merchant

Merchant backend to process payments, run by merchants
Log | Files | Refs | Submodules | README | LICENSE
commit d7eb23ad965c0207e561261588cbf742f93df935
parent b749dcc6db831ce69143f3833c5c565b9937fc5c
Author: Christian Grothoff <christian@grothoff.org>
Date:   Thu,  5 May 2016 13:47:17 +0200

check for duplicate transaction ID

Diffstat:

Msrc/backend/taler-merchant-httpd_contract.c | 23+++++++++++++++++++++++


Msrc/backend/taler-merchant-httpd_pay.c | 3+++


Msrc/lib/merchant_api_contract.c | 1+


3 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_contract.c b/src/backend/taler-merchant-httpd_contract.c
@@ -187,6 +187,29 @@ MH_handler_contract (struct TMH_RequestHandler *rh,
                                               "products in contract request malformed");
   }
 
+  /* Check if this transaction ID erroneously corresponds to a
+     contract that already paid, in which case we should refuse
+     to sign it again (frontend buggy, it should use a fresh
+     transaction ID each time)! */
+  if (GNUNET_OK ==
+      db->check_payment (db->cls,
+                         transaction_id))
+  {
+    struct MHD_Response *resp;
+    int ret;
+
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, refusing to sign!\n",
+                (unsigned long long) transaction_id);
+    resp = MHD_create_response_from_buffer (strlen ("Duplicate transaction ID!"),
+                                            "Duplicate transaction ID!",
+                                            MHD_RESPMEM_PERSISTENT);
+    ret = MHD_queue_response (connection,
+                              MHD_HTTP_FORBIDDEN,
+                              resp);
+    MHD_destroy_response (resp);
+    return ret;
+  }
 
   /* add fields to the contract that the backend should provide */
   json_object_set (jcontract,
diff --git a/src/backend/taler-merchant-httpd_pay.c b/src/backend/taler-merchant-httpd_pay.c
@@ -797,6 +797,9 @@ MH_handler_pay (struct TMH_RequestHandler *rh,
 
     /* Payment succeeded in the past; take short cut
        and accept immediately */
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, taking short cut.\n",
+                (unsigned long long) pc->transaction_id);
     resp = MHD_create_response_from_buffer (0,
                                             NULL,
                                             MHD_RESPMEM_PERSISTENT);
diff --git a/src/lib/merchant_api_contract.c b/src/lib/merchant_api_contract.c
@@ -123,6 +123,7 @@ handle_contract_finished (void *cls,
        (or API version conflict); just pass JSON reply to the application */
     break;
   case MHD_HTTP_FORBIDDEN:
+    /* Duplicate transaction ID, frontend is buggy! */
     break;
   case MHD_HTTP_UNAUTHORIZED:
     /* Nothing really to verify, merchant says one of the signatures is