add DB functions for login tokens

13 files changed, 414 insertions, 5 deletions

diff --git a/src/backenddb/Makefile.am b/src/backenddb/Makefile.am
index 4e06fa9f..778379cf 100644
--- a/src/backenddb/Makefile.am
+++ b/src/backenddb/Makefile.am
@@ -73,7 +73,10 @@ libtaler_plugin_merchantdb_postgres_la_SOURCES = \
   pg_select_accounts_by_exchange.h pg_select_accounts_by_exchange.c \
   pg_set_transfer_status_to_confirmed.h pg_set_transfer_status_to_confirmed.c \
   pg_insert_exchange_account.h pg_insert_exchange_account.c \
-  pg_lookup_reserves.h pg_lookup_reserves.c \
+  pg_insert_login_token.h pg_insert_login_token.c \
+  pg_delete_login_token.h pg_delete_login_token.c \
+  pg_select_login_token.h pg_select_login_token.c \
+pg_lookup_reserves.h pg_lookup_reserves.c \
   pg_lookup_instance_auth.h pg_lookup_instance_auth.c \
   pg_insert_instance.h pg_insert_instance.c \
   pg_account_kyc_set_status.h pg_account_kyc_set_status.c \
diff --git a/src/backenddb/merchant-0001.sql b/src/backenddb/merchant-0001.sql
index 03474831..d1ce432e 100644
--- a/src/backenddb/merchant-0001.sql
+++ b/src/backenddb/merchant-0001.sql
@@ -131,10 +131,10 @@ COMMENT ON TABLE merchant_login_tokens
 COMMENT ON COLUMN merchant_login_tokens.token
   IS 'binary value of the login token';
 COMMENT ON COLUMN merchant_login_tokens.creation_time
-  IS 'time when the token was created';
+  IS 'time when the token was created; currently not used, potentially useful in the future for a forced logout of all tokens issued before a certain date';
 COMMENT ON COLUMN merchant_login_tokens.expiration_time
   IS 'determines when the token expires';
-COMMENT ON COLUMN merchant_login_tokens.merchant_scope
+COMMENT ON COLUMN merchant_login_tokens.validity_scope
   IS 'identifies the opeations for which the token is valid';
 COMMENT ON COLUMN merchant_login_tokens.merchant_serial
   IS 'identifies the instance for which the token is valid';
diff --git a/src/backenddb/pg_delete_login_token.c b/src/backenddb/pg_delete_login_token.c
new file mode 100644
index 00000000..d23e541e
--- /dev/null
+++ b/src/backenddb/pg_delete_login_token.c
@@ -0,0 +1,55 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_delete_login_token.c
+ * @brief Implementation of the delete_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "pg_delete_login_token.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TMH_PG_delete_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_string (id),
+    GNUNET_PQ_query_param_auto_from_type (token),
+    GNUNET_PQ_query_param_end
+  };
+
+  check_connection (pg);
+  PREPARE (pg,
+           "delete_login_token",
+           "DELETE FROM merchant_login_tokens"
+           " WHERE token=$2"
+           "   AND merchant_serial="
+           "    (SELECT merchant_serial"
+           "       FROM merchant_instances"
+           "      WHERE merchant_id=$1)");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "delete_login_token",
+                                             params);
+}
+
diff --git a/src/backenddb/pg_delete_login_token.h b/src/backenddb/pg_delete_login_token.h
new file mode 100644
index 00000000..0ae9f56b
--- /dev/null
+++ b/src/backenddb/pg_delete_login_token.h
@@ -0,0 +1,44 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_delete_login_token.h
+ * @brief implementation of the delete_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_DELETE_LOGIN_TOKEN_H
+#define PG_DELETE_LOGIN_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "taler_merchantdb_plugin.h"
+
+
+/**
+ * Delete login token from database.
+ *
+ * @param cls closure
+ * @param id identifier of the instance
+ * @param token value of the token
+ * @return database result code
+ */
+enum GNUNET_DB_QueryStatus
+TMH_PG_delete_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token);
+
+
+#endif
diff --git a/src/backenddb/pg_insert_login_token.c b/src/backenddb/pg_insert_login_token.c
new file mode 100644
index 00000000..faeaeec8
--- /dev/null
+++ b/src/backenddb/pg_insert_login_token.c
@@ -0,0 +1,64 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_insert_login_token.c
+ * @brief Implementation of the insert_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "pg_insert_login_token.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TMH_PG_insert_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token,
+  struct GNUNET_TIME_Timestamp creation_time,
+  struct GNUNET_TIME_Timestamp expiration_time,
+  uint32_t validity_scope)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_string (id),
+    GNUNET_PQ_query_param_auto_from_type (token),
+    GNUNET_PQ_query_param_timestamp (&creation_time),
+    GNUNET_PQ_query_param_timestamp (&expiration_time),
+    GNUNET_PQ_query_param_uint32 (&validity_scope),
+    GNUNET_PQ_query_param_end
+  };
+
+  check_connection (pg);
+  PREPARE (pg,
+           "insert_login_token",
+           "INSERT INTO merchant_login_tokens"
+           "(token"
+           ",creation_time"
+           ",expiration_time"
+           ",validity_scope"
+           ",merchant_serial"
+           ")"
+           "SELECT $2, $3, $4, $5, merchant_serial"
+           " FROM merchant_instances"
+           " WHERE merchant_id=$1");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "insert_login_token",
+                                             params);
+}
diff --git a/src/backenddb/pg_insert_login_token.h b/src/backenddb/pg_insert_login_token.h
new file mode 100644
index 00000000..c411b038
--- /dev/null
+++ b/src/backenddb/pg_insert_login_token.h
@@ -0,0 +1,50 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_insert_login_token.h
+ * @brief implementation of the insert_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_INSERT_LOGIN_TOKEN_H
+#define PG_INSERT_LOGIN_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "taler_merchantdb_plugin.h"
+
+
+/**
+ * Insert instance login token into our database.
+ *
+ * @param cls closure
+ * @param id identifier of the instance
+ * @param token value of the token
+ * @param creation_time the current time
+ * @param expiration_time when does the token expire
+ * @param validity_scope scope of the token
+ * @return database result code
+ */
+enum GNUNET_DB_QueryStatus
+TMH_PG_insert_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token,
+  struct GNUNET_TIME_Timestamp creation_time,
+  struct GNUNET_TIME_Timestamp expiration_time,
+  uint32_t validity_scope);
+
+
+#endif
diff --git a/src/backenddb/pg_select_login_token.c b/src/backenddb/pg_select_login_token.c
new file mode 100644
index 00000000..7b72b373
--- /dev/null
+++ b/src/backenddb/pg_select_login_token.c
@@ -0,0 +1,67 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_select_login_token.c
+ * @brief Implementation of the select_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "pg_select_login_token.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TMH_PG_select_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token,
+  struct GNUNET_TIME_Timestamp *expiration_time,
+  uint32_t *validity_scope)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_string (id),
+    GNUNET_PQ_query_param_auto_from_type (token),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_timestamp ("expiration_time",
+                                     expiration_time),
+    GNUNET_PQ_result_spec_uint32 ("validity_scope",
+                                  validity_scope),
+    GNUNET_PQ_result_spec_end
+  };
+
+  check_connection (pg);
+  PREPARE (pg,
+           "select_login_token",
+           "SELECT"
+           " expiration_time"
+           ",validity_scope"
+           " FROM merchant_login_tokens"
+           " WHERE token=$2"
+           "   AND merchant_serial="
+           "    (SELECT merchant_serial"
+           "       FROM merchant_instances"
+           "      WHERE merchant_id=$1)");
+  return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                   "select_login_token",
+                                                   params,
+                                                   rs);
+}
diff --git a/src/backenddb/pg_select_login_token.h b/src/backenddb/pg_select_login_token.h
new file mode 100644
index 00000000..1a91ffb1
--- /dev/null
+++ b/src/backenddb/pg_select_login_token.h
@@ -0,0 +1,48 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_select_login_token.h
+ * @brief implementation of the select_login_token function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_SELECT_LOGIN_TOKEN_H
+#define PG_SELECT_LOGIN_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "taler_merchantdb_plugin.h"
+
+
+/**
+ * Lookup information about a login token from database.
+ *
+ * @param cls closure
+ * @param id identifier of the instance
+ * @param token value of the token
+ * @param[out] expiration_time set to expiration time
+ * @param[out] validity_scope set to scope of the token
+ * @return database result code
+ */
+enum GNUNET_DB_QueryStatus
+TMH_PG_select_login_token (
+  void *cls,
+  const char *id,
+  const struct TALER_MERCHANTDB_LoginTokenP *token,
+  struct GNUNET_TIME_Timestamp *expiration_time,
+  uint32_t *validity_scope);
+
+
+#endif
diff --git a/src/backenddb/pg_template.c b/src/backenddb/pg_template.c
index 23035677..1a7f639b 100644
--- a/src/backenddb/pg_template.c
+++ b/src/backenddb/pg_template.c
@@ -1,6 +1,6 @@
 /*
    This file is part of TALER
-   Copyright (C) 2022 Taler Systems SA
+   Copyright (C) 2023 Taler Systems SA
 
    TALER is free software; you can redistribute it and/or modify it under the
    terms of the GNU General Public License as published by the Free Software
diff --git a/src/backenddb/pg_template.h b/src/backenddb/pg_template.h
index 30caece4..510a8faa 100644
--- a/src/backenddb/pg_template.h
+++ b/src/backenddb/pg_template.h
@@ -1,6 +1,6 @@
 /*
    This file is part of TALER
-   Copyright (C) 2022 Taler Systems SA
+   Copyright (C) 2023 Taler Systems SA
 
    TALER is free software; you can redistribute it and/or modify it under the
    terms of the GNU General Public License as published by the Free Software
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c
index c4074c98..51298334 100644
--- a/src/backenddb/plugin_merchantdb_postgres.c
+++ b/src/backenddb/plugin_merchantdb_postgres.c
@@ -36,6 +36,9 @@
 #include "pg_update_otp.h"
 #include "pg_select_otp.h"
 #include "pg_select_otp_serial.h"
+#include "pg_insert_login_token.h"
+#include "pg_delete_login_token.h"
+#include "pg_select_login_token.h"
 #include "pg_insert_account.h"
 #include "pg_update_account.h"
 #include "pg_lookup_instances.h"
@@ -3684,6 +3687,12 @@ libtaler_plugin_merchantdb_postgres_init (void *cls)
   plugin->start_read_committed = &TMH_PG_start_read_committed;
   plugin->rollback = &TMH_PG_rollback;
   plugin->commit = &TMH_PG_commit;
+  plugin->insert_login_token
+    = &TMH_PG_insert_login_token;
+  plugin->delete_login_token
+    = &TMH_PG_delete_login_token;
+  plugin->select_login_token
+    = &TMH_PG_select_login_token;
   plugin->lookup_instance_auth
     = &TMH_PG_lookup_instance_auth;
   plugin->insert_instance
diff --git a/src/backenddb/test_merchantdb.c b/src/backenddb/test_merchantdb.c
index 214bd5f8..4c2ef5c9 100644
--- a/src/backenddb/test_merchantdb.c
+++ b/src/backenddb/test_merchantdb.c
@@ -6918,6 +6918,7 @@ test_insert_template (const struct InstanceData *instance,
                          plugin->insert_template (plugin->cls,
                                                   instance->instance.id,
                                                   template->id,
+                                                  0,
                                                   &template->template),
                          "Insert template failed\n");
   return 0;
diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h
index 5426d57d..e9bdcbd1 100644
--- a/src/include/taler_merchantdb_plugin.h
+++ b/src/include/taler_merchantdb_plugin.h
@@ -118,6 +118,19 @@ struct TALER_MERCHANTDB_AccountDetails
 
 };
 
+
+/**
+ * Binary login token. Just a vanilla token made out
+ * of random bits.
+ */
+struct TALER_MERCHANTDB_LoginTokenP
+{
+  /**
+   * 32 bytes of entropy.
+   */
+  uint64_t data[32 / 8];
+};
+
 /**
  * Authentication settings for an instance.
  */
@@ -1264,6 +1277,61 @@ struct TALER_MERCHANTDB_Plugin
 
 
   /**
+   * Insert instance login token into our database.
+   *
+   * @param cls closure
+   * @param id identifier of the instance
+   * @param token value of the token
+   * @param creation_time the current time
+   * @param expiration_time when does the token expire
+   * @param validity_scope scope of the token
+   * @return database result code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*insert_login_token)(
+    void *cls,
+    const char *id,
+    const struct TALER_MERCHANTDB_LoginTokenP *token,
+    struct GNUNET_TIME_Timestamp creation_time,
+    struct GNUNET_TIME_Timestamp expiration_time,
+    uint32_t validity_scope);
+
+
+  /**
+   * Lookup information about a login token from database.
+   *
+   * @param cls closure
+   * @param id identifier of the instance
+   * @param token value of the token
+   * @param[out] expiration_time set to expiration time
+   * @param[out] validity_scope set to scope of the token
+   * @return database result code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*select_login_token)(
+    void *cls,
+    const char *id,
+    const struct TALER_MERCHANTDB_LoginTokenP *token,
+    struct GNUNET_TIME_Timestamp *expiration_time,
+    uint32_t *validity_scope);
+
+
+  /**
+   * Delete login token from database.
+   *
+   * @param cls closure
+   * @param id identifier of the instance
+   * @param token value of the token
+   * @return database result code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*delete_login_token)(
+    void *cls,
+    const char *id,
+    const struct TALER_MERCHANTDB_LoginTokenP *token);
+
+
+  /**
    * Update information about an instance's account into our database.
    *
    * @param cls closure