taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-towards storing KYC attribute data

Browse Source
This commit is contained in:
Christian Grothoff 2023-01-22 21:51:46 +01:00
parent c2eee251c2
commit a273b176da
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
8 changed files with 110 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/exchange/taler-exchange-httpd_kyc-proof.c
View File

@ -169,6 +169,7 @@ TEH_kyc_proof_cleanup (void)
* @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown * @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown
* @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown * @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown
* @param expiration until when is the KYC check valid * @param expiration until when is the KYC check valid
* @param attributes user attributes returned by the provider
* @param http_status HTTP status code of @a response * @param http_status HTTP status code of @a response
* @param[in] response to return to the HTTP client * @param[in] response to return to the HTTP client
*/ */
@ -179,6 +180,7 @@ proof_cb (
const char *provider_user_id, const char *provider_user_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
struct GNUNET_TIME_Absolute expiration, struct GNUNET_TIME_Absolute expiration,
const json_t *attributes,
unsigned int http_status, unsigned int http_status,
struct MHD_Response *response) struct MHD_Response *response)
{ {
@ -194,6 +196,7 @@ proof_cb (
{ {
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
// FIXME: also store 'attributes' in DB!
qs = TEH_plugin->update_kyc_process_by_row (TEH_plugin->cls, qs = TEH_plugin->update_kyc_process_by_row (TEH_plugin->cls,
kpc->process_row, kpc->process_row,
kpc->provider_section, kpc->provider_section,

2
src/include/taler_kyclogic_plugin.h
View File

@ -158,6 +158,7 @@ typedef void
* @param status KYC status * @param status KYC status
* @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown * @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown
* @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown * @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown
* @param attributes user attributes returned by the provider
* @param expiration until when is the KYC check valid * @param expiration until when is the KYC check valid
* @param http_status HTTP status code of @a response * @param http_status HTTP status code of @a response
* @param[in] response to return to the HTTP client * @param[in] response to return to the HTTP client
@ -169,6 +170,7 @@ typedef void
const char *provider_user_id, const char *provider_user_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
struct GNUNET_TIME_Absolute expiration, struct GNUNET_TIME_Absolute expiration,
const json_t *attributes,
unsigned int http_status, unsigned int http_status,
struct MHD_Response *response); struct MHD_Response *response);

1
src/kyclogic/Makefile.am
View File

@ -79,6 +79,7 @@ libtaler_plugin_kyclogic_oauth2_la_LIBADD = \
$(LTLIBINTL) $(LTLIBINTL)
libtaler_plugin_kyclogic_oauth2_la_LDFLAGS = \ libtaler_plugin_kyclogic_oauth2_la_LDFLAGS = \
$(TALER_PLUGIN_LDFLAGS) \ $(TALER_PLUGIN_LDFLAGS) \
$(top_builddir)/src/templating/libtalertemplating.la \
$(top_builddir)/src/mhd/libtalermhd.la \ $(top_builddir)/src/mhd/libtalermhd.la \
$(top_builddir)/src/json/libtalerjson.la \ $(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/util/libtalerutil.la \ $(top_builddir)/src/util/libtalerutil.la \

8
src/kyclogic/kyclogic-oauth2.conf
View File

@ -25,3 +25,11 @@ KYC_OAUTH2_POST_URL = http://example.com/thank-you
# For authentication to the OAuth2.0 service # For authentication to the OAuth2.0 service
KYC_OAUTH2_CLIENT_ID = testcase KYC_OAUTH2_CLIENT_ID = testcase
KYC_OAUTH2_CLIENT_SECRET = password KYC_OAUTH2_CLIENT_SECRET = password
# Mustach template that converts OAuth2.0 data about the user
# into GNU Taler standardized attribute data.
#
# This is just an example, details will depend on the
# provider!
#
KYC_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"

1
src/kyclogic/plugin_kyclogic_kycaid.c
View File

@ -632,6 +632,7 @@ proof_reply (void *cls)
NULL, /* user id */ NULL, /* user id */
NULL, /* provider legi ID */ NULL, /* provider legi ID */
GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */
NULL, /* attributes */
MHD_HTTP_BAD_REQUEST, MHD_HTTP_BAD_REQUEST,
resp); resp);
} }

87
src/kyclogic/plugin_kyclogic_oauth2.c
View File

@ -21,6 +21,7 @@
#include "platform.h" #include "platform.h"
#include "taler_kyclogic_plugin.h" #include "taler_kyclogic_plugin.h"
#include "taler_mhd_lib.h" #include "taler_mhd_lib.h"
#include "taler_templating_lib.h"
#include "taler_json_lib.h" #include "taler_json_lib.h"
#include <regex.h> #include <regex.h>
#include "taler_util.h" #include "taler_util.h"
@ -105,6 +106,12 @@ struct TALER_KYCLOGIC_ProviderDetails
*/ */
char *post_kyc_redirect_url; char *post_kyc_redirect_url;
/**
* Template for converting user-data returned by
* the provider into our KYC attribute data.
*/
char *attribute_template;
/** /**
* Validity time for a successful KYC process. * Validity time for a successful KYC process.
*/ */
@ -194,6 +201,11 @@ struct TALER_KYCLOGIC_ProofHandle
*/ */
char *post_body; char *post_body;
/**
* KYC attributes returned about the user by the OAuth 2.0 server.
*/
json_t *attributes;
/** /**
* Response to return. * Response to return.
*/ */
@ -277,6 +289,7 @@ oauth2_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
GNUNET_free (pd->client_id); GNUNET_free (pd->client_id);
GNUNET_free (pd->client_secret); GNUNET_free (pd->client_secret);
GNUNET_free (pd->post_kyc_redirect_url); GNUNET_free (pd->post_kyc_redirect_url);
GNUNET_free (pd->attribute_template);
GNUNET_free (pd); GNUNET_free (pd);
} }
@ -443,6 +456,21 @@ oauth2_load_configuration (void *cls,
} }
pd->post_kyc_redirect_url = s; pd->post_kyc_redirect_url = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
"KYC_OAUTH2_ATTRIBUTE_TEMPLATE",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_WARNING,
provider_section_name,
"KYC_OAUTH2_ATTRIBUTE_TEMPLATE");
}
else
{
pd->attribute_template = s;
}
return pd; return pd;
} }
@ -566,9 +594,12 @@ return_proof_response (void *cls)
ph->provider_user_id, ph->provider_user_id,
ph->provider_legitimization_id, ph->provider_legitimization_id,
GNUNET_TIME_relative_to_absolute (ph->pd->validity), GNUNET_TIME_relative_to_absolute (ph->pd->validity),
ph->attributes,
ph->http_status, ph->http_status,
ph->response); ph->response);
GNUNET_free (ph->provider_user_id); GNUNET_free (ph->provider_user_id);
if (NULL != ph->attributes)
json_decref (ph->attributes);
GNUNET_free (ph); GNUNET_free (ph);
} }
@ -640,6 +671,57 @@ handle_proof_error (struct TALER_KYCLOGIC_ProofHandle *ph,
} }
/**
* Convert user data returned by the provider into
* standardized attribute data.
*
* @param pd our provider configuration
* @param data user-data given by the provider
* @return converted KYC attribute data object
*/
static json_t *
data2attributes (const struct TALER_KYCLOGIC_ProviderDetails *pd,
const json_t *data)
{
json_t *ret;
void *attr_data;
size_t attr_size;
int rv;
json_error_t err;
if (NULL == pd->attribute_template)
return json_object ();
if (0 !=
(rv = TALER_TEMPLATING_fill (pd->attribute_template,
data,
&attr_data,
&attr_size)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to convert KYC provider data to attributes: %d\n",
rv);
json_dumpf (data,
stderr,
JSON_INDENT (2));
return NULL;
}
ret = json_loadb (attr_data,
attr_size,
JSON_REJECT_DUPLICATES,
&err);
GNUNET_free (attr_data);
if (NULL == ret)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to parse converted KYC attributes as JSON: %s (at offset %d)\n",
err.text,
err.position);
return NULL;
}
return ret;
}
/** /**
* The request for @a ph succeeded (presumably). * The request for @a ph succeeded (presumably).
* Call continuation with the result. * Call continuation with the result.
@ -689,6 +771,7 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
GNUNET_break_op (0); GNUNET_break_op (0);
handle_proof_error (ph, handle_proof_error (ph,
j); j);
GNUNET_JSON_parse_free (spec);
return; return;
} }
{ {
@ -716,6 +799,7 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
"Unexpected response from KYC gateway: data must contain id"); "Unexpected response from KYC gateway: data must contain id");
ph->http_status ph->http_status
= MHD_HTTP_BAD_GATEWAY; = MHD_HTTP_BAD_GATEWAY;
GNUNET_JSON_parse_free (spec);
return; return;
} }
ph->status = TALER_KYCLOGIC_STATUS_SUCCESS; ph->status = TALER_KYCLOGIC_STATUS_SUCCESS;
@ -731,6 +815,9 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
ph->http_status = MHD_HTTP_SEE_OTHER; ph->http_status = MHD_HTTP_SEE_OTHER;
ph->provider_user_id = GNUNET_strdup (id); ph->provider_user_id = GNUNET_strdup (id);
} }
ph->attributes = data2attributes (ph->pd,
data);
GNUNET_JSON_parse_free (spec);
} }

2
src/kyclogic/plugin_kyclogic_persona.c
View File

@ -890,6 +890,7 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
account_id, account_id,
inquiry_id, inquiry_id,
expiration, expiration,
NULL, /* FIXME: return attributes! */
http_status, http_status,
resp); resp);
} }
@ -1173,6 +1174,7 @@ handle_proof_finished (void *cls,
account_id, account_id,
inquiry_id, inquiry_id,
expiration, expiration,
NULL, /* FIXME: return attributes! */
MHD_HTTP_SEE_OTHER, MHD_HTTP_SEE_OTHER,
resp); resp);
} }

6
src/kyclogic/taler-exchange-kyc-tester.c
View File

@ -688,6 +688,7 @@ handler_kyc_webhook_post (
* @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown * @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown
* @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown * @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown
* @param expiration until when is the KYC check valid * @param expiration until when is the KYC check valid
* @param attributes attributes about the user
* @param http_status HTTP status code of @a response * @param http_status HTTP status code of @a response
* @param[in] response to return to the HTTP client * @param[in] response to return to the HTTP client
*/ */
@ -698,6 +699,7 @@ proof_cb (
const char *provider_user_id, const char *provider_user_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
struct GNUNET_TIME_Absolute expiration, struct GNUNET_TIME_Absolute expiration,
const json_t *attributes,
unsigned int http_status, unsigned int http_status,
struct MHD_Response *response) struct MHD_Response *response)
{ {
@ -710,6 +712,10 @@ proof_cb (
status, status,
http_status, http_status,
provider_user_id); provider_user_id);
if (NULL != attributes)
json_dumpf (attributes,
stderr,
JSON_INDENT (2));
MHD_resume_connection (rs->rc->connection); MHD_resume_connection (rs->rc->connection);
TALER_MHD_daemon_trigger (); TALER_MHD_daemon_trigger ();
rs->rc->response = response; rs->rc->response = response;