View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005508 | Taler | mechant backend | public | 2019-01-19 00:14 | 2019-12-20 19:12 |
Reporter | davidak | Assigned To | Marcello Stanisci | ||
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 0.5 | ||||
Target Version | 0.6 | Fixed in Version | 0.6 | ||
Summary | 0005508: You did not pay for this article (nice try!) | ||||
Description | I clicked to buy the chapter "16. Words to Avoid (or Use with Care) Because They Are Loaded or Confusing" from your store, but got an error. {'refund_amount': 'KUDOS:0', 'last_session_id': 'eaecc1fe-0eda-42fe-a2d7-f91b802351a0', 'contract_terms': {'nonce': 'W6RQXXSQHGSNTN5H73HZ2ES5ACMSATF1DNNNJQH1D7RTS5FWQ6PG', 'wire_method': 'test', 'auditors': [], 'extra': {'article_name': '16._Words_to_Avoid_(or_Use_with_Care)\n__\n___Because\xa0They\xa0Are\xa0Loaded\xa0or\xa0Confusing'}, 'H_wire': '8G3FVPX2JEMRMA20NCPZEMK9TYARNYR1C5NZAEDSGXKRQCBSR1Q68AAKDDDX1RPSDPAV7A1S67BXZQ1YEHKAXP2KCZRYPAVHDSQ2RK8', 'pay_deadline': '/Date(1547937301)/', 'wire_fee_amortization': 1, 'max_wire_fee': 'KUDOS:0.01', 'summary': 'Essay: 16. Words to Avoid (or Use with Care)\n \n Because\xa0They\xa0Are\xa0Loaded\xa0or\xa0Confusing', 'order_id': '2019.018.23.35.01-010FSSV443Z76', 'merchant': {'name': 'Free Software Foundation', 'instance': 'FSF', 'address': '_ma', 'jurisdiction': '_mj'}, 'refund_deadline': '/Date(0)/', 'locations': {'_mj': {}, '_ma': {'street': '51 Franklin Street, Fifth Floor.', 'country': 'USA', 'city': 'Boston'}}, 'products': [], 'fulfillment_url': 'https://shop.demo.taler.net/essay/16._Words_to_Avoid_(or_Use_with_Care)\n__\n___Because\xa0They\xa0Are\xa0Loaded\xa0or\xa0Confusing', 'pay_url': 'https://backend.demo.taler.net/public/pay', 'timestamp': '/Date(1547850901)/', 'merchant_pub': 'GAXSQ2TDYFB5TTSAFCGZJWTPA27Y2029W1ZNX9N5FYT5H1V7FY50', 'max_fee': 'KUDOS:0.05', 'exchanges': [{'master_pub': 'FH1Y8ZMHCTPQ0YFSZECDH8C9407JR3YN0MF1706PTG24Q4NEWGV0', 'url': 'https://exchange.demo.taler.net/'}], 'amount': 'KUDOS:0.5'}, 'paid': True, 'refunded': False} The money was already spent from my wallet, but i didn't get the product. PLEASE REFUND ASAP! Later i found out that the product is available for free at gnu.org and this whole system is a huge scam! | ||||
Steps To Reproduce | 1. open https://shop.demo.taler.net/ 2. click to buy chapter 16. https://shop.demo.taler.net/essay/16._Words_to_Avoid_%28or_Use_with_Care%29%0A__%0A___Because%C2%A0They%C2%A0Are%C2%A0Loaded%C2%A0or%C2%A0Confusing 3. "Confirm payment" 4. "An Error Occurred" 5. the money is spent anyway | ||||
Additional Information | https://goblinrefuge.com/mediagoblin/u/davidak/m/bug-in-gnu-taler/ (you don't actually have to refund. i get it back from survey demo :P) | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
|
Very interesting. I could reproduce it, and the issue seems to be specific to this article: I could buy others without any problems at the same time! |
|
Also interesting: the backend's response says: "paid: true", so somehow the *frontend* is likely to blame here. |
|
Yes, i also can reproduce it just with that one article. |
|
The guilty statement must be this one (from blog.py @ blog.git): if pay_status["contract_terms"]["extra"]["article_name"] != article_name: err_abort(402, message="You did not pay for this article (nice try!)", json=pay_status) If you notice, the article number 16 is the *only one* that has parentheses in the name, so in some way the left value has them URL-encoded, and the right has UTF-8, or viceversa. The fix should be to force both left and right to use the same encoding. |
|
Yes, I noticed that as well and was wondering about it. So yes, please make sure to escape in both cases. Maybe even push as a hotfix to stable? |
|
Hofixed in c27a91f. This time the problem was that in-contract and in-URL article names had _different_characters, no matter how you escape it. And so the test failed always. This happened because the HTML had NEWLINEs (!) in the article name, whereas the article link ended up - somehow - to not having those newlines anymore (maybe some browser manipulation / linting...). The fix just made the article name "normal" by removing the newlines characters. |
Date Modified | Username | Field | Change |
---|---|---|---|
2019-01-19 00:14 | davidak | New Issue | |
2019-01-19 00:14 | davidak | Status | new => assigned |
2019-01-19 00:14 | davidak | Assigned To | => Marcello Stanisci |
2019-01-19 00:14 | davidak | File Added: Screenshot from 2019-01-18 23-53-38.png | |
2019-01-31 19:19 | Christian Grothoff | Note Added: 0013541 | |
2019-01-31 19:29 | Christian Grothoff | Priority | high => urgent |
2019-01-31 19:29 | Christian Grothoff | Product Version | => 0.5 |
2019-01-31 19:29 | Christian Grothoff | Target Version | => 0.6 |
2019-01-31 19:31 | Christian Grothoff | Note Added: 0013542 | |
2019-01-31 20:47 | davidak | Note Added: 0013547 | |
2019-01-31 21:25 | Marcello Stanisci | Note Added: 0013548 | |
2019-01-31 21:26 | Marcello Stanisci | Note Edited: 0013548 | |
2019-01-31 22:52 | Christian Grothoff | Note Added: 0013549 | |
2019-02-01 14:33 | Marcello Stanisci | Note Added: 0013552 | |
2019-02-01 14:33 | Marcello Stanisci | Status | assigned => resolved |
2019-02-01 14:33 | Marcello Stanisci | Resolution | open => fixed |
2019-02-12 23:18 | Christian Grothoff | Fixed in Version | => 0.6 |
2019-12-20 19:12 | Christian Grothoff | Status | resolved => closed |