[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: add incomplete logic (lacks DB s
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: add incomplete logic (lacks DB support) to check for claim tokens in get_orders-ID.c |
Date: |
Mon, 27 Jul 2020 10:57:06 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 01f8cd4 add incomplete logic (lacks DB support) to check for claim
tokens in get_orders-ID.c
01f8cd4 is described below
commit 01f8cd4824bd94aad41792b93422cb7c9f44129a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Jul 27 10:57:03 2020 +0200
add incomplete logic (lacks DB support) to check for claim tokens in
get_orders-ID.c
---
src/backend/taler-merchant-httpd_get-orders-ID.c | 64 ++++++++++++++++++++----
1 file changed, 53 insertions(+), 11 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index c16fc8d..7ee53dd 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -133,10 +133,17 @@ struct GetOrderData
{
/**
- * Hashed version of contract terms.
+ * Hashed version of contract terms. All zeros if
+ * not provided.
*/
struct GNUNET_HashCode h_contract_terms;
+ /**
+ * Claim token used for access control. All zeros if
+ * not provided.
+ */
+ struct TALER_ClaimTokenP claim_token;
+
/**
* DLL of (suspended) requests.
*/
@@ -1019,6 +1026,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
if (NULL == god)
{
+ struct TALER_ClaimTokenP db_claim_token;
+
god = GNUNET_new (struct GetOrderData);
hc->ctx = god;
hc->cc = &god_cleanup;
@@ -1026,24 +1035,50 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
god->hc = hc;
god->order_id = order_id;
+ {
+ const char *ct;
+
+ ct = MHD_lookup_connection_value (connection,
+ MHD_GET_ARGUMENT_KIND,
+ "token");
+ if (NULL != ct)
+ {
+ if (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (ct,
+ strlen (ct),
+ &god->claim_token,
+ sizeof (god->claim_token)))
+ {
+ /* ct has wrong encoding */
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_PARAMETER_MALFORMED,
+ "token malformed");
+ }
+ }
+ }
+
{
const char *cts;
cts = MHD_lookup_connection_value (connection,
MHD_GET_ARGUMENT_KIND,
"h_contract");
- if (NULL == cts)
+ if ( (NULL == cts) &&
+ (GNUNET_is_zero (&god->claim_token)) )
{
- /* h_contract required but missing */
+ /* h_contract required (as we have no token), but missing */
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_PARAMETER_MISSING,
- "h_contract required");
+ "h_contract or token required");
}
- if (GNUNET_OK !=
- GNUNET_CRYPTO_hash_from_string (cts,
- &god->h_contract_terms))
+ if ( (NULL != cts) &&
+ (GNUNET_OK !=
+ GNUNET_CRYPTO_hash_from_string (cts,
+ &god->h_contract_terms)) )
{
/* cts has wrong encoding */
GNUNET_break_op (0);
@@ -1160,6 +1195,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
hc->instance->settings.id,
order_id,
&god->contract_terms,
+ // &db_claim_token: FIXME #6446 -
init here!
&order_serial);
}
if (0 > qs)
@@ -1185,7 +1221,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
"order_id not found in database");
}
- /* Check client provided the right hash code of the contract terms */
+ /* Check client provided the right token OR the right hash code of the
contract terms */
{
struct GNUNET_HashCode h;
@@ -1200,9 +1236,15 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
TALER_EC_INTERNAL_LOGIC_ERROR,
"Could not hash contract terms");
}
- if (0 !=
- GNUNET_memcmp (&h,
- &god->h_contract_terms))
+ if (0 == GNUNET_memcmp (&db_claim_token,
+ &god->claim_token))
+ {
+ /* Client provided token. We need the hash later, so we set it! */
+ god->h_contract_terms = h;
+ }
+ else if (0 !=
+ GNUNET_memcmp (&h,
+ &god->h_contract_terms))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (connection,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: add incomplete logic (lacks DB support) to check for claim tokens in get_orders-ID.c,
gnunet <=