[taler-merchant] branch master updated: add incomplete logic (lacks DB support) to check for claim tokens in get_orders-ID.c

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new 01f8cd4  add incomplete logic (lacks DB support) to check for claim 
tokens in get_orders-ID.c
01f8cd4 is described below

commit 01f8cd4824bd94aad41792b93422cb7c9f44129a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Jul 27 10:57:03 2020 +0200

    add incomplete logic (lacks DB support) to check for claim tokens in 
get_orders-ID.c
---
 src/backend/taler-merchant-httpd_get-orders-ID.c | 64 ++++++++++++++++++++----
 1 file changed, 53 insertions(+), 11 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c 
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index c16fc8d..7ee53dd 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -133,10 +133,17 @@ struct GetOrderData
 {
 
   /**
-   * Hashed version of contract terms.
+   * Hashed version of contract terms. All zeros if
+   * not provided.
    */
   struct GNUNET_HashCode h_contract_terms;
 
+  /**
+   * Claim token used for access control. All zeros if
+   * not provided.
+   */
+  struct TALER_ClaimTokenP claim_token;
+
   /**
    * DLL of (suspended) requests.
    */
@@ -1019,6 +1026,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
 
   if (NULL == god)
   {
+    struct TALER_ClaimTokenP db_claim_token;
+
     god = GNUNET_new (struct GetOrderData);
     hc->ctx = god;
     hc->cc = &god_cleanup;
@@ -1026,24 +1035,50 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
     god->hc = hc;
     god->order_id = order_id;
 
+    {
+      const char *ct;
+
+      ct = MHD_lookup_connection_value (connection,
+                                        MHD_GET_ARGUMENT_KIND,
+                                        "token");
+      if (NULL != ct)
+      {
+        if (GNUNET_OK !=
+            GNUNET_STRINGS_string_to_data (ct,
+                                           strlen (ct),
+                                           &god->claim_token,
+                                           sizeof (god->claim_token)))
+        {
+          /* ct has wrong encoding */
+          GNUNET_break_op (0);
+          return TALER_MHD_reply_with_error (connection,
+                                             MHD_HTTP_BAD_REQUEST,
+                                             TALER_EC_PARAMETER_MALFORMED,
+                                             "token malformed");
+        }
+      }
+    }
+
     {
       const char *cts;
 
       cts = MHD_lookup_connection_value (connection,
                                          MHD_GET_ARGUMENT_KIND,
                                          "h_contract");
-      if (NULL == cts)
+      if ( (NULL == cts) &&
+           (GNUNET_is_zero (&god->claim_token)) )
       {
-        /* h_contract required but missing */
+        /* h_contract required (as we have no token), but missing */
         GNUNET_break_op (0);
         return TALER_MHD_reply_with_error (connection,
                                            MHD_HTTP_BAD_REQUEST,
                                            TALER_EC_PARAMETER_MISSING,
-                                           "h_contract required");
+                                           "h_contract or token required");
       }
-      if (GNUNET_OK !=
-          GNUNET_CRYPTO_hash_from_string (cts,
-                                          &god->h_contract_terms))
+      if ( (NULL != cts) &&
+           (GNUNET_OK !=
+            GNUNET_CRYPTO_hash_from_string (cts,
+                                            &god->h_contract_terms)) )
       {
         /* cts has wrong encoding */
         GNUNET_break_op (0);
@@ -1160,6 +1195,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                           hc->instance->settings.id,
                                           order_id,
                                           &god->contract_terms,
+                                          // &db_claim_token: FIXME #6446 - 
init here!
                                           &order_serial);
     }
     if (0 > qs)
@@ -1185,7 +1221,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                          "order_id not found in database");
     }
 
-    /* Check client provided the right hash code of the contract terms */
+    /* Check client provided the right token OR the right hash code of the 
contract terms */
     {
       struct GNUNET_HashCode h;
 
@@ -1200,9 +1236,15 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                            TALER_EC_INTERNAL_LOGIC_ERROR,
                                            "Could not hash contract terms");
       }
-      if (0 !=
-          GNUNET_memcmp (&h,
-                         &god->h_contract_terms))
+      if (0 == GNUNET_memcmp (&db_claim_token,
+                              &god->claim_token))
+      {
+        /* Client provided token. We need the hash later, so we set it! */
+        god->h_contract_terms = h;
+      }
+      else if (0 !=
+               GNUNET_memcmp (&h,
+                              &god->h_contract_terms))
       {
         GNUNET_break_op (0);
         return TALER_MHD_reply_with_error (connection,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.