[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: fix GET /orders/{order_id} handl
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: fix GET /orders/{order_id} handling with redirection to fulfillment if neither contract hash nor token match |
Date: |
Sun, 16 Aug 2020 13:03:39 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new e53ad1e fix GET /orders/{order_id} handling with redirection to
fulfillment if neither contract hash nor token match
e53ad1e is described below
commit e53ad1e718cd6b5acab5672a8dbb2998477e4f86
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Aug 16 13:03:37 2020 +0200
fix GET /orders/{order_id} handling with redirection to fulfillment if
neither contract hash nor token match
---
src/backend/taler-merchant-httpd_get-orders-ID.c | 61 +++++++++++++++++++-----
1 file changed, 48 insertions(+), 13 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index fce96a5..732e3cf 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -914,6 +914,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
const char *order_id = hc->infix;
enum GNUNET_DB_QueryStatus qs;
bool contract_match = false;
+ bool token_match = false;
if (NULL == god)
{
@@ -1091,7 +1092,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
hc->instance->settings.id,
order_id,
&db_claim_token,
- &god->contract_terms);
+ (NULL == god->contract_terms)
+ ? &god->contract_terms
+ : NULL);
if (0 > qs)
{
/* single, read-only SQL statements should never cause
@@ -1104,7 +1107,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR,
"database error looking up order");
}
- if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+ god->unclaimed = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs);
+ if ( (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) &&
+ (NULL == god->contract_terms) )
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Unknown order id given: `%s'\n",
@@ -1115,17 +1120,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
"order_id not found in database");
}
- if (0 != GNUNET_memcmp (&db_claim_token,
- &god->claim_token))
- {
- /* Token wrong */
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_FORBIDDEN,
-
TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN,
- "Claim token invalid");
- }
- god->unclaimed = true;
+ token_match = (0 == GNUNET_memcmp (&db_claim_token,
+ &god->claim_token));
} /* end unclaimed order logic */
{
@@ -1147,6 +1143,45 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
"Merchant database error (contract
terms corrupted)");
}
}
+
+ if ( (god->unclaimed) &&
+ (! token_match) )
+ {
+ /* Token wrong, and required because contract is unclaimed */
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_FORBIDDEN,
+
TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN,
+ "Claim token invalid");
+ }
+ if ( (! token_match) &&
+ (! contract_match) )
+ {
+ /* Contract was claimed (maybe by another device), so this client
+ cannot get the status information. Redirect to fulfillment page,
+ where the client may be able to pickup a fresh order -- or might
+ be able authenticate via session ID */
+ struct MHD_Response *reply;
+ MHD_RESULT ret;
+
+ reply = MHD_create_response_from_buffer (0,
+ NULL,
+ MHD_RESPMEM_PERSISTENT);
+ if (NULL == reply)
+ {
+ GNUNET_break (0);
+ return MHD_NO;
+ }
+ GNUNET_break (MHD_YES ==
+ MHD_add_response_header (reply,
+ MHD_HTTP_HEADER_LOCATION,
+ god->fulfillment_url));
+ ret = MHD_queue_response (connection,
+ MHD_HTTP_FOUND,
+ reply);
+ MHD_destroy_response (reply);
+ return ret;
+ }
} /* end of first-time initialization / sanity checks */
if (god->unclaimed)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: fix GET /orders/{order_id} handling with redirection to fulfillment if neither contract hash nor token match,
gnunet <=