diff options
author | Florian Dold <florian.dold@gmail.com> | 2020-09-29 17:30:02 +0530 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2020-09-29 17:30:02 +0530 |
commit | 9d25f3c0f66e30f6dd15a8dd53a80328054aac8d (patch) | |
tree | 415400261bbee811b5a2efdaadd48cf424956949 /src/backend | |
parent | 5466b9471cc85ff5ad9719ed61aaa474ae5b4c23 (diff) | |
download | merchant-9d25f3c0f66e30f6dd15a8dd53a80328054aac8d.tar.gz merchant-9d25f3c0f66e30f6dd15a8dd53a80328054aac8d.tar.bz2 merchant-9d25f3c0f66e30f6dd15a8dd53a80328054aac8d.zip |
look up claim token and include it in claimed but unpaid order URLs to avoid redirect loop
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-get-orders-ID.c | 62 |
1 files changed, 51 insertions, 11 deletions
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c index 1f47a475..829b3a56 100644 --- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c @@ -834,15 +834,6 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, &gorc->order_serial); if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { - struct GNUNET_HashCode unused; - - /* We don't have contract terms, but the order may still exist. */ - qs = TMH_db->lookup_order (TMH_db->cls, - hc->instance->settings.id, - hc->infix, - &claim_token, - &unused, - &gorc->contract_terms); order_only = true; } if (0 > qs) @@ -864,6 +855,48 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GET_ORDERS_ORDER_NOT_FOUND, hc->infix); } + + { + struct GNUNET_HashCode unused; + json_t *ct = NULL; + + /* We need the order for two cases: Either when the contract doesn't exist yet, + * or when the order is claimed but unpaid, and we need the claim token. */ + qs = TMH_db->lookup_order (TMH_db->cls, + hc->instance->settings.id, + hc->infix, + &claim_token, + &unused, + &ct); + + if (0 > qs) + { + /* single, read-only SQL statements should never cause + serialization problems */ + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); + /* Always report on hard error as well to enable diagnostics */ + GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GET_ORDERS_DB_FETCH_CONTRACT_TERMS_ERROR, + NULL); + } + if (order_only && (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) ) + { + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_GET_ORDERS_ORDER_NOT_FOUND, + hc->infix); + } + if (order_only) + { + gorc->contract_terms = ct; + } + else if (NULL != ct) + { + json_decref (ct); + } + } /* extract the fulfillment URL and total amount from the contract terms! */ { struct GNUNET_JSON_Specification spec[] = { @@ -1069,17 +1102,24 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, char *taler_pay_uri; char *order_status_url; MHD_RESULT ret; + struct TALER_ClaimTokenP *ct = NULL; + + /* Already claimed, so we include the claim token so that + * the order status page will show the QR code and won't run + * into a redirect loop. */ + if (! order_only) + ct = &claim_token; taler_pay_uri = TMH_make_taler_pay_uri (connection, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + ct); order_status_url = TMH_make_order_status_url (connection, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token, + ct, NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, |