diff options
| -rw-r--r-- | src/backend/taler-merchant-httpd_contract.c | 23 | ||||
| -rw-r--r-- | src/backend/taler-merchant-httpd_pay.c | 3 | ||||
| -rw-r--r-- | src/lib/merchant_api_contract.c | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/backend/taler-merchant-httpd_contract.c b/src/backend/taler-merchant-httpd_contract.c index 9acff622..9d159583 100644 --- a/src/backend/taler-merchant-httpd_contract.c +++ b/src/backend/taler-merchant-httpd_contract.c @@ -187,6 +187,29 @@ MH_handler_contract (struct TMH_RequestHandler *rh, "products in contract request malformed"); } + /* Check if this transaction ID erroneously corresponds to a + contract that already paid, in which case we should refuse + to sign it again (frontend buggy, it should use a fresh + transaction ID each time)! */ + if (GNUNET_OK == + db->check_payment (db->cls, + transaction_id)) + { + struct MHD_Response *resp; + int ret; + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Transaction %llu already paid in the past, refusing to sign!\n", + (unsigned long long) transaction_id); + resp = MHD_create_response_from_buffer (strlen ("Duplicate transaction ID!"), + "Duplicate transaction ID!", + MHD_RESPMEM_PERSISTENT); + ret = MHD_queue_response (connection, + MHD_HTTP_FORBIDDEN, + resp); + MHD_destroy_response (resp); + return ret; + } /* add fields to the contract that the backend should provide */ json_object_set (jcontract, diff --git a/src/backend/taler-merchant-httpd_pay.c b/src/backend/taler-merchant-httpd_pay.c index f51c2629..f7830896 100644 --- a/src/backend/taler-merchant-httpd_pay.c +++ b/src/backend/taler-merchant-httpd_pay.c @@ -797,6 +797,9 @@ MH_handler_pay (struct TMH_RequestHandler *rh, /* Payment succeeded in the past; take short cut and accept immediately */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Transaction %llu already paid in the past, taking short cut.\n", + (unsigned long long) pc->transaction_id); resp = MHD_create_response_from_buffer (0, NULL, MHD_RESPMEM_PERSISTENT); diff --git a/src/lib/merchant_api_contract.c b/src/lib/merchant_api_contract.c index 1938afa6..c556cc30 100644 --- a/src/lib/merchant_api_contract.c +++ b/src/lib/merchant_api_contract.c @@ -123,6 +123,7 @@ handle_contract_finished (void *cls, (or API version conflict); just pass JSON reply to the application */ break; case MHD_HTTP_FORBIDDEN: + /* Duplicate transaction ID, frontend is buggy! */ break; case MHD_HTTP_UNAUTHORIZED: /* Nothing really to verify, merchant says one of the signatures is |