diff options
author | Florian Dold <florian@dold.me> | 2021-08-12 20:58:28 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-08-12 20:58:28 +0200 |
commit | c2c0732f4ff6b72c4a3c9cae7de6f3e18c9249ae (patch) | |
tree | 9b0321dfd09691953fb81082c405234b80e79624 | |
parent | 8cccdca8f18a2d0970f46ee49bbb1dc52ffdf6eb (diff) | |
download | merchant-c2c0732f4ff6b72c4a3c9cae7de6f3e18c9249ae.tar.gz merchant-c2c0732f4ff6b72c4a3c9cae7de6f3e18c9249ae.tar.bz2 merchant-c2c0732f4ff6b72c4a3c9cae7de6f3e18c9249ae.zip |
change /orders/{id} handler to conform to spec
-rw-r--r-- | src/backend/taler-merchant-httpd_get-orders-ID.c | 64 | ||||
-rw-r--r-- | src/backenddb/plugin_merchantdb_postgres.c | 17 |
2 files changed, 50 insertions, 31 deletions
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index 08b77fce..e1f53d37 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -705,6 +705,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, enum GNUNET_DB_QueryStatus qs; bool contract_match = false; bool token_match = false; + bool h_contract_provided = false; + bool claim_token_provided = false; bool contract_available = false; const char *merchant_base_url; @@ -718,6 +720,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, god->order_id = order_id; god->generate_html = TMH_MHD_test_html_desired (connection); + + /* first-time initialization / sanity checks */ { const char *cts; @@ -736,6 +740,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GENERIC_PARAMETER_MALFORMED, "h_contract"); } + if (NULL != cts) + h_contract_provided = true; } { @@ -758,6 +764,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GENERIC_PARAMETER_MALFORMED, "token"); } + if (NULL != ct) + claim_token_provided = true; } god->session_id = MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, @@ -844,13 +852,14 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, if (NULL == god->contract_terms) { uint64_t order_serial; + struct TALER_ClaimTokenP db_claim_token; qs = TMH_db->lookup_contract_terms (TMH_db->cls, hc->instance->settings.id, order_id, &god->contract_terms, &order_serial, - NULL); + &db_claim_token); if (0 > qs) { /* single, read-only SQL statements should never cause @@ -863,9 +872,19 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GENERIC_DB_FETCH_FAILED, "lookup_contract_terms"); } + + token_match = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) + && (0 == GNUNET_memcmp (&db_claim_token, + &god->claim_token)); + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Have contract, claim token match: `%u', db_tok=%s, req_tok=%s\n", + token_match, + GNUNET_STRINGS_data_to_string_alloc (&db_claim_token, 16), + GNUNET_STRINGS_data_to_string_alloc (&god->claim_token, 16)); } - /* Check client provided the right hash code of the contract terms */ + /* Check if client provided the right hash code of the contract terms */ if (NULL != god->contract_terms) { struct GNUNET_HashCode h; @@ -897,11 +916,11 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, } } - if (contract_match) + if (contract_available) { god->claimed = true; } - else + else if (! token_match) { struct TALER_ClaimTokenP db_claim_token; struct GNUNET_HashCode unused; @@ -939,10 +958,10 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, } god->claimed = ( (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) || (contract_available) ); - token_match = ( (0 == GNUNET_memcmp (&db_claim_token, - &god->claim_token)) && - (! god->claimed) ); - } /* end unclaimed order logic */ + token_match = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) && + (0 == GNUNET_memcmp (&db_claim_token, + &god->claim_token)); + } /* end unclaimed order logic */ GNUNET_assert (NULL != god->contract_terms); merchant_base_url = json_string_value (json_object_get (god->contract_terms, @@ -966,15 +985,15 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, contract_available, contract_match, god->claimed); - if ( (! god->claimed) && - (! token_match) ) + if ( (claim_token_provided || h_contract_provided) && + (! (token_match || contract_match)) ) { - /* Token wrong, and required because contract is unclaimed */ + /* Authentication provided but wrong. */ GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, TALER_EC_MERCHANT_GET_ORDERS_ID_INVALID_TOKEN, - "unclaimed and token does not match"); + "authentication with h_contract or token provided but wrong"); } if (! (token_match || contract_match) ) @@ -1046,16 +1065,6 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Claim token or contract matched\n"); - if (! god->claimed) - { - /* Order is unclaimed, no need to check for payments or even - refunds, simply always generate payment request */ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Order unclaimed, sending pay request for order %s\n", - order_id); - return send_pay_request (god, - NULL); - } if ( (NULL != god->session_id) && (NULL != god->fulfillment_url) ) @@ -1110,6 +1119,17 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, GNUNET_free (already_paid_order_id); } + if (! god->claimed) + { + /* Order is unclaimed, no need to check for payments or even + refunds, simply always generate payment request */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Order unclaimed, sending pay request for order %s\n", + order_id); + return send_pay_request (god, + NULL); + } + { /* Check if paid. */ struct GNUNET_HashCode h_contract; diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c index 780becfb..5492785f 100644 --- a/src/backenddb/plugin_merchantdb_postgres.c +++ b/src/backenddb/plugin_merchantdb_postgres.c @@ -1767,6 +1767,7 @@ postgres_lookup_contract_terms (void *cls, struct TALER_ClaimTokenP *claim_token) { struct PostgresClosure *pg = cls; + enum GNUNET_DB_QueryStatus qs; struct TALER_ClaimTokenP ct; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_string (instance_id), @@ -1784,18 +1785,16 @@ postgres_lookup_contract_terms (void *cls, GNUNET_PQ_result_spec_end }; - if (NULL != claim_token) - { - *claim_token = ct; - } - check_connection (pg); - return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "lookup_contract_terms", - params, - (NULL != contract_terms) + qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "lookup_contract_terms", + params, + (NULL != contract_terms) ? rs : &rs[1]); + if (NULL != claim_token) + *claim_token = ct; + return qs; } |