gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-merchant] branch master updated: fix GET /orders/{order_id} handl

From: gnunet
Subject: [taler-merchant] branch master updated: fix GET /orders/{order_id} handling with redirection to fulfillment if neither contract hash nor token match
Date: Sun, 16 Aug 2020 13:03:39 +0200 
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new e53ad1e  fix GET /orders/{order_id} handling with redirection to 
fulfillment if neither contract hash nor token match
e53ad1e is described below

commit e53ad1e718cd6b5acab5672a8dbb2998477e4f86
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Aug 16 13:03:37 2020 +0200

    fix GET /orders/{order_id} handling with redirection to fulfillment if 
neither contract hash nor token match
---
 src/backend/taler-merchant-httpd_get-orders-ID.c | 61 +++++++++++++++++++-----
 1 file changed, 48 insertions(+), 13 deletions(-)

diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c 
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index fce96a5..732e3cf 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -914,6 +914,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
   const char *order_id = hc->infix;
   enum GNUNET_DB_QueryStatus qs;
   bool contract_match = false;
+  bool token_match = false;
 
   if (NULL == god)
   {
@@ -1091,7 +1092,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                  hc->instance->settings.id,
                                  order_id,
                                  &db_claim_token,
-                                 &god->contract_terms);
+                                 (NULL == god->contract_terms)
+                                 ? &god->contract_terms
+                                 : NULL);
       if (0 > qs)
       {
         /* single, read-only SQL statements should never cause
@@ -1104,7 +1107,9 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                            TALER_EC_GET_ORDERS_DB_LOOKUP_ERROR,
                                            "database error looking up order");
       }
-      if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+      god->unclaimed = (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs);
+      if ( (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) &&
+           (NULL == god->contract_terms) )
       {
         GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                     "Unknown order id given: `%s'\n",
@@ -1115,17 +1120,8 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                            "order_id not found in database");
       }
 
-      if (0 != GNUNET_memcmp (&db_claim_token,
-                              &god->claim_token))
-      {
-        /* Token wrong */
-        GNUNET_break_op (0);
-        return TALER_MHD_reply_with_error (connection,
-                                           MHD_HTTP_FORBIDDEN,
-                                           
TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN,
-                                           "Claim token invalid");
-      }
-      god->unclaimed = true;
+      token_match = (0 == GNUNET_memcmp (&db_claim_token,
+                                         &god->claim_token));
     } /* end unclaimed order logic */
 
     {
@@ -1147,6 +1143,45 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
                                            "Merchant database error (contract 
terms corrupted)");
       }
     }
+
+    if ( (god->unclaimed) &&
+         (! token_match) )
+    {
+      /* Token wrong, and required because contract is unclaimed */
+      GNUNET_break_op (0);
+      return TALER_MHD_reply_with_error (connection,
+                                         MHD_HTTP_FORBIDDEN,
+                                         
TALER_EC_MERCHANT_GET_ORDER_INVALID_TOKEN,
+                                         "Claim token invalid");
+    }
+    if ( (! token_match) &&
+         (! contract_match) )
+    {
+      /* Contract was claimed (maybe by another device), so this client
+         cannot get the status information. Redirect to fulfillment page,
+         where the client may be able to pickup a fresh order -- or might
+         be able authenticate via session ID */
+      struct MHD_Response *reply;
+      MHD_RESULT ret;
+
+      reply = MHD_create_response_from_buffer (0,
+                                               NULL,
+                                               MHD_RESPMEM_PERSISTENT);
+      if (NULL == reply)
+      {
+        GNUNET_break (0);
+        return MHD_NO;
+      }
+      GNUNET_break (MHD_YES ==
+                    MHD_add_response_header (reply,
+                                             MHD_HTTP_HEADER_LOCATION,
+                                             god->fulfillment_url));
+      ret = MHD_queue_response (connection,
+                                MHD_HTTP_FOUND,
+                                reply);
+      MHD_destroy_response (reply);
+      return ret;
+    }
   } /* end of first-time initialization / sanity checks */
 
   if (god->unclaimed)

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]