diff options
| author | Christian Grothoff <christian@grothoff.org> | 2022-08-18 21:10:37 +0200 | 
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2022-08-18 21:10:37 +0200 | 
| commit | 62a7f9b7117cc98e4e1d964a0cd35de2215c39d0 (patch) | |
| tree | 8b3a7f076be94e58fc5c0b496777d191c6ded7dc | |
| parent | f0cd54dc102cc531805d14d4deb0d2d479ce591c (diff) | |
-misc bugfixes for persona kyc logic
| -rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-proof.c | 2 | ||||
| -rw-r--r-- | src/include/taler_templating_lib.h | 4 | ||||
| -rw-r--r-- | src/kyclogic/plugin_kyclogic_persona.c | 64 | ||||
| -rw-r--r-- | src/kyclogic/taler-exchange-kyc-tester.c | 6 | ||||
| -rw-r--r-- | src/templating/templating_api.c | 8 | 
5 files changed, 61 insertions, 23 deletions
| diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.c b/src/exchange/taler-exchange-httpd_kyc-proof.c index a8c31265..f6fa12ee 100644 --- a/src/exchange/taler-exchange-httpd_kyc-proof.c +++ b/src/exchange/taler-exchange-httpd_kyc-proof.c @@ -204,6 +204,8 @@ proof_cb (      if (GNUNET_DB_STATUS_HARD_ERROR == qs)      {        GNUNET_break (0); +      if (NULL != response) +        MHD_destroy_response (response);        kpc->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;        kpc->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED,                                              "set_kyc_ok"); diff --git a/src/include/taler_templating_lib.h b/src/include/taler_templating_lib.h index 9cce84f5..e4f3f1f1 100644 --- a/src/include/taler_templating_lib.h +++ b/src/include/taler_templating_lib.h @@ -48,7 +48,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,                          const char *template,                          const char *instance_id,                          const char *taler_uri, -                        json_t *root, +                        const json_t *root,                          struct MHD_Response **reply); @@ -72,7 +72,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,                          const char *template,                          const char *instance_id,                          const char *taler_uri, -                        json_t *root); +                        const json_t *root);  /**   * Preload templates. diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c index d67ef697..74bc53f0 100644 --- a/src/kyclogic/plugin_kyclogic_persona.c +++ b/src/kyclogic/plugin_kyclogic_persona.c @@ -89,6 +89,11 @@ struct TALER_KYCLOGIC_ProviderDetails    char *section;    /** +   * Salt to use for idempotency. +   */ +  char *salt; + +  /**     * Authorization token to use when talking     * to the service.     */ @@ -336,6 +341,7 @@ persona_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)    GNUNET_free (pd->auth_token);    GNUNET_free (pd->template_id);    GNUNET_free (pd->subdomain); +  GNUNET_free (pd->salt);    GNUNET_free (pd->section);    GNUNET_free (pd->post_kyc_redirect_url);    GNUNET_free (pd); @@ -386,6 +392,20 @@ persona_load_configuration (void *cls,    if (GNUNET_OK !=        GNUNET_CONFIGURATION_get_value_string (ps->cfg,                                               provider_section_name, +                                             "SALT", +                                             &pd->salt)) +  { +    uint32_t salt[8]; + +    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, +                                salt, +                                sizeof (salt)); +    pd->salt = GNUNET_STRINGS_data_to_string_alloc (salt, +                                                    sizeof (salt)); +  } +  if (GNUNET_OK != +      GNUNET_CONFIGURATION_get_value_string (ps->cfg, +                                             provider_section_name,                                               "PERSONA_SUBDOMAIN",                                               &pd->subdomain))    { @@ -784,17 +804,13 @@ persona_initiate (void *cls,                                    ih);    GNUNET_CURL_extend_headers (ih->job,                                pd->slist); -  /* FIXME: this should be used, but IF we use it, -     the testing should be moved to random/noncy legi rows; -     or better: add some additional noncy thing here from -     the config that we randomize if not given! */ -  if (0)    {      char *ikh;      GNUNET_asprintf (&ikh, -                     "Idempotency-Key: %llu", -                     (unsigned long long) ih->legitimization_uuid); +                     "Idempotency-Key: %llu-%s", +                     (unsigned long long) ih->legitimization_uuid, +                     pd->salt);      ih->slist = curl_slist_append (NULL,                                     ikh);      GNUNET_free (ikh); @@ -861,6 +877,7 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,                                  NULL,                                  body,                                  &resp); +  json_decref (body);    if (GNUNET_SYSERR == ret)    {      GNUNET_break (0); @@ -1136,12 +1153,13 @@ handle_proof_finished (void *cls,            break;          } +        // FIXME: do not generate kyc-completed from template, do redirect!          proof_generic_reply (ph,                               TALER_KYCLOGIC_STATUS_SUCCESS,                               account_id,                               inquiry_id,                               MHD_HTTP_OK, -                             "kyc-completed", +                             "persona-kyc-completed",                               GNUNET_JSON_PACK (                                 GNUNET_JSON_pack_allow_null (                                   GNUNET_JSON_pack_object_incref ("attributes", @@ -1487,9 +1505,6 @@ handle_webhook_finished (void *cls,                                          "data");    wh->job = NULL; -  json_dumpf (j, -              stderr, -              JSON_INDENT (2));    switch (response_code)    {    case MHD_HTTP_OK: @@ -1734,6 +1749,7 @@ async_webhook_reply (void *cls)  {    struct TALER_KYCLOGIC_WebhookHandle *wh = cls; +  wh->task = NULL;    wh->cb (wh->cb_cls,            wh->legitimization_uuid,            (0 == wh->legitimization_uuid) @@ -1862,9 +1878,27 @@ persona_webhook (void *cls,                      "payload"),                    "data"),                  "relationships"), -              "template"), +              "inquiry_template"),              "data"),            "id")); +  if (NULL == wh->template_id) +  { +    GNUNET_break_op (0); +    json_dumpf (body, +                stderr, +                JSON_INDENT (2)); +    wh->resp = TALER_MHD_MAKE_JSON_PACK ( +      TALER_JSON_pack_ec ( +        TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), +      GNUNET_JSON_pack_string ("detail", +                               "data-attributes-payload-data-id"), +      GNUNET_JSON_pack_object_incref ("webhook_body", +                                      (json_t *) body)); +    wh->response_code = MHD_HTTP_BAD_REQUEST; +    wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply, +                                         wh); +    return wh; +  }    TALER_KYCLOGIC_kyc_get_details ("persona",                                    &locate_details_cb,                                    wh); @@ -1920,7 +1954,7 @@ persona_webhook (void *cls,      return wh;    }    qs = plc (plc_cls, -            pd->section, +            wh->pd->section,              persona_inquiry_id,              &wh->h_payto,              &wh->legitimization_uuid); @@ -1967,7 +2001,7 @@ persona_webhook (void *cls,    GNUNET_break (CURLE_OK ==                  curl_easy_setopt (eh,                                    CURLOPT_VERBOSE, -                                  1)); +                                  0));    GNUNET_assert (CURLE_OK ==                   curl_easy_setopt (eh,                                     CURLOPT_MAXREDIRS, @@ -1978,7 +2012,7 @@ persona_webhook (void *cls,                                    wh->url));    wh->job = GNUNET_CURL_job_add2 (ps->curl_ctx,                                    eh, -                                  pd->slist, +                                  wh->pd->slist,                                    &handle_webhook_finished,                                    wh);    return wh; diff --git a/src/kyclogic/taler-exchange-kyc-tester.c b/src/kyclogic/taler-exchange-kyc-tester.c index b13be4be..bb2894b1 100644 --- a/src/kyclogic/taler-exchange-kyc-tester.c +++ b/src/kyclogic/taler-exchange-kyc-tester.c @@ -390,7 +390,6 @@ kwh_resume (struct KycWebhookContext *kwh)                                 kwh_tail,                                 kwh);    MHD_resume_connection (kwh->rc->connection); -  TALER_MHD_daemon_trigger ();  } @@ -464,6 +463,7 @@ webhook_finished_cb (    kwh->response = response;    kwh->response_code = http_status;    kwh_resume (kwh); +  TALER_MHD_daemon_trigger ();  } @@ -600,7 +600,7 @@ handler_kyc_webhook_generic (    /* We resumed, but got no response? This should       not happen. */ -  GNUNET_break (0); +  GNUNET_assert (0);    return TALER_MHD_reply_with_error (rc->connection,                                       MHD_HTTP_INTERNAL_SERVER_ERROR,                                       TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, @@ -829,6 +829,8 @@ handle_mhd_completion_callback (void *cls,    TALER_MHD_parse_post_cleanup_callback (rc->opaque_post_parsing_context);    /* Sanity-check that we didn't leave any transactions hanging */ +  if (NULL != rc->root) +    json_decref (rc->root);    GNUNET_free (rc);    *con_cls = NULL;  } diff --git a/src/templating/templating_api.c b/src/templating/templating_api.c index 999ba9da..b51c3a5c 100644 --- a/src/templating/templating_api.c +++ b/src/templating/templating_api.c @@ -177,7 +177,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,                          const char *template,                          const char *instance_id,                          const char *taler_uri, -                        json_t *root, +                        const json_t *root,                          struct MHD_Response **reply)  {    char *body; @@ -209,14 +209,14 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,                                            instance_id);        GNUNET_break (0 == -                    json_object_set_new (root, +                    json_object_set_new ((json_t *) root,                                           "static_url",                                           json_string (static_url)));        GNUNET_free (static_url);      }      if (0 !=          (eno = mustach_jansson (tmpl, -                                root, +                                (json_t *) root,                                  &body,                                  &body_size)))      { @@ -284,7 +284,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,                          const char *template,                          const char *instance_id,                          const char *taler_uri, -                        json_t *root) +                        const json_t *root)  {    enum GNUNET_GenericReturnValue res;    struct MHD_Response *reply; | 
