commit 04a78be85e901b6974434f94b1963472196ec7fc
parent f1e8253e6cf202d3ab0bac33cd510a47b94f7e40
Author: MS <ms@taler.net>
Date: Tue, 14 Feb 2023 15:02:22 +0100
cash-out checks
Failing if the cash-out address changed between
creation and confirmation time.
Diffstat:
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/CircuitApi.kt
@@ -233,12 +233,6 @@ fun circuitApi(circuitRoute: Route) {
// 404 if the operation is not found.
if (op == null)
throw notFound("Cash-out operation $operationUuid not found")
- // 412 if the operation got already confirmed.
- if (op.status == CashoutOperationStatus.CONFIRMED)
- throw SandboxError(
- HttpStatusCode.PreconditionFailed,
- "Cash-out operation $operationUuid was already confirmed."
- )
/**
* Check the TAN. Give precedence to the TAN found
* in the environment, for testing purposes. If that's
@@ -259,7 +253,20 @@ fun circuitApi(circuitRoute: Route) {
* NOTE: the funds availability got already checked when this operation
* was created. On top of that, the 'wireTransfer()' helper does also
* check for funds availability. */
+ val customer = maybeGetCustomer(user ?: throw SandboxError(
+ HttpStatusCode.ServiceUnavailable,
+ "This endpoint isn't served when the authentication is disabled."
+ ))
transaction {
+ if (op.cashoutAddress != customer?.cashout_address) throw conflict(
+ "Inconsistent cash-out address: ${op.cashoutAddress} vs ${customer?.cashout_address}"
+ )
+ // 412 if the operation got already confirmed.
+ if (op.status == CashoutOperationStatus.CONFIRMED)
+ throw SandboxError(
+ HttpStatusCode.PreconditionFailed,
+ "Cash-out operation $operationUuid was already confirmed."
+ )
wireTransfer(
debitAccount = op.account,
creditAccount = "admin",
