diff options
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-post-instances.c')
| -rw-r--r-- | src/backend/taler-merchant-httpd_private-post-instances.c | 69 |
1 files changed, 56 insertions, 13 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c b/src/backend/taler-merchant-httpd_private-post-instances.c index c4d1d617..88a51a26 100644 --- a/src/backend/taler-merchant-httpd_private-post-instances.c +++ b/src/backend/taler-merchant-httpd_private-post-instances.c @@ -141,14 +141,15 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh, struct TMH_HandlerContext *hc) { struct TALER_MERCHANTDB_InstanceSettings is; + struct TALER_MERCHANTDB_InstanceAuthSettings ias; json_t *payto_uris; const char *auth_token = NULL; struct TMH_WireMethod *wm_head = NULL; struct TMH_WireMethod *wm_tail = NULL; + json_t *jauth; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("auth_token", - &auth_token)), + GNUNET_JSON_spec_json ("auth", + &jauth), GNUNET_JSON_spec_json ("payto_uris", &payto_uris), GNUNET_JSON_spec_string ("id", @@ -184,6 +185,47 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh, : MHD_NO; } + + { + bool auth_ok = false; + const char *auth_method = json_string_value (json_object_get (jauth, + "method")); + + if (NULL == auth_method) + GNUNET_break_op (0); + else if (0 == strcmp (auth_method, "external")) + { + auth_token = NULL; + auth_ok = true; + } + else if (0 == strcmp (auth_method, "token")) + { + auth_token = json_string_value (json_object_get (jauth, "token")); + if (NULL != auth_token) + { + if (0 != strncasecmp (RFC_8959_PREFIX, + auth_token, + strlen (RFC_8959_PREFIX))) + GNUNET_break_op (0); + else + auth_ok = true; + } + else + GNUNET_break_op (0); + } + + if (! auth_ok) + { + GNUNET_break_op (0); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_MERCHANT_PRIVATE_POST_INSTANCES_BAD_AUTH, + "bad authentication config"); + } + } + + if ((0 != strcasecmp (is.default_max_deposit_fee.currency, TMH_currency)) || (0 != strcasecmp (is.default_max_wire_fee.currency, @@ -212,11 +254,11 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh, ( ( (NULL != auth_token) && (GNUNET_OK == TMH_check_auth (auth_token, - &mi->settings.auth_salt, - &mi->settings.auth_hash)) ) || + &mi->auth.auth_salt, + &mi->auth.auth_hash)) ) || ( (NULL == auth_token) && (GNUNET_YES == - GNUNET_is_zero (&mi->settings.auth_hash))) ) && + GNUNET_is_zero (&mi->auth.auth_hash))) ) && (1 == json_equal (mi->settings.address, is.address)) && (1 == json_equal (mi->settings.jurisdiction, @@ -357,18 +399,18 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh, if (NULL == auth_token) { - memset (&is.auth_salt, + memset (&ias.auth_salt, 0, - sizeof (is.auth_salt)); - memset (&is.auth_hash, + sizeof (ias.auth_salt)); + memset (&ias.auth_hash, 0, - sizeof (is.auth_hash)); + sizeof (ias.auth_hash)); } else { TMH_compute_auth (auth_token, - &is.auth_salt, - &is.auth_hash); + &ias.auth_salt, + &ias.auth_hash); } { struct TMH_MerchantInstance *mi; @@ -402,7 +444,8 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh, qs = TMH_db->insert_instance (TMH_db->cls, &mi->merchant_pub, &mi->merchant_priv, - &mi->settings); + &mi->settings, + &mi->auth); if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs) { GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); |