
+          token: createAccessToken(password),
         },
         default_pay_delay: Duration.toTalerProtocolDuration(
           Duration.fromSpec({ hours: 1 }),
@@ -762,7 +797,7 @@ deploymentCli
      */
     {
       const resp = await merchantInstance.addBankAccount(
-        password as AccessToken,
+        createAccessToken(password),
         {
           payto_uri: accountPayto,
           credit_facade_url: bank.getRevenueAPI(id).href,
@@ -805,7 +840,7 @@ deploymentCli
 
       {
         const resp = await merchantInstance.addTemplate(
-          password as AccessToken,
+          createAccessToken(password),
           {
             template_id: "default",
             template_description: "First template",
@@ -840,7 +875,7 @@ deploymentCli
 
     let finalPassword = password;
     if (args.provisionBankMerchant.randomPassword) {
-      const prevPassword = password as AccessToken;
+      const prevPassword = password;
       const randomPassword = encodeCrock(randomBytes(16));
       logger.info("random password: ", randomPassword);
       let token: AccessToken;
@@ -885,10 +920,10 @@ deploymentCli
 
       {
         const resp = await merchantInstance.updateCurrentInstanceAuthentication(
-          prevPassword,
+          createAccessToken(prevPassword),
           {
             method: "token",
-            token: `secret-token:${randomPassword}` as AccessToken,
+            token: createAccessToken(randomPassword),
           },
         );
         if (resp.type === "fail") {
@@ -902,7 +937,7 @@ deploymentCli
 
       {
         const resp = await merchantInstance.updateBankAccount(
-          randomPassword as AccessToken,
+          createAccessToken(randomPassword),
           wireAccount,
           {
             credit_facade_url: bank.getRevenueAPI(id).href,
@@ -960,17 +995,12 @@ deploymentCli
     const httpLib = createPlatformHttpLib({});
     const baseUrl = args.provisionMerchantInstance.merchantApiBaseUrl;
     const api = new TalerMerchantManagementHttpClient(baseUrl, httpLib);
-    const mt = args.provisionMerchantInstance.managementToken;
-    const mtWithoutPrefix = mt.startsWith("secret-token:")
-      ? mt.substring("secret-token:".length)
-      : mt;
-    const managementToken = mtWithoutPrefix as AccessToken;
-
-    const it = args.provisionMerchantInstance.instanceToken;
-    const itWithoutPrefix = it.startsWith("secret-token:")
-      ? it.substring("secret-token:".length)
-      : it;
-    const instanceToken = itWithoutPrefix as AccessToken;
+    const managementToken = createAccessToken(
+      args.provisionMerchantInstance.managementToken,
+    );
+    const instanceToken = createAccessToken(
+      args.provisionMerchantInstance.instanceToken,
+    );
     const instanceId = args.provisionMerchantInstance.id;
     const instancceName = args.provisionMerchantInstance.name;
     const bankURL = args.provisionMerchantInstance.bankURL;
@@ -982,7 +1012,7 @@ deploymentCli
       address: {},
       auth: {
         method: "token",
-        token: `secret-token:${instanceToken}`,
+        token: instanceToken,
       },
       default_pay_delay: Duration.toTalerProtocolDuration(
         Duration.fromSpec({ hours: 1 }),
@@ -1011,10 +1041,10 @@ deploymentCli
       credit_facade_credentials:
         bankUser && bankPassword
           ? {
-            type: "basic",
-            username: bankUser,
-            password: bankPassword,
-          }
+              type: "basic",
+              username: bankUser,
+              password: bankPassword,
+            }
           : undefined,
     });
     if (createAccountResp.type != "ok") {