-do not escape inside API, expect client to do it

author: Christian Grothoff <christian@grothoff.org> 2021-11-20 23:52:53 +0100
committer: Christian Grothoff <christian@grothoff.org> 2021-11-20 23:52:53 +0100
commit: 4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77 (patch)
tree: d58c6e46e4bbba661778ed49ef66f133d3c38fa0
parent: c7acb447868cd319e27cb5c22dd7efe491e407ac (diff)
download: merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.tar.gz
merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.tar.bz2
merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.zip
4 files changed, 5 insertions, 16 deletions
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c
index 8c15a542..fe686dd3 100644
--- a/src/backend/taler-merchant-httpd_helper.c
+++ b/src/backend/taler-merchant-httpd_helper.c
@@ -351,6 +351,7 @@ TMH_check_auth_config (struct MHD_Connection *connection,
   bool auth_wellformed = false;
   const char *auth_method = json_string_value (json_object_get (jauth,
                                                                 "method"));
+
   *auth_token = NULL;
   if (NULL == auth_method)
   {
diff --git a/src/include/taler_merchant_service.h b/src/include/taler_merchant_service.h
index fc297219..58148896 100644
--- a/src/include/taler_merchant_service.h
+++ b/src/include/taler_merchant_service.h
@@ -503,7 +503,7 @@ typedef void
  * @param default_max_deposit_fee default maximum deposit fee merchant is willing to pay
  * @param default_wire_transfer_delay default wire transfer delay merchant will ask for
  * @param default_pay_delay default validity period for offers merchant makes
- * @param auth_token authentication token to use for access control, NULL for external auth
+ * @param auth_token authentication token to use for access control, NULL for external auth; MUST follow RFC 8959
  * @param cb function to call with the
  *        backend's instances information
  * @param cb_cls closure for @a config_cb
@@ -638,7 +638,7 @@ typedef void
  * @param instance_id identity of the instance to patch the authentication for; NULL
  *                    if the instance is identified as part of the @a backend_url
  * @param auth_token authorization token needed to access the instance, can be NULL
- *                   to switch to no (or external) authentication
+ *                   to switch to no (or external) authentication; MUST follow RFC 8959
  * @param cb function to call with the backend's response
  * @param cb_cls closure for @a config_cb
  * @return the instances handle; NULL upon error
diff --git a/src/lib/merchant_api_post_instance_auth.c b/src/lib/merchant_api_post_instance_auth.c
index e2936c5c..a5a2a480 100644
--- a/src/lib/merchant_api_post_instance_auth.c
+++ b/src/lib/merchant_api_post_instance_auth.c
@@ -174,8 +174,6 @@ TALER_MERCHANT_instance_auth_post (
   }
   else
   {
-    char *enc;
-
     if (0 != strncasecmp (RFC_8959_PREFIX,
                           auth_token,
                           strlen (RFC_8959_PREFIX)))
@@ -187,15 +185,11 @@ TALER_MERCHANT_instance_auth_post (
       GNUNET_free (iaph);
       return NULL;
     }
-    (void) GNUNET_STRINGS_urlencode (auth_token,
-                                     strlen (auth_token),
-                                     &enc);
     req_obj = GNUNET_JSON_PACK (
       GNUNET_JSON_pack_string ("method",
                                "token"),
       GNUNET_JSON_pack_string ("token",
-                               enc));
-    GNUNET_free (enc);
+                               auth_token));
   }
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Requesting URL '%s'\n",
diff --git a/src/lib/merchant_api_post_instances.c b/src/lib/merchant_api_post_instances.c
index 19104aa5..0fa7063f 100644
--- a/src/lib/merchant_api_post_instances.c
+++ b/src/lib/merchant_api_post_instances.c
@@ -182,8 +182,6 @@ TALER_MERCHANT_instances_post (
 
   if (NULL != auth_token)
   {
-    char *enc;
-
     if (0 != strncasecmp (RFC_8959_PREFIX,
                           auth_token,
                           strlen (RFC_8959_PREFIX)))
@@ -193,15 +191,11 @@ TALER_MERCHANT_instances_post (
                   RFC_8959_PREFIX);
       return NULL;
     }
-    (void) GNUNET_STRINGS_urlencode (auth_token,
-                                     strlen (auth_token),
-                                     &enc);
     auth_obj = GNUNET_JSON_PACK (
       GNUNET_JSON_pack_string ("method",
                                "token"),
       GNUNET_JSON_pack_string ("token",
-                               enc));
-    GNUNET_free (enc);
+                               auth_token));
   }
   else
   {
author	Christian Grothoff <christian@grothoff.org>	2021-11-20 23:52:53 +0100
committer	Christian Grothoff <christian@grothoff.org>	2021-11-20 23:52:53 +0100
commit	4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77 (patch)
tree	d58c6e46e4bbba661778ed49ef66f133d3c38fa0
parent	c7acb447868cd319e27cb5c22dd7efe491e407ac (diff)
download	merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.tar.gz merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.tar.bz2 merchant-4c5614c0b0a0b9d4cb5feb6057bbcda142e62b77.zip