[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libeufin] branch master updated: Addressing #6633.
From: |
gnunet |
Subject: |
[libeufin] branch master updated: Addressing #6633. |
Date: |
Sun, 15 Jan 2023 18:46:42 +0100 |
This is an automated email from the git hooks/post-receive script.
ms pushed a commit to branch master
in repository libeufin.
The following commit(s) were added to refs/heads/master by this push:
new fe4eaf34 Addressing #6633.
fe4eaf34 is described below
commit fe4eaf3416f8162419ba14c1f7956d0bc247b522
Author: MS <ms@taler.net>
AuthorDate: Sun Jan 15 18:36:30 2023 +0100
Addressing #6633.
Bringing the unauthenticated EBICS calls, for example
/send-ini, to expect superuser privileges. That
matches how the other calls under /bank-connections/$id
get also authenticated.
---
nexus/src/main/kotlin/tech/libeufin/nexus/Anastasis.kt | 4 +---
.../kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt | 7 ++++++-
.../kotlin/tech/libeufin/nexus/server/NexusServer.kt | 18 ++----------------
3 files changed, 9 insertions(+), 20 deletions(-)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Anastasis.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/Anastasis.kt
index 4a6f75c1..f1c5114d 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Anastasis.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Anastasis.kt
@@ -63,9 +63,7 @@ fun anastasisFilter(payment: NexusBankTransactionEntity,
txDtls: TransactionDeta
}
}
-/**
- * Handle a /taler-wire-gateway/history/incoming request.
- */
+// Handle a /taler-wire-gateway/history/incoming request.
private suspend fun historyIncoming(call: ApplicationCall) {
val facadeId = expectNonNull(call.parameters["fcid"])
call.request.requirePermission(PermissionQuery("facade", facadeId,
"facade.anastasis.history"))
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
index 36f28f9c..45240e31 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
@@ -205,6 +205,7 @@ fun Route.ebicsBankProtocolRoutes(client: HttpClient) {
fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
post("/send-ini") {
+ requireSuperuser(call.request)
val subscriber = transaction {
val conn = requireBankConnection(call, "connid")
if (conn.type != "ebics") {
@@ -220,6 +221,7 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
}
post("/send-hia") {
+ requireSuperuser(call.request)
val subscriber = transaction {
val conn = requireBankConnection(call, "connid")
if (conn.type != "ebics") {
@@ -232,6 +234,7 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
}
post("/send-hev") {
+ requireSuperuser(call.request)
val subscriber = transaction {
val conn = requireBankConnection(call, "connid")
if (conn.type != "ebics") {
@@ -244,6 +247,7 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
}
post("/send-hpb") {
+ requireSuperuser(call.request)
val subscriberDetails = transaction {
val conn = requireBankConnection(call, "connid")
if (conn.type != "ebics") {
@@ -264,8 +268,8 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
// Directly import accounts. Used for testing.
post("/import-accounts") {
+ requireSuperuser(call.request)
val subscriberDetails = transaction {
- authenticateRequest(call.request)
val conn = requireBankConnection(call, "connid")
if (conn.type != "ebics") {
throw NexusError(HttpStatusCode.BadRequest, "bank connection
is not of type 'ebics'")
@@ -313,6 +317,7 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
}
post("/download/{msgtype}") {
+ requireSuperuser(call.request)
val orderType =
requireNotNull(call.parameters["msgtype"]).uppercase(Locale.ROOT)
if (orderType.length != 3) {
throw NexusError(HttpStatusCode.BadRequest, "ebics order type must
be three characters")
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
index 7dceecc5..288dabf7 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
@@ -359,10 +359,10 @@ val nexusApp: Application.() -> Unit = {
// Add a new ordinary user in the system (requires superuser
privileges)
post("/users") {
+ requireSuperuser(call.request)
val body = call.receive<CreateUserRequest>()
val requestedUsername = requireValidResourceName(body.username)
transaction {
- requireSuperuser(call.request)
// check if username is available
val checkUsername = NexusUserEntity.find {
NexusUsersTable.username eq requestedUsername
@@ -400,10 +400,9 @@ val nexusApp: Application.() -> Unit = {
// Shows the bank accounts belonging to the requesting user.
get("/bank-accounts") {
+ requireSuperuser(call.request)
val bankAccounts = BankAccounts()
transaction {
- authenticateRequest(call.request)
- // FIXME(dold): Only return accounts the user has at least
read access to?
NexusBankAccountEntity.all().forEach {
bankAccounts.accounts.add(
BankAccount(
@@ -458,7 +457,6 @@ val nexusApp: Application.() -> Unit = {
val schedSpec = call.receive<CreateAccountTaskRequest>()
val accountId = ensureNonNull(call.parameters["accountId"])
transaction {
- authenticateRequest(call.request)
NexusBankAccountEntity.findByName(accountId)
?: throw NexusError(HttpStatusCode.NotFound, "unknown bank
account")
try {
@@ -577,9 +575,6 @@ val nexusApp: Application.() -> Unit = {
post("/bank-accounts/{accountid}/payment-initiations/{uuid}/submit") {
requireSuperuser(call.request)
val uuid = ensureLong(call.parameters["uuid"])
- transaction {
- authenticateRequest(call.request)
- }
submitPaymentInitiation(client, uuid)
call.respondText("Payment $uuid submitted")
return@post
@@ -588,9 +583,6 @@ val nexusApp: Application.() -> Unit = {
post("/bank-accounts/{accountid}/submit-all-payment-initiations") {
requireSuperuser(call.request)
val accountId = ensureNonNull(call.parameters["accountid"])
- transaction {
- authenticateRequest(call.request)
- }
submitAllPaymentInitiations(client, accountId)
call.respond(object {})
return@post
@@ -676,7 +668,6 @@ val nexusApp: Application.() -> Unit = {
throw NexusError(HttpStatusCode.BadRequest, "invalid BIC
(${body.bic})")
}
val res = transaction {
- authenticateRequest(call.request)
val bankAccount = NexusBankAccountEntity.findByName(accountId)
if (bankAccount == null) {
throw NexusError(HttpStatusCode.NotFound, "unknown bank
account ($accountId)")
@@ -733,7 +724,6 @@ val nexusApp: Application.() -> Unit = {
val bankAccountId = expectNonNull(call.parameters["accountid"])
val ret = Transactions()
transaction {
- authenticateRequest(call.request)
val bankAccount =
NexusBankAccountEntity.findByName(bankAccountId)
if (bankAccount == null) {
throw NexusError(HttpStatusCode.NotFound, "unknown bank
account")
@@ -823,7 +813,6 @@ val nexusApp: Application.() -> Unit = {
post("/bank-connections/{connectionName}/export-backup") {
requireSuperuser(call.request)
- transaction { authenticateRequest(call.request) }
val body = call.receive<BackupRequestJson>()
val response = run {
val conn = requireBankConnection(call, "connectionName")
@@ -839,7 +828,6 @@ val nexusApp: Application.() -> Unit = {
post("/bank-connections/{connectionName}/connect") {
requireSuperuser(call.request)
val conn = transaction {
- authenticateRequest(call.request)
requireBankConnection(call, "connectionName")
}
val plugin = getConnectionPlugin(conn.type)
@@ -850,7 +838,6 @@ val nexusApp: Application.() -> Unit = {
get("/bank-connections/{connectionName}/keyletter") {
requireSuperuser(call.request)
val conn = transaction {
- authenticateRequest(call.request)
requireBankConnection(call, "connectionName")
}
val pdfBytes =
getConnectionPlugin(conn.type).exportAnalogDetails(conn)
@@ -1001,7 +988,6 @@ val nexusApp: Application.() -> Unit = {
post("/fetch-accounts") {
requireSuperuser(call.request)
val conn = transaction {
- authenticateRequest(call.request)
requireBankConnection(call, "connid")
}
getConnectionPlugin(conn.type).fetchAccounts(client,
conn.connectionId)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [libeufin] branch master updated: Addressing #6633.,
gnunet <=