[taler-merchant] branch master updated: -do not allow scope upgrades whe

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-merchant] branch master updated: -do not allow scope upgrades whe

From:	gnunet
Subject:	[taler-merchant] branch master updated: -do not allow scope upgrades when refreshing
Date:	Wed, 06 Sep 2023 21:29:58 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new 5d24900f -do not allow scope upgrades when refreshing
5d24900f is described below

commit 5d24900f8bccd02ada1808bed373d5ac832f825d
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Wed Sep 6 21:29:55 2023 +0200

    -do not allow scope upgrades when refreshing
---
 .../taler-merchant-httpd_private-post-instances-ID-token.c        | 8 ++++++++
 src/backenddb/versioning.sql                                      | 4 ----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c 
b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 28a521a4..839c68d1 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -91,6 +91,14 @@ TMH_private_post_instances_ID_token (const struct 
TMH_RequestHandler *rh,
   }
   if (refreshable)
     iscope |= TMH_AS_REFRESHABLE;
+  if (0 != (iscope & (~hc->auth_scope)))
+  {
+    /* more permissions requested for the new token, not allowed */
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_ec (connection,
+                                    
TALER_EC_GENERIC_TOKEN_PERMISSION_INSUFFICIENT,
+                                    NULL);
+  }
   qs = TMH_db->insert_login_token (TMH_db->cls,
                                    mi->settings.id,
                                    &btoken,
diff --git a/src/backenddb/versioning.sql b/src/backenddb/versioning.sql
index c7fa8121..444cf95e 100644
--- a/src/backenddb/versioning.sql
+++ b/src/backenddb/versioning.sql
@@ -146,10 +146,6 @@
 
 BEGIN;
 
--- Added by Christian Grothoff to support concurrency, see
--- 
https://stackoverflow.com/questions/29900845/create-schema-if-not-exists-raises-duplicate-key-error?rq=4
-LOCK TABLE pg_catalog.pg_namespace;
-
 
 -- This file adds versioning support to database it will be loaded to.
 -- It requires that PL/pgSQL is already loaded - will raise exception 
otherwise.

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-merchant] branch master updated: -do not allow scope upgrades when refreshing, gnunet <=

Prev by Date: [libeufin] branch master updated: remove locking, we'll revert to sequential use as locking requires superuser
Next by Date: [taler-docs] branch master updated: clarify API
Previous by thread: [libeufin] branch master updated: remove locking, we'll revert to sequential use as locking requires superuser
Next by thread: [taler-docs] branch master updated: clarify API
Index(es):
- Date
- Thread