[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: generate refund URI with http/ht
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: generate refund URI with http/https status based on the merchant_base_url instead of trusting the client to use the same protocol for the request (which can be wrong if the browser decides to prefer https over http) |
|
Date: |
Tue, 13 Oct 2020 12:32:21 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 6009287 generate refund URI with http/https status based on the
merchant_base_url instead of trusting the client to use the same protocol for
the request (which can be wrong if the browser decides to prefer https over
http)
6009287 is described below
commit 60092876f45ad3b0657adab1e07eb3364c5b4709
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Oct 13 12:32:09 2020 +0200
generate refund URI with http/https status based on the merchant_base_url
instead of trusting the client to use the same protocol for the request (which
can be wrong if the browser decides to prefer https over http)
---
src/backend/taler-merchant-httpd_get-orders-ID.c | 91 ++++++++++++----------
...-merchant-httpd_private-post-orders-ID-refund.c | 21 ++---
src/backenddb/plugin_merchantdb_postgres.c | 2 +-
3 files changed, 63 insertions(+), 51 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index a6f0c3b..42e5620 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -21,6 +21,7 @@
*/
#include "platform.h"
#include <jansson.h>
+#include <gnunet/gnunet_uri_lib.h>
#include <taler/taler_signatures.h>
#include <taler/taler_json_lib.h>
#include <taler/taler_exchange_service.h>
@@ -204,68 +205,55 @@ suspend_god (struct GetOrderData *god)
/**
* Create a taler://refund/ URI for the given @a con and @a order_id
- * and @a instance_id.
+ * and @a instance_id.
*
- * @param con HTTP connection
+ * @param merchant_base_url URL to take host and path from;
+ * we cannot take it from the MHD connection as a browser
+ * may have changed 'http' to 'https' and we MUST be consistent
+ * with what the merchant's frontend used initially
* @param order_id the order id
- * @param instance_id instance, may be "default"
* @return corresponding taler://refund/ URI, or NULL on missing "host"
*/
static char *
-make_taler_refund_uri (struct MHD_Connection *con,
- const char *order_id,
- const char *instance_id)
+make_taler_refund_uri (const char *merchant_base_url,
+ const char *order_id)
{
- const char *host;
- const char *forwarded_host;
- const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
+ char *url;
+ struct GNUNET_Uri uri;
- host = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "Host");
- forwarded_host = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Host");
-
- uri_path = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Prefix");
- if (NULL != forwarded_host)
- host = forwarded_host;
- if (NULL == host)
+ url = GNUNET_strdup (merchant_base_url);
+ if (-1 == GNUNET_uri_parse (&uri,
+ url))
{
GNUNET_break (0);
+ GNUNET_free (url);
return NULL;
}
-
- GNUNET_assert (NULL != instance_id);
GNUNET_assert (NULL != order_id);
GNUNET_buffer_write_str (&buf,
"taler");
- if (GNUNET_NO == TALER_mhd_is_https (con))
+ if (0 == strcasecmp ("http",
+ uri.scheme))
GNUNET_buffer_write_str (&buf,
"+http");
GNUNET_buffer_write_str (&buf,
"://refund/");
GNUNET_buffer_write_str (&buf,
- host);
- if (NULL != uri_path)
+ uri.host);
+ if (0 != uri.port)
+ GNUNET_buffer_write_fstr (&buf,
+ ":%u",
+ (unsigned int) uri.port);
+ if (NULL != uri.path)
GNUNET_buffer_write_path (&buf,
- uri_path);
- if (0 != strcmp ("default",
- instance_id))
- {
- GNUNET_buffer_write_path (&buf,
- "instances");
- GNUNET_buffer_write_path (&buf,
- instance_id);
- }
+ uri.path);
GNUNET_buffer_write_path (&buf,
order_id);
GNUNET_buffer_write_path (&buf,
""); // Trailing slash
+ GNUNET_free (url);
return GNUNET_buffer_reap_str (&buf);
}
@@ -507,7 +495,7 @@ send_pay_request (struct GetOrderData *god,
* with another order_id.
*/
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Sending payment request in /poll-payment\n");
+ "Sending payment request\n");
taler_pay_uri = TMH_make_taler_pay_uri (god->sc.con,
god->order_id,
god->session_id,
@@ -529,6 +517,9 @@ send_pay_request (struct GetOrderData *god,
struct MHD_Response *reply;
MHD_RESULT ret;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Redirecting to already paid order %s\n",
+ already_paid_order_id);
reply = MHD_create_response_from_buffer (0,
NULL,
MHD_RESPMEM_PERSISTENT);
@@ -675,6 +666,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
bool contract_match = false;
bool token_match = false;
bool contract_available = false;
+ const char *merchant_base_url;
if (NULL == god)
{
@@ -902,6 +894,17 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
&god->claim_token));
} /* end unclaimed order logic */
+ merchant_base_url = json_string_value (json_object_get (god->contract_terms,
+
"merchant_base_url"));
+ if (NULL == merchant_base_url)
+ {
+ GNUNET_break (0);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+
TALER_EC_GET_ORDERS_CONTRACT_CONTENT_INVALID,
+ order_id);
+ }
+
if (NULL == god->fulfillment_url)
god->fulfillment_url = json_string_value (json_object_get (
god->contract_terms,
@@ -947,6 +950,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
struct MHD_Response *reply;
MHD_RESULT ret;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Contract claimed, redirecting to fulfillment page for order
%s\n",
+ order_id);
reply = MHD_create_response_from_buffer (0,
NULL,
MHD_RESPMEM_PERSISTENT);
@@ -977,6 +983,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
{
/* Order is unclaimed, no need to check for payments or even
refunds, simply always generate payment request */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Order unclaimed, sending pay request for order %s\n",
+ order_id);
return send_pay_request (god,
NULL);
}
@@ -1052,6 +1061,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
&god->h_contract_terms));
if (! paid)
{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Order claimed but unpaid, sending pay request for order
%s\n",
+ order_id);
return send_pay_request (god,
NULL);
}
@@ -1115,9 +1127,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
char *uri;
GNUNET_assert (NULL != god->contract_terms);
- uri = make_taler_refund_uri (god->sc.con,
- order_id,
- hc->instance->settings.id);
+ uri = make_taler_refund_uri (merchant_base_url,
+ order_id);
if (NULL == uri)
{
GNUNET_break (0);
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
index 06845bb..59b8275 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
@@ -121,7 +121,7 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
uint64_t order_serial;
struct GNUNET_TIME_Absolute refund_deadline;
struct GNUNET_TIME_Absolute timestamp;
-
+
qs = TMH_db->lookup_contract_terms (TMH_db->cls,
hc->instance->settings.id,
hc->infix,
@@ -130,11 +130,11 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
{
struct GNUNET_JSON_Specification spec[] = {
- TALER_JSON_spec_absolute_time
("refund_deadline",
-
&refund_deadline),
- TALER_JSON_spec_absolute_time
("timestamp",
-
×tamp),
- GNUNET_JSON_spec_end ()
+ TALER_JSON_spec_absolute_time ("refund_deadline",
+ &refund_deadline),
+ TALER_JSON_spec_absolute_time ("timestamp",
+ ×tamp),
+ GNUNET_JSON_spec_end ()
};
if (GNUNET_YES !=
@@ -163,7 +163,8 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
#endif
NULL);
}
- if (0 == GNUNET_TIME_absolute_get_remaining
(refund_deadline).rel_value_us)
+ if (0 == GNUNET_TIME_absolute_get_remaining (
+ refund_deadline).rel_value_us)
{
/* it is too late for refunds */
/* NOTE: We MAY still be lucky that the exchange did not yet
@@ -178,7 +179,7 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
hc->infix);
}
}
-
+
{
enum GNUNET_GenericReturnValue res;
@@ -251,9 +252,9 @@ TMH_private_post_orders_ID_refund (const struct
TMH_RequestHandler *rh,
NULL);
case TALER_MERCHANTDB_RS_NO_SUCH_ORDER:
{
- /* We know the order exists from the
+ /* We know the order exists from the
"lookup_contract_terms" at the beginning;
- so if we get 'no such order' here, it
+ so if we get 'no such order' here, it
must be read as "no PAID order" */
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_CONFLICT,
diff --git a/src/backenddb/plugin_merchantdb_postgres.c
b/src/backenddb/plugin_merchantdb_postgres.c
index 2d63ad0..2c5b9e9 100644
--- a/src/backenddb/plugin_merchantdb_postgres.c
+++ b/src/backenddb/plugin_merchantdb_postgres.c
@@ -7506,7 +7506,7 @@ postgres_connect (void *cls,
" (SELECT order_serial"
" FROM merchant_contract_terms"
" WHERE order_id=$2"
- " AND paid=true"
+ " AND paid=TRUE"
" AND merchant_serial="
" (SELECT merchant_serial"
" FROM merchant_instances"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: generate refund URI with http/https status based on the merchant_base_url instead of trusting the client to use the same protocol for the request (which can be wrong if the browser decides to prefer https over http),
gnunet <=