diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-07-27 10:57:03 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-07-27 10:57:03 +0200 |
| commit | 01f8cd4824bd94aad41792b93422cb7c9f44129a (patch) | |
| tree | 637209a532833f3f4021d59c1b4a8afacfcfc889 /src | |
| parent | 3cbbe7b9ff49e8053458bac68bd47ebef72ed0ec (diff) | |
| download | merchant-01f8cd4824bd94aad41792b93422cb7c9f44129a.tar.gz merchant-01f8cd4824bd94aad41792b93422cb7c9f44129a.tar.bz2 merchant-01f8cd4824bd94aad41792b93422cb7c9f44129a.zip | |
add incomplete logic (lacks DB support) to check for claim tokens in get_orders-ID.c
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/taler-merchant-httpd_get-orders-ID.c | 64 |
1 files changed, 53 insertions, 11 deletions
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index c16fc8d4..7ee53ddf 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -133,11 +133,18 @@ struct GetOrderData { /** - * Hashed version of contract terms. + * Hashed version of contract terms. All zeros if + * not provided. */ struct GNUNET_HashCode h_contract_terms; /** + * Claim token used for access control. All zeros if + * not provided. + */ + struct TALER_ClaimTokenP claim_token; + + /** * DLL of (suspended) requests. */ struct GetOrderData *next; @@ -1019,6 +1026,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, if (NULL == god) { + struct TALER_ClaimTokenP db_claim_token; + god = GNUNET_new (struct GetOrderData); hc->ctx = god; hc->cc = &god_cleanup; @@ -1027,23 +1036,49 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, god->order_id = order_id; { + const char *ct; + + ct = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "token"); + if (NULL != ct) + { + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (ct, + strlen (ct), + &god->claim_token, + sizeof (god->claim_token))) + { + /* ct has wrong encoding */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_PARAMETER_MALFORMED, + "token malformed"); + } + } + } + + { const char *cts; cts = MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, "h_contract"); - if (NULL == cts) + if ( (NULL == cts) && + (GNUNET_is_zero (&god->claim_token)) ) { - /* h_contract required but missing */ + /* h_contract required (as we have no token), but missing */ GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, MHD_HTTP_BAD_REQUEST, TALER_EC_PARAMETER_MISSING, - "h_contract required"); + "h_contract or token required"); } - if (GNUNET_OK != - GNUNET_CRYPTO_hash_from_string (cts, - &god->h_contract_terms)) + if ( (NULL != cts) && + (GNUNET_OK != + GNUNET_CRYPTO_hash_from_string (cts, + &god->h_contract_terms)) ) { /* cts has wrong encoding */ GNUNET_break_op (0); @@ -1160,6 +1195,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, hc->instance->settings.id, order_id, &god->contract_terms, + // &db_claim_token: FIXME #6446 - init here! &order_serial); } if (0 > qs) @@ -1185,7 +1221,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, "order_id not found in database"); } - /* Check client provided the right hash code of the contract terms */ + /* Check client provided the right token OR the right hash code of the contract terms */ { struct GNUNET_HashCode h; @@ -1200,9 +1236,15 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_INTERNAL_LOGIC_ERROR, "Could not hash contract terms"); } - if (0 != - GNUNET_memcmp (&h, - &god->h_contract_terms)) + if (0 == GNUNET_memcmp (&db_claim_token, + &god->claim_token)) + { + /* Client provided token. We need the hash later, so we set it! */ + god->h_contract_terms = h; + } + else if (0 != + GNUNET_memcmp (&h, + &god->h_contract_terms)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, |