summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2020-09-07 15:38:34 +0530
committerFlorian Dold <florian.dold@gmail.com>2020-09-07 15:38:45 +0530
commitf6b5dd04e06198a023eb38945c963a9128065786 (patch)
treeed176ee1068c9fb1ef164218bcc2c541c79e678f
parent39067e234d2e11eac5d0ac5fdb6f88c79dc62276 (diff)
downloadmerchant-f6b5dd04e06198a023eb38945c963a9128065786.tar.gz
merchant-f6b5dd04e06198a023eb38945c963a9128065786.tar.bz2
merchant-f6b5dd04e06198a023eb38945c963a9128065786.zip
append h_contract when appropriate
-rw-r--r--src/backend/taler-merchant-httpd_get-orders-ID.c27
-rw-r--r--src/backend/taler-merchant-httpd_get-orders-ID.h4
-rw-r--r--src/backend/taler-merchant-httpd_private-get-orders-ID.c31
3 files changed, 49 insertions, 13 deletions
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
index 4f77fba4..82d74f48 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -277,6 +277,7 @@ make_taler_refund_uri (struct MHD_Connection *con,
* @param session_id the session id
* @param instance_id instance, may be "default"
* @param claim_token claim token for the order, may be NULL
+ * @param h_contract contract hash for authentication, may be NULL
* @return corresponding http(s):// URL, or NULL on missing "host"
*/
char *
@@ -284,13 +285,15 @@ TMH_make_order_status_url (struct MHD_Connection *con,
const char *order_id,
const char *session_id,
const char *instance_id,
- struct TALER_ClaimTokenP *claim_token)
+ struct TALER_ClaimTokenP *claim_token,
+ struct GNUNET_HashCode *h_contract)
{
const char *host;
const char *forwarded_host;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
- bool have_claim_token = false;
+ /* Number of query parameters written so far */
+ unsigned int num_qp = 0;
host = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
@@ -346,12 +349,12 @@ TMH_make_order_status_url (struct MHD_Connection *con,
GNUNET_buffer_write_data_encoded (&buf,
(char *) claim_token,
sizeof (struct TALER_ClaimTokenP));
- have_claim_token = true;
+ num_qp++;
}
if (NULL != session_id)
{
- if (have_claim_token)
+ if (num_qp > 0)
GNUNET_buffer_write_str (&buf,
"&session_id=");
else
@@ -359,7 +362,20 @@ TMH_make_order_status_url (struct MHD_Connection *con,
"?session_id=");
GNUNET_buffer_write_str (&buf,
session_id);
+ num_qp++;
+ }
+ if (NULL != h_contract)
+ {
+ if (num_qp > 0)
+ GNUNET_buffer_write_str (&buf,
+ "&h_contract=");
+ else
+ GNUNET_buffer_write_str (&buf,
+ "?h_contract=");
+ GNUNET_buffer_write_data_encoded (&buf,
+ (char *) h_contract,
+ sizeof (struct GNUNET_HashCode));
}
return GNUNET_buffer_reap_str (&buf);
@@ -520,7 +536,8 @@ send_pay_request (struct GetOrderData *god,
god->order_id,
god->session_id,
god->hc->instance->settings.id,
- &god->claim_token);
+ &god->claim_token,
+ NULL);
if (god->generate_html)
{
char *qr;
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.h b/src/backend/taler-merchant-httpd_get-orders-ID.h
index 83a991b4..5546e7cd 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.h
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.h
@@ -51,6 +51,7 @@ TMH_make_taler_pay_uri (struct MHD_Connection *con,
* @param session_id session, may be NULL
* @param instance_id instance, may be "default"
* @param claim_token claim token for the order, may be NULL
+ * @param h_contract contract hash for authentication, may be NULL
* @return corresponding http(s):// URL, or NULL on missing "host"
*/
char *
@@ -58,7 +59,8 @@ TMH_make_order_status_url (struct MHD_Connection *con,
const char *order_id,
const char *session_id,
const char *instance_id,
- struct TALER_ClaimTokenP *claim_token);
+ struct TALER_ClaimTokenP *claim_token,
+ struct GNUNET_HashCode *h_contract);
/**
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
index 550b9df2..a57845d4 100644
--- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
@@ -978,7 +978,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
hc->infix,
gorc->session_id,
hc->instance->settings.id,
- &claim_token);
+ &claim_token,
+ NULL);
ret = TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s, s:s, s:s, s:s, s:s?}",
@@ -1056,7 +1057,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
hc->infix,
gorc->session_id,
hc->instance->settings.id,
- &claim_token);
+ &claim_token,
+ NULL);
ret = TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s, s:s, s:s}",
@@ -1184,11 +1186,26 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
}
}
- order_status_url = TMH_make_order_status_url (connection,
- hc->infix,
- gorc->session_id,
- hc->instance->settings.id,
- &claim_token);
+ {
+ struct GNUNET_HashCode *h_contract = NULL;
+
+ /* In a session-bound payment, allow the browser to check the order
+ * status page (e.g. to get a refund).
+ *
+ * Note that we don't allow this outside of session-based payment, as
+ * otherwise this becomes an oracle to convert order_id to h_contract.
+ */
+ if (NULL != gorc->session_id)
+ h_contract = &gorc->h_contract_terms;
+
+ order_status_url =
+ TMH_make_order_status_url (connection,
+ hc->infix,
+ gorc->session_id,
+ hc->instance->settings.id,
+ &claim_token,
+ h_contract);
+ }
ret = TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,