aboutsummaryrefslogtreecommitdiff
path: root/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
blob: a223a882c6a2abd46194166ff9a9f293bb53458f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
/*
  This file is part of GNU Taler
  (C) 2023 Taler Systems SA

  GNU Taler is free software; you can redistribute it and/or modify
  it under the terms of the GNU Affero General Public License as
  published by the Free Software Foundation; either version 3,
  or (at your option) any later version.

  GNU Taler is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public
  License along with TALER; see the file COPYING.  If not,
  see <http://www.gnu.org/licenses/>
*/

/**
 * @file taler-merchant-httpd_private-post-instances-ID-token.c
 * @brief implementing POST /instances/$ID/token request handling
 * @author Christian Grothoff
 */
#include "platform.h"
#include "taler-merchant-httpd_private-post-instances-ID-token.h"
#include "taler-merchant-httpd_helper.h"
#include <taler/taler_json_lib.h>


/**
 * Default duration for the validity of a login token.
 */
#define DEFAULT_DURATION GNUNET_TIME_UNIT_DAYS


MHD_RESULT
TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
                                     struct MHD_Connection *connection,
                                     struct TMH_HandlerContext *hc)
{
  struct TMH_MerchantInstance *mi = hc->instance;
  json_t *jtoken = hc->request_body;
  const char *scope;
  uint32_t iscope = TMH_AS_NONE;
  bool refreshable = false;
  struct TALER_MERCHANTDB_LoginTokenP btoken;
  struct GNUNET_TIME_Relative duration
    = DEFAULT_DURATION;
  struct GNUNET_TIME_Timestamp expiration_time;
  struct GNUNET_JSON_Specification spec[] = {
    GNUNET_JSON_spec_string ("scope",
                             &scope),
    GNUNET_JSON_spec_mark_optional (
      GNUNET_JSON_spec_relative_time ("duration",
                                      &duration),
      NULL),
    GNUNET_JSON_spec_mark_optional (
      GNUNET_JSON_spec_bool ("refreshable",
                             &refreshable),
      NULL),
    GNUNET_JSON_spec_end ()
  };
  enum GNUNET_DB_QueryStatus qs;

  {
    enum GNUNET_GenericReturnValue res;

    res = TALER_MHD_parse_json_data (connection,
                                     jtoken,
                                     spec);
    if (GNUNET_OK != res)
      return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
  }
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                              &btoken,
                              sizeof (btoken));
  expiration_time = GNUNET_TIME_relative_to_timestamp (duration);
  if (0 == strcasecmp (scope,
                       "readonly"))
    iscope = TMH_AS_READ_ONLY;
  else if (0 == strcasecmp (scope,
                            "write"))
    iscope = TMH_AS_ALL;
  else
  {
    GNUNET_break_op (0);
    return TALER_MHD_reply_with_ec (connection,
                                    TALER_EC_GENERIC_PARAMETER_MALFORMED,
                                    "scope");
  }
  if (refreshable)
    iscope |= TMH_AS_REFRESHABLE;
  if (0 != (iscope & (~hc->auth_scope)))
  {
    /* more permissions requested for the new token, not allowed */
    GNUNET_break_op (0);
    return TALER_MHD_reply_with_ec (connection,
                                    TALER_EC_GENERIC_TOKEN_PERMISSION_INSUFFICIENT,
                                    NULL);
  }
  qs = TMH_db->insert_login_token (TMH_db->cls,
                                   mi->settings.id,
                                   &btoken,
                                   GNUNET_TIME_timestamp_get (),
                                   expiration_time,
                                   iscope);
  switch (qs)
  {
  case GNUNET_DB_STATUS_HARD_ERROR:
  case GNUNET_DB_STATUS_SOFT_ERROR:
  case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
    GNUNET_break (0);
    return TALER_MHD_reply_with_ec (connection,
                                    TALER_EC_GENERIC_DB_STORE_FAILED,
                                    "insert_login_token");
  case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
    break;
  }

  {
    char *tok;
    MHD_RESULT ret;
    char *val;

    val = GNUNET_STRINGS_data_to_string_alloc (&btoken,
                                               sizeof (btoken));
    GNUNET_asprintf (&tok,
                     RFC_8959_PREFIX "%s",
                     val);
    GNUNET_free (val);
    ret = TALER_MHD_REPLY_JSON_PACK (
      connection,
      MHD_HTTP_OK,
      GNUNET_JSON_pack_string ("token",
                               tok),
      GNUNET_JSON_pack_string ("scope",
                               scope),
      GNUNET_JSON_pack_bool ("refreshable",
                             refreshable),
      GNUNET_JSON_pack_timestamp ("expiration",
                                  expiration_time));
    GNUNET_free (tok);
    return ret;
  }
}


/* end of taler-merchant-httpd_private-post-instances-ID-token.c */