fix(transaction): check identifier before saving

* the check now tries to fetch all transactions with a given identifier from a tenant before proceeding Closes: #62
teamhanko · May 16, 2024 · 6f704d6 · 6f704d6
1 parent 28db130
commit 6f704d6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/server/api/services/transaction_service.go b/server/api/services/transaction_service.go
@@ -62,11 +62,15 @@ func (ts *transactionService) Initialize(userId string, transaction *models.Tran
 		return nil, echo.NewHTTPError(http.StatusNotFound, "unable to find user")
 	}
 
-	for _, storedTransaction := range webauthnUser.Transactions {
-		if storedTransaction.Identifier == transaction.Identifier {
-			ts.logger.Error("transaction already exists")
-			return nil, echo.NewHTTPError(http.StatusConflict, "transaction already exists")
-		}
+	foundTransaction, err := ts.transactionPersister.GetByIdentifier(transaction.Identifier, ts.tenant.ID)
+	if err != nil {
+		ts.logger.Error(err)
+		return nil, echo.NewHTTPError(http.StatusInternalServerError, "unable to search for transaction")
+	}
+
+	if foundTransaction != nil {
+		ts.logger.Error("transaction already exists")
+		return nil, echo.NewHTTPError(http.StatusConflict, "transaction already exists")
 	}
 
 	// check for better error handling as BeginLogin can throw a BadRequestError AND normal errors (but same type)

diff --git a/server/persistence/persisters/transaction_persister.go b/server/persistence/persisters/transaction_persister.go
@@ -12,6 +12,7 @@ import (
 
 type TransactionPersister interface {
 	Create(transaction *models.Transaction) error
+	GetByIdentifier(identifier string, tenantID uuid.UUID) (*models.Transactions, error)
 	ListByUserId(userId uuid.UUID, tenantId uuid.UUID) (*models.Transactions, error)
 	GetByUserId(userId uuid.UUID, tenantId uuid.UUID) (*models.Transaction, error)
 	GetByChallenge(challenge string, tenantId uuid.UUID) (*models.Transaction, error)
@@ -65,6 +66,19 @@ func (p *transactionPersister) ListByUserId(userId uuid.UUID, tenantId uuid.UUID
 	return &transactions, nil
 }
 
+func (p *transactionPersister) GetByIdentifier(identifier string, tenantId uuid.UUID) (*models.Transactions, error) {
+	transactions := models.Transactions{}
+	err := p.database.Eager().Where("identifier = ? AND tenant_id = ?", identifier, tenantId).All(&transactions)
+	if err != nil && errors.Is(err, sql.ErrNoRows) {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, fmt.Errorf("failed to list transactions by user id: %w", err)
+	}
+
+	return &transactions, nil
+}
+
 func (p *transactionPersister) GetByChallenge(challenge string, tenantId uuid.UUID) (*models.Transaction, error) {
 	transaction := models.Transaction{}
 	err := p.database.Eager().Where("challenge = ? AND tenant_id = ?", challenge, tenantId).First(&transaction)