gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-taldir] branch master updated: prevent automatic unlimited resend

From: gnunet
Subject: [taler-taldir] branch master updated: prevent automatic unlimited resend
Date: Sun, 17 Jul 2022 22:34:55 +0200 
This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository taldir.

The following commit(s) were added to refs/heads/master by this push:
     new e9c5cc5  prevent automatic unlimited resend
e9c5cc5 is described below

commit e9c5cc54d9cfe3c97fa3c96aa296d2d27998f25b
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Jul 17 22:34:51 2022 +0200

    prevent automatic unlimited resend
---
 config/taldir-example.conf |  3 +++
 pkg/rest/taldir.go         | 13 +++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/config/taldir-example.conf b/config/taldir-example.conf
index 50be797..6bb8b47 100644
--- a/config/taldir-example.conf
+++ b/config/taldir-example.conf
@@ -24,15 +24,18 @@ validation_expiration = 24h
 sender = "taldir@taler.net"
 challenge_fee = KUDOS:0.5
 command = validate_email.sh
+allow_resend = true
 
 [taldir-phone]
 challenge_fee = KUDOS:5
 requires_payment = true
 command = validate_phone.sh
+allow_resend = false
 
 [taldir-twitter]
 challenge_fee = KUDOS:2
 command = taldir-validate-twitter
+allow_resend = true
 
 [taldir-pq]
 host = "localhost"
diff --git a/pkg/rest/taldir.go b/pkg/rest/taldir.go
index 9f18f34..5ede30f 100644
--- a/pkg/rest/taldir.go
+++ b/pkg/rest/taldir.go
@@ -197,6 +197,9 @@ type validation struct {
   // The activation code sent to the client
   Challenge string `json:"-"`
 
+  // The challenge has been sent already
+  ChallengeSent bool `json:"-"`
+
   // Public key of the user to register
   PublicKey string `json:"public_key"`
 
@@ -458,7 +461,6 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r 
*http.Request){
     validation.Duration = reqDuration.Microseconds()
   }
 
-  // FIXME: integer arithmetic
   fixedCost := t.Cfg.Section("taldir-" + 
vars["method"]).Key("challenge_fee").MustString("KUDOS:0")
   sliceDuration := time.Duration(validation.Duration * 1000)
   cost, err := util.CalculateCost(t.MonthlyFee,
@@ -509,7 +511,13 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r 
*http.Request){
     w.WriteHeader(500)
     return
   }
-
+  // Some validation methods are costly
+  // Require explicit whitelisting for a resend.
+  if validation.ChallengeSent &&
+     !t.Cfg.Section("taldir-" + 
vars["method"]).Key("allow_resend").MustBool(false) {
+    w.WriteHeader(202)
+    return
+  }
   if !t.Cfg.Section("taldir-" + vars["method"]).HasKey("command") {
     log.Fatal(err)
     t.Db.Delete(&validation)
@@ -531,6 +539,7 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r 
*http.Request){
     w.WriteHeader(500)
     return
   }
+  validation.ChallengeSent = true
   w.WriteHeader(202)
 }
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]