From e53ad1e718cd6b5acab5672a8dbb2998477e4f86 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 16 Aug 2020 13:03:37 +0200 Subject: fix GET /orders/{order_id} handling with redirection to fulfillment if neither contract hash nor token match --- src/backend/taler-merchant-httpd_get-orders-ID.c | 61 +++++++++++++++++++----- 1 file changed, 48 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index fce96a5b..732e3cfc 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -914,6 +914,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, const char *order_id = hc->infix; enum GNUNET_DB_QueryStatus qs; bool contract_match = false; + bool token_match = false; if (NULL == god) { @@ -1091,7 +1092,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, hc->instance->settings.id, order_id, &db_claim_token, - &god->contract_terms); + (NULL == god->contract_terms) + ? &god->contract_terms + : NULL); if (0 > qs) { /* single, read-only SQL statements should never cause @@ -1104,7 +1107,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR, "database error looking up order"); } - if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + god->unclaimed = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs); + if ( (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) && + (NULL == god->contract_terms) ) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Unknown order id given: `%s'\n", @@ -1115,17 +1120,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, "order_id not found in database"); } - if (0 != GNUNET_memcmp (&db_claim_token, - &god->claim_token)) - { - /* Token wrong */ - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN, - "Claim token invalid"); - } - god->unclaimed = true; + token_match = (0 == GNUNET_memcmp (&db_claim_token, + &god->claim_token)); } /* end unclaimed order logic */ { @@ -1147,6 +1143,45 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh, "Merchant database error (contract terms corrupted)"); } } + + if ( (god->unclaimed) && + (! token_match) ) + { + /* Token wrong, and required because contract is unclaimed */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN, + "Claim token invalid"); + } + if ( (! token_match) && + (! contract_match) ) + { + /* Contract was claimed (maybe by another device), so this client + cannot get the status information. Redirect to fulfillment page, + where the client may be able to pickup a fresh order -- or might + be able authenticate via session ID */ + struct MHD_Response *reply; + MHD_RESULT ret; + + reply = MHD_create_response_from_buffer (0, + NULL, + MHD_RESPMEM_PERSISTENT); + if (NULL == reply) + { + GNUNET_break (0); + return MHD_NO; + } + GNUNET_break (MHD_YES == + MHD_add_response_header (reply, + MHD_HTTP_HEADER_LOCATION, + god->fulfillment_url)); + ret = MHD_queue_response (connection, + MHD_HTTP_FOUND, + reply); + MHD_destroy_response (reply); + return ret; + } } /* end of first-time initialization / sanity checks */ if (god->unclaimed) -- cgit v1.2.3