taler-merchant-httpd_delete-private-token.c (4043B)
1 /* 2 This file is part of GNU Taler 3 (C) 2023 Taler Systems SA 4 5 GNU Taler is free software; you can redistribute it and/or modify 6 it under the terms of the GNU Affero General Public License as 7 published by the Free Software Foundation; either version 3, 8 or (at your option) any later version. 9 10 GNU Taler is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public 16 License along with TALER; see the file COPYING. If not, 17 see <http://www.gnu.org/licenses/> 18 */ 19 20 /** 21 * @file src/backend/taler-merchant-httpd_delete-private-token.c 22 * @brief implementing DELETE /instances/$ID/token request handling 23 * @author Christian Grothoff 24 */ 25 #include "platform.h" 26 #include "taler-merchant-httpd_delete-private-token.h" 27 #include "taler-merchant-httpd_helper.h" 28 #include <taler/taler_json_lib.h> 29 #include "merchant-database/delete_login_token.h" 30 31 32 enum MHD_Result 33 TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh, 34 struct MHD_Connection *connection, 35 struct TMH_HandlerContext *hc) 36 { 37 const char *bearer = "Bearer "; 38 struct TMH_MerchantInstance *mi = hc->instance; 39 const char *tok; 40 struct TALER_MERCHANTDB_LoginTokenP btoken; 41 enum GNUNET_DB_QueryStatus qs; 42 43 tok = MHD_lookup_connection_value (connection, 44 MHD_HEADER_KIND, 45 MHD_HTTP_HEADER_AUTHORIZATION); 46 /* This was presumably checked before... */ 47 if ( (NULL == tok) || 48 (0 != 49 strncmp (tok, 50 bearer, 51 strlen (bearer))) ) 52 { 53 GNUNET_break_op (0); 54 return TALER_MHD_reply_with_ec (connection, 55 TALER_EC_GENERIC_PARAMETER_MALFORMED, 56 "login token (in 'Authorization' header)"); 57 } 58 tok += strlen (bearer); 59 while (' ' == *tok) 60 tok++; 61 if (0 != strncasecmp (tok, 62 RFC_8959_PREFIX, 63 strlen (RFC_8959_PREFIX))) 64 { 65 GNUNET_break_op (0); 66 return TALER_MHD_reply_with_ec (connection, 67 TALER_EC_GENERIC_PARAMETER_MALFORMED, 68 "login token (in 'Authorization' header)"); 69 } 70 tok += strlen (RFC_8959_PREFIX); 71 72 if (GNUNET_OK != 73 GNUNET_STRINGS_string_to_data (tok, 74 strlen (tok), 75 &btoken, 76 sizeof (btoken))) 77 { 78 GNUNET_break_op (0); 79 return TALER_MHD_reply_with_ec (connection, 80 TALER_EC_GENERIC_PARAMETER_MALFORMED, 81 "login token (in 'Authorization' header)"); 82 } 83 qs = TALER_MERCHANTDB_delete_login_token (TMH_db, 84 mi->settings.id, 85 &btoken); 86 switch (qs) 87 { 88 case GNUNET_DB_STATUS_HARD_ERROR: 89 case GNUNET_DB_STATUS_SOFT_ERROR: 90 GNUNET_break (0); 91 return TALER_MHD_reply_with_ec (connection, 92 TALER_EC_GENERIC_DB_STORE_FAILED, 93 "delete_login_token"); 94 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 95 /* No 404, as the login token must have existed 96 when we got the request as it was accepted as 97 valid. So we can only get here due to concurrent 98 modification, and then the client should still 99 simply see the success. Hence, fall-through! */ 100 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 101 return TALER_MHD_reply_static (connection, 102 MHD_HTTP_NO_CONTENT, 103 NULL, 104 NULL, 105 0); 106 } 107 GNUNET_break (0); 108 return MHD_NO; 109 }