From 7eba0bcd293d10e49c0e6cb4011b0eda2e65f756 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 26 Aug 2019 01:28:38 +0200 Subject: do not consider an order paid if last session id does not match --- src/backend/taler-merchant-httpd_check-payment.c | 17 +++++++++++++++++ src/include/taler_merchant_service.h | 4 ++-- src/lib/merchant_api_check_payment.c | 8 ++++---- src/lib/test_merchant_api_twisted.c | 2 +- src/lib/testing_api_cmd_pay.c | 6 +++--- 5 files changed, 27 insertions(+), 10 deletions(-) diff --git a/src/backend/taler-merchant-httpd_check-payment.c b/src/backend/taler-merchant-httpd_check-payment.c index e00c8a70..b0d380f9 100644 --- a/src/backend/taler-merchant-httpd_check-payment.c +++ b/src/backend/taler-merchant-httpd_check-payment.c @@ -290,6 +290,7 @@ MH_handler_check_payment (struct TMH_RequestHandler *rh, session_id = MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, "session_id"); + session_sig_str = MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, "session_sig"); @@ -362,6 +363,22 @@ MH_handler_check_payment (struct TMH_RequestHandler *rh, GNUNET_assert (NULL != contract_terms); GNUNET_assert (NULL != last_session_id); + if ( (NULL != session_id) && (0 != strcmp (session_id, last_session_id)) ) + { + + ret = send_pay_request (connection, + final_contract_url, + session_id, + resource_url, + h_contract_terms_str, + mi); + + json_decref (contract_terms); + GNUNET_free (last_session_id); + GNUNET_free (final_contract_url); + return ret; + } + if (GNUNET_OK != TALER_JSON_hash (contract_terms, &h_contract_terms)) diff --git a/src/include/taler_merchant_service.h b/src/include/taler_merchant_service.h index 30059639..46e6ec9f 100644 --- a/src/include/taler_merchant_service.h +++ b/src/include/taler_merchant_service.h @@ -963,7 +963,7 @@ struct TALER_MERCHANT_CheckPaymentOperation; * #GNUNET_NO if refunded, #GNUNET_SYSERR or error * @param refunded_amount amount that was refunded, NULL if there * was no refund - * @param payment_redirect_url URL to redirect the browser to in order to + * @param fallback_request_payment_url URL to redirect the browser to in order to * execute or re-play the payment (NULL if not applicable) */ typedef void @@ -973,7 +973,7 @@ typedef void int paid, int refunded, struct TALER_Amount *refund_amount, - const char *payment_redirect_url); + const char *fallback_request_payment_url); /** diff --git a/src/lib/merchant_api_check_payment.c b/src/lib/merchant_api_check_payment.c index eb5c4202..4605f476 100644 --- a/src/lib/merchant_api_check_payment.c +++ b/src/lib/merchant_api_check_payment.c @@ -111,11 +111,11 @@ handle_check_payment_finished (void *cls, if (! json_boolean_value (json_object_get (json, "paid"))) { - const char *payment_redirect_url = json_string_value (json_object_get (json, "payment_redirect_url")); - if (NULL == payment_redirect_url) + const char *fallback_request_payment_url = json_string_value (json_object_get (json, "fallback_request_payment_url")); + if (NULL == fallback_request_payment_url) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "no payment_redirect_url in unpaid check-payment response\n"); + "no fallback_request_payment_url in unpaid check-payment response\n"); GNUNET_break_op (0); cpo->cb (cpo->cb_cls, 0, @@ -131,7 +131,7 @@ handle_check_payment_finished (void *cls, GNUNET_NO, GNUNET_NO, &refund_amount, - payment_redirect_url); + fallback_request_payment_url); } TALER_MERCHANT_check_payment_cancel (cpo); return; diff --git a/src/lib/test_merchant_api_twisted.c b/src/lib/test_merchant_api_twisted.c index f5403bf6..9646fd16 100644 --- a/src/lib/test_merchant_api_twisted.c +++ b/src/lib/test_merchant_api_twisted.c @@ -303,7 +303,7 @@ run (void *cls, TALER_TESTING_cmd_delete_object ("hack-check-payment-0", PROXY_MERCHANT_CONFIG_FILE, - "payment_redirect_url"), + "fallback_request_payment_url"), TALER_TESTING_cmd_check_payment ("check-payment-fail-invalid", twister_merchant_url, diff --git a/src/lib/testing_api_cmd_pay.c b/src/lib/testing_api_cmd_pay.c index 68e8b22c..a9947a50 100644 --- a/src/lib/testing_api_cmd_pay.c +++ b/src/lib/testing_api_cmd_pay.c @@ -316,7 +316,7 @@ check_payment_cleanup (void *cls, * refunded (not refunded). * @param refund_amount the amount that was refunded to this * contract. - * @param payment_redirect_url URL where the payment has to be + * @param fallback_request_payment_url URL where the payment has to be * addressed. */ static void @@ -326,7 +326,7 @@ check_payment_cb (void *cls, int paid, int refunded, struct TALER_Amount *refund_amount, - const char *payment_redirect_url) + const char *fallback_request_payment_url) { struct CheckPaymentState *cps = cls; @@ -341,7 +341,7 @@ check_payment_cb (void *cls, paid); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "check payment: url: %s\n", - payment_redirect_url); + fallback_request_payment_url); if (paid != cps->expect_paid) TALER_TESTING_FAIL (cps->is); -- cgit v1.2.3