-do not allow scope upgrades when refreshing

2 files changed, 8 insertions, 4 deletions

diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 28a521a4..839c68d1 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -91,6 +91,14 @@ TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
   }
   if (refreshable)
     iscope |= TMH_AS_REFRESHABLE;
+  if (0 != (iscope & (~hc->auth_scope)))
+  {
+    /* more permissions requested for the new token, not allowed */
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_ec (connection,
+                                    TALER_EC_GENERIC_TOKEN_PERMISSION_INSUFFICIENT,
+                                    NULL);
+  }
   qs = TMH_db->insert_login_token (TMH_db->cls,
                                    mi->settings.id,
                                    &btoken,
diff --git a/src/backenddb/versioning.sql b/src/backenddb/versioning.sql
index c7fa8121..444cf95e 100644
--- a/src/backenddb/versioning.sql
+++ b/src/backenddb/versioning.sql
@@ -146,10 +146,6 @@
 
 BEGIN;
 
--- Added by Christian Grothoff to support concurrency, see
--- https://stackoverflow.com/questions/29900845/create-schema-if-not-exists-raises-duplicate-key-error?rq=4
-LOCK TABLE pg_catalog.pg_namespace;
-
 
 -- This file adds versioning support to database it will be loaded to.
 -- It requires that PL/pgSQL is already loaded - will raise exception otherwise.