diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-08-22 18:31:25 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-08-22 18:31:25 +0200 |
| commit | 221698dd82e4884c8ac68ce285dbdd969962314c (patch) | |
| tree | 5409af9bc955cadabf13d2316a9a4a6195453778 /src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c | |
| parent | 0a30c302df1e04eacb84d77b73247b61ff37cc81 (diff) | |
include h_contract in refund URL, as it is needed for authentication
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c')
| -rw-r--r-- | src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c index 7d947d22..a0fa4575 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c +++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c @@ -40,12 +40,14 @@ * @param connection MHD connection to take host and path from * @param instance_id merchant's instance ID, must not be NULL * @param order_id order ID to show a refund for, must not be NULL + * @param h_contract hash of the contract to pass for authorization * @returns the URI, must be freed with #GNUNET_free */ static char * make_taler_refund_uri (struct MHD_Connection *connection, const char *instance_id, - const char *order_id) + const char *order_id, + const struct GNUNET_HashCode *h_contract) { const char *host; const char *forwarded_host; @@ -87,7 +89,11 @@ make_taler_refund_uri (struct MHD_Connection *connection, GNUNET_buffer_write_path (&buf, order_id); GNUNET_buffer_write_path (&buf, ""); // Trailing slash - + GNUNET_buffer_write_str (&buf, + "?h_contract"); + GNUNET_buffer_write_data_encoded (&buf, + &h_contract, + sizeof (*h_contract)); return GNUNET_buffer_reap_str (&buf); } @@ -114,6 +120,7 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh, GNUNET_JSON_spec_end () }; enum TALER_MERCHANTDB_RefundStatus rs; + struct GNUNET_HashCode h_contract; { enum GNUNET_GenericReturnValue res; @@ -196,8 +203,9 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh, hc->infix, &contract_terms, &order_serial); - if (qs == 1) + if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) { + json_decref (contract_terms); return TALER_MHD_reply_with_error (connection, MHD_HTTP_CONFLICT, TALER_EC_REFUND_ORDER_ID_UNPAID, @@ -212,6 +220,36 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh, } } case TALER_MERCHANTDB_RS_SUCCESS: + { + enum GNUNET_DB_QueryStatus qs; + json_t *contract_terms; + uint64_t order_serial; + + qs = TMH_db->lookup_contract_terms (TMH_db->cls, + hc->instance->settings.id, + hc->infix, + &contract_terms, + &order_serial); + if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs) + { + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_REFUND_ORDER_ID_UNKNOWN, + "Order unknown when looking up contract"); + } + if (GNUNET_OK != + TALER_JSON_contract_hash (contract_terms, + &h_contract)) + { + GNUNET_break (0); + json_decref (contract_terms); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_INTERNAL_LOGIC_ERROR, + "Could not hash contract terms"); + } + json_decref (contract_terms); + } break; } @@ -256,7 +294,8 @@ TMH_private_post_orders_ID_refund (const struct TMH_RequestHandler *rh, taler_refund_uri = make_taler_refund_uri (connection, hc->instance->settings.id, - hc->infix); + hc->infix, + &h_contract); ret = TALER_MHD_reply_json_pack (connection, MHD_HTTP_OK, "{s:s}", |