taler-merchant-httpd_delete-private-token.c (4009B)
1 /* 2 This file is part of GNU Taler 3 (C) 2023 Taler Systems SA 4 5 GNU Taler is free software; you can redistribute it and/or modify 6 it under the terms of the GNU Affero General Public License as 7 published by the Free Software Foundation; either version 3, 8 or (at your option) any later version. 9 10 GNU Taler is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public 16 License along with TALER; see the file COPYING. If not, 17 see <http://www.gnu.org/licenses/> 18 */ 19 20 /** 21 * @file src/backend/taler-merchant-httpd_delete-private-token.c 22 * @brief implementing DELETE /instances/$ID/token request handling 23 * @author Christian Grothoff 24 */ 25 #include "platform.h" 26 #include "taler-merchant-httpd_delete-private-token.h" 27 #include "taler-merchant-httpd_helper.h" 28 #include <taler/taler_json_lib.h> 29 #include "merchant-database/delete_login_token.h" 30 31 32 enum MHD_Result 33 TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh, 34 struct MHD_Connection *connection, 35 struct TMH_HandlerContext *hc) 36 { 37 const char *bearer = "Bearer "; 38 struct TMH_MerchantInstance *mi = hc->instance; 39 const char *tok; 40 struct TALER_MERCHANTDB_LoginTokenP btoken; 41 enum GNUNET_DB_QueryStatus qs; 42 43 tok = MHD_lookup_connection_value (connection, 44 MHD_HEADER_KIND, 45 MHD_HTTP_HEADER_AUTHORIZATION); 46 /* This was presumably checked before... */ 47 if (0 != 48 strncmp (tok, 49 bearer, 50 strlen (bearer))) 51 { 52 GNUNET_break_op (0); 53 return TALER_MHD_reply_with_ec (connection, 54 TALER_EC_GENERIC_PARAMETER_MALFORMED, 55 "login token (in 'Authorization' header)"); 56 } 57 tok += strlen (bearer); 58 while (' ' == *tok) 59 tok++; 60 if (0 != strncasecmp (tok, 61 RFC_8959_PREFIX, 62 strlen (RFC_8959_PREFIX))) 63 { 64 GNUNET_break_op (0); 65 return TALER_MHD_reply_with_ec (connection, 66 TALER_EC_GENERIC_PARAMETER_MALFORMED, 67 "login token (in 'Authorization' header)"); 68 } 69 tok += strlen (RFC_8959_PREFIX); 70 71 if (GNUNET_OK != 72 GNUNET_STRINGS_string_to_data (tok, 73 strlen (tok), 74 &btoken, 75 sizeof (btoken))) 76 { 77 GNUNET_break_op (0); 78 return TALER_MHD_reply_with_ec (connection, 79 TALER_EC_GENERIC_PARAMETER_MALFORMED, 80 "login token (in 'Authorization' header)"); 81 } 82 qs = TALER_MERCHANTDB_delete_login_token (TMH_db, 83 mi->settings.id, 84 &btoken); 85 switch (qs) 86 { 87 case GNUNET_DB_STATUS_HARD_ERROR: 88 case GNUNET_DB_STATUS_SOFT_ERROR: 89 GNUNET_break (0); 90 return TALER_MHD_reply_with_ec (connection, 91 TALER_EC_GENERIC_DB_STORE_FAILED, 92 "delete_login_token"); 93 case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: 94 /* No 404, as the login token must have existed 95 when we got the request as it was accepted as 96 valid. So we can only get here due to concurrent 97 modification, and then the client should still 98 simply see the success. Hence, fall-through! */ 99 case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: 100 return TALER_MHD_reply_static (connection, 101 MHD_HTTP_NO_CONTENT, 102 NULL, 103 NULL, 104 0); 105 } 106 GNUNET_break (0); 107 return MHD_NO; 108 }