Implement nicenet

- There are bot accounts that return what you sent them
- Sending a transaction generates some coin out of thin air
- No more one tx per person per block limit
- Unused transactions do not disappear anymore

11 files changed, 701 insertions, 524 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 82a3df2..22990ad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -41,6 +41,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "ansi_term"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
+dependencies = [
+ "winapi 0.3.9",
+]
+
+[[package]]
 name = "anyhow"
 version = "1.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -283,6 +292,16 @@ dependencies = [
 ]
 
 [[package]]
+name = "ctor"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e98e2ad1a782e33928b96fc3948e7c355e5af34ba4de7670fe8bac2a3b2006d"
+dependencies = [
+ "quote",
+ "syn",
+]
+
+[[package]]
 name = "derivative"
 version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -294,6 +313,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "diff"
+version = "0.1.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e25ea47919b1560c4e3b7fe0aaab9becf5b84a10325ddf7db0f0ba5e1026499"
+
+[[package]]
 name = "digest"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -457,6 +482,7 @@ dependencies = [
  "log4rs",
  "md-5",
  "parking_lot 0.10.2",
+ "pretty_assertions",
  "rsa",
  "serde",
  "serde_json",
@@ -985,6 +1011,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "output_vt100"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53cdc5b785b7a58c5aad8216b3dfa114df64b0b06ae6e1501cef91df2fbdf8f9"
+dependencies = [
+ "winapi 0.3.9",
+]
+
+[[package]]
 name = "parking_lot"
 version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1115,6 +1150,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
 
 [[package]]
+name = "pretty_assertions"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1cab0e7c02cf376875e9335e0ba1da535775beb5450d21e1dffca068818ed98b"
+dependencies = [
+ "ansi_term",
+ "ctor",
+ "diff",
+ "output_vt100",
+]
+
+[[package]]
 name = "proc-macro2"
 version = "1.0.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index 45fda30..77efd25 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -30,3 +30,4 @@ askama = "0.10.5"
 
 [dev-dependencies]
 serde_test = "1.0.117"
+pretty_assertions = "0.7.2"
diff --git a/TODO.md b/TODO.md
index 2b3e21a..590ef50 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,11 +1,7 @@
 # TODO
 
 ## Issues
-- [ ] Students can authenticate twice
-
-## Good ideas
-- [ ] Add the hash of previous block to the next block
-
+- [X] Students can authenticate twice
 
 ## Tests
 - [ ] Route Tests
diff --git a/examples/serdeser.rs b/examples/serdeser.rs
index 60d90b9..4fdfdc2 100644
--- a/examples/serdeser.rs
+++ b/examples/serdeser.rs
@@ -4,9 +4,8 @@ use serde_json;
 pub fn main() {
 
     let tx = Transaction {
-        by: "fingerprint_of_some_guy".to_owned(),
-        source: "31415926535897932384626433832795028841971693993751058209749445923".to_owned(),
-        target: "fingerprint_of_some_guy".to_owned(),
+        source: "fingerprint_of_some_guy".to_owned(),
+        target: "31415926535897932384626433832795028841971693993751058209749445923".to_owned(),
         amount: 2,
         timestamp: chrono::NaiveDate::from_ymd(2021, 04, 13).and_hms(20, 55, 30),
     };
diff --git a/src/handlers.rs b/src/handlers.rs
index 7e022c3..e37cb40 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -4,6 +4,7 @@ use askama::Template;
 use blake2::{Blake2s, Digest};
 use block_modes::block_padding::Pkcs7;
 use block_modes::{BlockMode, Cbc};
+use chrono::Utc;
 use jsonwebtoken::errors::ErrorKind;
 use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation};
 use log::{debug, warn};
@@ -15,12 +16,21 @@ use sha2::Sha256;
 use std::collections::{HashMap, HashSet};
 use std::convert::Infallible;
 use std::fs;
+use std::hash::Hash;
 use warp::{http::StatusCode, reply};
 
 use crate::PRIVATE_KEY;
-const BLOCK_TRANSACTION_COUNT: u8 = 1;
+
+// Valid blocks should have this many transactions
+const BLOCK_TRANSACTION_COUNT: u8 = 5;
+// Inital registration bonus
+const REGISTER_BONUS: u16 = 40;
+// Coinbase reward
 const BLOCK_REWARD: u16 = 3;
+// Transaction amount limit
 const TX_UPPER_LIMIT: u16 = 2;
+// Transaction traffic reward
+const TX_TRAFFIC_REWARD: u16 = 1;
 
 // Encryption primitive
 type Aes128Cbc = Cbc<Aes128, Pkcs7>;
@@ -106,19 +116,20 @@ pub async fn authenticate_user(
 
     let padding = PaddingScheme::new_oaep::<sha2::Sha256>();
 
+    // Peel away the base64 layer from "key" field
     let key_ciphertext = match base64::decode(&request.key) {
         Ok(c) => c,
         Err(err) => {
             debug!(
-                "The ciphertext of the key was not base64 encoded {}, {}",
+                "\"key\" field of initial auth request was not base64 encoded: {}, {}",
                 &request.key, err
             );
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
                 message: format!(
-                    "The ciphertext of the key was not base64 encoded: {}",
-                    request.key
+                    "\"key\" field of initial auth request was not base64 encoded: {}, {}",
+                    &request.key, err
                 ),
             });
 
@@ -126,19 +137,39 @@ pub async fn authenticate_user(
         }
     };
 
+    // Decrypt the "key" field using Gradecoin's private key
     let temp_key = match gradecoin_private_key.decrypt(padding, &key_ciphertext) {
         Ok(k) => k,
         Err(err) => {
             debug!(
-                "Failed to decrypt ciphertext {:?}, {}",
-                &key_ciphertext, err
+                "Failed to decrypt ciphertext of the key with Gradecoin's public key: {}. Key was {:?}",
+                err, &key_ciphertext
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "Failed to decrypt the 'key_ciphertext' field of the auth request"
+                    .to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    // Peel away the base64 from the iv field as well
+    let byte_iv = match base64::decode(&request.iv) {
+        Ok(iv) => iv,
+        Err(err) => {
+            debug!(
+                "\"iv\" field of initial auth request was not base64 encoded: {}, {}",
+                &request.iv, err
             );
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
                 message: format!(
-                    "Failed to decrypt the ciphertext of the temporary key: {:?}",
-                    &key_ciphertext
+                    "\"iv\" field of initial auth request was not base64 encoded: {}, {}",
+                    &request.iv, err
                 ),
             });
 
@@ -146,8 +177,7 @@ pub async fn authenticate_user(
         }
     };
 
-    let byte_iv = base64::decode(&request.iv).unwrap();
-
+    // we have key and iv, time to decrypt the "c" field, first prepare the decryptor
     let cipher = match Aes128Cbc::new_var(&temp_key, &byte_iv) {
         Ok(c) => c,
         Err(err) => {
@@ -165,42 +195,49 @@ pub async fn authenticate_user(
         }
     };
 
+    // peel away the base64 from the auth packet
     let auth_packet = match base64::decode(&request.c) {
         Ok(a) => a,
-
         Err(err) => {
             debug!(
-                "The auth_packet (c field) did not base64 decode {} {}",
+                "\"c\" field of initial auth request was not base64 encoded: {}, {}",
                 &request.c, err
             );
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "The c field was not correctly base64 encoded".to_owned(),
+                message: format!(
+                    "\"c\" field of initial auth request was not base64 encoded: {}, {}",
+                    &request.c, err
+                ),
             });
 
             return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
         }
     };
 
+    // c field was properly base64 encoded, now available in auth_packet
+    // decryptor was setup properly, with the correct lenght key
     let mut buf = auth_packet.to_vec();
     let auth_plaintext = match cipher.decrypt(&mut buf) {
         Ok(p) => p,
         Err(err) => {
-            debug!(
-                "Base64 decoded auth request did not decrypt correctly {:?} {}",
-                &auth_packet, err
+            println!(
+                "auth request (c) did not decrypt correctly {:?} {}",
+                &buf, err
             );
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "The base64 decoded auth request did not decrypt correctly".to_owned(),
+                message: "Failed to decrypt the 'c' field of the auth request, 'iv' and 'k_temp' were valid so far though"
+                    .to_owned(),
             });
 
             return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
         }
     };
 
+    // we have a decrypted c field, create a string from the bytes mess
     let utf8_auth_plaintext = match String::from_utf8(auth_plaintext.to_vec()) {
         Ok(text) => text,
         Err(err) => {
@@ -211,13 +248,15 @@ pub async fn authenticate_user(
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "Auth plaintext could not get converted to UTF-8".to_owned(),
+                message: "P_AR couldn't get converted to UTF-8, please check your encoding"
+                    .to_owned(),
             });
 
             return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
         }
     };
 
+    // finally create an AuthRequest object from the plaintext
     let request: AuthRequest = match serde_json::from_str(&utf8_auth_plaintext) {
         Ok(req) => req,
         Err(err) => {
@@ -228,24 +267,32 @@ pub async fn authenticate_user(
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "The auth request JSON did not serialize correctly".to_owned(),
+                message: "The P_AR JSON did not serialize correctly, did it include all 3 fields 'student_id', 'passwd' and 'public_key'?".to_owned(),
             });
 
             return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
         }
     };
 
-    let privileged_student_id = match MetuId::new(request.student_id, request.passwd) {
-        Some(id) => id,
-        None => {
-            let res_json = warp::reply::json(&GradeCoinResponse {
+    // is the student in AuthRequest privileged?
+    let privileged_student_id =
+        match MetuId::new(request.student_id.clone(), request.passwd.clone()) {
+            Some(id) => id,
+            None => {
+                debug!(
+                    "Someone tried to auth with invalid credentials: {} {}",
+                    &request.student_id, &request.passwd
+                );
+                let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "This user cannot have a gradecoin account".to_owned(),
+                message:
+                    "The credentials given ('student_id', 'passwd') cannot hold a Gradecoin account"
+                        .to_owned(),
             });
 
-            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
-        }
-    };
+                return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+            }
+        };
 
     // Students should be able to authenticate once
     {
@@ -264,12 +311,11 @@ pub async fn authenticate_user(
         }
     }
 
-    // We're using this as the validator
-    // I hate myself
+    // We're using this as the validator instead of anything reasonable
     if DecodingKey::from_rsa_pem(request.public_key.as_bytes()).is_err() {
         let res_json = warp::reply::json(&GradeCoinResponse {
             res: ResponseType::Error,
-            message: "The supplied RSA public key is not in valid PEM format".to_owned(),
+            message: "The RSA 'public_key' in 'P_AR' is not in valid PEM format".to_owned(),
         });
 
         return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
@@ -280,25 +326,27 @@ pub async fn authenticate_user(
     let new_user = User {
         user_id: privileged_student_id,
         public_key: request.public_key,
-        balance: 0,
+        balance: REGISTER_BONUS,
+        is_bot: false,
     };
 
-    debug!("New user authenticated themselves! {:?}", &new_user);
+    debug!("NEW USER: {:?}", &new_user);
 
+    // save the user to disk
     let user_at_rest_json = serde_json::to_string(&UserAtRest {
+        fingerprint: fingerprint.clone(),
         user: User {
             user_id: new_user.user_id.clone(),
             public_key: new_user.public_key.clone(),
-            balance: 0,
+            balance: new_user.balance,
+            is_bot: false,
         },
-        fingerprint: fingerprint.clone(),
     })
     .unwrap();
 
     fs::write(format!("users/{}.guy", new_user.user_id), user_at_rest_json).unwrap();
 
     let mut userlist = db.users.write();
-
     userlist.insert(fingerprint.clone(), new_user);
 
     let res_json = warp::reply::json(&GradeCoinResponse {
@@ -314,9 +362,7 @@ pub async fn authenticate_user(
 
 /// GET /transaction
 /// Returns JSON array of transactions
-/// Cannot fail
 pub async fn list_transactions(db: Db) -> Result<impl warp::Reply, Infallible> {
-    debug!("GET /transaction, list_transactions() is handling");
     let mut result = HashMap::new();
 
     let transactions = db.pending_transactions.read();
@@ -342,12 +388,9 @@ pub async fn propose_block(
     token: String,
     db: Db,
 ) -> Result<impl warp::Reply, warp::Rejection> {
-    debug!("POST /block, propose_block() is handling");
-
-    let users_store = db.users.upgradable_read();
-
     warn!("New block proposal: {:?}", &new_block);
 
+    // Check if there are enough transactions in the block
     if new_block.transaction_list.len() < BLOCK_TRANSACTION_COUNT as usize {
         debug!(
             "{} transactions offered, needed {}",
@@ -366,7 +409,29 @@ pub async fn propose_block(
     }
 
     // proposer (first transaction fingerprint) checks
-    let internal_user = match users_store.get(&new_block.transaction_list[0]) {
+    let pending_transactions = db.pending_transactions.upgradable_read();
+
+    let internal_user_fingerprint = match pending_transactions.get(&new_block.transaction_list[0]) {
+        Some(coinbase) => &coinbase.source,
+        None => {
+            debug!(
+                "Block proposer with public key signature {:?} is not found in the database",
+                new_block.transaction_list[0]
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "Proposer of the first transaction is not found in the system".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let users_store = db.users.upgradable_read();
+
+    // this probably cannot fail, if the transaction is valid then it must've been checked already
+    let internal_user = match users_store.get(internal_user_fingerprint) {
         Some(existing_user) => existing_user,
         None => {
             debug!(
@@ -390,7 +455,7 @@ pub async fn propose_block(
     let token_payload = match authorize_proposer(token, &proposer_public_key) {
         Ok(data) => data,
         Err(below) => {
-            debug!("Something went wrong below {:?}", below);
+            debug!("Something went wrong with the JWT {:?}", below);
 
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
@@ -409,49 +474,36 @@ pub async fn propose_block(
         );
         let res_json = warp::reply::json(&GradeCoinResponse {
             res: ResponseType::Error,
-            message: "The hash of the block did not match the hash given in JWT".to_owned(),
+            message: "The hash of the block did not match the hash given in JWT tha field"
+                .to_owned(),
         });
 
         return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
     }
 
-    // scope the HashSet
-    {
-        let mut proposed_transactions = HashSet::new();
-        for tx in new_block.transaction_list.iter() {
-            proposed_transactions.insert(tx);
-        }
+    if !has_unique_elements(&new_block.transaction_list) {
+        debug!("Block contains duplicate transactions!");
+        let res_json = warp::reply::json(&GradeCoinResponse {
+            res: ResponseType::Error,
+            message: "Block cannot contain duplicate transactions".to_owned(),
+        });
 
-        if proposed_transactions.len() < BLOCK_TRANSACTION_COUNT as usize {
+        return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+    }
+
+    // Are transactions in the block valid?
+    for transaction_hash in new_block.transaction_list.iter() {
+        if !pending_transactions.contains_key(transaction_hash) {
             let res_json = warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: format!(
-                    "Block cannot contain less than {} unique transaction(s).",
-                    BLOCK_TRANSACTION_COUNT
-                ),
+                message: "Block contains an unknown transaction".to_owned(),
             });
 
             return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
         }
     }
 
-    // Scope the RwLocks, there are hashing stuff below
-    {
-        let pending_transactions = db.pending_transactions.read();
-
-        // Are transactions in the block valid?
-        for transaction_hash in new_block.transaction_list.iter() {
-            if !pending_transactions.contains_key(transaction_hash) {
-                let res_json = warp::reply::json(&GradeCoinResponse {
-                    res: ResponseType::Error,
-                    message: "Block contains unknown transaction".to_owned(),
-                });
-
-                return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
-            }
-        }
-    }
-
+    // hash the block ourselves to double check
     let naked_block = NakedBlock {
         transaction_list: new_block.transaction_list.clone(),
         nonce: new_block.nonce,
@@ -490,15 +542,14 @@ pub async fn propose_block(
     // All clear, block accepted!
     warn!("ACCEPTED BLOCK {:?}", new_block);
 
-    // Scope the pending_transactions
+    // Scope the read guards
     {
-        let pending_transactions = db.pending_transactions.read();
+        let mut pending_transactions = RwLockUpgradableReadGuard::upgrade(pending_transactions);
         let mut users_store = RwLockUpgradableReadGuard::upgrade(users_store);
 
-        let coinbase_fingerprint = new_block.transaction_list.get(0).unwrap();
-
+        // Play out the transactions
         for fingerprint in new_block.transaction_list.iter() {
-            if let Some(transaction) = pending_transactions.get(fingerprint) {
+            if let Some(transaction) = pending_transactions.remove(fingerprint) {
                 let source = &transaction.source;
                 let target = &transaction.target;
 
@@ -507,21 +558,34 @@ pub async fn propose_block(
                 }
 
                 if let Some(to) = users_store.get_mut(target) {
-                    to.balance += transaction.amount;
+                    to.balance += transaction.amount + TX_TRAFFIC_REWARD;
+                }
+
+                // if the receiver is a bot, they will reciprocate
+                if users_store.get(target).unwrap().is_bot {
+                    let transaction_id =
+                        calculate_transaction_id(&transaction.target, &transaction.source);
+                    pending_transactions.insert(
+                        transaction_id,
+                        Transaction {
+                            source: target.to_owned(),
+                            target: source.to_owned(),
+                            amount: transaction.amount,
+                            timestamp: Utc::now().naive_local(),
+                        },
+                    );
                 }
             }
         }
 
+        // Reward the block proposer
+        let coinbase_fingerprint = new_block.transaction_list.get(0).unwrap();
+
         if let Some(coinbase_user) = users_store.get_mut(coinbase_fingerprint) {
             coinbase_user.balance += BLOCK_REWARD;
         }
     }
 
-    {
-        let mut pending_transactions = db.pending_transactions.write();
-        pending_transactions.clear();
-    }
-
     let block_json = serde_json::to_string(&new_block).unwrap();
 
     fs::write(
@@ -538,7 +602,7 @@ pub async fn propose_block(
     Ok(warp::reply::with_status(
         warp::reply::json(&GradeCoinResponse {
             res: ResponseType::Success,
-            message: "Block accepted coinbase reward awarded".to_owned(),
+            message: "Block accepted, coinbase reward awarded".to_owned(),
         }),
         StatusCode::CREATED,
     ))
@@ -558,19 +622,17 @@ pub async fn propose_transaction(
     token: String,
     db: Db,
 ) -> Result<impl warp::Reply, warp::Rejection> {
-    debug!("POST /transaction, propose_transaction() is handling");
-
     warn!("New transaction proposal: {:?}", &new_transaction);
 
     let users_store = db.users.read();
 
     // Is this transaction from an authorized source?
-    let internal_user = match users_store.get(&new_transaction.by) {
+    let internal_user = match users_store.get(&new_transaction.source) {
         Some(existing_user) => existing_user,
         None => {
             debug!(
                 "User with public key signature {:?} is not found in the database",
-                new_transaction.by
+                new_transaction.source
             );
 
             return Ok(warp::reply::with_status(
@@ -586,105 +648,112 @@ pub async fn propose_transaction(
 
     // `internal_user` is an authenticated student, can propose
 
-    // Does this user have a pending transaction?
-    {
-        let transactions = db.pending_transactions.read();
-        if transactions.contains_key(&*new_transaction.by.to_owned()) {
-            debug!("{:?} already has a pending transaction", new_transaction.by);
+    // This public key was already written to the database, we can panic if it's not valid at
+    // *this* point
+    let proposer_public_key = &internal_user.public_key;
+
+    let token_payload = match authorize_proposer(token, &proposer_public_key) {
+        Ok(data) => data,
+        Err(below) => {
+            debug!("JWT Error: {:?}", below);
             return Ok(warp::reply::with_status(
                 warp::reply::json(&GradeCoinResponse {
                     res: ResponseType::Error,
-                    message: "This user already has another pending transaction".to_owned(),
+                    message: below,
                 }),
                 StatusCode::BAD_REQUEST,
             ));
         }
-    }
+    };
 
-    // Is transaction amount within bounds
-    if new_transaction.amount > TX_UPPER_LIMIT {
+    // is the target of the transaction in the system?
+    if !users_store.contains_key(&new_transaction.target) {
         debug!(
-            "Transaction amount cannot exceed {}, was {}",
-            TX_UPPER_LIMIT, new_transaction.amount
+            "Target of the transaction is not in the system {}",
+            new_transaction.target
         );
+
         return Ok(warp::reply::with_status(
             warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: format!("Transaction amount cannot exceed {}", TX_UPPER_LIMIT),
+                message: format!(
+                    "Target of the transaction {} is not found in the system",
+                    new_transaction.target
+                ),
             }),
             StatusCode::BAD_REQUEST,
         ));
     }
 
-    if new_transaction.by == new_transaction.source {
-        // check if user can afford the transaction
-        if internal_user.balance < new_transaction.amount {
-            debug!(
-                "User does not have enough balance ({}) for this TX {}",
-                internal_user.balance, new_transaction.amount
-            );
-            return Ok(warp::reply::with_status(
-                warp::reply::json(&GradeCoinResponse {
-                    res: ResponseType::Error,
-                    message:
-                        "User does not have enough balance in their account for this transaction"
-                            .to_owned(),
-                }),
-                StatusCode::BAD_REQUEST,
-            ));
-        }
-    } else if new_transaction.by == new_transaction.target {
-        // Only transactions FROM bank could appear here
+    let transaction_id = calculate_transaction_id(&new_transaction.source, &new_transaction.target);
 
-        if new_transaction.source
-            != "31415926535897932384626433832795028841971693993751058209749445923"
-        {
+    // OLD: Does this user have a pending transaction?
+    // NEW: Is this source:target pair unqiue?
+    {
+        let transactions = db.pending_transactions.read();
+        debug!(
+            "This is a transaction from {} to {}",
+            new_transaction.source, new_transaction.target,
+        );
+
+        if transactions.contains_key(&transaction_id) {
             debug!(
-                "Extortion attempt - between {} and {}",
-                new_transaction.source, new_transaction.target
+                "this source/target combination {} already has a pending transaction",
+                transaction_id
             );
+
             return Ok(warp::reply::with_status(
                 warp::reply::json(&GradeCoinResponse {
                     res: ResponseType::Error,
-                    message: "Transactions cannot extort Gradecoin from unsuspecting users"
-                        .to_owned(),
+                    message: "This user already has another pending transaction".to_owned(),
                 }),
                 StatusCode::BAD_REQUEST,
             ));
         }
-    } else {
+    }
+
+    if new_transaction.source == new_transaction.target {
+        debug!("transaction source and target are the same",);
+
+        return Ok(warp::reply::with_status(
+            warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "transaction to yourself, you had to try didn't you? :)".to_owned(),
+            }),
+            StatusCode::BAD_REQUEST,
+        ));
+    }
+
+    // Is transaction amount within bounds
+    if new_transaction.amount > TX_UPPER_LIMIT {
         debug!(
-            "Attempt to transact between two unrelated parties - {} and {}",
-            new_transaction.source, new_transaction.target
+            "Transaction amount cannot exceed {}, was {}",
+            TX_UPPER_LIMIT, new_transaction.amount
         );
         return Ok(warp::reply::with_status(
             warp::reply::json(&GradeCoinResponse {
                 res: ResponseType::Error,
-                message: "Transactions cannot be proposed on behalf of  someone else".to_owned(),
+                message: format!("Transaction amount cannot exceed {}", TX_UPPER_LIMIT),
             }),
             StatusCode::BAD_REQUEST,
         ));
     }
 
-    // This public key was already written to the database, we can panic if it's not valid at
-    // *this* point
-    let proposer_public_key = &internal_user.public_key;
-
-    let token_payload = match authorize_proposer(token, &proposer_public_key) {
-        Ok(data) => data,
-        Err(below) => {
-            debug!("Something went wrong at JWT {:?}", below);
-            return Ok(warp::reply::with_status(
-                warp::reply::json(&GradeCoinResponse {
-                    res: ResponseType::Error,
-                    message: below,
-                }),
-                StatusCode::BAD_REQUEST,
-            ));
-        }
-    };
-
-    // authorized for transaction proposal
+    // check if user can afford the transaction
+    if internal_user.balance < new_transaction.amount {
+        debug!(
+            "User does not have enough balance ({}) for this TX {}",
+            internal_user.balance, new_transaction.amount
+        );
+        return Ok(warp::reply::with_status(
+            warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "User does not have enough balance in their account for this transaction"
+                    .to_owned(),
+            }),
+            StatusCode::BAD_REQUEST,
+        ));
+    }
 
     // this transaction was already checked for correctness at custom_filters, we can panic here if
     // it has been changed since
@@ -709,7 +778,7 @@ pub async fn propose_transaction(
 
     let mut transactions = db.pending_transactions.write();
 
-    transactions.insert(new_transaction.by.to_owned(), new_transaction);
+    transactions.insert(transaction_id, new_transaction);
 
     Ok(warp::reply::with_status(
         warp::reply::json(&GradeCoinResponse {
@@ -780,6 +849,12 @@ fn authorize_proposer(jwt_token: String, user_pem: &str) -> Result<TokenData<Cla
     Ok(token_payload)
 }
 
+fn calculate_transaction_id(source: &str, target: &str) -> String {
+    let long_fingerprint = format!("{}{}", source, target);
+    let id = format!("{:x}", Sha256::digest(long_fingerprint.as_bytes()));
+    id
+}
+
 #[derive(Template)]
 #[template(path = "list.html")]
 struct UserTemplate<'a> {
@@ -789,6 +864,7 @@ struct UserTemplate<'a> {
 struct DisplayUsers {
     fingerprint: String,
     balance: u16,
+    is_bot: bool,
 }
 
 pub async fn user_list_handler(db: Db) -> Result<impl warp::Reply, warp::Rejection> {
@@ -799,6 +875,7 @@ pub async fn user_list_handler(db: Db) -> Result<impl warp::Reply, warp::Rejecti
         sane_users.push(DisplayUsers {
             fingerprint: fingerprint.to_owned(),
             balance: user.balance,
+            is_bot: user.is_bot,
         });
     }
 
@@ -806,3 +883,12 @@ pub async fn user_list_handler(db: Db) -> Result<impl warp::Reply, warp::Rejecti
     let res = template.render().unwrap();
     Ok(warp::reply::html(res))
 }
+
+fn has_unique_elements<T>(iter: T) -> bool
+where
+    T: IntoIterator,
+    T::Item: Eq + Hash,
+{
+    let mut uniq = HashSet::new();
+    iter.into_iter().all(move |x| uniq.insert(x))
+}
diff --git a/src/schema.rs b/src/schema.rs
index 19b7fd8..537e0a5 100644
--- a/src/schema.rs
+++ b/src/schema.rs
@@ -20,9 +20,9 @@ use std::path::PathBuf;
 use std::string::String;
 use std::sync::Arc;
 use std::vec::Vec;
-// use crate::validators;
 
 pub type Fingerprint = String;
+pub type Id = String;
 
 fn block_parser(path: String) -> u64 {
     let end_pos = path.find(".block").unwrap();
@@ -146,7 +146,7 @@ pub struct Claims {
 #[derive(Debug, Clone)]
 pub struct Db {
     pub blockchain: Arc<RwLock<Block>>,
-    pub pending_transactions: Arc<RwLock<HashMap<Fingerprint, Transaction>>>,
+    pub pending_transactions: Arc<RwLock<HashMap<Id, Transaction>>>,
     pub users: Arc<RwLock<HashMap<Fingerprint, User>>>,
 }
 
@@ -154,14 +154,51 @@ impl Db {
     pub fn new() -> Self {
         let mut users: HashMap<Fingerprint, User> = HashMap::new();
 
-        let bank_acc = MetuId::new("bank".to_owned(), "P7oxDm30g1jeIId".to_owned()).unwrap();
+        let friendly_1 = MetuId::new("friend_1".to_owned(), "not_used".to_owned()).unwrap();
 
         users.insert(
-            "31415926535897932384626433832795028841971693993751058209749445923".to_owned(),
+            "cde48537ca2c28084ff560826d0e6388b7c57a51497a6cb56f397289e52ff41b".to_owned(),
             User {
-                user_id: bank_acc,
-                public_key: "null".to_owned(),
-                balance: 27 * 80,
+                user_id: friendly_1,
+                public_key: "not_used".to_owned(),
+                balance: 0,
+                is_bot: true,
+            },
+        );
+
+        let friendly_2 = MetuId::new("friend_2".to_owned(), "not_used".to_owned()).unwrap();
+
+        users.insert(
+            "a1a38b5bae5866d7d998a9834229ec2f9db7a4fc8fb6f58b1115a96a446875ff".to_owned(),
+            User {
+                user_id: friendly_2,
+                public_key: "not_used".to_owned(),
+                balance: 0,
+                is_bot: true,
+            },
+        );
+
+        let friendly_3 = MetuId::new("friend_4".to_owned(), "not_used".to_owned()).unwrap();
+
+        users.insert(
+            "4e048fd2a62f1307866086e803e9be43f78a702d5df10831fbf434e7663ae0e7".to_owned(),
+            User {
+                user_id: friendly_3,
+                public_key: "not_used".to_owned(),
+                balance: 0,
+                is_bot: true,
+            },
+        );
+
+        let friendly_4 = MetuId::new("friend_4".to_owned(), "not_used".to_owned()).unwrap();
+
+        users.insert(
+            "60e77101e76950a9b1830fa107fd2f8fc545255b3e0f14b6a7797cf9ee005f07".to_owned(),
+            User {
+                user_id: friendly_4,
+                public_key: "not_used".to_owned(),
+                balance: 0,
+                is_bot: true,
             },
         );
 
@@ -182,7 +219,6 @@ impl Default for Db {
 /// A transaction between `source` and `target` that moves `amount`
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
 pub struct Transaction {
-    pub by: Fingerprint,
     pub source: Fingerprint,
     pub target: Fingerprint,
     pub amount: u16,
@@ -244,6 +280,8 @@ pub struct User {
     pub user_id: MetuId,
     pub public_key: String,
     pub balance: u16,
+    #[serde(skip, default = "bool::default")]
+    pub is_bot: bool,
 }
 
 /// The values are hard coded in [`OUR_STUDENTS`] so MetuId::new() can accept/reject values based on that
@@ -308,6 +346,10 @@ lazy_static! {
             ("e223715", "1H5QuOYI1b2r9ET"),
             ("e181932", "THANKYOUHAVEFUN"),
             ("bank", "P7oxDm30g1jeIId"),
+            ("friend_1", "not_used"),
+            ("friend_2", "not_used"),
+            ("friend_3", "not_used"),
+            ("friend_4", "not_used"),
         ]
         .iter()
         .cloned()
diff --git a/templates/css.html b/templates/css.html
index a918a4b..4a2ac7b 100644
--- a/templates/css.html
+++ b/templates/css.html
@@ -1,23 +1,30 @@
 <style>
+
+body {
+    font-family: monospace, Times, serif;
+    margin: 2em auto;
+    max-width: 800px;
+}
+
 table, th, td {
     border: 1px solid black;
     border-collapse: collapse;
 }
 th, td {
-    padding: 15px;
+    padding: 10px;
 }
 #t01 {
-  width: 100%;
-  background-color: #fbf1c7;
+    width: 100%;
+    background-color: #fbf1c7;
 }
 #t01 tr:nth-child(even) {
-  background-color: #a89984;
+    background-color: #a89984;
 }
 #t01 tr:nth-child(odd) {
-  background-color: #f9f5d7;
+    background-color: #f9f5d7;
 }
 #t01 th {
-  color: #fbf1c7;
-  background-color: #282828;
+    color: #fbf1c7;
+    background-color: #282828;
 }
 </style>
diff --git a/templates/header.html b/templates/header.html
index a142fad..1c9136e 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -1,10 +1,11 @@
 <html>
     <head>
-        <title>Gradecoin</title>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Gradecoin | Users</title>
         {% include "css.html" %}
     </head>
     <body>
-    <div>
-        <h1>Registered Users</h1>
-    </div>
-    <hr />
+        <div>
+            <h1>Registered Users</h1>
+        </div>
+        <hr />
diff --git a/templates/list.html b/templates/list.html
index 083e0e8..0f19107 100644
--- a/templates/list.html
+++ b/templates/list.html
@@ -7,9 +7,9 @@
     </tr>
     {% for user in users %}
     <tr>
-        <td>{{ user.fingerprint }}</td>
+        <td>{{ user.fingerprint }} {% if user.is_bot %} <span title="I'm a bot!">👋🤖</span> {% endif %}</td>
         <td>{{ user.balance }}</td>
     </tr>
-        {% endfor %}
+    {% endfor %}
 </table>
 {% include "footer.html" %}
diff --git a/tests/route_tests.rs b/tests/route_tests.rs
index decc712..a449b0b 100644
--- a/tests/route_tests.rs
+++ b/tests/route_tests.rs
@@ -1,6 +1,7 @@
 #[cfg(test)]
 mod tests {
     use gradecoin::schema::{Block, Db, InitialAuthRequest, MetuId, Transaction, User};
+    use pretty_assertions::assert_eq;
 
     use gradecoin::routes::consensus_routes;
     use warp::http::StatusCode;
@@ -24,6 +25,7 @@ FQIDAQAB
 -----END PUBLIC KEY-----"
                     .to_owned(),
                 balance: 30,
+                is_bot: false,
             },
         );
 
@@ -33,45 +35,44 @@ FQIDAQAB
                 user_id: MetuId::new("e223715".to_owned(), "1H5QuOYI1b2r9ET".to_owned()).unwrap(),
                 public_key: "NOT_USED_FOR_THIS_USER".to_owned(),
                 balance: 0,
+                is_bot: false,
             },
         );
 
         /*
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA5yWTMeFqr2nvOC9oR5Wq/nzcNlwCIaziojt7rJ4BBvuwkT0t
-ERDz8AgvUsaewiB+Fz5OXTeb3WAB1FEXnBXGekrGzvC8jHQMKHyNoWzUlpQJ9UMt
-dQIWPOCuMyLpc+rNPL3428U8UpldjbTHHyq2/ef6abkdj+XWg/slYtrFeOf3ktc1
-l50R4k8VO8L6kQuh2+YIjXGPLShRaqnUQPtH8LFPX4bO9lJ9mAoMZFec6XVwumn/
-uqu9jyWQL6qh6gtwQHgN+A9wGvzVvltJ9h8sshSHWWtBD0M19ilbXhKyBsHSSZkp
-x+TAvFhfQ8JURw7KqahUPVlCwJ5OIKccJ/6FFQIDAQABAoIBADTZGnZlG4dPqSon
-bKgxSA83bQHgt3wLkyWUhApLdeCq2wvZ+NvWDG/s7yT11IZ991ZJIJGfjTtoIALz
-J3rAX8jGH/5gfDuArOb000z9HP3wivZQjawa9gqlNC7s5INkQ9iHdsaIqeoYtpMX
-qg8uLPiQeWiCsoeb/Rff7ARWEKA7udoZ2uZcZFMHTKx+mBpk8IiepQAJPBRVwmXk
-x/3LTaezi6Tkvp/k/gf4IeSICiRGFRmm2Vxciduj11/CrdTHPQLz/Rh5/IN8Bkry
-xdQdQxxhwxF/ap6OJIJyguq7gximn2uK0jbHY3nRmrF8SsEtIT+Gd7I46L/goR8c
-jQOQRmECgYEA9RJSOBUkZMLoUcC2LGJBZOAnJZ7WToCVdu3LrPceRYtQHwcznW4O
-NAHF+blQRzqvbMi11ap8NVpkDDu0ki/Yi2VdSVjQmlaOcpAXjN6T5ZrKoz61xj4g
-2T2/K6d6ypkZRKPhKCC1iI419rq/APVEZHYCl7jZp4iD2izHiegZYccCgYEA8XRK
-rfVuPiYsaB07eJrRKKjuoM1Jcr19jZyXY8sbALRcExaTX2CRaPA7binVeDBXayQ1
-I0+kA1nV1EI+ROegV+b6gs2YaUmMJzI1yLqMqGDgHFxFvhkDsZaI+/V+G9eOLEt4
-5ic5tImfZITLE/GSC8b+C16gxMGUN4t9gHq2okMCgYAKyNedaDDFzl3y2wwpP9mo
-2sReP3Mm2Tm6lhRUdDt8y/impOZ8kw9E8p8HskP6HncBzoNR98KnhmbIswfrNvfM
-ipVkWOg1IoH6QKUIqfLQM9OfA290Xd+ML89t2Fzq9XnLL3sFDQtwCvIM/YLSQ/jS
-gu7yRkwttzA2NapCQ1h6mQKBgQClwBwn8Qyd01y2mCKkNzsP+2/cqTAbeSNAXFe8
-pMfDowx1+hBu7/7CF+/kPwmQuTa5kSB9PgWsWzYjwNm4OX1j+mbL9lEDLf7tRVWQ
-lydJyz7tmRYzWj6j4V/l/u90M3QgyiqTbCf73GG0AkjaRwHn3dG1gl9A0lZqDvK3
-iQXouwKBgQCrx6SCnEkhLISSZpzdDehtWmyCQJIwcdlRQlAmFLVn+TJHTXR7xUm2
-VpTrPTfaYWx83OQUn/OZqY5gIQ+jlfwqnVg+PDQQ/P09/4xygRCLvjL6NCSvtkj1
-MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
------END RSA PRIVATE KEY-----
-*/
+        -----BEGIN RSA PRIVATE KEY-----
+        MIIEpAIBAAKCAQEA5yWTMeFqr2nvOC9oR5Wq/nzcNlwCIaziojt7rJ4BBvuwkT0t
+        ERDz8AgvUsaewiB+Fz5OXTeb3WAB1FEXnBXGekrGzvC8jHQMKHyNoWzUlpQJ9UMt
+        dQIWPOCuMyLpc+rNPL3428U8UpldjbTHHyq2/ef6abkdj+XWg/slYtrFeOf3ktc1
+        l50R4k8VO8L6kQuh2+YIjXGPLShRaqnUQPtH8LFPX4bO9lJ9mAoMZFec6XVwumn/
+        uqu9jyWQL6qh6gtwQHgN+A9wGvzVvltJ9h8sshSHWWtBD0M19ilbXhKyBsHSSZkp
+        x+TAvFhfQ8JURw7KqahUPVlCwJ5OIKccJ/6FFQIDAQABAoIBADTZGnZlG4dPqSon
+        bKgxSA83bQHgt3wLkyWUhApLdeCq2wvZ+NvWDG/s7yT11IZ991ZJIJGfjTtoIALz
+        J3rAX8jGH/5gfDuArOb000z9HP3wivZQjawa9gqlNC7s5INkQ9iHdsaIqeoYtpMX
+        qg8uLPiQeWiCsoeb/Rff7ARWEKA7udoZ2uZcZFMHTKx+mBpk8IiepQAJPBRVwmXk
+        x/3LTaezi6Tkvp/k/gf4IeSICiRGFRmm2Vxciduj11/CrdTHPQLz/Rh5/IN8Bkry
+        xdQdQxxhwxF/ap6OJIJyguq7gximn2uK0jbHY3nRmrF8SsEtIT+Gd7I46L/goR8c
+        jQOQRmECgYEA9RJSOBUkZMLoUcC2LGJBZOAnJZ7WToCVdu3LrPceRYtQHwcznW4O
+        NAHF+blQRzqvbMi11ap8NVpkDDu0ki/Yi2VdSVjQmlaOcpAXjN6T5ZrKoz61xj4g
+        2T2/K6d6ypkZRKPhKCC1iI419rq/APVEZHYCl7jZp4iD2izHiegZYccCgYEA8XRK
+        rfVuPiYsaB07eJrRKKjuoM1Jcr19jZyXY8sbALRcExaTX2CRaPA7binVeDBXayQ1
+        I0+kA1nV1EI+ROegV+b6gs2YaUmMJzI1yLqMqGDgHFxFvhkDsZaI+/V+G9eOLEt4
+        5ic5tImfZITLE/GSC8b+C16gxMGUN4t9gHq2okMCgYAKyNedaDDFzl3y2wwpP9mo
+        2sReP3Mm2Tm6lhRUdDt8y/impOZ8kw9E8p8HskP6HncBzoNR98KnhmbIswfrNvfM
+        ipVkWOg1IoH6QKUIqfLQM9OfA290Xd+ML89t2Fzq9XnLL3sFDQtwCvIM/YLSQ/jS
+        gu7yRkwttzA2NapCQ1h6mQKBgQClwBwn8Qyd01y2mCKkNzsP+2/cqTAbeSNAXFe8
+        pMfDowx1+hBu7/7CF+/kPwmQuTa5kSB9PgWsWzYjwNm4OX1j+mbL9lEDLf7tRVWQ
+        lydJyz7tmRYzWj6j4V/l/u90M3QgyiqTbCf73GG0AkjaRwHn3dG1gl9A0lZqDvK3
+        iQXouwKBgQCrx6SCnEkhLISSZpzdDehtWmyCQJIwcdlRQlAmFLVn+TJHTXR7xUm2
+        VpTrPTfaYWx83OQUn/OZqY5gIQ+jlfwqnVg+PDQQ/P09/4xygRCLvjL6NCSvtkj1
+        MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
+        -----END RSA PRIVATE KEY-----
+        */
 
         db.pending_transactions.write().insert(
             "fingerprint_of_foo".to_owned(),
             Transaction {
-                by: "fingerprint_of_foo".to_owned(),
-                source: "31415926535897932384626433832795028841971693993751058209749445923"
-                    .to_owned(),
+                source: "fingerprint_of_foo".to_owned(),
                 target: "fingerprint_of_foo".to_owned(),
                 amount: 2,
                 timestamp: chrono::NaiveDate::from_ymd(2021, 04, 13).and_hms(20, 55, 30),
@@ -109,7 +110,7 @@ MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
 
         assert_eq!(res.status(), StatusCode::OK);
 
-        let expected_json_body = r#"{"fingerprint_of_foo":{"by":"fingerprint_of_foo","source":"31415926535897932384626433832795028841971693993751058209749445923","target":"fingerprint_of_foo","amount":2,"timestamp":"2021-04-13T20:55:30"}}"#;
+        let expected_json_body = r#"{"fingerprint_of_foo":{"source":"fingerprint_of_foo","target":"fingerprint_of_foo","amount":2,"timestamp":"2021-04-13T20:55:30"}}"#;
 
         assert_eq!(res.body(), expected_json_body);
     }
@@ -167,9 +168,8 @@ MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
         let res = warp::test::request()
             .method("POST")
             .json(&Transaction {
-            by: "fingerprint_of_some_guy".to_owned(),
-            source: "31415926535897932384626433832795028841971693993751058209749445923".to_owned(),
-            target: "fingerprint_of_some_guy".to_owned(),
+            source: "fingerprint_of_some_guy".to_owned(),
+            target: "31415926535897932384626433832795028841971693993751058209749445923".to_owned(),
             amount: 2,
             timestamp: chrono::NaiveDate::from_ymd(2021, 04, 13).and_hms(20, 55, 30),
         })
@@ -200,7 +200,6 @@ MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
         let res = warp::test::request()
             .method("POST")
             .json(&Transaction {
-                by: "some_fingerprint".to_owned(),
                 source: "some_fingerprint".to_owned(),
                 target: "some_other_fingerprint".to_owned(),
                 amount: 2,
@@ -232,10 +231,9 @@ MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
         db.pending_transactions.write().insert(
             "fingerprint_of_some_guy".to_owned(),
             Transaction {
-                by: "fingerprint_of_some_guy".to_owned(),
-                source: "31415926535897932384626433832795028841971693993751058209749445923"
+                source: "fingerprint_of_some_guy".to_owned(),
+                target: "31415926535897932384626433832795028841971693993751058209749445923"
                     .to_owned(),
-                target: "fingerprint_of_some_guy".to_owned(),
                 amount: 2,
                 timestamp: chrono::NaiveDate::from_ymd(2021, 04, 13).and_hms(20, 55, 30),
             },
@@ -422,7 +420,7 @@ MRArEl4y68+jZLRu74TVG0lXi6ht6KhNHF6GiWKU9FHZ4B+btLicsg==
             .json(&InitialAuthRequest {
                 c: "D9OKSp4XD+niltqhoiTEyz3pTxGm5ZKYVNFPofW40M6Km7wE7FgIpfTkurBZ6tQsG/rYPRsd6C/Qo+o3HrgOYC8BDprwpnYb7UnJdL2pe44ZMEsPAmDAdwTP9WozY0lr+bjEjtTM1mVQnIdfknychFek/FNi3l8MrapeFTxFaTMGxWuS1+wEuAkcz4AR4+jooaXVAEpKrPiSXqbywF9OQ41tk0kRiXn234dj40ndND+GlfMgghITuBJrJx6tzLppAZNIIGwUjQDt5Oib5dEGrPOe+rran1D26YNhZOtrfYEGyUSN+/58HbItQlLrgFhL6zRT7ojw/Eg4jYXndK0xNgYGyhAn5UI/qnI2NPpZU7Wd3sJKlWc7HfrjNnKVKlcrhHtYy3FXfN/hLg7SFmuSfXqqvVbNVT6pEDU6Y5NahOYaE/vkL0no7F7lz0UjAlgQCmn5yN7mKs3yLSnlx6hmsK/fVoqGBcOIbYY5gzYMlAQ3E+lq0p2MPEoWC8NYxStSeo9M8uLYT6Jl3hYVf8aLgd1l0HEiCyT+kWxvcR5hw42I7gqaoUcnr53Zm1mYK30/fvZ6lxsrb4FphldgQC5fx6nwEgjaLUeB4n0oZTSRLbrd9ZXCjUG4FNmM+sOklhIXyTYUj4VcBSwZuAvJZEFf2em68e7ySJs/ysz+TGu3eVeRc+voAvI9mGLxWnSEjWx64po7PO61uG6ikadHZH+wIw==".to_owned(),
                 iv: "bmV2ZXJtaW5kdGhlbmZ1aw==".to_owned(),
-                key: "s4cn9BSmuForX6PxJAa55Es4t2puXuDtdII1lxEArqVlP+uYd5jDKofFtn9PCAoY7jyTgBIhQW7Ah5MGCcufWTaKHAjFVfSZ+qGwbGbBcklbNGH/F7cJ0Pe7kOCddUpIvLG6WH6+mnvyPs8PwDyagsx1Jc2PSSOYLAwkECvPbjiUjQiBixguTRNsU2eKaqzLimPE0w2ztvdA+IgCv94UPhjQfQrnMGK+Ppn3oK7IfKQJ7v2DLVNuz4d/BpwuqD+lYYAu4B4qn3daNR32a/mqAAlPg/RbPlH69N44Qh/NYux90FOY0XKxUskEwsAUw8dHFzzdKPcGx4C0s5e4KSLGkw==".to_owned(),
+                key: "Xd6/VSuFKqayNHspcFJSm+PAHNoTmcR4SsMijSyuyEh6PS5rdvO4W98AhxW4VBrRO1ljfEMeFq835NEDame511D2pim00Xv0HPIYSDW6pIJA1hy+Np/WyC7PCxvKy0hPzTmHMpFmM+aF43BknJdYlPUhY4cww/xScU6WxuKIsEQNORRhQds8CHOO0EGcOjHVvR2xqnOda1g/rI7mfNMATHj9ZRsB9GH6QG5WTUbo9/71cDAILF+28TG40jSKvY2KzO9vr668tgqoMV2vLnXQa1AD9ZWmdHHdjiXuiH3X0uXxHrfjH7HeXi/HOj/pgCX12jKsEsRwkBTGL4koObH6pQ==".to_owned(),
             })
             .path("/register")
             .reply(&filter)
diff --git a/tests/schema_tests.rs b/tests/schema_tests.rs
index 4240a5f..072cb2b 100644
--- a/tests/schema_tests.rs
+++ b/tests/schema_tests.rs
@@ -1,310 +1,310 @@
-#[cfg(test)]
-mod tests {
-    use gradecoin::schema::*;
-    use serde_test::{assert_tokens, Token};
-    use chrono::NaiveDate;
-
-    #[test]
-    fn claims_serialize_correctly() {
-        let claims = Claims {
-            tha: "hashed_string".to_owned(),
-            iat: 0,
-            exp: 100,
-        };
-        assert_tokens(
-            &claims,
-            &[
-                Token::Struct{name: "Claims", len: 3},
-                Token::String("tha"),
-                Token::String("hashed_string"),
-                Token::String("iat"),
-                Token::U64(0),
-                Token::String("exp"),
-                Token::U64(100),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn claims_deserialize_correctly() {
-        let data = r#"{"tha":"hashed_string","iat":0,"exp":100}"#;
-        let claims: Claims = serde_json::from_str(data).unwrap();
-        let expected_claims = Claims {
-            tha: "hashed_string".to_owned(),
-            iat: 0,
-            exp: 100,
-        };
-        assert_eq!(claims, expected_claims);
-    }
-
-    #[test]
-    fn transaction_serialize_correctly() {
-        let transaction = Transaction {
-            by: "source".to_owned(),
-            source: "source".to_owned(),
-            target: "target".to_owned(),
-            amount: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-        };
-
-        assert_tokens(
-            &transaction,
-            &[
-                Token::Struct{name: "Transaction", len: 5},
-                Token::String("by"),
-                Token::String("source"),
-                Token::String("source"),
-                Token::String("source"),
-                Token::String("target"),
-                Token::String("target"),
-                Token::String("amount"),
-                Token::I32(0),
-                Token::String("timestamp"),
-                Token::String("2021-04-02T04:02:42"),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn transaction_deserialize_correctly() {
-        let data = r#"{"by":"source","source":"source","target":"target","amount":0,"timestamp":"2021-04-02T04:02:42"}"#;
-        let transaction: Transaction = serde_json::from_str(data).unwrap();
-        let expected_transaction = Transaction {
-            by: "source".to_owned(),
-            source: "source".to_owned(),
-            target: "target".to_owned(),
-            amount: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-        };
-
-        assert_eq!(transaction, expected_transaction);
-    }
-
-    #[test]
-    fn block_serialize_correctly() {
-        let block = Block {
-            transaction_list: vec!["transaction1".to_owned()],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-            hash: "hash".to_owned()
-        };
-
-        assert_tokens(
-            &block,
-            &[
-                Token::Struct{name: "Block", len: 4},
-                Token::String("transaction_list"),
-                Token::Seq {len: Some(1)},
-                Token::String("transaction1"),
-                Token::SeqEnd,
-                Token::String("nonce"),
-                Token::U32(0),
-                Token::String("timestamp"),
-                Token::String("2021-04-02T04:02:42"),
-                Token::String("hash"),
-                Token::String("hash"),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn block_deserialize_correctly() {
-        let expected_block = Block {
-            transaction_list: vec!["transaction1".to_owned()],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-            hash: "hash".to_owned()
-        };
-        let data = r#"{"transaction_list":["transaction1"],"nonce":0,"timestamp":"2021-04-02T04:02:42","hash":"hash"}"#;
-        let block: Block = serde_json::from_str(data).unwrap();
-
-        assert_eq!(block, expected_block);
-
-    }
-
-    #[test]
-    fn block_serialize_when_vec_emptpy() {
-        let block = Block {
-            transaction_list: vec![],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-            hash: "hash".to_owned()
-        };
-
-        let json = serde_json::to_string(&block).unwrap();
-        assert_eq!(json, r#"{"nonce":0,"timestamp":"2021-04-02T04:02:42","hash":"hash"}"#)
-    }
-
-    #[test]
-    fn naked_block_serialize_correctly() {
-        let naked_block = NakedBlock {
-            transaction_list: vec!["transaction1".to_owned()],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-        };
-
-        assert_tokens(
-            &naked_block,
-            &[
-                Token::Struct{name: "NakedBlock", len: 3},
-                Token::String("transaction_list"),
-                Token::Seq {len: Some(1)},
-                Token::String("transaction1"),
-                Token::SeqEnd,
-                Token::String("nonce"),
-                Token::U32(0),
-                Token::String("timestamp"),
-                Token::String("2021-04-02T04:02:42"),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn naked_block_deserialize_correctly() {
-        let expected_naked_block = NakedBlock {
-            transaction_list: vec!["transaction1".to_owned()],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-        };
-        let data = r#"{"transaction_list":["transaction1"],"nonce":0,"timestamp":"2021-04-02T04:02:42"}"#;
-        let naked_block: NakedBlock = serde_json::from_str(data).unwrap();
-
-        assert_eq!(naked_block, expected_naked_block);
-
-    }
-
-    #[test]
-    fn naked_block_serialize_when_vec_emptpy() {
-        let naked_block = NakedBlock {
-            transaction_list: vec![],
-            nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
-        };
-
-        let json = serde_json::to_string(&naked_block).unwrap();
-        assert_eq!(json, r#"{"nonce":0,"timestamp":"2021-04-02T04:02:42"}"#)
-    }
-
-    #[test]
-    fn user_serialize_correctly() {
-        let user = User {
-            user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(),
-            public_key: "public_key".to_owned(),
-            balance: 0
-        };
-
-        assert_tokens(
-            &user,
-            &[
-                Token::Struct{name: "User", len: 3},
-                Token::String("user_id"),
-                Token::Struct {name: "MetuId", len: 2},
-                Token::String("id"),
-                Token::String("e254275"),
-                Token::String("passwd"),
-                Token::String("DtNX1qk4YF4saRH"),
-                Token::StructEnd,
-                Token::String("public_key"),
-                Token::String("public_key"),
-                Token::String("balance"),
-                Token::I32(0),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn user_deserialize_correctly() {
-        let expected_user = User {
-            user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(),
-            public_key: "public_key".to_owned(),
-            balance: 0
-        };
-        let data = r#"{"user_id":{"id":"e254275","passwd":"DtNX1qk4YF4saRH"},"public_key":"public_key","balance":0}"#;
-        let user: User = serde_json::from_str(data).unwrap();
-
-        assert_eq!(user, expected_user);
-
-    }
-
-    #[test]
-    fn metu_id_serialize_correctly() {
-        let metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap();
-
-        assert_tokens(
-            &metu_id,
-            &[
-                Token::Struct{name: "MetuId", len: 2},
-                Token::String("id"),
-                Token::String("e254275"),
-                Token::String("passwd"),
-                Token::String("DtNX1qk4YF4saRH"),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn metu_id_deserialize_correctly() {
-        let expected_metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap();
-        let data = r#"{"id":"e254275","passwd":"DtNX1qk4YF4saRH"}"#;
-        let metu_id: MetuId = serde_json::from_str(data).unwrap();
-
-        assert_eq!(metu_id, expected_metu_id);
-    }
-
-    #[test]
-    fn auth_request_serialize_correctly() {
-        let auth_request = AuthRequest {
-            student_id: "e254275".to_owned(),
-            passwd: "DtNX1qk4YF4saRH".to_owned(),
-            public_key: "public_key".to_owned()
-        };
-
-        assert_tokens(
-            &auth_request,
-            &[
-                Token::Struct{name: "AuthRequest", len: 3},
-                Token::String("student_id"),
-                Token::String("e254275"),
-                Token::String("passwd"),
-                Token::String("DtNX1qk4YF4saRH"),
-                Token::String("public_key"),
-                Token::String("public_key"),
-                Token::StructEnd,
-            ]
-        )
-    }
-
-    #[test]
-    fn auth_request_deserialize_correctly() {
-        let expected_auth_request = AuthRequest {
-            student_id: "e254275".to_owned(),
-            passwd: "DtNX1qk4YF4saRH".to_owned(),
-            public_key: "public_key".to_owned()
-        };
-        let data = r#"{"student_id":"e254275","passwd":"DtNX1qk4YF4saRH","public_key":"public_key"}"#;
-        let auth_request: AuthRequest = serde_json::from_str(data).unwrap();
-
-        assert_eq!(auth_request, expected_auth_request);
-
-    }
-
-
-
-
-
-
-
-
+// #[cfg(test)]
+// mod tests {
+//     use gradecoin::schema::*;
+//     use serde_test::{assert_tokens, Token};
+//     use chrono::NaiveDate;
+
+//     #[test]
+//     fn claims_serialize_correctly() {
+//         let claims = Claims {
+//             tha: "hashed_string".to_owned(),
+//             iat: 0,
+//             exp: 100,
+//         };
+//         assert_tokens(
+//             &claims,
+//             &[
+//                 Token::Struct{name: "Claims", len: 3},
+//                 Token::String("tha"),
+//                 Token::String("hashed_string"),
+//                 Token::String("iat"),
+//                 Token::U64(0),
+//                 Token::String("exp"),
+//                 Token::U64(100),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn claims_deserialize_correctly() {
+//         let data = r#"{"tha":"hashed_string","iat":0,"exp":100}"#;
+//         let claims: Claims = serde_json::from_str(data).unwrap();
+//         let expected_claims = Claims {
+//             tha: "hashed_string".to_owned(),
+//             iat: 0,
+//             exp: 100,
+//         };
+//         assert_eq!(claims, expected_claims);
+//     }
+
+//     #[test]
+//     fn transaction_serialize_correctly() {
+//         let transaction = Transaction {
+//             by: "source".to_owned(),
+//             source: "source".to_owned(),
+//             target: "target".to_owned(),
+//             amount: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//         };
+
+//         assert_tokens(
+//             &transaction,
+//             &[
+//                 Token::Struct{name: "Transaction", len: 5},
+//                 Token::String("by"),
+//                 Token::String("source"),
+//                 Token::String("source"),
+//                 Token::String("source"),
+//                 Token::String("target"),
+//                 Token::String("target"),
+//                 Token::String("amount"),
+//                 Token::I32(0),
+//                 Token::String("timestamp"),
+//                 Token::String("2021-04-02T04:02:42"),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn transaction_deserialize_correctly() {
+//         let data = r#"{"by":"source","source":"source","target":"target","amount":0,"timestamp":"2021-04-02T04:02:42"}"#;
+//         let transaction: Transaction = serde_json::from_str(data).unwrap();
+//         let expected_transaction = Transaction {
+//             by: "source".to_owned(),
+//             source: "source".to_owned(),
+//             target: "target".to_owned(),
+//             amount: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//         };
+
+//         assert_eq!(transaction, expected_transaction);
+//     }
+
+//     #[test]
+//     fn block_serialize_correctly() {
+//         let block = Block {
+//             transaction_list: vec!["transaction1".to_owned()],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//             hash: "hash".to_owned()
+//         };
+
+//         assert_tokens(
+//             &block,
+//             &[
+//                 Token::Struct{name: "Block", len: 4},
+//                 Token::String("transaction_list"),
+//                 Token::Seq {len: Some(1)},
+//                 Token::String("transaction1"),
+//                 Token::SeqEnd,
+//                 Token::String("nonce"),
+//                 Token::U32(0),
+//                 Token::String("timestamp"),
+//                 Token::String("2021-04-02T04:02:42"),
+//                 Token::String("hash"),
+//                 Token::String("hash"),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn block_deserialize_correctly() {
+//         let expected_block = Block {
+//             transaction_list: vec!["transaction1".to_owned()],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//             hash: "hash".to_owned()
+//         };
+//         let data = r#"{"transaction_list":["transaction1"],"nonce":0,"timestamp":"2021-04-02T04:02:42","hash":"hash"}"#;
+//         let block: Block = serde_json::from_str(data).unwrap();
+
+//         assert_eq!(block, expected_block);
+
+//     }
+
+//     #[test]
+//     fn block_serialize_when_vec_emptpy() {
+//         let block = Block {
+//             transaction_list: vec![],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//             hash: "hash".to_owned()
+//         };
+
+//         let json = serde_json::to_string(&block).unwrap();
+//         assert_eq!(json, r#"{"nonce":0,"timestamp":"2021-04-02T04:02:42","hash":"hash"}"#)
+//     }
+
+//     #[test]
+//     fn naked_block_serialize_correctly() {
+//         let naked_block = NakedBlock {
+//             transaction_list: vec!["transaction1".to_owned()],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//         };
+
+//         assert_tokens(
+//             &naked_block,
+//             &[
+//                 Token::Struct{name: "NakedBlock", len: 3},
+//                 Token::String("transaction_list"),
+//                 Token::Seq {len: Some(1)},
+//                 Token::String("transaction1"),
+//                 Token::SeqEnd,
+//                 Token::String("nonce"),
+//                 Token::U32(0),
+//                 Token::String("timestamp"),
+//                 Token::String("2021-04-02T04:02:42"),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn naked_block_deserialize_correctly() {
+//         let expected_naked_block = NakedBlock {
+//             transaction_list: vec!["transaction1".to_owned()],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//         };
+//         let data = r#"{"transaction_list":["transaction1"],"nonce":0,"timestamp":"2021-04-02T04:02:42"}"#;
+//         let naked_block: NakedBlock = serde_json::from_str(data).unwrap();
+
+//         assert_eq!(naked_block, expected_naked_block);
+
+//     }
+
+//     #[test]
+//     fn naked_block_serialize_when_vec_emptpy() {
+//         let naked_block = NakedBlock {
+//             transaction_list: vec![],
+//             nonce: 0,
+//             timestamp: NaiveDate::from_ymd(2021, 4, 2).and_hms(4, 2, 42),
+//         };
+
+//         let json = serde_json::to_string(&naked_block).unwrap();
+//         assert_eq!(json, r#"{"nonce":0,"timestamp":"2021-04-02T04:02:42"}"#)
+//     }
+
+//     #[test]
+//     fn user_serialize_correctly() {
+//         let user = User {
+//             user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(),
+//             public_key: "public_key".to_owned(),
+//             balance: 0
+//         };
+
+//         assert_tokens(
+//             &user,
+//             &[
+//                 Token::Struct{name: "User", len: 3},
+//                 Token::String("user_id"),
+//                 Token::Struct {name: "MetuId", len: 2},
+//                 Token::String("id"),
+//                 Token::String("e254275"),
+//                 Token::String("passwd"),
+//                 Token::String("DtNX1qk4YF4saRH"),
+//                 Token::StructEnd,
+//                 Token::String("public_key"),
+//                 Token::String("public_key"),
+//                 Token::String("balance"),
+//                 Token::I32(0),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn user_deserialize_correctly() {
+//         let expected_user = User {
+//             user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(),
+//             public_key: "public_key".to_owned(),
+//             balance: 0
+//         };
+//         let data = r#"{"user_id":{"id":"e254275","passwd":"DtNX1qk4YF4saRH"},"public_key":"public_key","balance":0}"#;
+//         let user: User = serde_json::from_str(data).unwrap();
+
+//         assert_eq!(user, expected_user);
+
+//     }
+
+//     #[test]
+//     fn metu_id_serialize_correctly() {
+//         let metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap();
+
+//         assert_tokens(
+//             &metu_id,
+//             &[
+//                 Token::Struct{name: "MetuId", len: 2},
+//                 Token::String("id"),
+//                 Token::String("e254275"),
+//                 Token::String("passwd"),
+//                 Token::String("DtNX1qk4YF4saRH"),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn metu_id_deserialize_correctly() {
+//         let expected_metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap();
+//         let data = r#"{"id":"e254275","passwd":"DtNX1qk4YF4saRH"}"#;
+//         let metu_id: MetuId = serde_json::from_str(data).unwrap();
+
+//         assert_eq!(metu_id, expected_metu_id);
+//     }
+
+//     #[test]
+//     fn auth_request_serialize_correctly() {
+//         let auth_request = AuthRequest {
+//             student_id: "e254275".to_owned(),
+//             passwd: "DtNX1qk4YF4saRH".to_owned(),
+//             public_key: "public_key".to_owned()
+//         };
+
+//         assert_tokens(
+//             &auth_request,
+//             &[
+//                 Token::Struct{name: "AuthRequest", len: 3},
+//                 Token::String("student_id"),
+//                 Token::String("e254275"),
+//                 Token::String("passwd"),
+//                 Token::String("DtNX1qk4YF4saRH"),
+//                 Token::String("public_key"),
+//                 Token::String("public_key"),
+//                 Token::StructEnd,
+//             ]
+//         )
+//     }
+
+//     #[test]
+//     fn auth_request_deserialize_correctly() {
+//         let expected_auth_request = AuthRequest {
+//             student_id: "e254275".to_owned(),
+//             passwd: "DtNX1qk4YF4saRH".to_owned(),
+//             public_key: "public_key".to_owned()
+//         };
+//         let data = r#"{"student_id":"e254275","passwd":"DtNX1qk4YF4saRH","public_key":"public_key"}"#;
+//         let auth_request: AuthRequest = serde_json::from_str(data).unwrap();
+
+//         assert_eq!(auth_request, expected_auth_request);
+
+//     }
+
+
+
+
+
+
+
+
 
 
 
 
 
 
-}
\ No newline at end of file
+// }