diff options
| author | Jonathan Buchanan <jonathan.russ.buchanan@gmail.com> | 2020-07-28 18:33:14 -0400 |
|---|---|---|
| committer | Jonathan Buchanan <jonathan.russ.buchanan@gmail.com> | 2020-07-28 18:33:14 -0400 |
| commit | b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702 (patch) | |
| tree | fe9f9c895df50856623686bc84012bccb9866503 /src/backenddb/plugin_merchantdb_postgres.c | |
| parent | 2e60ebf5464b537ce2466a3de44a3365700ad667 (diff) | |
| download | merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.tar.gz merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.tar.bz2 merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.zip | |
db checks claim_token in insert_contract_terms
Diffstat (limited to 'src/backenddb/plugin_merchantdb_postgres.c')
| -rw-r--r-- | src/backenddb/plugin_merchantdb_postgres.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c index 60f42a16..1174fb79 100644 --- a/src/backenddb/plugin_merchantdb_postgres.c +++ b/src/backenddb/plugin_merchantdb_postgres.c @@ -1478,11 +1478,13 @@ postgres_lookup_contract_terms (void *cls, * contract terms (to be hashed), the creation_time and pay_deadline (to be * obtained from the merchant_orders table). The "session_id" should be * initially set to the empty string. The "fulfillment_url" and "refund_deadline" - * must be extracted from @a contract_terms. + * must be extracted from @a contract_terms. This function will only + * succeed if @a claim_token matches the token created for the order. * * @param cls closure * @param instance_id instance's identifier * @param order_id order_id used to store + * @param claim_token the token belonging to the order (NULL for none) * @param contract_terms contract to store * @return transaction status, #GNUNET_DB_STATUS_HARD_ERROR if @a contract_terms * is malformed @@ -1491,6 +1493,7 @@ static enum GNUNET_DB_QueryStatus postgres_insert_contract_terms (void *cls, const char *instance_id, const char *order_id, + const struct TALER_ClaimTokenP *claim_token, json_t *contract_terms) { struct PostgresClosure *pg = cls; @@ -1539,6 +1542,7 @@ postgres_insert_contract_terms (void *cls, GNUNET_PQ_query_param_absolute_time (&pay_deadline), GNUNET_PQ_query_param_absolute_time (&refund_deadline), GNUNET_PQ_query_param_string (fulfillment_url), + GNUNET_PQ_query_param_auto_from_type (claim_token), GNUNET_PQ_query_param_end }; @@ -7130,8 +7134,9 @@ libtaler_plugin_merchantdb_postgres_init (void *cls) " AND merchant_serial=" " (SELECT merchant_serial" " FROM merchant_instances" - " WHERE merchant_id=$1)", - 7), + " WHERE merchant_id=$1)" + " AND claim_token=$8", + 8), /* for postgres_update_contract_terms() */ GNUNET_PQ_make_prepare ("update_contract_terms", "UPDATE merchant_contract_terms SET" |