[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: improve error handling when toke
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: improve error handling when token auth fails |
|
Date: |
Sun, 24 Sep 2023 12:51:10 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new cc158741 improve error handling when token auth fails
cc158741 is described below
commit cc15874189dcfb4336921559ce94f4234daa3ca2
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Sep 24 12:51:03 2023 +0200
improve error handling when token auth fails
---
contrib/wallet-core | 2 +-
src/backend/taler-merchant-httpd.c | 58 ++++++++++++++---------
src/backend/taler-merchant-httpd_get-rewards-ID.c | 5 +-
3 files changed, 37 insertions(+), 28 deletions(-)
diff --git a/contrib/wallet-core b/contrib/wallet-core
index c5a3cd4c..9e2d95b3 160000
--- a/contrib/wallet-core
+++ b/contrib/wallet-core
@@ -1 +1 @@
-Subproject commit c5a3cd4c50676c49fa6c67cbdeb609101c38e764
+Subproject commit 9e2d95b39723a038eb714d723ac0910a5bf596e2
diff --git a/src/backend/taler-merchant-httpd.c
b/src/backend/taler-merchant-httpd.c
index 17e50dbc..00d49b70 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -155,9 +155,9 @@ static uint16_t port;
* Should a "Connection: close" header be added to each HTTP response?
*/
static int merchant_connection_close;
+
/**
* Context for all exchange operations (useful to the event loop).
- * FIXME: rename, move to taler-merchant-httpd.c
*/
struct GNUNET_CURL_Context *TMH_curl_ctx;
@@ -188,11 +188,13 @@ char *TMH_default_auth;
*
* @param token the login token given in the request
* @param instance_id the instance the login is to be checked against
- * @return scope of the token if it is valid
+ * @param[out] as set to scope of the token if it is valid
+ * @return TALER_EC_NONE on success
*/
-static enum TMH_AuthScope
+static enum TALER_ErrorCode
TMH_check_token (const char *token,
- const char *instance_id)
+ const char *instance_id,
+ enum TMH_AuthScope *as)
{
enum TMH_AuthScope scope;
struct GNUNET_TIME_Timestamp expiration;
@@ -200,24 +202,26 @@ TMH_check_token (const char *token,
struct TALER_MERCHANTDB_LoginTokenP btoken;
if (NULL == token)
- return TMH_AS_NONE;
+ {
+ *as = TMH_AS_NONE;
+ return TALER_EC_NONE;
+ }
/* This was presumably checked before... */
GNUNET_assert (0 == strncasecmp (token,
RFC_8959_PREFIX,
strlen (RFC_8959_PREFIX)));
token += strlen (RFC_8959_PREFIX);
-
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (token,
strlen (token),
&btoken,
sizeof (btoken)))
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to convert %s\n",
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Given authorization token `%s' is malformed\n",
token);
GNUNET_break_op (0);
- return TMH_AS_NONE;
+ return TALER_EC_GENERIC_TOKEN_MALFORMED;
}
qs = TMH_db->select_login_token (TMH_db->cls,
instance_id,
@@ -226,26 +230,25 @@ TMH_check_token (const char *token,
&scope);
if (qs < 0)
{
- /* FIXME: may want to return 500 internal server error
- in the future in this case... */
GNUNET_break (0);
- return TMH_AS_NONE;
+ return TALER_EC_GENERIC_DB_FETCH_FAILED;
}
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Token unknown\n");
- return TMH_AS_NONE;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Authorization token `%s' unknown\n",
+ token);
+ return TALER_EC_GENERIC_TOKEN_UNKNOWN;
}
if (GNUNET_TIME_absolute_is_past (expiration.abs_time))
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Token expired\n");
- /* FIXME: may want to return special EC to indicate
- (recently) expired token in the future */
- return TMH_AS_NONE;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Authorization token `%s' expired\n",
+ token);
+ return TALER_EC_GENERIC_TOKEN_EXPIRED;
}
- return scope;
+ *as = scope;
+ return TALER_EC_NONE;
}
@@ -1821,8 +1824,17 @@ url_handler (void *cls,
else
{
if (NULL != hc->instance)
- hc->auth_scope = TMH_check_token (auth,
- hc->instance->settings.id);
+ {
+ enum TALER_ErrorCode ec;
+
+ ec = TMH_check_token (auth,
+ hc->instance->settings.id,
+ &hc->auth_scope);
+ if (TALER_EC_NONE != ec)
+ return TALER_MHD_reply_with_ec (connection,
+ ec,
+ NULL);
+ }
else
hc->auth_scope = TMH_AS_NONE;
}
diff --git a/src/backend/taler-merchant-httpd_get-rewards-ID.c
b/src/backend/taler-merchant-httpd_get-rewards-ID.c
index 31ee2afa..e1232735 100644
--- a/src/backend/taler-merchant-httpd_get-rewards-ID.c
+++ b/src/backend/taler-merchant-httpd_get-rewards-ID.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- (C) 2014-2021 Taler Systems SA
+ (C) 2014-2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free
Software
@@ -219,9 +219,6 @@ TMH_get_rewards_ID (const struct TMH_RequestHandler *rh,
next_url),
TALER_JSON_pack_amount ("reward_amount",
&remaining),
- // FIXME: tip_amount is for legacy compatibility, to be removed "later"
- TALER_JSON_pack_amount ("tip_amount",
- &remaining),
GNUNET_JSON_pack_timestamp ("expiration",
expiration));
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: improve error handling when token auth fails,
gnunet <=