[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: S
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: Security checks in python example. The frontend must generate and save in the state the order_id, because it needs at /pay time to check if it matches the one mentioned in the deposit permission. |
Date: |
Mon, 27 Mar 2017 17:11:55 +0200 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository merchant-frontend-examples.
The following commit(s) were added to refs/heads/master by this push:
new 3c196d9 Security checks in python example. The frontend must generate
and save in the state the order_id, because it needs at /pay time to check if
it matches the one mentioned in the deposit permission.
3c196d9 is described below
commit 3c196d954431c4287852dac18443e2c552137e4a
Author: Marcello Stanisci <address@hidden>
AuthorDate: Mon Mar 27 17:06:18 2017 +0200
Security checks in python example. The frontend must generate
and save in the state the order_id, because it needs at /pay
time to check if it matches the one mentioned in the deposit
permission.
Without this check, a malicious wallet can use a old deposit
permission to get illimitate products.
The fulfillment URL schema also changed, as it needs a "salty/noncy"
value in it. It used to be always "base_url/fulfillment", for *any*
purchase,
so the wallet erroneously picked the first deposit permission associated
with that fulfillment URL and attempted the payment.
Now it looks like "base_url/fulfillment?order_id=<order_id>".
---
python/example/example.py | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/python/example/example.py b/python/example/example.py
index df6b038..e151e42 100644
--- a/python/example/example.py
+++ b/python/example/example.py
@@ -6,6 +6,7 @@ import base64
import os
import logging
import json
+from random import randint
app = flask.Flask(__name__)
@@ -15,7 +16,7 @@ logger = logging.getLogger(__name__)
CURRENCY = "PUDOS"
BACKEND_URL = "http://backend.test.taler.net/"
-def make_url(page, *query_params):
+def make_url(page, query_params=dict()):
"""
Return a URL to a page in the current Flask application with the given
query parameters (sequence of key/value pairs).
@@ -47,7 +48,9 @@ def donate():
def generate_proposal():
DONATION = amount.string_to_amount("0.1:%s" % CURRENCY)
MAX_FEE = amount.string_to_amount("0.05:%s" % CURRENCY)
+ ORDER_ID = str(randint(0, 999999))
order = dict(
+ order_id = ORDER_ID,
nonce=flask.request.args.get("nonce"),
amount=DONATION,
max_fee=MAX_FEE,
@@ -59,7 +62,7 @@ def generate_proposal():
price=DONATION,
),
],
- fulfillment_url=make_url("/fulfillment"),
+ fulfillment_url=make_url("/fulfillment",
query_params=dict(order_id=ORDER_ID)),
pay_url=make_url("/pay"),
merchant=dict(
instance="tutorial",
@@ -76,6 +79,7 @@ def generate_proposal():
logger.error("failed to POST to '%s'", url)
return r.text, r.status_code
proposal_resp = r.json()
+ flask.session["order_id"] = ORDER_ID
return flask.jsonify(**proposal_resp)
@@ -99,7 +103,10 @@ def pay():
if deposit_permission is None:
e = flask.jsonify(error="no json in body")
return e, 400
-
+ if (flask.session["order_id"] != deposit_permission["order_id"]):
+ e = flask.jsonify(error="Attempting to pay a product different \
+ from the ordered one (%s != %s)" % (flask.session["order_id"],
deposit_permission["order_id"]))
+ return e, 406
r = requests.post(urljoin(BACKEND_URL, 'pay'), json=deposit_permission)
if 200 != r.status_code:
return r.text, r.status_code
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: Security checks in python example. The frontend must generate and save in the state the order_id, because it needs at /pay time to check if it matches the one mentioned in the deposit permission.,
gnunet <=