[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: add more location checks
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: add more location checks |
|
Date: |
Thu, 22 Jul 2021 13:09:27 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 26294033 add more location checks
26294033 is described below
commit 262940332979dfc3f0703ce12638abab8c63605c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Thu Jul 22 13:09:25 2021 +0200
add more location checks
---
contrib/merchant-backoffice | 2 +-
...ler-merchant-httpd_private-patch-instances-ID.c | 21 ++++++++++
.../taler-merchant-httpd_private-post-instances.c | 20 +++++++++
.../taler-merchant-httpd_private-post-orders.c | 48 ++++++++++++++--------
4 files changed, 73 insertions(+), 18 deletions(-)
diff --git a/contrib/merchant-backoffice b/contrib/merchant-backoffice
index 26ab01ca..1732185a 160000
--- a/contrib/merchant-backoffice
+++ b/contrib/merchant-backoffice
@@ -1 +1 @@
-Subproject commit 26ab01cac7fd4c85ec83b6079c4aa2fb88b73f8e
+Subproject commit 1732185ac1d1dcc783b8f2489f2ce333b5254d92
diff --git a/src/backend/taler-merchant-httpd_private-patch-instances-ID.c
b/src/backend/taler-merchant-httpd_private-patch-instances-ID.c
index 8b0917e7..bafccb59 100644
--- a/src/backend/taler-merchant-httpd_private-patch-instances-ID.c
+++ b/src/backend/taler-merchant-httpd_private-patch-instances-ID.c
@@ -114,6 +114,27 @@ patch_instances_ID (struct TMH_MerchantInstance *mi,
TALER_EC_GENERIC_CURRENCY_MISMATCH,
NULL);
}
+
+ if (! TMH_location_object_valid (is.address))
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "address");
+ }
+
+ if (! TMH_location_object_valid (is.jurisdiction))
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "jurisdiction");
+ }
+
if (! TMH_payto_uri_array_valid (payto_uris))
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_BAD_REQUEST,
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c
b/src/backend/taler-merchant-httpd_private-post-instances.c
index 4c5919e9..c6471571 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances.c
@@ -230,6 +230,26 @@ TMH_private_post_instances (const struct
TMH_RequestHandler *rh,
"id");
}
+ if (! TMH_location_object_valid (is.address))
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "address");
+ }
+
+ if (! TMH_location_object_valid (is.jurisdiction))
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "jurisdiction");
+ }
+
/* Check currency of client matches our own currency */
if ( (0 != strcasecmp (is.default_max_deposit_fee.currency,
TMH_currency)) ||
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c
b/src/backend/taler-merchant-httpd_private-post-orders.c
index d4812715..172cb05c 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- (C) 2014, 2015, 2016, 2018, 2020 Taler Systems SA
+ (C) 2014, 2015, 2016, 2018, 2020, 2021 Taler Systems SA
TALER is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
@@ -30,6 +30,7 @@
#include "taler-merchant-httpd_private-post-orders.h"
#include "taler-merchant-httpd_auditors.h"
#include "taler-merchant-httpd_exchanges.h"
+#include "taler-merchant-httpd_helper.h"
#include "taler-merchant-httpd_private-get-orders.h"
@@ -712,10 +713,10 @@ patch_order (struct MHD_Connection *connection,
&wire_fee_amortization)),
GNUNET_JSON_spec_mark_optional (
TALER_JSON_spec_absolute_time ("delivery_date",
- &delivery_date)),
+ &delivery_date)),
GNUNET_JSON_spec_mark_optional (
TALER_JSON_spec_relative_time ("auto_refund",
- &auto_refund)),
+ &auto_refund)),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_json ("delivery_location",
&delivery_location)),
@@ -864,7 +865,7 @@ patch_order (struct MHD_Connection *connection,
refund_deadline)));
}
if ((0 != delivery_date.abs_value_us) &&
- (delivery_date.abs_value_us < now.abs_value_us) )
+ (delivery_date.abs_value_us < now.abs_value_us) )
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
@@ -901,7 +902,8 @@ patch_order (struct MHD_Connection *connection,
GNUNET_assert (0 ==
json_object_set_new (order,
"wire_transfer_deadline",
- GNUNET_JSON_from_time_abs
(wire_deadline)));
+ GNUNET_JSON_from_time_abs (
+ wire_deadline)));
}
if (wire_deadline.abs_value_us < refund_deadline.abs_value_us)
{
@@ -926,8 +928,8 @@ patch_order (struct MHD_Connection *connection,
else
{
if (0 !=
- strcasecmp (max_wire_fee.currency,
- TMH_currency))
+ strcasecmp (max_wire_fee.currency,
+ TMH_currency))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
@@ -951,8 +953,8 @@ patch_order (struct MHD_Connection *connection,
else
{
if (0 !=
- strcasecmp (max_fee.currency,
- TMH_currency))
+ strcasecmp (max_fee.currency,
+ TMH_currency))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
@@ -985,7 +987,7 @@ patch_order (struct MHD_Connection *connection,
GNUNET_free (url);
}
else if (('\0' == *merchant_base_url) ||
- ('/' != merchant_base_url[strlen(merchant_base_url) - 1]))
+ ('/' != merchant_base_url[strlen (merchant_base_url) - 1]))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
@@ -994,7 +996,7 @@ patch_order (struct MHD_Connection *connection,
TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
"merchant_base_url is not valid");
}
-
+
/* Fill in merchant information if necessary */
if (NULL != jmerchant)
{
@@ -1005,8 +1007,8 @@ patch_order (struct MHD_Connection *connection,
TALER_EC_MERCHANT_PRIVATE_POST_ORDERS_PROPOSAL_PARSE_ERROR,
"'merchant' field already set, but must be provided by backend");
}
- jmerchant = json_pack("{s:s}",
- "name", settings->name);
+ jmerchant = json_pack ("{s:s}",
+ "name", settings->name);
GNUNET_assert (NULL != jmerchant);
{
json_t *loca;
@@ -1064,22 +1066,34 @@ patch_order (struct MHD_Connection *connection,
TALER_EC_GENERIC_JSON_INVALID,
"could not compute hash of order due to bogus forgettable fields");
}
+
+ if ( (NULL != delivery_location) &&
+ (! TMH_location_object_valid (delivery_location)) )
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "delivery_location");
+ }
+
/* sanity check result */
{
struct GNUNET_HashCode h_control;
-
+
switch (TALER_JSON_contract_hash (order,
&h_control))
{
- case GNUNET_SYSERR:
+ case GNUNET_SYSERR:
GNUNET_break (0);
return TALER_MHD_reply_with_error (
connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_FAILED_COMPUTE_JSON_HASH,
"could not compute hash of patched order");
-
- case GNUNET_NO:
+
+ case GNUNET_NO:
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
connection,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: add more location checks,
gnunet <=