diff options
author | Jonathan Buchanan <jonathan.russ.buchanan@gmail.com> | 2020-07-28 18:33:14 -0400 |
---|---|---|
committer | Jonathan Buchanan <jonathan.russ.buchanan@gmail.com> | 2020-07-28 18:33:14 -0400 |
commit | b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702 (patch) | |
tree | fe9f9c895df50856623686bc84012bccb9866503 /src/backenddb | |
parent | 2e60ebf5464b537ce2466a3de44a3365700ad667 (diff) | |
download | merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.tar.gz merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.tar.bz2 merchant-b54d6b0552a84ed790e1faa5cbe9e0a66a9bc702.zip |
db checks claim_token in insert_contract_terms
Diffstat (limited to 'src/backenddb')
-rw-r--r-- | src/backenddb/plugin_merchantdb_postgres.c | 11 | ||||
-rw-r--r-- | src/backenddb/test_merchantdb.c | 26 |
2 files changed, 28 insertions, 9 deletions
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c index 60f42a16..1174fb79 100644 --- a/src/backenddb/plugin_merchantdb_postgres.c +++ b/src/backenddb/plugin_merchantdb_postgres.c @@ -1478,11 +1478,13 @@ postgres_lookup_contract_terms (void *cls, * contract terms (to be hashed), the creation_time and pay_deadline (to be * obtained from the merchant_orders table). The "session_id" should be * initially set to the empty string. The "fulfillment_url" and "refund_deadline" - * must be extracted from @a contract_terms. + * must be extracted from @a contract_terms. This function will only + * succeed if @a claim_token matches the token created for the order. * * @param cls closure * @param instance_id instance's identifier * @param order_id order_id used to store + * @param claim_token the token belonging to the order (NULL for none) * @param contract_terms contract to store * @return transaction status, #GNUNET_DB_STATUS_HARD_ERROR if @a contract_terms * is malformed @@ -1491,6 +1493,7 @@ static enum GNUNET_DB_QueryStatus postgres_insert_contract_terms (void *cls, const char *instance_id, const char *order_id, + const struct TALER_ClaimTokenP *claim_token, json_t *contract_terms) { struct PostgresClosure *pg = cls; @@ -1539,6 +1542,7 @@ postgres_insert_contract_terms (void *cls, GNUNET_PQ_query_param_absolute_time (&pay_deadline), GNUNET_PQ_query_param_absolute_time (&refund_deadline), GNUNET_PQ_query_param_string (fulfillment_url), + GNUNET_PQ_query_param_auto_from_type (claim_token), GNUNET_PQ_query_param_end }; @@ -7130,8 +7134,9 @@ libtaler_plugin_merchantdb_postgres_init (void *cls) " AND merchant_serial=" " (SELECT merchant_serial" " FROM merchant_instances" - " WHERE merchant_id=$1)", - 7), + " WHERE merchant_id=$1)" + " AND claim_token=$8", + 8), /* for postgres_update_contract_terms() */ GNUNET_PQ_make_prepare ("update_contract_terms", "UPDATE merchant_contract_terms SET" diff --git a/src/backenddb/test_merchantdb.c b/src/backenddb/test_merchantdb.c index fbbdaa18..c9c3500f 100644 --- a/src/backenddb/test_merchantdb.c +++ b/src/backenddb/test_merchantdb.c @@ -1282,6 +1282,11 @@ struct OrderData * The contract of the order */ json_t *contract; + + /** + * The claim token for the order. + */ + struct TALER_ClaimTokenP claim_token; }; @@ -1302,6 +1307,9 @@ make_order (const char *order_id, GNUNET_assert (NULL != order->contract); order->pay_deadline = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), GNUNET_TIME_UNIT_DAYS); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &order->claim_token, + sizeof (order->claim_token)); refund_deadline = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), GNUNET_TIME_UNIT_WEEKS); GNUNET_TIME_round_abs (&order->pay_deadline); @@ -1346,17 +1354,12 @@ test_insert_order (const struct InstanceData *instance, const struct OrderData *order, enum GNUNET_DB_QueryStatus expected_result) { - struct TALER_ClaimTokenP no_token; - - memset (&no_token, - 0, - sizeof (no_token)); TEST_COND_RET_ON_FAIL (expected_result == plugin->insert_order (plugin->cls, instance->instance.id, order->id, order->pay_deadline, - &no_token, + &order->claim_token, order->contract), "Insert order failed\n"); return 0; @@ -1629,6 +1632,7 @@ test_insert_contract_terms (const struct InstanceData *instance, plugin->insert_contract_terms (plugin->cls, instance->instance.id, order->id, + &order->claim_token, order->contract), "Insert contract terms failed\n"); return 0; @@ -2015,6 +2019,16 @@ run_test_orders (struct TestOrders_Closure *cls) &filter, 2, cls->orders)); + /* Test contract terms must have the correct claim token */ + { + struct OrderData tmp = cls->orders[0]; + /* just increment part of the token to guarantee we don't generate the + same token by chance. */ + tmp.claim_token.token.value[0] += 1; + TEST_RET_ON_FAIL (test_insert_contract_terms (&cls->instance, + &tmp, + GNUNET_DB_STATUS_SUCCESS_NO_RESULTS)); + } /* Test inserting contract terms */ TEST_RET_ON_FAIL (test_insert_contract_terms (&cls->instance, &cls->orders[0], |