diff options
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-post-orders.c | 94 |
1 files changed, 45 insertions, 49 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c index ca35774d..7e2804fd 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders.c +++ b/src/backend/taler-merchant-httpd_private-post-orders.c @@ -457,6 +457,7 @@ struct OrderContext ORDER_PHASE_SET_EXCHANGES, ORDER_PHASE_SET_MAX_FEE, ORDER_PHASE_SERIALIZE_ORDER, + ORDER_PHASE_SALT_FORGETTABLE, ORDER_PHASE_CHECK_CONTRACT, ORDER_PHASE_EXECUTE_ORDER, @@ -717,34 +718,9 @@ execute_order (struct OrderContext *oc) &oc->hc->instance->settings; enum GNUNET_DB_QueryStatus qs; - /* extract fields we need to sign separately */ - // { - // enum GNUNET_GenericReturnValue res; - - // res = TALER_MHD_parse_json_data (oc->connection, - // oc->order, - // spec); - // if (GNUNET_OK != res) - // { - // GNUNET_break_op (0); - // finalize_order2 (oc, - // res); - // return; - // } - // } - - /* check product list in contract is well-formed */ - if (! TMH_products_array_valid (oc->merge_inventory.products)) - { - GNUNET_break_op (0); - reply_with_error (oc, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "order:products"); - return; - } - /* Test if we already have an order with this id */ + /* FIXME: this should be done within the main + transaction! */ { struct TALER_ClaimTokenP token; json_t *contract_terms; @@ -995,6 +971,31 @@ check_contract (struct OrderContext *oc) /** + * Modify the final contract terms adding salts for + * items that are forgettable. + * + * @param[in,out] oc order context + */ +static void +salt_forgettable (struct OrderContext *oc) +{ + if (GNUNET_OK != + TALER_JSON_contract_seed_forgettable (oc->parse_request.order, + oc->serialize_order.contract)) + { + GNUNET_break_op (0); + reply_with_error ( + oc, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_JSON_INVALID, + "could not compute hash of order due to bogus forgettable fields"); + return; + } + oc->phase++; +} + + +/** * Update MAX STEFAN fees based on @a keys. * * @param[in,out] oc order context to update @@ -1743,6 +1744,7 @@ parse_order (struct OrderContext *oc) } else if (! TMH_products_array_valid (oc->parse_order.products)) { + GNUNET_break_op (0); reply_with_error ( oc, MHD_HTTP_BAD_REQUEST, @@ -1808,26 +1810,6 @@ parse_order (struct OrderContext *oc) } oc->parse_order.merchant_pub = oc->hc->instance->merchant_pub; - - /* TODO: Not sure yet how to properly handle this in the refactored code */ - /* CG: Maybe the best answer is to do nothing here, and instead change - the TALER_JSON_contract_seed_forgettable() to take two arguments: - the (original) oc->order *and* the final (assembled) order. Then - do the (recursive) traversal over both objects and modify the - assembled order based on the fields in the (read-only) original - oc->order. Anyway, let me sleep over it, maybe I'll hack it up - tomorrow ;-). */ - // if (GNUNET_OK != - // TALER_JSON_contract_seed_forgettable (oc->order)) - // { - // reply_with_error ( - // oc, - // MHD_HTTP_BAD_REQUEST, - // TALER_EC_GENERIC_JSON_INVALID, - // "could not compute hash of order due to bogus forgettable fields"); - // return; - // } - if ( (NULL != oc->parse_order.delivery_location) && (! TMH_location_object_valid (oc->parse_order.delivery_location)) ) { @@ -1880,7 +1862,7 @@ add_payment_details (struct OrderContext *oc) /** - * Merge the inventory products into @a order, querying the + * Merge the inventory products into products, querying the * database about the details of those products. Upon success, * continue processing by calling add_payment_details(). * @@ -1893,7 +1875,8 @@ merge_inventory (struct OrderContext *oc) * parse_request.inventory_products => instructions to add products to contract terms * parse_order.products => contains products that are not from the backend-managed inventory. */ - oc->merge_inventory.products = json_deep_copy(oc->parse_order.products); + oc->merge_inventory.products + = json_deep_copy (oc->parse_order.products); /* Populate products from inventory product array and database */ { GNUNET_assert (NULL != oc->merge_inventory.products); @@ -1971,6 +1954,16 @@ merge_inventory (struct OrderContext *oc) json_decref (pd.address); } } + /* check if final product list is well-formed */ + if (! TMH_products_array_valid (oc->merge_inventory.products)) + { + GNUNET_break_op (0); + reply_with_error (oc, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "order:products"); + return; + } oc->phase++; } @@ -2222,6 +2215,9 @@ TMH_private_post_orders ( case ORDER_PHASE_CHECK_CONTRACT: check_contract (oc); break; + case ORDER_PHASE_SALT_FORGETTABLE: + salt_forgettable (oc); + break; case ORDER_PHASE_EXECUTE_ORDER: execute_order (oc); break; |