taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-debug KYC webhook logic

Browse Source
This commit is contained in:
Christian Grothoff 2023-01-28 12:20:18 +01:00
parent 35d50ba36a
commit 8c5a12302e
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
6 changed files with 79 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/exchange/taler-exchange-httpd_kyc-webhook.c
View File

@ -296,11 +296,12 @@ handler_kyc_webhook_generic (
rc->rh_ctx = kwh;
rc->rh_cleaner = &clean_kwh;
if (GNUNET_OK !=
if ( (NULL == args[0]) ||
(GNUNET_OK !=
TALER_KYCLOGIC_lookup_logic (args[0],
&kwh->plugin,
&kwh->pd,
&kwh->provider_section))
&kwh->provider_section)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"KYC logic `%s' unknown (check KYC provider configuration)\n",
@ -308,7 +309,7 @@ handler_kyc_webhook_generic (
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_UNKNOWN,
"$NAME");
args[0]);
}
kwh->wh = kwh->plugin->webhook (kwh->plugin->cls,
kwh->pd,

2
src/kyclogic/kyclogic-kycaid.conf
View File

@ -18,5 +18,5 @@ KYC_KYCAID_AUTH_TOKEN = XXX
# Form to use.
KYC_KYCAID_FORM_ID = XXX
# Authentication token to use.
# URL to go to after the process is complete.
KYC_KYCAID_POST_URL = https://example.com/

2
src/kyclogic/kyclogic-oauth2.conf
View File

@ -32,4 +32,4 @@ KYC_OAUTH2_CLIENT_SECRET = password
# This is just an example, details will depend on the
# provider!
#
KYC_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"
KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"

9
src/kyclogic/kyclogic-persona.conf
View File

@ -6,7 +6,10 @@
[kyclogic-persona]
# Optional authorization token for the webhook
# Optional authorization token for the webhook.
# This must be the same for all uses of the
# Persona provider, and is thus not in a
# template-specific section.
#WEBHOOK_AUTH_TOKEN = wbhsec_698b5a19-c790-47f6-b396-deb572ec82f9
@ -31,3 +34,7 @@ KYC_PERSONA_TEMPLATE_ID = itempl_Uj6Xxxxx
# Where do we redirect to after KYC finished successfully.
KYC_PERSONA_POST_URL = https://taler.net/
# Salt to give to requests for idempotency.
# Optional.
# KYC_PERSONA_SALT = salt

46
src/kyclogic/plugin_kyclogic_persona.c
View File

@ -942,35 +942,35 @@ convert_attributes (const json_t *attr)
const char *birthdate = NULL;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("country_code",
GNUNET_JSON_spec_string ("country-code",
&country_code),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("name_first",
GNUNET_JSON_spec_string ("name-first",
&name_first),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("name_middle",
GNUNET_JSON_spec_string ("name-middle",
&name_middle),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("name_last",
GNUNET_JSON_spec_string ("name-last",
&name_last),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("address_street_1",
GNUNET_JSON_spec_string ("address-street-1",
&address_street_1),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("address_street_2",
GNUNET_JSON_spec_string ("address-street-2",
&address_street_2),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("address_city",
GNUNET_JSON_spec_string ("address-city",
&address_city),
NULL),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("address_postal_code",
GNUNET_JSON_spec_string ("address-postal-code",
&address_postal_code),
NULL),
GNUNET_JSON_spec_mark_optional (
@ -991,8 +991,8 @@ convert_attributes (const json_t *attr)
}
{
char *name = NULL;
char *address_street = NULL;
char *address_city = NULL;
char *street = NULL;
char *city = NULL;
if ( (NULL != name_last) ||
(NULL != name_first) ||
@ -1013,7 +1013,7 @@ convert_attributes (const json_t *attr)
if ( (NULL != address_city) ||
(NULL != address_postal_code) )
{
GNUNET_asprintf (&address_city,
GNUNET_asprintf (&city,
"%s%s%s %s",
(NULL != country_code)
? country_code
@ -1031,7 +1031,7 @@ convert_attributes (const json_t *attr)
if ( (NULL != address_street_1) ||
(NULL != address_street_2) )
{
GNUNET_asprintf (&address_street,
GNUNET_asprintf (&street,
"%s%s%s",
(NULL != address_street_1)
? address_street_1
@ -1056,16 +1056,18 @@ convert_attributes (const json_t *attr)
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string (
TALER_ATTRIBUTE_ADDRESS_STREET,
address_street)),
street)),
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string (
TALER_ATTRIBUTE_ADDRESS_CITY,
address_city)),
city)),
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string (
TALER_ATTRIBUTE_RESIDENCES,
country_code))
);
GNUNET_free (street);
GNUNET_free (city);
GNUNET_free (name);
}
return ret;
@ -1170,7 +1172,6 @@ handle_proof_finished (void *cls,
const char *type = NULL;
json_t *attributes;
json_t *relationships;
json_t *included;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("type",
&type),
@ -1180,8 +1181,6 @@ handle_proof_finished (void *cls,
&attributes),
GNUNET_JSON_spec_json ("relationships",
&relationships),
GNUNET_JSON_spec_json ("included",
&included),
GNUNET_JSON_spec_end ()
};
@ -1210,10 +1209,10 @@ handle_proof_finished (void *cls,
struct GNUNET_JSON_Specification ispec[] = {
GNUNET_JSON_spec_string ("status",
&status),
GNUNET_JSON_spec_string ("reference_id",
GNUNET_JSON_spec_string ("reference-id",
&reference_id),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("expired_at",
GNUNET_JSON_spec_string ("expired-at",
&expired_at),
NULL),
GNUNET_JSON_spec_end ()
@ -1319,7 +1318,7 @@ handle_proof_finished (void *cls,
struct GNUNET_TIME_Absolute expiration;
json_t *attr;
attr = extract_attributes (included);
attr = convert_attributes (attributes);
if (NULL == attr)
{
GNUNET_break_op (0);
@ -1744,10 +1743,10 @@ handle_webhook_finished (void *cls,
struct GNUNET_JSON_Specification ispec[] = {
GNUNET_JSON_spec_string ("status",
&status),
GNUNET_JSON_spec_string ("reference_id",
GNUNET_JSON_spec_string ("reference-id",
&reference_id),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("expired_at",
GNUNET_JSON_spec_string ("expired-at",
&expired_at),
NULL),
GNUNET_JSON_spec_end ()
@ -2081,7 +2080,7 @@ persona_webhook (void *cls,
"payload"),
"data"),
"relationships"),
"inquiry_template"),
"inquiry-template"),
"data"),
"id"));
if (NULL == wh->template_id)
@ -2124,7 +2123,6 @@ persona_webhook (void *cls,
return wh;
}
persona_inquiry_id
= json_string_value (
json_object_get (

58
src/kyclogic/taler-exchange-kyc-tester.c
View File

@ -459,7 +459,6 @@ webhook_finished_cb (
(void) expiration;
(void) provider_section;
kwh->wh = NULL;
GNUNET_break (NULL != attributes);
GNUNET_break (0 == GNUNET_memcmp (account_id,
&cmd_line_h_payto));
GNUNET_break (0 == strcmp (provider_user_id,
@ -474,6 +473,12 @@ webhook_finished_cb (
"KYC successful for user `%s' (legi: %s)\n",
provider_user_id,
provider_legitimization_id);
GNUNET_break (NULL != attributes);
fprintf (stderr,
"Extracted attributes:\n");
json_dumpf (attributes,
stderr,
JSON_INDENT (2));
break;
default:
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@ -563,6 +568,9 @@ handler_kyc_webhook_generic (
{
struct KycWebhookContext *kwh = rc->rh_ctx;
json_dumpf (root,
stderr,
JSON_INDENT (2));
if (NULL == kwh)
{ /* first time */
kwh = GNUNET_new (struct KycWebhookContext);
@ -570,11 +578,12 @@ handler_kyc_webhook_generic (
rc->rh_ctx = kwh;
rc->rh_cleaner = &clean_kwh;
if (GNUNET_OK !=
if ( (NULL == args[0]) ||
(GNUNET_OK !=
TALER_KYCLOGIC_lookup_logic (args[0],
&kwh->plugin,
&kwh->pd,
&kwh->section_name))
&kwh->section_name)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"KYC logic `%s' unknown (check KYC provider configuration)\n",
@ -584,14 +593,6 @@ handler_kyc_webhook_generic (
TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_UNKNOWN,
args[0]);
}
if (0 != strcmp (args[0],
kwh->section_name))
{
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
"$PROVIDER_SECTION");
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Calling KYC provider specific webhook\n");
kwh->wh = kwh->plugin->webhook (kwh->plugin->cls,
@ -652,6 +653,8 @@ handler_kyc_webhook_get (
struct TEKT_RequestContext *rc,
const char *const args[])
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Webhook GET triggered\n");
return handler_kyc_webhook_generic (rc,
MHD_HTTP_METHOD_GET,
NULL,
@ -673,6 +676,8 @@ handler_kyc_webhook_post (
const json_t *root,
const char *const args[])
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Webhook POST triggered\n");
return handler_kyc_webhook_generic (rc,
MHD_HTTP_METHOD_POST,
root,
@ -715,17 +720,26 @@ proof_cb (
status,
http_status,
provider_user_id);
if (NULL != attributes)
if (TALER_KYCLOGIC_STATUS_SUCCESS == status)
{
GNUNET_break (NULL != attributes);
fprintf (stderr,
"Extracted attributes:\n");
json_dumpf (attributes,
stderr,
JSON_INDENT (2));
MHD_resume_connection (rs->rc->connection);
TALER_MHD_daemon_trigger ();
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Returning response %p with status %u\n",
response,
http_status);
rs->rc->response = response;
rs->rc->http_status = http_status;
GNUNET_CONTAINER_DLL_remove (rs_head,
rs_tail,
rs);
MHD_resume_connection (rs->rc->connection);
TALER_MHD_daemon_trigger ();
GNUNET_free (rs);
}
@ -750,6 +764,8 @@ handler_kyc_proof_get (
const char *section_name;
const char *h_paytos;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"GET /kyc-proof triggered\n");
if (NULL == args[0])
{
GNUNET_break_op (0);
@ -1162,14 +1178,14 @@ handle_mhd_request (void *cls,
}
/* cache to avoid the loop next time */
rc->rh = rh;
/* run handler */
return proceed_with_handler (rc,
url + tok_size + 1,
upload_data,
upload_data_size);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Handler found for %s '%s'\n",
method,
url);
return MHD_YES;
}
if (found) /* FIXME: this can never be true right now */
if (found)
{
/* we found a matching address, but the method is wrong */
struct MHD_Response *reply;
@ -1348,7 +1364,7 @@ initiate_cb (
return;
}
fprintf (stdout,
"Visit `%s' to begin KYC process (-u: '%s', -U: '%s')\n",
"Visit `%s' to begin KYC process.\nAlso use: taler-exchange-kyc-tester -w -u '%s' -U '%s'\n",
redirect_url,
provider_user_id,
provider_legitimization_id);