check for duplicate transaction ID

author: Christian Grothoff <christian@grothoff.org> 2016-05-05 13:47:17 +0200
committer: Christian Grothoff <christian@grothoff.org> 2016-05-05 13:47:17 +0200
commit: d7eb23ad965c0207e561261588cbf742f93df935 (patch)
tree: db94ef3081bad4e25935de73e42afeec555cd66d /src/backend
parent: b749dcc6db831ce69143f3833c5c565b9937fc5c (diff)
2 files changed, 26 insertions, 0 deletions
diff --git a/src/backend/taler-merchant-httpd_contract.c b/src/backend/taler-merchant-httpd_contract.c
index 9acff622..9d159583 100644
--- a/src/backend/taler-merchant-httpd_contract.c
+++ b/src/backend/taler-merchant-httpd_contract.c
@@ -187,6 +187,29 @@ MH_handler_contract (struct TMH_RequestHandler *rh,
                                               "products in contract request malformed");
   }
 
+  /* Check if this transaction ID erroneously corresponds to a
+     contract that already paid, in which case we should refuse
+     to sign it again (frontend buggy, it should use a fresh
+     transaction ID each time)! */
+  if (GNUNET_OK ==
+      db->check_payment (db->cls,
+                         transaction_id))
+  {
+    struct MHD_Response *resp;
+    int ret;
+
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, refusing to sign!\n",
+                (unsigned long long) transaction_id);
+    resp = MHD_create_response_from_buffer (strlen ("Duplicate transaction ID!"),
+                                            "Duplicate transaction ID!",
+                                            MHD_RESPMEM_PERSISTENT);
+    ret = MHD_queue_response (connection,
+                              MHD_HTTP_FORBIDDEN,
+                              resp);
+    MHD_destroy_response (resp);
+    return ret;
+  }
 
   /* add fields to the contract that the backend should provide */
   json_object_set (jcontract,
diff --git a/src/backend/taler-merchant-httpd_pay.c b/src/backend/taler-merchant-httpd_pay.c
index f51c2629..f7830896 100644
--- a/src/backend/taler-merchant-httpd_pay.c
+++ b/src/backend/taler-merchant-httpd_pay.c
@@ -797,6 +797,9 @@ MH_handler_pay (struct TMH_RequestHandler *rh,
 
     /* Payment succeeded in the past; take short cut
        and accept immediately */
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, taking short cut.\n",
+                (unsigned long long) pc->transaction_id);
     resp = MHD_create_response_from_buffer (0,
                                             NULL,
                                             MHD_RESPMEM_PERSISTENT);
author	Christian Grothoff <christian@grothoff.org>	2016-05-05 13:47:17 +0200
committer	Christian Grothoff <christian@grothoff.org>	2016-05-05 13:47:17 +0200
commit	d7eb23ad965c0207e561261588cbf742f93df935 (patch)
tree	db94ef3081bad4e25935de73e42afeec555cd66d /src/backend
parent	b749dcc6db831ce69143f3833c5c565b9937fc5c (diff)