diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-07-23 23:21:20 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-07-29 12:18:47 +0200 |
| commit | 2dc156735f143e5d6e5a611726531ceedd2a7e4e (patch) | |
| tree | 8004da2dc715d58183bbace56d891a4ffa9da7d1 | |
| parent | 1a08b84bdacee9c2cb38399edb3b2abf348ba288 (diff) | |
more bugfixes
| -rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-start.c | 33 | ||||
| -rw-r--r-- | src/exchangedb/pg_lookup_pending_legitimization.c | 20 | ||||
| -rw-r--r-- | src/exchangedb/pg_lookup_pending_legitimization.h | 6 | ||||
| -rw-r--r-- | src/include/taler_exchangedb_plugin.h | 6 | ||||
| -rw-r--r-- | src/kyclogic/kyclogic_api.c | 17 | ||||
| -rw-r--r-- | src/lib/exchange_api_kyc_check.c | 5 | ||||
| -rwxr-xr-x | src/testing/taler-unified-setup.sh | 2 | ||||
| -rw-r--r-- | src/testing/test_exchange_p2p.c | 2 |
8 files changed, 58 insertions, 33 deletions
diff --git a/src/exchange/taler-exchange-httpd_kyc-start.c b/src/exchange/taler-exchange-httpd_kyc-start.c index 996b3239b..c3cd7375c 100644 --- a/src/exchange/taler-exchange-httpd_kyc-start.c +++ b/src/exchange/taler-exchange-httpd_kyc-start.c @@ -46,6 +46,11 @@ struct KycPoller struct TALER_AccountAccessTokenP access_token; /** + * Authorization hash for the selected measure. + */ + struct TALER_KycMeasureAuthorizationHash shv; + + /** * Hash of the payto:// URI we are starting to the KYC for. */ struct TALER_PaytoHashP h_payto; @@ -288,15 +293,15 @@ TEH_handler_kyc_start ( if (GNUNET_OK != GNUNET_STRINGS_string_to_data (id, slash - id, - &kyp->access_token, - sizeof (kyp->access_token))) + &kyp->shv, + sizeof (kyp->shv))) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( rc->connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "Access token in ID is malformed"); + "Authorization hash in ID is malformed"); } if (2 != sscanf (slash + 1, @@ -313,7 +318,6 @@ TEH_handler_kyc_start ( "ID is malformed"); } } - qs = TEH_plugin->lookup_pending_legitimization ( TEH_plugin->cls, kyp->legitimization_measure_serial_id, @@ -339,6 +343,27 @@ TEH_handler_kyc_start ( } { + struct TALER_KycMeasureAuthorizationHash shv2; + + TALER_kyc_measure_authorization_hash ( + &kyp->access_token, + kyp->legitimization_measure_serial_id, + kyp->measure_index, + &shv2); + if (0 != + GNUNET_memcmp (&kyp->shv, + &shv2)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + rc->connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_GENERIC_ENDPOINT_UNKNOWN, + rc->url); + } + } + + { const char *check_name; const char *prog_name; const json_t *context; diff --git a/src/exchangedb/pg_lookup_pending_legitimization.c b/src/exchangedb/pg_lookup_pending_legitimization.c index ffa36ff37..1a64f8534 100644 --- a/src/exchangedb/pg_lookup_pending_legitimization.c +++ b/src/exchangedb/pg_lookup_pending_legitimization.c @@ -30,21 +30,25 @@ enum GNUNET_DB_QueryStatus TEH_PG_lookup_pending_legitimization ( void *cls, uint64_t legitimization_measure_serial_id, - const struct TALER_AccountAccessTokenP *access_token, + struct TALER_AccountAccessTokenP *access_token, struct TALER_PaytoHashP *h_payto, json_t **jmeasures) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_uint64 (&legitimization_measure_serial_id), - GNUNET_PQ_query_param_auto_from_type (access_token), GNUNET_PQ_query_param_end }; struct GNUNET_PQ_ResultSpec rs[] = { - TALER_PQ_result_spec_json ("jmeasures", - jmeasures), - GNUNET_PQ_result_spec_auto_from_type ("wire_target_h_payto", - h_payto), + TALER_PQ_result_spec_json ( + "jmeasures", + jmeasures), + GNUNET_PQ_result_spec_auto_from_type ( + "wire_target_h_payto", + h_payto), + GNUNET_PQ_result_spec_auto_from_type ( + "access_token", + access_token), GNUNET_PQ_result_spec_end }; @@ -53,11 +57,11 @@ TEH_PG_lookup_pending_legitimization ( "SELECT " " lm.jmeasures" ",wt.wire_target_h_payto" + ",lm.access_token" " FROM legitimization_measures lm" " JOIN wire_targets wt" " ON (lm.access_token = wt.access_token)" - " WHERE legitimization_measure_serial_id=$1" - " AND lm.access_token=$2" + " WHERE lm.legitimization_measure_serial_id=$1" " AND NOT lm.is_finished;"); return GNUNET_PQ_eval_prepared_singleton_select ( pg->conn, diff --git a/src/exchangedb/pg_lookup_pending_legitimization.h b/src/exchangedb/pg_lookup_pending_legitimization.h index 69f34594e..4f4777738 100644 --- a/src/exchangedb/pg_lookup_pending_legitimization.h +++ b/src/exchangedb/pg_lookup_pending_legitimization.h @@ -32,8 +32,8 @@ * @param cls closure * @param legitimization_measure_serial_id * row in legitimization_measures table to access - * @param access_token - * token for access control that must match + * @param[out] access_token + * set to token for access control that must match * @param[out] h_payto set to the the hash of the * payto URI of the account undergoing legitimization * @param[out] jmeasures set to the legitimization @@ -44,7 +44,7 @@ enum GNUNET_DB_QueryStatus TEH_PG_lookup_pending_legitimization ( void *cls, uint64_t legitimization_measure_serial_id, - const struct TALER_AccountAccessTokenP *access_token, + struct TALER_AccountAccessTokenP *access_token, struct TALER_PaytoHashP *h_payto, json_t **jmeasures); diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 1bbafe2ed..bfd048bd9 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -7310,8 +7310,8 @@ struct TALER_EXCHANGEDB_Plugin * @param cls closure * @param legitimization_measure_serial_id * row in legitimization_measures table to access - * @param access_token - * token for access control that must match + * @param[out] access_token + * set to token for access control that must match * @param[out] h_payto set to the the hash of the * payto URI of the account undergoing legitimization * @param[out] jmeasures set to the legitimization @@ -7322,7 +7322,7 @@ struct TALER_EXCHANGEDB_Plugin (*lookup_pending_legitimization)( void *cls, uint64_t legitimization_measure_serial_id, - const struct TALER_AccountAccessTokenP *access_token, + struct TALER_AccountAccessTokenP *access_token, struct TALER_PaytoHashP *h_payto, json_t **jmeasures); diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c index 836dd0c31..b698a4cbd 100644 --- a/src/kyclogic/kyclogic_api.c +++ b/src/kyclogic/kyclogic_api.c @@ -2613,8 +2613,8 @@ TALER_KYCLOGIC_measure_to_requirement ( xids), GNUNET_JSON_pack_string ("description", kc->description), - GNUNET_JSON_pack_object_steal ("description_i18n", - (json_t *) kc->description_i18n)); + GNUNET_JSON_pack_object_incref ("description_i18n", + (json_t *) kc->description_i18n)); GNUNET_free (xids); return kri; case TALER_KYCLOGIC_CT_LINK: @@ -2634,8 +2634,8 @@ TALER_KYCLOGIC_measure_to_requirement ( xids), GNUNET_JSON_pack_string ("description", kc->description), - GNUNET_JSON_pack_object_steal ("description_i18n", - (json_t *) kc->description_i18n)); + GNUNET_JSON_pack_object_incref ("description_i18n", + (json_t *) kc->description_i18n)); GNUNET_free (xids); return kri; } @@ -2780,12 +2780,13 @@ TALER_KYCLOGIC_select_measure ( const char **prog_name, const json_t **context) { - const json_t *jmeasure; + const json_t *jmeasure_arr; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_array_const ("measures", - &jmeasures), + &jmeasure_arr), GNUNET_JSON_spec_end () }; + const json_t *jmeasure; struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ("check_name", check_name), @@ -2807,12 +2808,12 @@ TALER_KYCLOGIC_select_measure ( GNUNET_break (0); return TALER_EC_EXCHANGE_KYC_MEASURES_MALFORMED; } - if (measure_index >= json_array_size (jmeasures)) + if (measure_index >= json_array_size (jmeasure_arr)) { GNUNET_break_op (0); return TALER_EC_EXCHANGE_KYC_MEASURE_INDEX_INVALID; } - jmeasure = json_array_get (jmeasures, + jmeasure = json_array_get (jmeasure_arr, measure_index); if (GNUNET_OK != GNUNET_JSON_parse (jmeasure, diff --git a/src/lib/exchange_api_kyc_check.c b/src/lib/exchange_api_kyc_check.c index 7d8dd1996..8450242ca 100644 --- a/src/lib/exchange_api_kyc_check.c +++ b/src/lib/exchange_api_kyc_check.c @@ -283,11 +283,6 @@ TALER_EXCHANGE_kyc_check ( CURLOPT_TIMEOUT_MS, (long) (tms + 500L))); } - GNUNET_break (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_VERBOSE, - 1L)); - job_headers = curl_slist_append (job_headers, "Content-Type: application/json"); { diff --git a/src/testing/taler-unified-setup.sh b/src/testing/taler-unified-setup.sh index 1d7a12584..770785bd5 100755 --- a/src/testing/taler-unified-setup.sh +++ b/src/testing/taler-unified-setup.sh @@ -518,7 +518,7 @@ then -c "$CONF" \ -L "$LOGLEVEL" \ 2> taler-exchange-secmod-cs.log & - $USE_VALGRIND valgrind taler-exchange-httpd \ + $USE_VALGRIND taler-exchange-httpd \ -c "$CONF" \ -L "$LOGLEVEL" 2> taler-exchange-httpd.log & echo " DONE" diff --git a/src/testing/test_exchange_p2p.c b/src/testing/test_exchange_p2p.c index 237b954d8..7ac5e260c 100644 --- a/src/testing/test_exchange_p2p.c +++ b/src/testing/test_exchange_p2p.c @@ -511,7 +511,7 @@ run (void *cls, TALER_TESTING_cmd_proof_kyc_oauth2 ( "proof-close-kyc", "reserve-101-close-kyc", - "kyc-provider-test-oauth2", + "test-oauth2", "pass", MHD_HTTP_SEE_OTHER), TALER_TESTING_cmd_check_kyc_get ( |