View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010456 | Taler | donau | public | 2025-09-25 15:45 | 2025-09-26 15:38 |
| Reporter | Florian Dold | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 1.0 | ||||
| Target Version | 1.1 | Fixed in Version | 1.1 | ||
| Summary | 0010456: enabling donau auth breaks merchant donau setup | ||||
| Description | When enabling authentication in the donau service ([donau]/ADMIN_BEARER_TOKEN), the merchant is not able to contact the donau anymore. Seems like the merchant gets an HTTP 403 response from the donau. How is auth between merchant and donau even supposed to work? I can't imagine it should require the admin auth token, as that's to create charities, not to request information about the charity as the merchant. But then we might not want the charity info to be public, so maybe the donau should require *either* the admin token *or* a signature made by the charity_pub. | ||||
| Tags | No tags attached. | ||||
|
|
The bearer token is only supposed to apply for the CRUD API to configure charities (by a future DONAU-SPA, for example), but never by the merchant. The merchant has the instance private key and signs its request with that, that's the only thing that should be needed here. |
|
|
Ah, it seems we had another case of students hashing over pointers. Not sure how this _ever_ worked. Fixing... |
|
|
Ah, this was about GET /charities/$ID. Yeah, auth was borked there, fixing... |
|
|
Fix committed to master branch. |
|
|
Fixed in spec and implementations: use merchant_priv for access control to GET /charity/$ID. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-09-25 15:45 | Florian Dold | New Issue | |
| 2025-09-25 15:45 | Florian Dold | Status | new => assigned |
| 2025-09-25 15:45 | Florian Dold | Assigned To | => Christian Grothoff |
| 2025-09-26 14:29 | Christian Grothoff | Note Added: 0026029 | |
| 2025-09-26 14:36 | Christian Grothoff | Note Added: 0026030 | |
| 2025-09-26 15:07 | Christian Grothoff | Note Added: 0026031 | |
| 2025-09-26 15:37 | Christian Grothoff | Changeset attached | => merchant master 3a52aa07 |
| 2025-09-26 15:37 | Christian Grothoff | Note Added: 0026033 | |
| 2025-09-26 15:37 | Christian Grothoff | Status | assigned => resolved |
| 2025-09-26 15:37 | Christian Grothoff | Resolution | open => fixed |
| 2025-09-26 15:38 | Christian Grothoff | Fixed in Version | => 1.1 |
| 2025-09-26 15:38 | Christian Grothoff | Note Added: 0026034 | |
| 2025-09-26 15:38 | Christian Grothoff | Product Version | => 1.0 |
