merchant

Merchant backend to process payments, run by merchants
Log | Files | Refs | Submodules | README | LICENSE
commit 781e96d39b0d109c67d8d70b2bb615f3b576e993
parent 229d3a0aba2dd48000e46765037d87490078c549
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Thu, 14 Aug 2025 11:23:51 +0200

fix minor FIXMEs

Diffstat:

Msrc/backend/taler-merchant-httpd_post-orders-ID-pay.c | 75++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------


1 file changed, 56 insertions(+), 19 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -2004,8 +2004,11 @@ OUTER:
  * @param[in,out] pc payment context
  * @param num_blinded_sigs number of signatures received
  * @param blinded_sigs blinded signatures from Donau
+ * @return #GNUNET_OK on success,
+ *         #GNUNET_SYSERR on failure (state machine was
+ *          in that case already advanced)
  */
-static void
+static enum GNUNET_GenericReturnValue
 add_donation_receipt_outputs (
   struct PayContext *pc,
   size_t num_blinded_sigs,
@@ -2037,8 +2040,14 @@ add_donation_receipt_outputs (
       break;
 #if FUTURE
     case TALER_MERCHANT_CONTRACT_OUTPUT_TYPE_COIN:
-      GNUNET_assert (0); // FIXME: return not implemented
-      continue;
+      GNUNET_break (0);
+      pay_end (pc,
+               TALER_MHD_reply_with_error (
+                 pc->connection,
+                 MHD_HTTP_NOT_IMPLEMENTED,
+                 TALER_EC_MERCHANT_GENERIC_FEATURE_NOT_AVAILABLE,
+                 "token type not yet supported"));
+      return GNUNET_SYSERR;
 #endif
     }
     /* must have been the donau case we care about */
@@ -2059,6 +2068,7 @@ add_donation_receipt_outputs (
   }
   // FIXME: do this in libdonau in the future!
   GNUNET_free (blinded_sigs);
+  return GNUNET_OK;
 }
 
 
@@ -2105,9 +2115,11 @@ merchant_donau_issue_receipt_cb (
     GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                 "Donau accepted donation receipts with total_issued=%s",
                 TALER_amount2s (&resp->details.ok.issued_amount));
-    add_donation_receipt_outputs (pc,
-                                  resp->details.ok.num_blinded_sigs,
-                                  resp->details.ok.blinded_sigs);
+    if (GNUNET_OK !=
+        add_donation_receipt_outputs (pc,
+                                      resp->details.ok.num_blinded_sigs,
+                                      resp->details.ok.blinded_sigs))
+      return; /* state machine was already advanced */
     pc->phase = PP_FINAL_OUTPUT_TOKEN_PROCESSING;
     pay_resume (pc);
     return;
@@ -3330,9 +3342,6 @@ handle_output_donation_receipt (
   struct PayContext *pc,
   const struct TALER_MERCHANT_ContractOutput *output)
 {
-  // FIXME: double-check that this logic checks
-  // correctly the total amount the BUDIs are
-  // requesting donation receipts for!
   if (GNUNET_OK !=
       DONAU_get_donation_amount_from_bkps (
         pc->parse_wallet_data.donau_keys,
@@ -3525,21 +3534,46 @@ phase_validate_tokens (struct PayContext *pc)
           break;
         case TALER_MERCHANT_CONTRACT_OUTPUT_TYPE_TOKEN:
           cnt = output->details.token.count;
-          // FIXME: replace assert by returning 400
-          GNUNET_assert (output_off + cnt
-                         >= output_off);
+          if (output_off + cnt < output_off)
+          {
+            GNUNET_break_op (0);
+            pay_end (pc,
+                     TALER_MHD_reply_with_error (
+                       pc->connection,
+                       MHD_HTTP_BAD_REQUEST,
+                       TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                       "output token counter overflow"));
+            return;
+          }
           output_off += cnt;
           break;
         case TALER_MERCHANT_CONTRACT_OUTPUT_TYPE_DONATION_RECEIPT:
           /* check that this output type appears at most once */
           if (donau_seen)
           {
-            // FIXME: return 400, duplicate donau
+            /* This should have been prevented when the
+               contract was initially created */
+            GNUNET_break (0);
+            pay_end (pc,
+                     TALER_MHD_reply_with_error (
+                       pc->connection,
+                       MHD_HTTP_INTERNAL_SERVER_ERROR,
+                       TALER_EC_GENERIC_DB_INVARIANT_FAILURE,
+                       "two donau output sets in same contract"));
+            return;
           }
           donau_seen = true;
-          // FIXME: replace assert by returning 400
-          GNUNET_assert (output_off + pc->parse_wallet_data.num_bkps
-                         >= output_off);
+          if (output_off + pc->parse_wallet_data.num_bkps < output_off)
+          {
+            GNUNET_break_op (0);
+            pay_end (pc,
+                     TALER_MHD_reply_with_error (
+                       pc->connection,
+                       MHD_HTTP_BAD_REQUEST,
+                       TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                       "output token counter overflow"));
+            return;
+          }
           output_off += pc->parse_wallet_data.num_bkps;
           break;
         }
@@ -3707,11 +3741,14 @@ input_tokens_paid_check (
     struct TokenUseConfirmation *tuc = &pc->parse_pay.tokens[i];
 
     if ( (0 ==
-          GNUNET_memcmp (&tuc->pub, use_pub)) &&
+          GNUNET_memcmp (&tuc->pub,
+                         use_pub)) &&
          (0 ==
-          GNUNET_memcmp (&tuc->sig, use_sig)) &&
+          GNUNET_memcmp (&tuc->sig,
+                         use_sig)) &&
          (0 ==
-          GNUNET_memcmp (&tuc->unblinded_sig, issue_sig)) )
+          GNUNET_memcmp (&tuc->unblinded_sig,
+                         issue_sig)) )
     {
       tuc->found_in_db = true;
       break;