View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005930Talermerchant backendpublic2019-10-16 15:462021-09-02 18:23
ReporterFlorian Dold Assigned ToChristian Grothoff  
PrioritylowSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.8Fixed in Version0.8 
Summary0005930: control of instances over contract terms should be restricted
DescriptionCurrently, instance A can "pretend" to be instance B, by supplying the information of B in the contract terms.

Unless *explicitly* configured, an instance should not be able to set certain fields of the contract terms, such as the merchant field. This field should be taken from the instance configuration instead.
TagsNo tags attached.

Activities

Christian Grothoff

2020-04-13 21:32

manager   ~0015640

Is there a reason why you say this should be allowable by configuration? I'd simply 400 bad request such orders, unless you have a very good reason to allow it.

Christian Grothoff

2020-07-06 10:58

manager   ~0016387

Fixed in d37e16a..85a0221: require 'merchant' field to be provided by backend only.
We already force the merchant_pub being set by the backend.

Christian Grothoff

2021-09-02 18:23

manager   ~0018377

Fix committed to master branch.

Related Changesets

merchant: master 85a02216

2020-07-06 12:52

Christian Grothoff


Details Diff		 fix 0005930 Affected Issues
0005930
mod - src/backend/taler-merchant-httpd_private-post-orders.c Diff File

Issue History

Date Modified Username Field Change
2019-10-16 15:46 Florian Dold New Issue
2019-10-16 15:46 Florian Dold Status new => assigned
2019-10-16 15:46 Florian Dold Assigned To => Marcello Stanisci
2020-04-13 02:39 Christian Grothoff Assigned To Marcello Stanisci => Christian Grothoff
2020-04-13 21:32 Christian Grothoff Note Added: 0015640
2020-04-13 21:33 Christian Grothoff Target Version 0.7.1 => 0.8
2020-07-06 10:58 Christian Grothoff Note Added: 0016387
2020-07-06 10:58 Christian Grothoff Status assigned => resolved
2020-07-06 10:58 Christian Grothoff Resolution open => fixed
2020-07-06 10:58 Christian Grothoff Fixed in Version => 0.8
2021-08-24 16:23 Christian Grothoff Status resolved => closed
2021-09-02 18:22 Christian Grothoff Changeset attached => Taler-merchant master 85a02216
2021-09-02 18:23 Christian Grothoff Note Added: 0018377
2025-03-22 14:09 Christian Grothoff Category mechant backend => merchant backend