diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-05-18 11:19:17 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-05-18 11:19:23 +0200 |
commit | cca365795f2681f884f525a7442123ee7933c51c (patch) | |
tree | e8343089be0068b3fd8bc94097c0f86609a2de27 /src/backend | |
parent | b74535be9a786263992ca4742d74d382d96091b0 (diff) | |
download | merchant-cca365795f2681f884f525a7442123ee7933c51c.tar.gz merchant-cca365795f2681f884f525a7442123ee7933c51c.tar.bz2 merchant-cca365795f2681f884f525a7442123ee7933c51c.zip |
-fix auth handling
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/taler-merchant-httpd.h | 7 | ||||
-rw-r--r-- | src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c | 18 |
2 files changed, 19 insertions, 6 deletions
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h index 847701a1..8d009b26 100644 --- a/src/backend/taler-merchant-httpd.h +++ b/src/backend/taler-merchant-httpd.h @@ -163,6 +163,13 @@ struct TMH_MerchantInstance * True if this instance was deleted (but not yet purged). */ bool deleted; + + /** + * The authentication settings for this instance + * were changed via the command-line. Do not check + * against the DB value when updating the auth token. + */ + bool auth_override; }; diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c index eef710b6..b4e77d46 100644 --- a/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c +++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-auth.c @@ -102,6 +102,7 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi, to the authentication. */ { struct TALER_MERCHANTDB_InstanceAuthSettings db_ias; + qs = TMH_db->lookup_instance_auth (TMH_db->cls, mi->settings.id, &db_ias); @@ -112,8 +113,8 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi, /* Instance got purged. */ TMH_db->rollback (TMH_db->cls); return TALER_MHD_reply_with_error (connection, - MHD_HTTP_UNAUTHORIZED, - TALER_EC_GENERIC_DB_COMMIT_FAILED, + MHD_HTTP_NOT_FOUND, + TALER_EC_MERCHANT_GENERIC_INSTANCE_UNKNOWN, NULL); case GNUNET_DB_STATUS_SOFT_ERROR: TMH_db->rollback (TMH_db->cls); @@ -129,12 +130,16 @@ post_instances_ID_auth (struct TMH_MerchantInstance *mi, break; } - if (GNUNET_OK != - TMH_check_auth (hc->auth_token, - &db_ias.auth_salt, - &db_ias.auth_hash)) + if ( (NULL == TMH_default_auth) && + (! mi->auth_override) && + (GNUNET_OK != + TMH_check_auth (hc->auth_token, + &db_ias.auth_salt, + &db_ias.auth_hash)) ) { TMH_db->rollback (TMH_db->cls); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Refusing auth change: old token does not match\n"); return TALER_MHD_reply_with_error (connection, MHD_HTTP_UNAUTHORIZED, TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED, @@ -175,6 +180,7 @@ retry: /* Finally, also update our running process */ mi->auth = ias; } + mi->auth_override = false; if (0 == strcmp (mi->settings.id, "default")) { |