View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010765 | Taler | merchant backend | public | 2025-12-11 18:09 | 2025-12-21 21:46 |
| Reporter | sebasjm | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.1 | ||||
| Target Version | 1.3 | Fixed in Version | 1.3 | ||
| Summary | 0010765: backend refuses to delete an instance without the owner permission | ||||
| Description | create an instance with self provision logout and login as an admin try to delete the instance expected: instance gets deleted current: it ask for email/sms verification i think this is a major problem because it would mean that the only way i can claim my disk space again is by going directly to the db | ||||
| Tags | No tags attached. | ||||
|
|
Major: no. but should be fixed. |
|
|
Eh, quick question: is it asking for the admin's 2FA, or for the instance 2-FA? I think if it asked for the admin's 2-FA credentials, this might be totally OK! |
|
|
I tested again. Starting from scratch, clean db and config [merchant] MANDATORY_TAN_CHANNELS = email created the admin instrance without email created and deleted an instance with name "qwe", didn't required email and didn't asked for MFA (which is ok) finally I created an instance with name "asd" and email "asd@asd.com" with self provision and proceeded to delete upon deletion the admin was asked solve MFA $ curl 'http://merchant.taler.test/management/instances/asd?purge=NO' -X 'DELETE' { "combi_and": false, "challenges": [ { "tan_info": "asd", "tan_channel": "email", "challenge_id": "9-GYEF8A3KSQWK5PC1PKB6KYSWM1BZE92N6CHZJ2BXFDG2C0QJQ940" } ] } |
|
|
And the my TAN scripts logs the email that was used. 2025/12/15_15:22:56 asd@asd.com "96504243\nTaler-Merchant:\ncreate new instance" 2025/12/15_15:23:52 asd@asd.com "62580310\nTaler-Merchant:\ndelete instance" Also the admin instance didn't have email |
|
|
c3d51301..fe526b04 changes the code to NOT require MFA if the admin is deleting the instance. fe526b04..c5b1ec72 makes the same change if the admin is patching an instance. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-12-11 18:09 | sebasjm | New Issue | |
| 2025-12-11 18:09 | sebasjm | Status | new => assigned |
| 2025-12-11 18:09 | sebasjm | Assigned To | => Christian Grothoff |
| 2025-12-11 20:53 | Christian Grothoff | Note Added: 0026890 | |
| 2025-12-11 20:54 | Christian Grothoff | Severity | major => minor |
| 2025-12-11 20:54 | Christian Grothoff | Product Version | => 1.1 |
| 2025-12-11 20:54 | Christian Grothoff | Target Version | => 1.5 |
| 2025-12-12 21:12 | Christian Grothoff | Note Added: 0026943 | |
| 2025-12-12 21:13 | Christian Grothoff | Assigned To | Christian Grothoff => sebasjm |
| 2025-12-12 21:13 | Christian Grothoff | Status | assigned => feedback |
| 2025-12-15 19:31 | sebasjm | Note Added: 0026994 | |
| 2025-12-15 19:34 | sebasjm | Note Added: 0026995 | |
| 2025-12-15 19:34 | sebasjm | Assigned To | sebasjm => Christian Grothoff |
| 2025-12-15 19:34 | sebasjm | Status | feedback => confirmed |
| 2025-12-19 20:04 | Christian Grothoff | Status | confirmed => assigned |
| 2025-12-21 20:25 | Christian Grothoff | Status | assigned => resolved |
| 2025-12-21 20:25 | Christian Grothoff | Resolution | open => fixed |
| 2025-12-21 20:25 | Christian Grothoff | Fixed in Version | => 1.3 |
| 2025-12-21 20:25 | Christian Grothoff | Note Added: 0027163 | |
| 2025-12-21 20:26 | Christian Grothoff | Target Version | 1.5 => 1.3 |
| 2025-12-21 21:46 | Christian Grothoff | Status | resolved => closed |
