From d7eb23ad965c0207e561261588cbf742f93df935 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 5 May 2016 13:47:17 +0200
Subject: check for duplicate transaction ID

---
 src/backend/taler-merchant-httpd_contract.c | 23 +++++++++++++++++++++++
 src/backend/taler-merchant-httpd_pay.c      |  3 +++
 2 files changed, 26 insertions(+)

(limited to 'src/backend')

diff --git a/src/backend/taler-merchant-httpd_contract.c b/src/backend/taler-merchant-httpd_contract.c
index 9acff622..9d159583 100644
--- a/src/backend/taler-merchant-httpd_contract.c
+++ b/src/backend/taler-merchant-httpd_contract.c
@@ -187,6 +187,29 @@ MH_handler_contract (struct TMH_RequestHandler *rh,
                                               "products in contract request malformed");
   }
 
+  /* Check if this transaction ID erroneously corresponds to a
+     contract that already paid, in which case we should refuse
+     to sign it again (frontend buggy, it should use a fresh
+     transaction ID each time)! */
+  if (GNUNET_OK ==
+      db->check_payment (db->cls,
+                         transaction_id))
+  {
+    struct MHD_Response *resp;
+    int ret;
+
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, refusing to sign!\n",
+                (unsigned long long) transaction_id);
+    resp = MHD_create_response_from_buffer (strlen ("Duplicate transaction ID!"),
+                                            "Duplicate transaction ID!",
+                                            MHD_RESPMEM_PERSISTENT);
+    ret = MHD_queue_response (connection,
+                              MHD_HTTP_FORBIDDEN,
+                              resp);
+    MHD_destroy_response (resp);
+    return ret;
+  }
 
   /* add fields to the contract that the backend should provide */
   json_object_set (jcontract,
diff --git a/src/backend/taler-merchant-httpd_pay.c b/src/backend/taler-merchant-httpd_pay.c
index f51c2629..f7830896 100644
--- a/src/backend/taler-merchant-httpd_pay.c
+++ b/src/backend/taler-merchant-httpd_pay.c
@@ -797,6 +797,9 @@ MH_handler_pay (struct TMH_RequestHandler *rh,
 
     /* Payment succeeded in the past; take short cut
        and accept immediately */
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Transaction %llu already paid in the past, taking short cut.\n",
+                (unsigned long long) pc->transaction_id);
     resp = MHD_create_response_from_buffer (0,
                                             NULL,
                                             MHD_RESPMEM_PERSISTENT);
-- 
cgit v1.2.3