[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: -fix auth handling
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: -fix auth handling |
Date: |
Wed, 18 May 2022 11:19:25 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new cca36579 -fix auth handling
cca36579 is described below
commit cca365795f2681f884f525a7442123ee7933c51c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed May 18 11:19:17 2022 +0200
-fix auth handling
---
src/backend/taler-merchant-httpd.h | 7 +++++++
...ler-merchant-httpd_private-post-instances-ID-auth.c | 18 ++++++++++++------
2 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.h
b/src/backend/taler-merchant-httpd.h
index 847701a1..8d009b26 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -163,6 +163,13 @@ struct TMH_MerchantInstance
* True if this instance was deleted (but not yet purged).
*/
bool deleted;
+
+ /**
+ * The authentication settings for this instance
+ * were changed via the command-line. Do not check
+ * against the DB value when updating the auth token.
+ */
+ bool auth_override;
};
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
index eef710b6..b4e77d46 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c
@@ -102,6 +102,7 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi,
to the authentication. */
{
struct TALER_MERCHANTDB_InstanceAuthSettings db_ias;
+
qs = TMH_db->lookup_instance_auth (TMH_db->cls,
mi->settings.id,
&db_ias);
@@ -112,8 +113,8 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi,
/* Instance got purged. */
TMH_db->rollback (TMH_db->cls);
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_UNAUTHORIZED,
- TALER_EC_GENERIC_DB_COMMIT_FAILED,
+ MHD_HTTP_NOT_FOUND,
+
TALER_EC_MERCHANT_GENERIC_INSTANCE_UNKNOWN,
NULL);
case GNUNET_DB_STATUS_SOFT_ERROR:
TMH_db->rollback (TMH_db->cls);
@@ -129,12 +130,16 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi,
break;
}
- if (GNUNET_OK !=
- TMH_check_auth (hc->auth_token,
- &db_ias.auth_salt,
- &db_ias.auth_hash))
+ if ( (NULL == TMH_default_auth) &&
+ (! mi->auth_override) &&
+ (GNUNET_OK !=
+ TMH_check_auth (hc->auth_token,
+ &db_ias.auth_salt,
+ &db_ias.auth_hash)) )
{
TMH_db->rollback (TMH_db->cls);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Refusing auth change: old token does not match\n");
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_UNAUTHORIZED,
TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED,
@@ -175,6 +180,7 @@ retry:
/* Finally, also update our running process */
mi->auth = ias;
}
+ mi->auth_override = false;
if (0 == strcmp (mi->settings.id,
"default"))
{
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: -fix auth handling,
gnunet <=