[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: -do not allow scope upgrades whe
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: -do not allow scope upgrades when refreshing |
Date: |
Wed, 06 Sep 2023 21:29:58 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 5d24900f -do not allow scope upgrades when refreshing
5d24900f is described below
commit 5d24900f8bccd02ada1808bed373d5ac832f825d
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Wed Sep 6 21:29:55 2023 +0200
-do not allow scope upgrades when refreshing
---
.../taler-merchant-httpd_private-post-instances-ID-token.c | 8 ++++++++
src/backenddb/versioning.sql | 4 ----
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 28a521a4..839c68d1 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -91,6 +91,14 @@ TMH_private_post_instances_ID_token (const struct
TMH_RequestHandler *rh,
}
if (refreshable)
iscope |= TMH_AS_REFRESHABLE;
+ if (0 != (iscope & (~hc->auth_scope)))
+ {
+ /* more permissions requested for the new token, not allowed */
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_ec (connection,
+
TALER_EC_GENERIC_TOKEN_PERMISSION_INSUFFICIENT,
+ NULL);
+ }
qs = TMH_db->insert_login_token (TMH_db->cls,
mi->settings.id,
&btoken,
diff --git a/src/backenddb/versioning.sql b/src/backenddb/versioning.sql
index c7fa8121..444cf95e 100644
--- a/src/backenddb/versioning.sql
+++ b/src/backenddb/versioning.sql
@@ -146,10 +146,6 @@
BEGIN;
--- Added by Christian Grothoff to support concurrency, see
---
https://stackoverflow.com/questions/29900845/create-schema-if-not-exists-raises-duplicate-key-error?rq=4
-LOCK TABLE pg_catalog.pg_namespace;
-
-- This file adds versioning support to database it will be loaded to.
-- It requires that PL/pgSQL is already loaded - will raise exception
otherwise.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: -do not allow scope upgrades when refreshing,
gnunet <=