merchant

Merchant backend to process payments, run by merchants
Log | Files | Refs | Submodules | README | LICENSE
commit 6bba22954678b9ece5ff59a6854cf248cafe01e6
parent 676410784e5e79e5eab6133c84f1dbd3400bc428
Author: Christian Grothoff <christian@grothoff.org>
Date:   Wed,  4 Mar 2026 12:54:59 +0100

fix #10986

Diffstat:

Msrc/backend/taler-merchant-httpd_mfa.c | 14++++++++++----


Msrc/backend/taler-merchant-httpd_post-challenge-ID-confirm.c | 29++++++++++++++++++++++++++++-


Msrc/backend/taler-merchant-httpd_post-challenge-ID.c | 15+++++++++++++--


Msrc/util/mfa.c | 14+++++++++-----


4 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_mfa.c b/src/backend/taler-merchant-httpd_mfa.c
@@ -247,6 +247,7 @@ mfa_challenge_start (
   struct TALER_MERCHANT_MFA_BodySalt salt;
   struct TALER_MERCHANT_MFA_BodyHash h_body;
   uint64_t challenge_serial;
+  unsigned long long challenge_num;
   char *code;
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
@@ -255,11 +256,16 @@ mfa_challenge_start (
   TALER_MERCHANT_mfa_body_hash (hc->request_body,
                                 &salt,
                                 &h_body);
+  challenge_num = (unsigned long long)
+                  GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE,
+                                            1000 * 1000 * 100);
+  /* Note: if this is changed, the code in
+     taler-merchant-httpd_post-challenge-ID-confirm.c must
+     possibly also be updated! */
   GNUNET_asprintf (&code,
-                   "%llu",
-                   (unsigned long long)
-                   GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE,
-                                             1000 * 1000 * 100));
+                   "%llu-%llu",
+                   challenge_num / 10000,
+                   challenge_num % 10000);
   qs = TMH_db->create_mfa_challenge (TMH_db->cls,
                                      op,
                                      &h_body,
diff --git a/src/backend/taler-merchant-httpd_post-challenge-ID-confirm.c b/src/backend/taler-merchant-httpd_post-challenge-ID-confirm.c
@@ -45,6 +45,7 @@ TMH_post_challenge_ID_confirm (const struct TMH_RequestHandler *rh,
   bool solved;
   uint32_t retry_counter;
   enum GNUNET_GenericReturnValue ret;
+  char *xtan = NULL;
 
   ret = TMH_mfa_parse_challenge_id (hc,
                                     hc->infix,
@@ -66,12 +67,38 @@ TMH_post_challenge_ID_confirm (const struct TMH_RequestHandler *rh,
              : MHD_NO;
     }
   }
+  {
+    /* User may have submitted the entire challenge as a single
+       8-digit number instead of (4-digits)-"-"-(4-digits) which
+       is the new format generated by taler-merchant-httpd_mfa.c.
+       Thus, in this case, we convert the format to the string
+       with the dash and use that. */
+    unsigned long long challenge_num;
+    char dummy;
+
+    if (1 ==
+        sscanf (tan,
+                "%llu%c",
+                &challenge_num,
+                &dummy))
+    {
+      /* inject hyphen */
+      GNUNET_asprintf (&xtan,
+                       "%llu-%llu",
+                       challenge_num / 10000,
+                       challenge_num % 10000);
+
+    }
+  }
   qs = TMH_db->solve_mfa_challenge (TMH_db->cls,
                                     challenge_serial,
                                     &h_body,
-                                    tan,
+                                    (NULL == xtan)
+                                    ? tan
+                                    : xtan,
                                     &solved,
                                     &retry_counter);
+  GNUNET_free (xtan);
   switch (qs)
   {
   case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/backend/taler-merchant-httpd_post-challenge-ID.c b/src/backend/taler-merchant-httpd_post-challenge-ID.c
@@ -464,9 +464,20 @@ phase_send_challenge (struct MfaState *mfa)
     GNUNET_break (GNUNET_OK ==
                   GNUNET_DISK_pipe_close (p));
     GNUNET_asprintf (&mfa->msg,
-                     "%s\nTaler-Merchant:\n%s",
+                     "%s\n\n"
+                     "Authorize: %s\n"
+                     "Login: %s\n\n"
+                     "Valid until: %s (%s).\n"
+                     "Never share this TAN with anyone.",
                      mfa->code,
-                     TALER_MERCHANT_MFA_co2s (mfa->op));
+                     TALER_MERCHANT_MFA_co2s (mfa->op),
+                     mfa->hc->instance->settings.id,
+                     GNUNET_TIME_absolute2s (
+                       mfa->expiration_date),
+                     GNUNET_TIME_relative2s (
+                       GNUNET_TIME_absolute_get_remaining (
+                         mfa->expiration_date),
+                       true));
     {
       const char *off = mfa->msg;
       size_t left = strlen (off);
diff --git a/src/util/mfa.c b/src/util/mfa.c
@@ -87,12 +87,16 @@ TALER_MERCHANT_MFA_co2s (
 {
   static const char *co_s[] = {
     [TALER_MERCHANT_MFA_CO_NONE] = NULL,
-    [TALER_MERCHANT_MFA_CO_INSTANCE_PROVISION] = "create new instance",
-    [TALER_MERCHANT_MFA_CO_ACCOUNT_CONFIGURATION] = "configure bank accounts",
+    [TALER_MERCHANT_MFA_CO_INSTANCE_PROVISION] =
+      "account creation",
+    [TALER_MERCHANT_MFA_CO_ACCOUNT_CONFIGURATION] =
+      "account configuration",
     [TALER_MERCHANT_MFA_CO_AUTH_CONFIGURATION] =
-      "change authentication configuration",
-    [TALER_MERCHANT_MFA_CO_INSTANCE_DELETION] = "delete instance",
-    [TALER_MERCHANT_MFA_CO_AUTH_TOKEN_CREATION] = "create authentication token"
+      "authentication change",
+    [TALER_MERCHANT_MFA_CO_INSTANCE_DELETION] =
+      "account deletion",
+    [TALER_MERCHANT_MFA_CO_AUTH_TOKEN_CREATION] =
+      "access token creation"
   };
 
   if ( (co < 0) ||