0chain
diff --git a/‎internal/api/util/client/api_client.go‎
Lines changed: 42 additions & 4 deletions b/‎internal/api/util/client/api_client.go‎
Lines changed: 42 additions & 4 deletions
diff --git a/‎tests/api_tests/0box_aggregate_endpoints_test.go‎
Lines changed: 21 additions & 2 deletions b/‎tests/api_tests/0box_aggregate_endpoints_test.go‎
Lines changed: 21 additions & 2 deletions
diff --git a/‎tests/api_tests/0box_allocation_test.go‎
Lines changed: 27 additions & 0 deletions b/‎tests/api_tests/0box_allocation_test.go‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎tests/api_tests/0box_dex_test.go‎
Lines changed: 10 additions & 2 deletions b/‎tests/api_tests/0box_dex_test.go‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎tests/api_tests/0box_free_storage_test.go‎
Lines changed: 7 additions & 2 deletions b/‎tests/api_tests/0box_free_storage_test.go‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎tests/api_tests/0box_jwt_test.go‎
Lines changed: 8 additions & 4 deletions b/‎tests/api_tests/0box_jwt_test.go‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎tests/api_tests/0box_owner_test.go‎
Lines changed: 8 additions & 4 deletions b/‎tests/api_tests/0box_owner_test.go‎
Lines changed: 8 additions & 4 deletions
@@ -956,16 +956,54 @@ func (c *APIClient) RegisterBlobber(t *test.SystemTest,
 		}
 
 		if requireIdVerification {
-			var storageNode model.StorageNode
+			// First check if transaction status matches
+			if registerBlobberTransactionGetConfirmationResponse.Status != requiredTransactionStatus {
+				t.Logf("Transaction status doesn't match. Expected: %d, Actual: %d, Output: %s",
+					requiredTransactionStatus, registerBlobberTransactionGetConfirmationResponse.Status,
+					registerBlobberTransactionGetConfirmationResponse.Transaction.TransactionOutput)
+				return false
+			}
 
+			// Only try to unmarshal if transaction is successful
+			transactionOutput := registerBlobberTransactionGetConfirmationResponse.Transaction.TransactionOutput
+
+			// Check if output is empty or not valid JSON
+			if transactionOutput == "" {
+				t.Log("Transaction output is empty, waiting for confirmation...")
+				return false
+			}
+
+			// Check if output looks like JSON (starts with '{')
+			trimmedOutput := strings.TrimSpace(transactionOutput)
+			if !strings.HasPrefix(trimmedOutput, "{") {
+				preview := trimmedOutput
+				if len(preview) > 50 {
+					preview = preview[:50] + "..."
+				}
+				t.Logf("Transaction output is not JSON (starts with: %s), waiting for confirmation...", preview)
+				return false
+			}
+
+			var storageNode model.StorageNode
 			// Unmarshal the JSON string into the StorageNode struct
-			err := json.Unmarshal([]byte(registerBlobberTransactionGetConfirmationResponse.Transaction.TransactionOutput), &storageNode)
+			err := json.Unmarshal([]byte(transactionOutput), &storageNode)
 			if err != nil {
-				t.Log("Error unmarshalling JSON:", err)
+				t.Logf("Error unmarshalling JSON: %v. Output: %s", err, transactionOutput)
 				return false
 			}
 
-			return registerBlobberTransactionGetConfirmationResponse.Status == requiredTransactionStatus && storageNode.ID == expectedResponse
+			// Verify the ManagingWallet matches (for storage version 2+ blobbers)
+			// or the ID matches (for legacy blobbers)
+			if storageNode.ManagingWallet != "" && storageNode.ManagingWallet == expectedResponse {
+				return true
+			}
+			if storageNode.ID == expectedResponse {
+				return true
+			}
+
+			t.Logf("StorageNode verification failed. Expected: %s, Actual ID: %s, Actual ManagingWallet: %s",
+				expectedResponse, storageNode.ID, storageNode.ManagingWallet)
+			return false
 		}
 
 		// Log the actual status and output for debugging
 
@@ -660,7 +660,16 @@ func Test0boxGraphAndTotalEndpoints(testSetup *testing.T) {
 
 		t.Log("Blobber : ", blobberOwnerWallet.Id)
 
+		// Ensure blobberOwnerWallet has sufficient balance and updated nonce
+		blobberOwnerBalance := apiClient.GetWalletBalance(t, blobberOwnerWallet, client.HttpOkStatus)
+		blobberOwnerWallet.Nonce = int(blobberOwnerBalance.Nonce)
+		require.GreaterOrEqual(t, blobberOwnerBalance.Balance, int64(200000000), "blobberOwnerWallet must have at least 0.2 ZCN to pay for update transactions (0.1 ZCN value + fees)")
 		apiClient.UpdateBlobber(t, blobberOwnerWallet, targetBlobbers[0], client.TxSuccessfulStatus)
+
+		// Update nonce before second update
+		blobberOwnerBalance = apiClient.GetWalletBalance(t, blobberOwnerWallet, client.HttpOkStatus)
+		blobberOwnerWallet.Nonce = int(blobberOwnerBalance.Nonce)
+		require.GreaterOrEqual(t, blobberOwnerBalance.Balance, int64(200000000), "blobberOwnerWallet must have at least 0.2 ZCN to pay for update transactions (0.1 ZCN value + fees)")
 		apiClient.UpdateBlobber(t, blobberOwnerWallet, targetBlobbers[1], client.TxSuccessfulStatus)
 
 		wait.PoolImmediately(t, 2*time.Minute, func() bool {
@@ -684,14 +693,24 @@ func Test0boxGraphAndTotalEndpoints(testSetup *testing.T) {
 			require.Equal(t, 200, resp.StatusCode())
 
 			diff := priceAfterStaking - expectedAWP
-			t.Logf("priceBeforeStaking: %d, priceAfterStaking: %d, expectedAWP: %d, diff: %d", priceBeforeStaking, priceAfterStaking, expectedAWP, diff)
-			return priceAfterStaking != priceBeforeStaking && diff >= -roundingError && diff <= roundingError && priceAfterStaking == int64(*latest)
+			latestDiff := priceAfterStaking - int64(*latest)
+			t.Logf("priceBeforeStaking: %d, priceAfterStaking: %d, expectedAWP: %d, diff: %d, latest: %d, latestDiff: %d", priceBeforeStaking, priceAfterStaking, expectedAWP, diff, int64(*latest), latestDiff)
+			// Allow tolerance for both expectedAWP and latest value due to timing differences in graph updates
+			return priceAfterStaking != priceBeforeStaking && diff >= -roundingError && diff <= roundingError && latestDiff >= -roundingError && latestDiff <= roundingError
 		})
 
 		// Cleanup: Revert write price to 0.1
 		targetBlobbers[0].Terms.WritePrice = *tokenomics.IntToZCN(0.1)
 		targetBlobbers[1].Terms.WritePrice = *tokenomics.IntToZCN(0.1)
+		// Update nonce before first cleanup update
+		blobberOwnerBalance = apiClient.GetWalletBalance(t, blobberOwnerWallet, client.HttpOkStatus)
+		blobberOwnerWallet.Nonce = int(blobberOwnerBalance.Nonce)
+		require.GreaterOrEqual(t, blobberOwnerBalance.Balance, int64(200000000), "blobberOwnerWallet must have at least 0.2 ZCN to pay for update transactions (0.1 ZCN value + fees)")
 		apiClient.UpdateBlobber(t, blobberOwnerWallet, targetBlobbers[0], client.TxSuccessfulStatus)
+		// Update nonce before second cleanup update
+		blobberOwnerBalance = apiClient.GetWalletBalance(t, blobberOwnerWallet, client.HttpOkStatus)
+		blobberOwnerWallet.Nonce = int(blobberOwnerBalance.Nonce)
+		require.GreaterOrEqual(t, blobberOwnerBalance.Balance, int64(200000000), "blobberOwnerWallet must have at least 0.2 ZCN to pay for update transactions (0.1 ZCN value + fees)")
 		apiClient.UpdateBlobber(t, blobberOwnerWallet, targetBlobbers[1], client.TxSuccessfulStatus)
 	})
 
 
@@ -61,6 +61,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocationList, response, err := zboxClient.ListAllocation(t, headers)
 		require.NoError(t, err)
 		require.Equal(t, 200, response.StatusCode(), "Response status code does not match expected. Output: [%v]", response.String())
@@ -74,6 +77,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
 		require.NoError(t, err)
@@ -92,6 +98,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		allocInput["id"] = "c0360331837a7376d27007614e124db83811e4416dd2f1577345dd96c8621bf6"
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
@@ -137,6 +146,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_CHIMNEY)
+
 		allocInput := NewTestAllocation()
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
 		require.NoError(t, err)
@@ -150,6 +162,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
 		require.NoError(t, err)
@@ -167,6 +182,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
 		require.NoError(t, err)
@@ -188,6 +206,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 
 		_, response, err := zboxClient.GetAllocation(t, headers, allocInput["id"])
@@ -202,6 +223,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		_, response, err := zboxClient.CreateAllocation(t, headers, allocInput)
 		require.NoError(t, err)
@@ -229,6 +253,9 @@ func Test0BoxAllocation(testSetup *testing.T) {
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		allocInput := NewTestAllocation()
 		allocInput["name"] = "new_alloc_name"
 		allocInput["description"] = "new_alloc_description"
 
@@ -21,12 +21,16 @@ func Test0BoxDex(testSetup *testing.T) {
 	t := test.NewSystemTest(testSetup)
 
 	t.RunSequentially("Create dex should work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		dexData := NewTestDex()
 
 		_, response, err := zboxClient.CreateDexState(t, headers, dexData)
@@ -40,12 +44,16 @@ func Test0BoxDex(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("Update dex should work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		dexData := NewTestDex()
 
 		_, response, err := zboxClient.CreateDexState(t, headers, dexData)
 
@@ -21,12 +21,16 @@ func Test0BoxFreeStorage(testSetup *testing.T) {
 	t.SetSmokeTests("List allocation with zero allocation should work")
 
 	t.RunSequentiallyWithTimeout("Create FreeStorage should work", 3*time.Minute, func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		err := Create0boxTestWallet(t, headers)
 		require.NoError(t, err)
 
+		// Refresh CSRF token after wallet creation to ensure it's valid
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
+
 		storageMarker, response, err := zboxClient.CreateFreeStorage(t, headers)
 		require.NoError(t, err)
 		require.Equal(t, 200, response.StatusCode(), "Response status code does not match expected. Output: [%v]", response.String())
@@ -40,8 +44,9 @@ func Test0BoxFreeStorage(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("Create FreeStorage without existing wallet should not work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		_, response, err := zboxClient.CreateFreeStorage(t, headers)
 		require.NoError(t, err)
 
@@ -12,17 +12,19 @@ func Test0BoxJWT(testSetup *testing.T) {
 	t := test.NewSystemTest(testSetup)
 
 	t.RunSequentially("Create JWT token", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		_, response, err := zboxClient.CreateJwtToken(t, headers)
 		require.NoError(t, err)
 		require.Equal(t, 200, response.StatusCode(), "Response status code does not match expected. Output: [%v]", response.String())
 	})
 
 	t.RunSequentially("Refresh JWT token with user id, which differs from the one used by the given old JWT token", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		jwtToken, response, err := zboxClient.CreateJwtToken(t, headers)
 		require.NoError(t, err)
@@ -40,8 +42,9 @@ func Test0BoxJWT(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("Refresh JWT token with incorrect old JWT token", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		jwtToken, response, err := zboxClient.CreateJwtToken(t, headers)
 		require.NoError(t, err)
@@ -54,8 +57,9 @@ func Test0BoxJWT(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("Refresh JWT token with user id, which equals to the one used by the given old JWT token", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		jwtToken, response, err := zboxClient.CreateJwtToken(t, headers)
 		require.NoError(t, err)
 
@@ -37,8 +37,9 @@ func Test0BoxOwner(testSetup *testing.T) {
 	t := test.NewSystemTest(testSetup)
 
 	t.RunSequentially("create owner without existing userID should work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		verifyOtpInput := NewVerifyOtpDetails()
 		_, response, err := zboxClient.VerifyOtpDetails(t, headers, verifyOtpInput)
@@ -54,8 +55,9 @@ func Test0BoxOwner(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("create owner with existing userID should not work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		verifyOtpInput := NewVerifyOtpDetails()
 		_, _, err := zboxClient.VerifyOtpDetails(t, headers, verifyOtpInput)
@@ -67,8 +69,9 @@ func Test0BoxOwner(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("update owner with existing owner should work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		verifyOtpInput := NewVerifyOtpDetails()
 		_, _, err := zboxClient.VerifyOtpDetails(t, headers, verifyOtpInput)
@@ -91,8 +94,9 @@ func Test0BoxOwner(testSetup *testing.T) {
 	})
 
 	t.RunSequentially("update owner without existing owner should not work", func(t *test.SystemTest) {
-		headers := zboxClient.NewZboxHeaders(client.X_APP_BLIMP)
+		headers := zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 		Teardown(t, headers)
+		headers = zboxClient.NewZboxHeadersWithCSRF(t, client.X_APP_BLIMP)
 
 		ownerInput := NewTestOwner()
 		message, _, err := zboxClient.UpdateOwner(t, headers, ownerInput)