taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-misc bugfixes for persona kyc logic

Browse Source
This commit is contained in:
Christian Grothoff 2022-08-18 21:10:37 +02:00
parent f0cd54dc10
commit 62a7f9b711
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
5 changed files with 61 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/exchange/taler-exchange-httpd_kyc-proof.c
View File

@ -204,6 +204,8 @@ proof_cb (
if (GNUNET_DB_STATUS_HARD_ERROR == qs) if (GNUNET_DB_STATUS_HARD_ERROR == qs)
{ {
GNUNET_break (0); GNUNET_break (0);
if (NULL != response)
MHD_destroy_response (response);
kpc->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; kpc->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
kpc->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED, kpc->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED,
"set_kyc_ok"); "set_kyc_ok");

4
src/include/taler_templating_lib.h
View File

@ -48,7 +48,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
const char *template, const char *template,
const char *instance_id, const char *instance_id,
const char *taler_uri, const char *taler_uri,
json_t *root, const json_t *root,
struct MHD_Response **reply); struct MHD_Response **reply);
@ -72,7 +72,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,
const char *template, const char *template,
const char *instance_id, const char *instance_id,
const char *taler_uri, const char *taler_uri,
json_t *root); const json_t *root);
/** /**
* Preload templates. * Preload templates.

64
src/kyclogic/plugin_kyclogic_persona.c
View File

@ -88,6 +88,11 @@ struct TALER_KYCLOGIC_ProviderDetails
*/ */
char *section; char *section;
/**
* Salt to use for idempotency.
*/
char *salt;
/** /**
* Authorization token to use when talking * Authorization token to use when talking
* to the service. * to the service.
@ -336,6 +341,7 @@ persona_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
GNUNET_free (pd->auth_token); GNUNET_free (pd->auth_token);
GNUNET_free (pd->template_id); GNUNET_free (pd->template_id);
GNUNET_free (pd->subdomain); GNUNET_free (pd->subdomain);
GNUNET_free (pd->salt);
GNUNET_free (pd->section); GNUNET_free (pd->section);
GNUNET_free (pd->post_kyc_redirect_url); GNUNET_free (pd->post_kyc_redirect_url);
GNUNET_free (pd); GNUNET_free (pd);
@ -383,6 +389,20 @@ persona_load_configuration (void *cls,
persona_unload_configuration (pd); persona_unload_configuration (pd);
return NULL; return NULL;
} }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
"SALT",
&pd->salt))
{
uint32_t salt[8];
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
salt,
sizeof (salt));
pd->salt = GNUNET_STRINGS_data_to_string_alloc (salt,
sizeof (salt));
}
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg, GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name, provider_section_name,
@ -784,17 +804,13 @@ persona_initiate (void *cls,
ih); ih);
GNUNET_CURL_extend_headers (ih->job, GNUNET_CURL_extend_headers (ih->job,
pd->slist); pd->slist);
/* FIXME: this should be used, but IF we use it,
the testing should be moved to random/noncy legi rows;
or better: add some additional noncy thing here from
the config that we randomize if not given! */
if (0)
{ {
char *ikh; char *ikh;
GNUNET_asprintf (&ikh, GNUNET_asprintf (&ikh,
"Idempotency-Key: %llu", "Idempotency-Key: %llu-%s",
(unsigned long long) ih->legitimization_uuid); (unsigned long long) ih->legitimization_uuid,
pd->salt);
ih->slist = curl_slist_append (NULL, ih->slist = curl_slist_append (NULL,
ikh); ikh);
GNUNET_free (ikh); GNUNET_free (ikh);
@ -861,6 +877,7 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
NULL, NULL,
body, body,
&resp); &resp);
json_decref (body);
if (GNUNET_SYSERR == ret) if (GNUNET_SYSERR == ret)
{ {
GNUNET_break (0); GNUNET_break (0);
@ -1136,12 +1153,13 @@ handle_proof_finished (void *cls,
break; break;
} }
// FIXME: do not generate kyc-completed from template, do redirect!
proof_generic_reply (ph, proof_generic_reply (ph,
TALER_KYCLOGIC_STATUS_SUCCESS, TALER_KYCLOGIC_STATUS_SUCCESS,
account_id, account_id,
inquiry_id, inquiry_id,
MHD_HTTP_OK, MHD_HTTP_OK,
"kyc-completed", "persona-kyc-completed",
GNUNET_JSON_PACK ( GNUNET_JSON_PACK (
GNUNET_JSON_pack_allow_null ( GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_object_incref ("attributes", GNUNET_JSON_pack_object_incref ("attributes",
@ -1487,9 +1505,6 @@ handle_webhook_finished (void *cls,
"data"); "data");
wh->job = NULL; wh->job = NULL;
json_dumpf (j,
stderr,
JSON_INDENT (2));
switch (response_code) switch (response_code)
{ {
case MHD_HTTP_OK: case MHD_HTTP_OK:
@ -1734,6 +1749,7 @@ async_webhook_reply (void *cls)
{ {
struct TALER_KYCLOGIC_WebhookHandle *wh = cls; struct TALER_KYCLOGIC_WebhookHandle *wh = cls;
wh->task = NULL;
wh->cb (wh->cb_cls, wh->cb (wh->cb_cls,
wh->legitimization_uuid, wh->legitimization_uuid,
(0 == wh->legitimization_uuid) (0 == wh->legitimization_uuid)
@ -1862,9 +1878,27 @@ persona_webhook (void *cls,
"payload"), "payload"),
"data"), "data"),
"relationships"), "relationships"),
"template"), "inquiry_template"),
"data"), "data"),
"id")); "id"));
if (NULL == wh->template_id)
{
GNUNET_break_op (0);
json_dumpf (body,
stderr,
JSON_INDENT (2));
wh->resp = TALER_MHD_MAKE_JSON_PACK (
TALER_JSON_pack_ec (
TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
GNUNET_JSON_pack_string ("detail",
"data-attributes-payload-data-id"),
GNUNET_JSON_pack_object_incref ("webhook_body",
(json_t *) body));
wh->response_code = MHD_HTTP_BAD_REQUEST;
wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply,
wh);
return wh;
}
TALER_KYCLOGIC_kyc_get_details ("persona", TALER_KYCLOGIC_kyc_get_details ("persona",
&locate_details_cb, &locate_details_cb,
wh); wh);
@ -1920,7 +1954,7 @@ persona_webhook (void *cls,
return wh; return wh;
} }
qs = plc (plc_cls, qs = plc (plc_cls,
pd->section, wh->pd->section,
persona_inquiry_id, persona_inquiry_id,
&wh->h_payto, &wh->h_payto,
&wh->legitimization_uuid); &wh->legitimization_uuid);
@ -1967,7 +2001,7 @@ persona_webhook (void *cls,
GNUNET_break (CURLE_OK == GNUNET_break (CURLE_OK ==
curl_easy_setopt (eh, curl_easy_setopt (eh,
CURLOPT_VERBOSE, CURLOPT_VERBOSE,
1)); 0));
GNUNET_assert (CURLE_OK == GNUNET_assert (CURLE_OK ==
curl_easy_setopt (eh, curl_easy_setopt (eh,
CURLOPT_MAXREDIRS, CURLOPT_MAXREDIRS,
@ -1978,7 +2012,7 @@ persona_webhook (void *cls,
wh->url)); wh->url));
wh->job = GNUNET_CURL_job_add2 (ps->curl_ctx, wh->job = GNUNET_CURL_job_add2 (ps->curl_ctx,
eh, eh,
pd->slist, wh->pd->slist,
&handle_webhook_finished, &handle_webhook_finished,
wh); wh);
return wh; return wh;

6
src/kyclogic/taler-exchange-kyc-tester.c
View File

@ -390,7 +390,6 @@ kwh_resume (struct KycWebhookContext *kwh)
kwh_tail, kwh_tail,
kwh); kwh);
MHD_resume_connection (kwh->rc->connection); MHD_resume_connection (kwh->rc->connection);
TALER_MHD_daemon_trigger ();
} }
@ -464,6 +463,7 @@ webhook_finished_cb (
kwh->response = response; kwh->response = response;
kwh->response_code = http_status; kwh->response_code = http_status;
kwh_resume (kwh); kwh_resume (kwh);
TALER_MHD_daemon_trigger ();
} }
@ -600,7 +600,7 @@ handler_kyc_webhook_generic (
/* We resumed, but got no response? This should /* We resumed, but got no response? This should
not happen. */ not happen. */
GNUNET_break (0); GNUNET_assert (0);
return TALER_MHD_reply_with_error (rc->connection, return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR, MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
@ -829,6 +829,8 @@ handle_mhd_completion_callback (void *cls,
TALER_MHD_parse_post_cleanup_callback (rc->opaque_post_parsing_context); TALER_MHD_parse_post_cleanup_callback (rc->opaque_post_parsing_context);
/* Sanity-check that we didn't leave any transactions hanging */ /* Sanity-check that we didn't leave any transactions hanging */
if (NULL != rc->root)
json_decref (rc->root);
GNUNET_free (rc); GNUNET_free (rc);
*con_cls = NULL; *con_cls = NULL;
} }

8
src/templating/templating_api.c
View File

@ -177,7 +177,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
const char *template, const char *template,
const char *instance_id, const char *instance_id,
const char *taler_uri, const char *taler_uri,
json_t *root, const json_t *root,
struct MHD_Response **reply) struct MHD_Response **reply)
{ {
char *body; char *body;
@ -209,14 +209,14 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
instance_id); instance_id);
GNUNET_break (0 == GNUNET_break (0 ==
json_object_set_new (root, json_object_set_new ((json_t *) root,
"static_url", "static_url",
json_string (static_url))); json_string (static_url)));
GNUNET_free (static_url); GNUNET_free (static_url);
} }
if (0 != if (0 !=
(eno = mustach_jansson (tmpl, (eno = mustach_jansson (tmpl,
root, (json_t *) root,
&body, &body,
&body_size))) &body_size)))
{ {
@ -284,7 +284,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,
const char *template, const char *template,
const char *instance_id, const char *instance_id,
const char *taler_uri, const char *taler_uri,
json_t *root) const json_t *root)
{ {
enum GNUNET_GenericReturnValue res; enum GNUNET_GenericReturnValue res;
struct MHD_Response *reply; struct MHD_Response *reply;