diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2023-09-06 01:06:03 +0200 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2023-09-06 01:06:03 +0200 |
commit | c317eb88f9bac0e59f5bbbb8ba2eb99af49f40b3 (patch) | |
tree | 0a015ab30c4dfb70e4847efd4c71414db3563056 | |
parent | 631ba9db07f0613fd3ec673932dae1f68e86ae80 (diff) | |
download | merchant-c317eb88f9bac0e59f5bbbb8ba2eb99af49f40b3.tar.gz merchant-c317eb88f9bac0e59f5bbbb8ba2eb99af49f40b3.tar.bz2 merchant-c317eb88f9bac0e59f5bbbb8ba2eb99af49f40b3.zip |
add DB functions for login tokens
-rw-r--r-- | src/backenddb/Makefile.am | 5 | ||||
-rw-r--r-- | src/backenddb/merchant-0001.sql | 4 | ||||
-rw-r--r-- | src/backenddb/pg_delete_login_token.c | 55 | ||||
-rw-r--r-- | src/backenddb/pg_delete_login_token.h | 44 | ||||
-rw-r--r-- | src/backenddb/pg_insert_login_token.c | 64 | ||||
-rw-r--r-- | src/backenddb/pg_insert_login_token.h | 50 | ||||
-rw-r--r-- | src/backenddb/pg_select_login_token.c | 67 | ||||
-rw-r--r-- | src/backenddb/pg_select_login_token.h | 48 | ||||
-rw-r--r-- | src/backenddb/pg_template.c | 2 | ||||
-rw-r--r-- | src/backenddb/pg_template.h | 2 | ||||
-rw-r--r-- | src/backenddb/plugin_merchantdb_postgres.c | 9 | ||||
-rw-r--r-- | src/backenddb/test_merchantdb.c | 1 | ||||
-rw-r--r-- | src/include/taler_merchantdb_plugin.h | 68 |
13 files changed, 414 insertions, 5 deletions
diff --git a/src/backenddb/Makefile.am b/src/backenddb/Makefile.am index 4e06fa9f..778379cf 100644 --- a/src/backenddb/Makefile.am +++ b/src/backenddb/Makefile.am @@ -73,7 +73,10 @@ libtaler_plugin_merchantdb_postgres_la_SOURCES = \ pg_select_accounts_by_exchange.h pg_select_accounts_by_exchange.c \ pg_set_transfer_status_to_confirmed.h pg_set_transfer_status_to_confirmed.c \ pg_insert_exchange_account.h pg_insert_exchange_account.c \ - pg_lookup_reserves.h pg_lookup_reserves.c \ + pg_insert_login_token.h pg_insert_login_token.c \ + pg_delete_login_token.h pg_delete_login_token.c \ + pg_select_login_token.h pg_select_login_token.c \ +pg_lookup_reserves.h pg_lookup_reserves.c \ pg_lookup_instance_auth.h pg_lookup_instance_auth.c \ pg_insert_instance.h pg_insert_instance.c \ pg_account_kyc_set_status.h pg_account_kyc_set_status.c \ diff --git a/src/backenddb/merchant-0001.sql b/src/backenddb/merchant-0001.sql index 03474831..d1ce432e 100644 --- a/src/backenddb/merchant-0001.sql +++ b/src/backenddb/merchant-0001.sql @@ -131,10 +131,10 @@ COMMENT ON TABLE merchant_login_tokens COMMENT ON COLUMN merchant_login_tokens.token IS 'binary value of the login token'; COMMENT ON COLUMN merchant_login_tokens.creation_time - IS 'time when the token was created'; + IS 'time when the token was created; currently not used, potentially useful in the future for a forced logout of all tokens issued before a certain date'; COMMENT ON COLUMN merchant_login_tokens.expiration_time IS 'determines when the token expires'; -COMMENT ON COLUMN merchant_login_tokens.merchant_scope +COMMENT ON COLUMN merchant_login_tokens.validity_scope IS 'identifies the opeations for which the token is valid'; COMMENT ON COLUMN merchant_login_tokens.merchant_serial IS 'identifies the instance for which the token is valid'; diff --git a/src/backenddb/pg_delete_login_token.c b/src/backenddb/pg_delete_login_token.c new file mode 100644 index 00000000..d23e541e --- /dev/null +++ b/src/backenddb/pg_delete_login_token.c @@ -0,0 +1,55 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_delete_login_token.c + * @brief Implementation of the delete_login_token function for Postgres + * @author Christian Grothoff + */ +#include "platform.h" +#include <taler/taler_error_codes.h> +#include <taler/taler_dbevents.h> +#include <taler/taler_pq_lib.h> +#include "pg_delete_login_token.h" +#include "pg_helper.h" + + +enum GNUNET_DB_QueryStatus +TMH_PG_delete_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_string (id), + GNUNET_PQ_query_param_auto_from_type (token), + GNUNET_PQ_query_param_end + }; + + check_connection (pg); + PREPARE (pg, + "delete_login_token", + "DELETE FROM merchant_login_tokens" + " WHERE token=$2" + " AND merchant_serial=" + " (SELECT merchant_serial" + " FROM merchant_instances" + " WHERE merchant_id=$1)"); + return GNUNET_PQ_eval_prepared_non_select (pg->conn, + "delete_login_token", + params); +} + diff --git a/src/backenddb/pg_delete_login_token.h b/src/backenddb/pg_delete_login_token.h new file mode 100644 index 00000000..0ae9f56b --- /dev/null +++ b/src/backenddb/pg_delete_login_token.h @@ -0,0 +1,44 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_delete_login_token.h + * @brief implementation of the delete_login_token function for Postgres + * @author Christian Grothoff + */ +#ifndef PG_DELETE_LOGIN_TOKEN_H +#define PG_DELETE_LOGIN_TOKEN_H + +#include <taler/taler_util.h> +#include <taler/taler_json_lib.h> +#include "taler_merchantdb_plugin.h" + + +/** + * Delete login token from database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @return database result code + */ +enum GNUNET_DB_QueryStatus +TMH_PG_delete_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token); + + +#endif diff --git a/src/backenddb/pg_insert_login_token.c b/src/backenddb/pg_insert_login_token.c new file mode 100644 index 00000000..faeaeec8 --- /dev/null +++ b/src/backenddb/pg_insert_login_token.c @@ -0,0 +1,64 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_insert_login_token.c + * @brief Implementation of the insert_login_token function for Postgres + * @author Christian Grothoff + */ +#include "platform.h" +#include <taler/taler_error_codes.h> +#include <taler/taler_dbevents.h> +#include <taler/taler_pq_lib.h> +#include "pg_insert_login_token.h" +#include "pg_helper.h" + + +enum GNUNET_DB_QueryStatus +TMH_PG_insert_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp creation_time, + struct GNUNET_TIME_Timestamp expiration_time, + uint32_t validity_scope) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_string (id), + GNUNET_PQ_query_param_auto_from_type (token), + GNUNET_PQ_query_param_timestamp (&creation_time), + GNUNET_PQ_query_param_timestamp (&expiration_time), + GNUNET_PQ_query_param_uint32 (&validity_scope), + GNUNET_PQ_query_param_end + }; + + check_connection (pg); + PREPARE (pg, + "insert_login_token", + "INSERT INTO merchant_login_tokens" + "(token" + ",creation_time" + ",expiration_time" + ",validity_scope" + ",merchant_serial" + ")" + "SELECT $2, $3, $4, $5, merchant_serial" + " FROM merchant_instances" + " WHERE merchant_id=$1"); + return GNUNET_PQ_eval_prepared_non_select (pg->conn, + "insert_login_token", + params); +} diff --git a/src/backenddb/pg_insert_login_token.h b/src/backenddb/pg_insert_login_token.h new file mode 100644 index 00000000..c411b038 --- /dev/null +++ b/src/backenddb/pg_insert_login_token.h @@ -0,0 +1,50 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_insert_login_token.h + * @brief implementation of the insert_login_token function for Postgres + * @author Christian Grothoff + */ +#ifndef PG_INSERT_LOGIN_TOKEN_H +#define PG_INSERT_LOGIN_TOKEN_H + +#include <taler/taler_util.h> +#include <taler/taler_json_lib.h> +#include "taler_merchantdb_plugin.h" + + +/** + * Insert instance login token into our database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @param creation_time the current time + * @param expiration_time when does the token expire + * @param validity_scope scope of the token + * @return database result code + */ +enum GNUNET_DB_QueryStatus +TMH_PG_insert_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp creation_time, + struct GNUNET_TIME_Timestamp expiration_time, + uint32_t validity_scope); + + +#endif diff --git a/src/backenddb/pg_select_login_token.c b/src/backenddb/pg_select_login_token.c new file mode 100644 index 00000000..7b72b373 --- /dev/null +++ b/src/backenddb/pg_select_login_token.c @@ -0,0 +1,67 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_select_login_token.c + * @brief Implementation of the select_login_token function for Postgres + * @author Christian Grothoff + */ +#include "platform.h" +#include <taler/taler_error_codes.h> +#include <taler/taler_dbevents.h> +#include <taler/taler_pq_lib.h> +#include "pg_select_login_token.h" +#include "pg_helper.h" + + +enum GNUNET_DB_QueryStatus +TMH_PG_select_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp *expiration_time, + uint32_t *validity_scope) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_string (id), + GNUNET_PQ_query_param_auto_from_type (token), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_timestamp ("expiration_time", + expiration_time), + GNUNET_PQ_result_spec_uint32 ("validity_scope", + validity_scope), + GNUNET_PQ_result_spec_end + }; + + check_connection (pg); + PREPARE (pg, + "select_login_token", + "SELECT" + " expiration_time" + ",validity_scope" + " FROM merchant_login_tokens" + " WHERE token=$2" + " AND merchant_serial=" + " (SELECT merchant_serial" + " FROM merchant_instances" + " WHERE merchant_id=$1)"); + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "select_login_token", + params, + rs); +} diff --git a/src/backenddb/pg_select_login_token.h b/src/backenddb/pg_select_login_token.h new file mode 100644 index 00000000..1a91ffb1 --- /dev/null +++ b/src/backenddb/pg_select_login_token.h @@ -0,0 +1,48 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file backenddb/pg_select_login_token.h + * @brief implementation of the select_login_token function for Postgres + * @author Christian Grothoff + */ +#ifndef PG_SELECT_LOGIN_TOKEN_H +#define PG_SELECT_LOGIN_TOKEN_H + +#include <taler/taler_util.h> +#include <taler/taler_json_lib.h> +#include "taler_merchantdb_plugin.h" + + +/** + * Lookup information about a login token from database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @param[out] expiration_time set to expiration time + * @param[out] validity_scope set to scope of the token + * @return database result code + */ +enum GNUNET_DB_QueryStatus +TMH_PG_select_login_token ( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp *expiration_time, + uint32_t *validity_scope); + + +#endif diff --git a/src/backenddb/pg_template.c b/src/backenddb/pg_template.c index 23035677..1a7f639b 100644 --- a/src/backenddb/pg_template.c +++ b/src/backenddb/pg_template.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software diff --git a/src/backenddb/pg_template.h b/src/backenddb/pg_template.h index 30caece4..510a8faa 100644 --- a/src/backenddb/pg_template.h +++ b/src/backenddb/pg_template.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c index c4074c98..51298334 100644 --- a/src/backenddb/plugin_merchantdb_postgres.c +++ b/src/backenddb/plugin_merchantdb_postgres.c @@ -36,6 +36,9 @@ #include "pg_update_otp.h" #include "pg_select_otp.h" #include "pg_select_otp_serial.h" +#include "pg_insert_login_token.h" +#include "pg_delete_login_token.h" +#include "pg_select_login_token.h" #include "pg_insert_account.h" #include "pg_update_account.h" #include "pg_lookup_instances.h" @@ -3684,6 +3687,12 @@ libtaler_plugin_merchantdb_postgres_init (void *cls) plugin->start_read_committed = &TMH_PG_start_read_committed; plugin->rollback = &TMH_PG_rollback; plugin->commit = &TMH_PG_commit; + plugin->insert_login_token + = &TMH_PG_insert_login_token; + plugin->delete_login_token + = &TMH_PG_delete_login_token; + plugin->select_login_token + = &TMH_PG_select_login_token; plugin->lookup_instance_auth = &TMH_PG_lookup_instance_auth; plugin->insert_instance diff --git a/src/backenddb/test_merchantdb.c b/src/backenddb/test_merchantdb.c index 214bd5f8..4c2ef5c9 100644 --- a/src/backenddb/test_merchantdb.c +++ b/src/backenddb/test_merchantdb.c @@ -6918,6 +6918,7 @@ test_insert_template (const struct InstanceData *instance, plugin->insert_template (plugin->cls, instance->instance.id, template->id, + 0, &template->template), "Insert template failed\n"); return 0; diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h index 5426d57d..e9bdcbd1 100644 --- a/src/include/taler_merchantdb_plugin.h +++ b/src/include/taler_merchantdb_plugin.h @@ -118,6 +118,19 @@ struct TALER_MERCHANTDB_AccountDetails }; + +/** + * Binary login token. Just a vanilla token made out + * of random bits. + */ +struct TALER_MERCHANTDB_LoginTokenP +{ + /** + * 32 bytes of entropy. + */ + uint64_t data[32 / 8]; +}; + /** * Authentication settings for an instance. */ @@ -1264,6 +1277,61 @@ struct TALER_MERCHANTDB_Plugin /** + * Insert instance login token into our database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @param creation_time the current time + * @param expiration_time when does the token expire + * @param validity_scope scope of the token + * @return database result code + */ + enum GNUNET_DB_QueryStatus + (*insert_login_token)( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp creation_time, + struct GNUNET_TIME_Timestamp expiration_time, + uint32_t validity_scope); + + + /** + * Lookup information about a login token from database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @param[out] expiration_time set to expiration time + * @param[out] validity_scope set to scope of the token + * @return database result code + */ + enum GNUNET_DB_QueryStatus + (*select_login_token)( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token, + struct GNUNET_TIME_Timestamp *expiration_time, + uint32_t *validity_scope); + + + /** + * Delete login token from database. + * + * @param cls closure + * @param id identifier of the instance + * @param token value of the token + * @return database result code + */ + enum GNUNET_DB_QueryStatus + (*delete_login_token)( + void *cls, + const char *id, + const struct TALER_MERCHANTDB_LoginTokenP *token); + + + /** * Update information about an instance's account into our database. * * @param cls closure |