[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-taldir] branch master updated: prevent automatic unlimited resend
From: |
gnunet |
Subject: |
[taler-taldir] branch master updated: prevent automatic unlimited resend |
Date: |
Sun, 17 Jul 2022 22:34:55 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository taldir.
The following commit(s) were added to refs/heads/master by this push:
new e9c5cc5 prevent automatic unlimited resend
e9c5cc5 is described below
commit e9c5cc54d9cfe3c97fa3c96aa296d2d27998f25b
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Jul 17 22:34:51 2022 +0200
prevent automatic unlimited resend
---
config/taldir-example.conf | 3 +++
pkg/rest/taldir.go | 13 +++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/config/taldir-example.conf b/config/taldir-example.conf
index 50be797..6bb8b47 100644
--- a/config/taldir-example.conf
+++ b/config/taldir-example.conf
@@ -24,15 +24,18 @@ validation_expiration = 24h
sender = "taldir@taler.net"
challenge_fee = KUDOS:0.5
command = validate_email.sh
+allow_resend = true
[taldir-phone]
challenge_fee = KUDOS:5
requires_payment = true
command = validate_phone.sh
+allow_resend = false
[taldir-twitter]
challenge_fee = KUDOS:2
command = taldir-validate-twitter
+allow_resend = true
[taldir-pq]
host = "localhost"
diff --git a/pkg/rest/taldir.go b/pkg/rest/taldir.go
index 9f18f34..5ede30f 100644
--- a/pkg/rest/taldir.go
+++ b/pkg/rest/taldir.go
@@ -197,6 +197,9 @@ type validation struct {
// The activation code sent to the client
Challenge string `json:"-"`
+ // The challenge has been sent already
+ ChallengeSent bool `json:"-"`
+
// Public key of the user to register
PublicKey string `json:"public_key"`
@@ -458,7 +461,6 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r
*http.Request){
validation.Duration = reqDuration.Microseconds()
}
- // FIXME: integer arithmetic
fixedCost := t.Cfg.Section("taldir-" +
vars["method"]).Key("challenge_fee").MustString("KUDOS:0")
sliceDuration := time.Duration(validation.Duration * 1000)
cost, err := util.CalculateCost(t.MonthlyFee,
@@ -509,7 +511,13 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r
*http.Request){
w.WriteHeader(500)
return
}
-
+ // Some validation methods are costly
+ // Require explicit whitelisting for a resend.
+ if validation.ChallengeSent &&
+ !t.Cfg.Section("taldir-" +
vars["method"]).Key("allow_resend").MustBool(false) {
+ w.WriteHeader(202)
+ return
+ }
if !t.Cfg.Section("taldir-" + vars["method"]).HasKey("command") {
log.Fatal(err)
t.Db.Delete(&validation)
@@ -531,6 +539,7 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r
*http.Request){
w.WriteHeader(500)
return
}
+ validation.ChallengeSent = true
w.WriteHeader(202)
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-taldir] branch master updated: prevent automatic unlimited resend,
gnunet <=