From f6b5dd04e06198a023eb38945c963a9128065786 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 7 Sep 2020 15:38:34 +0530 Subject: append h_contract when appropriate --- src/backend/taler-merchant-httpd_get-orders-ID.c | 27 +++++++++++++++---- src/backend/taler-merchant-httpd_get-orders-ID.h | 4 ++- .../taler-merchant-httpd_private-get-orders-ID.c | 31 +++++++++++++++++----- 3 files changed, 49 insertions(+), 13 deletions(-) diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index 4f77fba4..82d74f48 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -277,6 +277,7 @@ make_taler_refund_uri (struct MHD_Connection *con, * @param session_id the session id * @param instance_id instance, may be "default" * @param claim_token claim token for the order, may be NULL + * @param h_contract contract hash for authentication, may be NULL * @return corresponding http(s):// URL, or NULL on missing "host" */ char * @@ -284,13 +285,15 @@ TMH_make_order_status_url (struct MHD_Connection *con, const char *order_id, const char *session_id, const char *instance_id, - struct TALER_ClaimTokenP *claim_token) + struct TALER_ClaimTokenP *claim_token, + struct GNUNET_HashCode *h_contract) { const char *host; const char *forwarded_host; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; - bool have_claim_token = false; + /* Number of query parameters written so far */ + unsigned int num_qp = 0; host = MHD_lookup_connection_value (con, MHD_HEADER_KIND, @@ -346,12 +349,12 @@ TMH_make_order_status_url (struct MHD_Connection *con, GNUNET_buffer_write_data_encoded (&buf, (char *) claim_token, sizeof (struct TALER_ClaimTokenP)); - have_claim_token = true; + num_qp++; } if (NULL != session_id) { - if (have_claim_token) + if (num_qp > 0) GNUNET_buffer_write_str (&buf, "&session_id="); else @@ -359,7 +362,20 @@ TMH_make_order_status_url (struct MHD_Connection *con, "?session_id="); GNUNET_buffer_write_str (&buf, session_id); + num_qp++; + } + if (NULL != h_contract) + { + if (num_qp > 0) + GNUNET_buffer_write_str (&buf, + "&h_contract="); + else + GNUNET_buffer_write_str (&buf, + "?h_contract="); + GNUNET_buffer_write_data_encoded (&buf, + (char *) h_contract, + sizeof (struct GNUNET_HashCode)); } return GNUNET_buffer_reap_str (&buf); @@ -520,7 +536,8 @@ send_pay_request (struct GetOrderData *god, god->order_id, god->session_id, god->hc->instance->settings.id, - &god->claim_token); + &god->claim_token, + NULL); if (god->generate_html) { char *qr; diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.h b/src/backend/taler-merchant-httpd_get-orders-ID.h index 83a991b4..5546e7cd 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.h +++ b/src/backend/taler-merchant-httpd_get-orders-ID.h @@ -51,6 +51,7 @@ TMH_make_taler_pay_uri (struct MHD_Connection *con, * @param session_id session, may be NULL * @param instance_id instance, may be "default" * @param claim_token claim token for the order, may be NULL + * @param h_contract contract hash for authentication, may be NULL * @return corresponding http(s):// URL, or NULL on missing "host" */ char * @@ -58,7 +59,8 @@ TMH_make_order_status_url (struct MHD_Connection *con, const char *order_id, const char *session_id, const char *instance_id, - struct TALER_ClaimTokenP *claim_token); + struct TALER_ClaimTokenP *claim_token, + struct GNUNET_HashCode *h_contract); /** diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c index 550b9df2..a57845d4 100644 --- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c @@ -978,7 +978,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s, s:s, s:s?}", @@ -1056,7 +1057,8 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, hc->infix, gorc->session_id, hc->instance->settings.id, - &claim_token); + &claim_token, + NULL); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s, s:s, s:s}", @@ -1184,11 +1186,26 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh, } } - order_status_url = TMH_make_order_status_url (connection, - hc->infix, - gorc->session_id, - hc->instance->settings.id, - &claim_token); + { + struct GNUNET_HashCode *h_contract = NULL; + + /* In a session-bound payment, allow the browser to check the order + * status page (e.g. to get a refund). + * + * Note that we don't allow this outside of session-based payment, as + * otherwise this becomes an oracle to convert order_id to h_contract. + */ + if (NULL != gorc->session_id) + h_contract = &gorc->h_contract_terms; + + order_status_url = + TMH_make_order_status_url (connection, + hc->infix, + gorc->session_id, + hc->instance->settings.id, + &claim_token, + h_contract); + } ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, -- cgit v1.2.3