fix access control logic, note this bcreates a new issue (#6878) - merchant - Merchant backend to process payments, run by merchants

commit 3f0bed9b71a3240170e2b1c29d1f787a3270808e
parent 8c0719db1f153106ea69a7224694f4a39394707a
Author: Christian Grothoff <christian@grothoff.org>
Date:   Wed, 19 May 2021 18:33:30 +0200

fix access control logic, note this bcreates a new issue (#6878)

Diffstat:
M src/backend/taler-merchant-httpd.c  | 9 +++++----
M src/testing/test_merchant_api.c  | 38 +++++++++++++++++++++++++++-----------

2 files changed, 32 insertions(+), 15 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -1886,10 +1886,11 @@ url_handler (void *cls,
         auth_malformed = true;
     }
 
-    /* If we have no selected instance, no default instance AND no override
-       credentials, THEN we accept anything (no access control) */
-    auth_ok = ( (NULL == hc->instance) &&
-                (NULL == TMH_lookup_instance (NULL)) &&
+    /* If we have zero configured instances (not even ones that have been
+       purged) AND no override credentials, THEN we accept anything (no access
+       control), as we then also have no data to protect. */
+    auth_ok = ( (0 ==
+                 GNUNET_CONTAINER_multihashmap_size (TMH_by_id_map)) &&
                 (NULL == TMH_default_auth) );
     /* Check against selected instance, if we have one */
     if (NULL != hc->instance)
diff --git a/src/testing/test_merchant_api.c b/src/testing/test_merchant_api.c
@@ -1256,6 +1256,12 @@ run (void *cls,
                                               merchant_url,
                                               MHD_HTTP_OK,
                                               NULL),
+    TALER_TESTING_cmd_merchant_post_instances ("instance-create-default-setup",
+                                               merchant_url,
+                                               "default",
+                                               PAYTO_I1,
+                                               "EUR",
+                                               MHD_HTTP_NO_CONTENT),
     TALER_TESTING_cmd_merchant_post_instances ("instance-create-i1",
                                                merchant_url,
                                                "i1",
@@ -1266,6 +1272,7 @@ run (void *cls,
                                               merchant_url,
                                               MHD_HTTP_OK,
                                               "instance-create-i1",
+                                              "instance-create-default-setup",
                                               NULL),
     TALER_TESTING_cmd_merchant_get_instance ("instances-get-i1",
                                              merchant_url,
@@ -1424,12 +1431,29 @@ run (void *cls,
                                                merchant_url,
                                                "i2",
                                                MHD_HTTP_NO_CONTENT),
-    TALER_TESTING_cmd_merchant_post_instances ("instance-create-default",
+    TALER_TESTING_cmd_merchant_purge_instance ("instance-purge-i1",
+                                               merchant_url,
+                                               "i1",
+                                               MHD_HTTP_NO_CONTENT),
+    TALER_TESTING_cmd_merchant_delete_instance ("instance-purge-then-delete-i1",
+                                                merchant_url,
+                                                "i1",
+                                                MHD_HTTP_NOT_FOUND),
+    TALER_TESTING_cmd_merchant_purge_instance ("instance-purge-i-acl-middle",
+                                               merchant_url,
+                                               "i-acl",
+                                               MHD_HTTP_NO_CONTENT),
+    TALER_TESTING_cmd_merchant_purge_instance ("instance-purge-default-middle",
                                                merchant_url,
                                                "default",
-                                               PAYTO_I1,
-                                               "EUR",
                                                MHD_HTTP_NO_CONTENT),
+    TALER_TESTING_cmd_merchant_post_instances (
+      "instance-create-default-after-purge",
+      merchant_url,
+      "default",
+      PAYTO_I1,
+      "EUR",
+      MHD_HTTP_NO_CONTENT),
     TALER_TESTING_cmd_merchant_get_products ("get-products-empty",
                                              merchant_url,
                                              MHD_HTTP_OK,
@@ -1542,14 +1566,6 @@ run (void *cls,
                                                merchant_url,
                                                "product-2",
                                                MHD_HTTP_CONFLICT),
-    TALER_TESTING_cmd_merchant_purge_instance ("instance-purge-i1",
-                                               merchant_url,
-                                               "i1",
-                                               MHD_HTTP_NO_CONTENT),
-    TALER_TESTING_cmd_merchant_delete_instance ("instance-purge-then-delete-i1",
-                                                merchant_url,
-                                                "i1",
-                                                MHD_HTTP_NOT_FOUND),
     TALER_TESTING_cmd_batch ("pay",
                              pay),
     TALER_TESTING_cmd_batch ("double-spending",

	merchant Merchant backend to process payments, run by merchants
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	src/backend/taler-merchant-httpd.c	\|	9	+++++----
M	src/testing/test_merchant_api.c	\|	38	+++++++++++++++++++++++++++-----------