From d5b2b639dab3074307bbfdbd58627bb3253163ab Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 23 Jul 2021 15:50:50 +0200 Subject: -fix get order logic --- src/backend/taler-merchant-httpd_get-orders-ID.c | 108 +++++++++++++---------- src/testing/test_merchant_order_creation.sh | 5 ++ 2 files changed, 64 insertions(+), 49 deletions(-) (limited to 'src') diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index 801d4bb1..110333fc 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -677,6 +677,27 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, god->sc.con = connection; god->hc = hc; god->order_id = order_id; + god->generate_html = TMH_MHD_test_html_desired (connection); + + { + const char *cts; + + cts = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "h_contract"); + if ( (NULL != cts) && + (GNUNET_OK != + GNUNET_CRYPTO_hash_from_string (cts, + &god->h_contract_terms)) ) + { + /* cts has wrong encoding */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "h_contract"); + } + } { const char *ct; @@ -700,41 +721,25 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, } } - { - const char *cts; - - cts = MHD_lookup_connection_value (connection, - MHD_GET_ARGUMENT_KIND, - "h_contract"); - if ( (NULL != cts) && - (GNUNET_OK != - GNUNET_CRYPTO_hash_from_string (cts, - &god->h_contract_terms)) ) - { - /* cts has wrong encoding */ - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "h_contract"); - } - } + god->session_id = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "session_id"); - god->generate_html = TMH_MHD_test_html_desired (connection); { const char *long_poll_timeout_ms; long_poll_timeout_ms = MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, "timeout_ms"); - if ((NULL != long_poll_timeout_ms) && - ! god->generate_html) + if (NULL != long_poll_timeout_ms) { unsigned int timeout; + char dummy; if (1 != sscanf (long_poll_timeout_ms, - "%u", - &timeout)) + "%u%c", + &timeout, + &dummy)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, @@ -742,14 +747,12 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GENERIC_PARAMETER_MALFORMED, "timeout_ms (must be non-negative number)"); } - god->sc.long_poll_timeout - = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply ( - GNUNET_TIME_UNIT_MILLISECONDS, - timeout)); - } - else - { - god->sc.long_poll_timeout = GNUNET_TIME_UNIT_ZERO_ABS; + /* If HTML is requested, we never long poll. Makes no sense */ + if (! god->generate_html) + god->sc.long_poll_timeout + = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply ( + GNUNET_TIME_UNIT_MILLISECONDS, + timeout)); } } @@ -760,7 +763,6 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, "await_refund_obtained"); - god->sc.awaiting_refund_obtained = (NULL != await_refund_obtained_s) ? 0 == strcasecmp (await_refund_obtained_s, "yes") @@ -790,10 +792,6 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, god->sc.awaiting_refund = true; } } - - god->session_id = MHD_lookup_connection_value (connection, - MHD_GET_ARGUMENT_KIND, - "session_id"); } /* end of first-time initialization / sanity checks */ /* Convert order_id to h_contract_terms */ @@ -817,7 +815,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, return TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, - "contract terms"); + "lookup_contract_terms"); } } @@ -832,7 +830,6 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, &h)) { GNUNET_break (0); - GNUNET_free (god); return TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_FAILED_COMPUTE_JSON_HASH, @@ -877,7 +874,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, return TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, - "order"); + "lookup_order"); } god->unclaimed = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) && ! contract_available; @@ -896,6 +893,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, &god->claim_token)); } /* end unclaimed order logic */ + GNUNET_assert (NULL != god->contract_terms); merchant_base_url = json_string_value (json_object_get (god->contract_terms, "merchant_base_url")); if (NULL == merchant_base_url) @@ -924,26 +922,38 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, TALER_EC_MERCHANT_GET_ORDERS_ID_INVALID_TOKEN, - NULL); + "unclaimed and token does not match"); } - if ( ( (! token_match) || - (GNUNET_YES == GNUNET_is_zero (&god->claim_token)) ) && - (! contract_match) ) + if (! (token_match || + contract_match) ) { - if (NULL == god->fulfillment_url) + const char *public_reorder_url; + + public_reorder_url = json_string_value (json_object_get ( + god->contract_terms, + "public_reorder_url")); + /* Client has no rights to this order */ + if (NULL == public_reorder_url) { + /* We cannot give the client a new order, just fail */ if (GNUNET_NO == GNUNET_is_zero (&god->h_contract_terms)) + { + GNUNET_break_op (0); return TALER_MHD_reply_with_error ( connection, MHD_HTTP_FORBIDDEN, TALER_EC_MERCHANT_GENERIC_CONTRACT_HASH_DOES_NOT_MATCH_ORDER, NULL); + } + GNUNET_break_op (0); return TALER_MHD_reply_with_error (connection, MHD_HTTP_FORBIDDEN, TALER_EC_MERCHANT_GET_ORDERS_ID_INVALID_TOKEN, - NULL); + "no 'public_reorder_url'"); } + /* We have a fulfillment URL, redirect the client there, maybe + the frontend can generate a fresh order for this new customer */ if (god->generate_html) { /* Contract was claimed (maybe by another device), so this client @@ -967,7 +977,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, GNUNET_break (MHD_YES == MHD_add_response_header (reply, MHD_HTTP_HEADER_LOCATION, - god->fulfillment_url)); + public_reorder_url)); ret = MHD_queue_response (connection, MHD_HTTP_FOUND, reply); @@ -978,8 +988,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, return TALER_MHD_reply_json_pack (connection, MHD_HTTP_ACCEPTED, "{s:s}", - "fulfillment_url", - god->fulfillment_url); + "public_reorder_url", + public_reorder_url); } if (god->unclaimed) diff --git a/src/testing/test_merchant_order_creation.sh b/src/testing/test_merchant_order_creation.sh index 6e772b81..3fa1459c 100755 --- a/src/testing/test_merchant_order_creation.sh +++ b/src/testing/test_merchant_order_creation.sh @@ -76,8 +76,13 @@ TOKEN=`jq -r .token < $LAST_RESPONSE` if [ "$TOKEN" != "null" ] then echo 'token should be null, got:' $TOKEN + exit 1 fi +echo OK + +echo -n "Checking created order without TOKEN..." + STATUS=$(curl http://localhost:9966/orders/$ORDER_ID \ -w "%{http_code}" -s -o $LAST_RESPONSE) -- cgit v1.2.3