fix tests and data structure for callback

src/edutap/wallet_google/handlers/fastapi.py

@@ -23,9 +23,6 @@ async def handle_callback(request: Request, callback_data: CallbackData):
     It is called by Google Wallet API when a user interacts with a pass.
     The callback is triggered on save and delete of a pass in the wallet.
     """
-    callback_message = verified_signed_message(callback_data)
-    logger.debug(f"Got message {callback_message}")
-
     # get the registered callback handlers
     handlers = get_callback_handlers()
     if len(handlers) == 0:
@@ -34,6 +31,10 @@ async def handle_callback(request: Request, callback_data: CallbackData):
             status_code=500, detail="No callback handlers were registered."
         )
 
+    # extract and verify message (given verification is not disabled)
+    callback_message = verified_signed_message(callback_data)
+    logger.debug(f"Got message {callback_message}")
+
     # call each handler asynchronously
     try:
         await asyncio.gather(

src/edutap/wallet_google/handlers/validate.py

@@ -1,7 +1,7 @@
 from .._vendor.google_pay_token_decryption import GooglePayTokenDecryptor
 from ..models.callback import CallbackData
 from ..models.callback import SignedMessage
-from ..settings import Settings
+from ..session import session_manager
 
 
 def _raw_private_key(in_key: str) -> str:
@@ -23,11 +23,12 @@ def verified_signed_message(data: CallbackData) -> SignedMessage:
     Verifies the signature of the callback data.
     and returns the parsed SignedMessage
     """
-    settings = Settings()
-    decryptor = GooglePayTokenDecryptor(
-        settings.google_root_signing_public_keys.dict()["keys"],
-        settings.issuer_id,
-        _raw_private_key(settings.credentials_info["private_key"]),
-    )
-    decryptor.verify_signature(data.model_dump(mode="json"))
-    return SignedMessage.model_validate(data.signedMessage)
+    settings = session_manager.settings
+    if settings.callback_verify_signature:
+        decryptor = GooglePayTokenDecryptor(
+            settings.google_root_signing_public_keys.dict()["keys"],
+            settings.issuer_id,
+            _raw_private_key(settings.credentials_info["private_key"]),
+        )
+        decryptor.verify_signature(data.model_dump(mode="json"))
+    return SignedMessage.model_validate_json(data.signedMessage)

src/edutap/wallet_google/models/callback.py

@@ -24,8 +24,10 @@ class IntermediateSigningKey(Model):
 class SignedMessage(Model):
     classId: str
     objectId: str
-    expTimeMillis: int
     eventType: EventType
+    expTimeMillis: int
+    count: int
+    nonce: str
 
 
 class CallbackData(Model):

src/edutap/wallet_google/settings.py

@@ -46,6 +46,7 @@ class Settings(BaseSettings):
     save_url: HttpUrl = HttpUrl(SAVE_URL)
     callback_url: HttpUrl | None = None
     callback_prefix: str = "/googlewallet"
+    callback_verify_signature: bool = True
 
     scopes: list[str] = [SCOPE]
 

tests/data/test_wallet_google_plugins/plugins.py

@@ -1,3 +1,4 @@
+from edutap.wallet_google.models.callback import CallbackData
 from edutap.wallet_google.models.handlers import ImageData
 
 
@@ -15,4 +16,4 @@ class TestCallbackHandler:
     Implementation of edutap.wallet_google.protocols.CallbackHandler
     """
 
-    async def handle(self, pass_id: str) -> None: ...
+    async def handle(self, pass_id: CallbackData) -> None: ...

tests/test_handler_validate.py

@@ -16,6 +16,8 @@
         "objectId": "2",
         "expTimeMillis": 0,
         "eventType": "SAVE",
+        "count": 0,
+        "nonce": "3",
     },
 }