diff --git a/libs/wallet/provider/uphold/uphold.go b/libs/wallet/provider/uphold/uphold.go index 4ce3151b4..e32ecc2bd 100644 --- a/libs/wallet/provider/uphold/uphold.go +++ b/libs/wallet/provider/uphold/uphold.go @@ -58,8 +58,8 @@ const ( const ( // The Intermediate Certificates - sandboxFingerprint = "h+8wXc+BABb/V9q7PN5I8xVpTJCzmi2RDJR5nmml3Ac=" - prodFingerprint = "h+8wXc+BABb/V9q7PN5I8xVpTJCzmi2RDJR5nmml3Ac=" + sandboxFingerprint = "tl2IZaqu6xeE6iVuJmPIKsJW5N88W1nysF1WZE1THFs=" + prodFingerprint = "tl2IZaqu6xeE6iVuJmPIKsJW5N88W1nysF1WZE1THFs=" ) var ( diff --git a/services/skus/controllers.go b/services/skus/controllers.go index 20d628ea8..fd676407f 100644 --- a/services/skus/controllers.go +++ b/services/skus/controllers.go @@ -742,9 +742,6 @@ func deleteOrderCreds(service *Service) handlers.AppHandler { case errors.Is(err, model.ErrInvalidOrderNoItems): return handlers.WrapError(err, "order has no items", http.StatusBadRequest) - // case errors.Is(err, errExceededMaxTLV2DailyCreds): - // return handlers.WrapError(err, err.Error(), http.StatusUnprocessableEntity) - default: return handlers.WrapError(model.ErrSomethingWentWrong, "failed to delete credentials", http.StatusBadRequest) } diff --git a/services/skus/credentials.go b/services/skus/credentials.go index b6431008f..26b1a151a 100644 --- a/services/skus/credentials.go +++ b/services/skus/credentials.go @@ -308,13 +308,10 @@ func (s *Service) CreateOrderItemCredentials(ctx context.Context, orderID, itemI func (s *Service) doCredentialsExist(ctx context.Context, requestID uuid.UUID, item *model.OrderItem, blindedCreds []string) error { switch item.CredentialType { case timeLimitedV2: - // NOTE: This creates a possible race to submit between clients. - // Multiple signing request outboxes can be created since their - // uniqueness constraint is on the request id. - // Despite this, the uniqueness constraint of time_limited_v2_order_creds ensures that - // only one set of credentials is written for each order / item & time interval. - // As a result, one client will successfully unblind the credentials and - // the others will fail. + // NOTE: There was a possible race condition that would allow exceeding limits on the number of cred batches. + // The condition is currently mitigated by: + // - checking the number of active batches before accepting a request to create creds; + // - checking the number of active batches before inserting the signed creds. return s.doTLV2Exist(ctx, requestID, item, blindedCreds) default: