[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: include h_contract in refund URL
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: include h_contract in refund URL, as it is needed for authentication |
|
Date: |
Sat, 22 Aug 2020 18:31:29 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 221698d include h_contract in refund URL, as it is needed for
authentication
221698d is described below
commit 221698dd82e4884c8ac68ce285dbdd969962314c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Aug 22 18:31:25 2020 +0200
include h_contract in refund URL, as it is needed for authentication
---
src/backend/taler-merchant-httpd_get-orders-ID.c | 13 +++---
...-merchant-httpd_private-post-orders-ID-refund.c | 47 ++++++++++++++++++++--
2 files changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index 638db2a..c289ea2 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -43,14 +43,12 @@ struct GetOrderData
{
/**
- * Hashed version of contract terms. All zeros if
- * not provided.
+ * Hashed version of contract terms. All zeros if not provided.
*/
struct GNUNET_HashCode h_contract_terms;
/**
- * Claim token used for access control. All zeros if
- * not provided.
+ * Claim token used for access control. All zeros if not provided.
*/
struct TALER_ClaimTokenP claim_token;
@@ -91,8 +89,8 @@ struct GetOrderData
const char *contract_url;
/**
- * fulfillment URL of the contract (valid as long as
- * @e contract_terms is valid).
+ * fulfillment URL of the contract (valid as long as @e contract_terms is
+ * valid).
*/
const char *fulfillment_url;
@@ -143,8 +141,7 @@ struct GetOrderData
bool refund_available;
/**
- * Set to true if the client requested HTML, otherwise
- * we generate JSON.
+ * Set to true if the client requested HTML, otherwise we generate JSON.
*/
bool generate_html;
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
index 7d947d2..a0fa457 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
@@ -40,12 +40,14 @@
* @param connection MHD connection to take host and path from
* @param instance_id merchant's instance ID, must not be NULL
* @param order_id order ID to show a refund for, must not be NULL
+ * @param h_contract hash of the contract to pass for authorization
* @returns the URI, must be freed with #GNUNET_free
*/
static char *
make_taler_refund_uri (struct MHD_Connection *connection,
const char *instance_id,
- const char *order_id)
+ const char *order_id,
+ const struct GNUNET_HashCode *h_contract)
{
const char *host;
const char *forwarded_host;
@@ -87,7 +89,11 @@ make_taler_refund_uri (struct MHD_Connection *connection,
GNUNET_buffer_write_path (&buf, order_id);
GNUNET_buffer_write_path (&buf,
""); // Trailing slash
-
+ GNUNET_buffer_write_str (&buf,
+ "?h_contract");
+ GNUNET_buffer_write_data_encoded (&buf,
+ &h_contract,
+ sizeof (*h_contract));
return GNUNET_buffer_reap_str (&buf);
}
@@ -114,6 +120,7 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
GNUNET_JSON_spec_end ()
};
enum TALER_MERCHANTDB_RefundStatus rs;
+ struct GNUNET_HashCode h_contract;
{
enum GNUNET_GenericReturnValue res;
@@ -196,8 +203,9 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
hc->infix,
&contract_terms,
&order_serial);
- if (qs == 1)
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
{
+ json_decref (contract_terms);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_CONFLICT,
TALER_EC_REFUND_ORDER_ID_UNPAID,
@@ -212,6 +220,36 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
}
}
case TALER_MERCHANTDB_RS_SUCCESS:
+ {
+ enum GNUNET_DB_QueryStatus qs;
+ json_t *contract_terms;
+ uint64_t order_serial;
+
+ qs = TMH_db->lookup_contract_terms (TMH_db->cls,
+ hc->instance->settings.id,
+ hc->infix,
+ &contract_terms,
+ &order_serial);
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
+ {
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_NOT_FOUND,
+ TALER_EC_REFUND_ORDER_ID_UNKNOWN,
+ "Order unknown when looking up
contract");
+ }
+ if (GNUNET_OK !=
+ TALER_JSON_contract_hash (contract_terms,
+ &h_contract))
+ {
+ GNUNET_break (0);
+ json_decref (contract_terms);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_INTERNAL_LOGIC_ERROR,
+ "Could not hash contract terms");
+ }
+ json_decref (contract_terms);
+ }
break;
}
@@ -256,7 +294,8 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
taler_refund_uri = make_taler_refund_uri (connection,
hc->instance->settings.id,
- hc->infix);
+ hc->infix,
+ &h_contract);
ret = TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s}",
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: include h_contract in refund URL, as it is needed for authentication,
gnunet <=