From d189fccd790a36046e1191d7170f45feb3dfb122 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Sun, 23 Jul 2023 12:48:07 +0200 Subject: [PATCH] Added reserve_pub to kyc legitimization_processes Where applicable, the reserve_pub will be passed on to the kcy-legitimization process and persisted along with h_payto. This allows us to set a birthday on the reserve itself, once a related kyc-process has provided one. --- src/exchange/taler-exchange-aggregator.c | 1 + .../taler-exchange-httpd_age-withdraw.c | 1 + .../taler-exchange-httpd_aml-decision.c | 1 + .../taler-exchange-httpd_batch-withdraw.c | 1 + src/exchange/taler-exchange-httpd_kyc-check.c | 12 ++++++++++- .../taler-exchange-httpd_kyc-wallet.c | 13 ++++++++---- .../taler-exchange-httpd_purses_merge.c | 1 + .../taler-exchange-httpd_reserves_close.c | 1 + .../taler-exchange-httpd_reserves_purse.c | 1 + src/exchange/taler-exchange-httpd_withdraw.c | 1 + .../0002-legitimization_processes.sql | 14 +++++++++++++ src/exchangedb/0003-kyc_attributes.sql | 16 +++++++++++++++ .../exchange_do_insert_kyc_attributes.sql | 11 +++++----- .../pg_insert_kyc_requirement_for_account.c | 7 ++++++- .../pg_insert_kyc_requirement_for_account.h | 2 ++ .../pg_insert_kyc_requirement_process.c | 9 ++++++++- .../pg_insert_kyc_requirement_process.h | 2 ++ .../pg_lookup_kyc_requirement_by_row.c | 17 +++++++++++++++- .../pg_lookup_kyc_requirement_by_row.h | 4 +++- src/include/taler_exchangedb_plugin.h | 8 +++++++- src/kyclogic/plugin_kyclogic_oauth2.c | 3 +++ .../test_exchange_api_age_restriction.c | 20 +++++++------------ .../test_exchange_api_age_restriction.conf | 19 +++++++++++++++++- src/testing/test_kyc_api.conf | 2 +- src/testing/testing_api_cmd_withdraw.c | 7 ++++--- 25 files changed, 140 insertions(+), 34 deletions(-) diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c index 0073d85ec..df953ce34 100644 --- a/src/exchange/taler-exchange-aggregator.c +++ b/src/exchange/taler-exchange-aggregator.c @@ -522,6 +522,7 @@ kyc_satisfied (struct AggregationUnit *au_active) db_plugin->cls, requirement, &au_active->h_payto, + NULL, /* not a reserve */ &au_active->requirement_row); if (qs < 0) { diff --git a/src/exchange/taler-exchange-httpd_age-withdraw.c b/src/exchange/taler-exchange-httpd_age-withdraw.c index d0dd2e4f6..106feb01a 100644 --- a/src/exchange/taler-exchange-httpd_age-withdraw.c +++ b/src/exchange/taler-exchange-httpd_age-withdraw.c @@ -727,6 +727,7 @@ age_withdraw_transaction (void *cls, TEH_plugin->cls, kyc_required, &awc->h_payto, + &awc->commitment.reserve_pub, &awc->kyc.requirement_row); } } diff --git a/src/exchange/taler-exchange-httpd_aml-decision.c b/src/exchange/taler-exchange-httpd_aml-decision.c index c1439adc1..e688b2ba6 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision.c +++ b/src/exchange/taler-exchange-httpd_aml-decision.c @@ -165,6 +165,7 @@ make_aml_decision (void *cls, TEH_plugin->cls, res, &dc->h_payto, + NULL, /* not a reserve */ &requirement_row); if (qs < 0) { diff --git a/src/exchange/taler-exchange-httpd_batch-withdraw.c b/src/exchange/taler-exchange-httpd_batch-withdraw.c index 270ee0ca9..d60da56e9 100644 --- a/src/exchange/taler-exchange-httpd_batch-withdraw.c +++ b/src/exchange/taler-exchange-httpd_batch-withdraw.c @@ -456,6 +456,7 @@ batch_withdraw_transaction (void *cls, TEH_plugin->cls, kyc_required, &wc->h_payto, + wc->reserve_pub, &wc->kyc.requirement_row); GNUNET_free (kyc_required); if (qs < 0) diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c index 4b78c071a..090927ecb 100644 --- a/src/exchange/taler-exchange-httpd_kyc-check.c +++ b/src/exchange/taler-exchange-httpd_kyc-check.c @@ -301,6 +301,7 @@ kyc_check (void *cls, struct TALER_KYCLOGIC_ProviderDetails *pd; enum GNUNET_GenericReturnValue ret; struct TALER_PaytoHashP h_payto; + struct TALER_ReservePublicKeyP *reserve_pub; char *requirements; bool satisfied; @@ -309,7 +310,8 @@ kyc_check (void *cls, kyp->requirement_row, &requirements, &kyp->aml_status, - &h_payto); + &h_payto, + &reserve_pub); if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -335,6 +337,7 @@ kyc_check (void *cls, TALER_EC_EXCHANGE_KYC_CHECK_AUTHORIZATION_FAILED, "h_payto"); GNUNET_free (requirements); + GNUNET_free (reserve_pub); return GNUNET_DB_STATUS_HARD_ERROR; } qs = TALER_KYCLOGIC_check_satisfied ( @@ -354,6 +357,7 @@ kyc_check (void *cls, TALER_EC_GENERIC_DB_FETCH_FAILED, "kyc_test_required"); GNUNET_free (requirements); + GNUNET_free (reserve_pub); return GNUNET_DB_STATUS_HARD_ERROR; } if (satisfied) @@ -362,6 +366,7 @@ kyc_check (void *cls, "KYC requirements `%s' already satisfied\n", requirements); GNUNET_free (requirements); + GNUNET_free (reserve_pub); return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; } @@ -381,6 +386,7 @@ kyc_check (void *cls, TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_GONE, requirements); GNUNET_free (requirements); + GNUNET_free (reserve_pub); return GNUNET_DB_STATUS_HARD_ERROR; } GNUNET_free (requirements); @@ -394,7 +400,11 @@ kyc_check (void *cls, kyp->section_name, NULL, NULL, + reserve_pub, &kyp->process_row); + + GNUNET_free (reserve_pub); + if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_kyc-wallet.c b/src/exchange/taler-exchange-httpd_kyc-wallet.c index 77f2dea78..21d07422d 100644 --- a/src/exchange/taler-exchange-httpd_kyc-wallet.c +++ b/src/exchange/taler-exchange-httpd_kyc-wallet.c @@ -41,6 +41,11 @@ struct KycRequestContext */ struct TALER_PaytoHashP h_payto; + /** + * The reserve's public key + */ + struct TALER_ReservePublicKeyP reserve_pub; + /** * KYC status, with row with the legitimization requirement. */ @@ -141,6 +146,7 @@ wallet_kyc_check (void *cls, qs = TEH_plugin->insert_kyc_requirement_for_account (TEH_plugin->cls, krc->required, &krc->h_payto, + &krc->reserve_pub, &krc->kyc.requirement_row); if (qs < 0) { @@ -170,12 +176,11 @@ TEH_handler_kyc_wallet ( { struct TALER_ReserveSignatureP reserve_sig; struct KycRequestContext krc; - struct TALER_ReservePublicKeyP reserve_pub; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("reserve_sig", &reserve_sig), GNUNET_JSON_spec_fixed_auto ("reserve_pub", - &reserve_pub), + &krc.reserve_pub), TALER_JSON_spec_amount ("balance", TEH_currency, &krc.balance), @@ -195,7 +200,7 @@ TEH_handler_kyc_wallet ( TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; if (GNUNET_OK != - TALER_wallet_account_setup_verify (&reserve_pub, + TALER_wallet_account_setup_verify (&krc.reserve_pub, &krc.balance, &reserve_sig)) { @@ -210,7 +215,7 @@ TEH_handler_kyc_wallet ( char *payto_uri; payto_uri = TALER_reserve_make_payto (TEH_base_url, - &reserve_pub); + &krc.reserve_pub); TALER_payto_hash (payto_uri, &krc.h_payto); GNUNET_log (GNUNET_ERROR_TYPE_INFO, diff --git a/src/exchange/taler-exchange-httpd_purses_merge.c b/src/exchange/taler-exchange-httpd_purses_merge.c index 503826874..d1edc49b4 100644 --- a/src/exchange/taler-exchange-httpd_purses_merge.c +++ b/src/exchange/taler-exchange-httpd_purses_merge.c @@ -308,6 +308,7 @@ merge_transaction (void *cls, TEH_plugin->cls, required, &pcc->h_payto, + &pcc->reserve_pub, &pcc->kyc.requirement_row); GNUNET_free (required); if (GNUNET_DB_STATUS_HARD_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_reserves_close.c b/src/exchange/taler-exchange-httpd_reserves_close.c index c84b22dad..bcde80881 100644 --- a/src/exchange/taler-exchange-httpd_reserves_close.c +++ b/src/exchange/taler-exchange-httpd_reserves_close.c @@ -272,6 +272,7 @@ reserve_close_transaction (void *cls, TEH_plugin->cls, kyc_needed, &rcc->kyc_payto, + rcc->reserve_pub, &rcc->kyc.requirement_row); GNUNET_free (kyc_needed); if (GNUNET_DB_STATUS_HARD_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_reserves_purse.c b/src/exchange/taler-exchange-httpd_reserves_purse.c index 5e39f810f..71cec6941 100644 --- a/src/exchange/taler-exchange-httpd_reserves_purse.c +++ b/src/exchange/taler-exchange-httpd_reserves_purse.c @@ -218,6 +218,7 @@ purse_transaction (void *cls, TEH_plugin->cls, required, &rpc->h_payto, + rpc->reserve_pub, &rpc->kyc.requirement_row); GNUNET_free (required); if (GNUNET_DB_STATUS_HARD_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index 9c8a405cc..cbc641410 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -319,6 +319,7 @@ withdraw_transaction (void *cls, TEH_plugin->cls, kyc_required, &wc->h_account_payto, + &wc->collectable.reserve_pub, &wc->kyc.requirement_row); GNUNET_free (kyc_required); if (GNUNET_DB_STATUS_HARD_ERROR == qs) diff --git a/src/exchangedb/0002-legitimization_processes.sql b/src/exchangedb/0002-legitimization_processes.sql index 4544a02ea..576527bce 100644 --- a/src/exchangedb/0002-legitimization_processes.sql +++ b/src/exchangedb/0002-legitimization_processes.sql @@ -29,6 +29,8 @@ BEGIN ',provider_section VARCHAR NOT NULL' ',provider_user_id VARCHAR DEFAULT NULL' ',provider_legitimization_id VARCHAR DEFAULT NULL' + ',finished BOOLEAN DEFAULT (FALSE)' + ',reserve_pub BYTEA' ',UNIQUE (h_payto, provider_section)' ') %s ;' ,'legitimization_processes' @@ -76,6 +78,18 @@ BEGIN ,'legitimization_processes' ,shard_suffix ); + PERFORM comment_partitioned_column( + 'Set to TRUE when the specific legitimization process is finished.' + ,'finished' + ,'legitimization_processes' + ,shard_suffix + ); + PERFORM comment_partitioned_column( + 'If h_payto refers to a reserve, this is its public key, otherwise NULL.' + ,'reserve_pub' + ,'legitimization_processes' + ,shard_suffix + ); END $$; diff --git a/src/exchangedb/0003-kyc_attributes.sql b/src/exchangedb/0003-kyc_attributes.sql index 18093358e..56e274a31 100644 --- a/src/exchangedb/0003-kyc_attributes.sql +++ b/src/exchangedb/0003-kyc_attributes.sql @@ -33,6 +33,7 @@ BEGIN ',collection_time INT8 NOT NULL' ',expiration_time INT8 NOT NULL' ',encrypted_attributes BYTEA NOT NULL' + ',legitimization_serial INT8 NOT NULL' ') %s ;' ,table_name ,'PARTITION BY HASH (h_payto)' @@ -85,6 +86,12 @@ BEGIN ,table_name ,partition_suffix ); + PERFORM comment_partitioned_column( + 'Reference the legitimization process for which theses attributes are gathered for.' + ,'legitimization_serial' + ,table_name + ,partition_suffix + ); END $$; COMMENT ON FUNCTION create_table_kyc_attributes @@ -106,6 +113,15 @@ BEGIN ' ADD CONSTRAINT ' || table_name || '_serial_key ' 'UNIQUE (kyc_attributes_serial_id)' ); + -- The legitimization_serial is a foreign key. + -- TODO: due to partitioning by h_payto, we can not simply reference + -- the serial id of the legitimization_processes + -- EXECUTE FORMAT ( + -- 'ALTER TABLE ' || table_name || + -- ' ADD CONSTRAINT ' || table_name || '_foreign_legitimization_processes' + -- ' FOREIGN KEY (legitimization_serial) ' + -- ' REFERENCES legitimization_processes (legitimization_process_serial_id)' -- ON DELETE CASCADE + -- ); -- To search similar users (e.g. during AML checks) EXECUTE FORMAT ( 'CREATE INDEX ' || table_name || '_similarity_index ' diff --git a/src/exchangedb/exchange_do_insert_kyc_attributes.sql b/src/exchangedb/exchange_do_insert_kyc_attributes.sql index ae6a65759..c80033154 100644 --- a/src/exchangedb/exchange_do_insert_kyc_attributes.sql +++ b/src/exchangedb/exchange_do_insert_kyc_attributes.sql @@ -31,6 +31,8 @@ CREATE OR REPLACE FUNCTION exchange_do_insert_kyc_attributes( OUT out_ok BOOLEAN) LANGUAGE plpgsql AS $$ +DECLARE + orig_reserve_pub BYTEA; BEGIN INSERT INTO exchange.kyc_attributes @@ -48,20 +50,17 @@ INSERT INTO exchange.kyc_attributes ,in_expiration_time_ts ,in_enc_attributes); --- FIXME-Oec: modify to 'return' the reserve_pub here --- (requires of course to modify other code to store --- the reserve pub in the right table in the first place) UPDATE exchange.legitimization_processes SET provider_user_id=in_provider_account_id ,provider_legitimization_id=in_provider_legitimization_id ,expiration_time=GREATEST(expiration_time,in_expiration_time) WHERE h_payto=in_h_payto AND legitimization_process_serial_id=in_process_row - AND provider_section=in_provider_section; + AND provider_section=in_provider_section + RETURNING reserve_pub INTO orig_reserve_pub; out_ok = FOUND; --- FIXME-Oec: update exchange reserve table to store in_birthday here! --- UPDATE exchange.reserves SET birthday=in_birthday WHERE reserve_pub=X; +UPDATE exchange.reserves SET birthday=in_birthday WHERE reserve_pub=orig_reserve_pub; IF in_require_aml THEN diff --git a/src/exchangedb/pg_insert_kyc_requirement_for_account.c b/src/exchangedb/pg_insert_kyc_requirement_for_account.c index 2552aae40..b0b38a336 100644 --- a/src/exchangedb/pg_insert_kyc_requirement_for_account.c +++ b/src/exchangedb/pg_insert_kyc_requirement_for_account.c @@ -30,11 +30,15 @@ TEH_PG_insert_kyc_requirement_for_account ( void *cls, const char *provider_section, const struct TALER_PaytoHashP *h_payto, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *requirement_row) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (h_payto), + (NULL == reserve_pub) + ? GNUNET_PQ_query_param_null () + : GNUNET_PQ_query_param_auto_from_type (reserve_pub), GNUNET_PQ_query_param_string (provider_section), GNUNET_PQ_query_param_end }; @@ -48,9 +52,10 @@ TEH_PG_insert_kyc_requirement_for_account ( "insert_legitimization_requirement", "INSERT INTO legitimization_requirements" " (h_payto" + " ,reserve_pub" " ,required_checks" " ) VALUES " - " ($1, $2)" + " ($1, $2, $3)" " ON CONFLICT (h_payto,required_checks) " " DO UPDATE SET h_payto=$1" /* syntax requirement: dummy op */ " RETURNING legitimization_requirement_serial_id"); diff --git a/src/exchangedb/pg_insert_kyc_requirement_for_account.h b/src/exchangedb/pg_insert_kyc_requirement_for_account.h index c2f03b02a..331c8ba0c 100644 --- a/src/exchangedb/pg_insert_kyc_requirement_for_account.h +++ b/src/exchangedb/pg_insert_kyc_requirement_for_account.h @@ -32,6 +32,7 @@ * @param cls closure * @param provider_section provider that must be checked * @param h_payto account that must be KYC'ed + * @param reserve_pub if the account is a reserve, its public key. Maybe NULL * @param[out] requirement_row set to legitimization requirement row for this check * @return database transaction status */ @@ -40,6 +41,7 @@ TEH_PG_insert_kyc_requirement_for_account ( void *cls, const char *provider_section, const struct TALER_PaytoHashP *h_payto, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *requirement_row); #endif diff --git a/src/exchangedb/pg_insert_kyc_requirement_process.c b/src/exchangedb/pg_insert_kyc_requirement_process.c index f1ea5b490..ddd765b99 100644 --- a/src/exchangedb/pg_insert_kyc_requirement_process.c +++ b/src/exchangedb/pg_insert_kyc_requirement_process.c @@ -24,6 +24,7 @@ #include "taler_pq_lib.h" #include "pg_insert_kyc_requirement_process.h" #include "pg_helper.h" +#include enum GNUNET_DB_QueryStatus TEH_PG_insert_kyc_requirement_process ( @@ -32,6 +33,7 @@ TEH_PG_insert_kyc_requirement_process ( const char *provider_section, const char *provider_account_id, const char *provider_legitimization_id, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *process_row) { struct PostgresClosure *pg = cls; @@ -44,6 +46,9 @@ TEH_PG_insert_kyc_requirement_process ( (NULL != provider_legitimization_id) ? GNUNET_PQ_query_param_string (provider_legitimization_id) : GNUNET_PQ_query_param_null (), + (NULL != reserve_pub) + ? GNUNET_PQ_query_param_auto_from_type (reserve_pub) + : GNUNET_PQ_query_param_null (), GNUNET_PQ_query_param_end }; struct GNUNET_PQ_ResultSpec rs[] = { @@ -60,12 +65,14 @@ TEH_PG_insert_kyc_requirement_process ( " ,provider_section" " ,provider_user_id" " ,provider_legitimization_id" + " ,reserve_pub" " ) VALUES " - " ($1, $2, $3, $4)" + " ($1, $2, $3, $4, $5)" " ON CONFLICT (h_payto,provider_section) " " DO UPDATE SET" " provider_user_id=$3" " ,provider_legitimization_id=$4" + " ,reserve_pub=$5" " RETURNING legitimization_process_serial_id"); return GNUNET_PQ_eval_prepared_singleton_select ( pg->conn, diff --git a/src/exchangedb/pg_insert_kyc_requirement_process.h b/src/exchangedb/pg_insert_kyc_requirement_process.h index df21db8cd..af90b8c14 100644 --- a/src/exchangedb/pg_insert_kyc_requirement_process.h +++ b/src/exchangedb/pg_insert_kyc_requirement_process.h @@ -34,6 +34,7 @@ * @param provider_section provider that must be checked * @param provider_account_id provider account ID * @param provider_legitimization_id provider legitimization ID + * @param reserve_pub if the processes is related to a reserve, the reserve's public key, NULL otherwise * @param[out] process_row row the process is stored under * @return database transaction status */ @@ -44,6 +45,7 @@ TEH_PG_insert_kyc_requirement_process ( const char *provider_section, const char *provider_account_id, const char *provider_legitimization_id, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *process_row); #endif diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c index 6f9d76786..a167c0458 100644 --- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c +++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c @@ -31,7 +31,8 @@ TEH_PG_lookup_kyc_requirement_by_row ( uint64_t requirement_row, char **requirements, enum TALER_AmlDecisionState *aml_status, - struct TALER_PaytoHashP *h_payto) + struct TALER_PaytoHashP *h_payto, + struct TALER_ReservePublicKeyP **reserve_pub) { struct PostgresClosure *pg = cls; uint32_t status = TALER_AML_NORMAL; @@ -39,11 +40,18 @@ TEH_PG_lookup_kyc_requirement_by_row ( GNUNET_PQ_query_param_uint64 (&requirement_row), GNUNET_PQ_query_param_end }; + bool no_reserve_pub; + struct TALER_ReservePublicKeyP *rp = + GNUNET_new (struct TALER_ReservePublicKeyP); struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_string ("required_checks", requirements), GNUNET_PQ_result_spec_auto_from_type ("h_payto", h_payto), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_auto_from_type ("reserve_pub", + rp), + &no_reserve_pub), GNUNET_PQ_result_spec_allow_null ( GNUNET_PQ_result_spec_uint32 ("status", &status), @@ -57,6 +65,7 @@ TEH_PG_lookup_kyc_requirement_by_row ( "SELECT " " lr.required_checks" ",lr.h_payto" + ",lr.reserve_pub" ",aml.status" " FROM legitimization_requirements lr" " LEFT JOIN aml_status aml USING (h_payto)" @@ -67,5 +76,11 @@ TEH_PG_lookup_kyc_requirement_by_row ( params, rs); *aml_status = (enum TALER_AmlDecisionState) status; + if (no_reserve_pub) + { + GNUNET_free (rp); + rp = NULL; + } + *reserve_pub = rp; return qs; } diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h index 3d223c985..54759f932 100644 --- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h +++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h @@ -34,6 +34,7 @@ * @param[out] requirements provider that must be checked * @param[out] aml_status set to the AML status of the account * @param[out] h_payto account that must be KYC'ed + * @param[out] reserve_pub if account is a reserve, its public key, NULL otherwise. Must be freed by caller * @return database transaction status */ enum GNUNET_DB_QueryStatus @@ -42,6 +43,7 @@ TEH_PG_lookup_kyc_requirement_by_row ( uint64_t requirement_row, char **requirements, enum TALER_AmlDecisionState *aml_status, - struct TALER_PaytoHashP *h_payto); + struct TALER_PaytoHashP *h_payto, + struct TALER_ReservePublicKeyP **reserve_pub); #endif diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 1b1a657c2..581ed8ef1 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -6536,6 +6536,7 @@ struct TALER_EXCHANGEDB_Plugin * @param cls closure * @param requirements requirements that must be checked * @param h_payto account that must be KYC'ed + * @þaram reserve_pub if the account is a reserve, its public key, NULL otherwise * @param[out] requirement_row set to legitimization requirement row for this check * @return database transaction status */ @@ -6544,6 +6545,7 @@ struct TALER_EXCHANGEDB_Plugin void *cls, const char *requirements, const struct TALER_PaytoHashP *h_payto, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *requirement_row); @@ -6555,6 +6557,7 @@ struct TALER_EXCHANGEDB_Plugin * @param provider_section provider that must be checked * @param provider_account_id provider account ID * @param provider_legitimization_id provider legitimization ID + * @param reserve_pub if the KYC process is related to a reserve, its public key, NULL otherwise * @param[out] process_row row the process is stored under * @return database transaction status */ @@ -6565,6 +6568,7 @@ struct TALER_EXCHANGEDB_Plugin const char *provider_section, const char *provider_account_id, const char *provider_legitimization_id, + const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t *process_row); @@ -6600,6 +6604,7 @@ struct TALER_EXCHANGEDB_Plugin * @param[out] requirements space-separated list of requirements * @param[out] aml_status set to the AML status of the account * @param[out] h_payto account that must be KYC'ed + * @param[out] reserve_pub if the account is a reserve, its public key, NULL otherwise. Must be freed by caller. * @return database transaction status */ enum GNUNET_DB_QueryStatus @@ -6608,7 +6613,8 @@ struct TALER_EXCHANGEDB_Plugin uint64_t requirement_row, char **requirements, enum TALER_AmlDecisionState *aml_status, - struct TALER_PaytoHashP *h_payto); + struct TALER_PaytoHashP *h_payto, + struct TALER_ReservePublicKeyP **reserve_pub); /** diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c b/src/kyclogic/plugin_kyclogic_oauth2.c index c9e5d8dcf..babbf4acd 100644 --- a/src/kyclogic/plugin_kyclogic_oauth2.c +++ b/src/kyclogic/plugin_kyclogic_oauth2.c @@ -922,6 +922,9 @@ data2attributes (const struct TALER_KYCLOGIC_ProviderDetails *pd, JSON_INDENT (2)); return NULL; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "XXXXXXXX plugin_kyc_logic SETTING ATTERIBUTES TO\n\t%s\n", + json_dumps (data, JSON_INDENT (2))); ret = json_loadb (attr_data, attr_size, JSON_REJECT_DUPLICATES, diff --git a/src/testing/test_exchange_api_age_restriction.c b/src/testing/test_exchange_api_age_restriction.c index 2e62b7c79..0aaa7bbf9 100644 --- a/src/testing/test_exchange_api_age_restriction.c +++ b/src/testing/test_exchange_api_age_restriction.c @@ -257,18 +257,18 @@ run (void *cls, * Test with age-withdraw, after kyc process has set a birthdate */ struct TALER_TESTING_Command age_withdraw[] = { - CMD_TRANSFER_TO_EXCHANGE ("create-reserve-1", + CMD_TRANSFER_TO_EXCHANGE ("create-reserve-kyc-1", "EUR:20.02"), TALER_TESTING_cmd_check_bank_admin_transfer ( "check-create-reserve-1", "EUR:20.02", cred.user42_payto, cred.exchange_payto, - "create-reserve-1"), + "create-reserve-kyc-1"), CMD_EXEC_WIREWATCH ("wirewatch-age-withdraw-1"), TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-lacking-kyc", - "create-reserve-1", - "EUR:5", + "create-reserve-kyc-1", + "EUR:10", 0, /* age restriction off */ MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS), TALER_TESTING_cmd_check_kyc_get ("check-kyc-withdraw", @@ -280,16 +280,10 @@ run (void *cls, "pass", MHD_HTTP_SEE_OTHER), TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-with-kyc", - "create-reserve-1", - "EUR:5", + "create-reserve-kyc-1", + "EUR:10", 0, /* age restriction off */ - MHD_HTTP_OK), - /* Attestations above are bound to the originating *bank* account, - not to the reserve (!). Hence, they are NOT found here! */ - TALER_TESTING_cmd_reserve_get_attestable ("reserve-get-attestable", - "create-reserve-1", - MHD_HTTP_NOT_FOUND, - NULL), + MHD_HTTP_CONFLICT), TALER_TESTING_cmd_end (), }; diff --git a/src/testing/test_exchange_api_age_restriction.conf b/src/testing/test_exchange_api_age_restriction.conf index 37e7fc308..12bf45c33 100644 --- a/src/testing/test_exchange_api_age_restriction.conf +++ b/src/testing/test_exchange_api_age_restriction.conf @@ -23,7 +23,7 @@ HTTP_PORT = 8082 [exchange] TERMS_ETAG = tos PRIVACY_ETAG = 0 -AML_THRESHOLD = EUR:1000000 +AML_THRESHOLD = EUR:10 PORT = 8081 MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG DB = postgres @@ -80,12 +80,29 @@ KYC_OAUTH2_CLIENT_SECRET = exchange-secret KYC_OAUTH2_POST_URL = http://example.com/ KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"full_name":"{{last_name}}, {{first_name}}","birthdate":"{{birthdate}}"}" +[kyc-legitimization-balance-high] +OPERATION_TYPE = BALANCE +REQUIRED_CHECKS = DUMMY +THRESHOLD = EUR:20 + +[kyc-legitimization-deposit-any] +OPERATION_TYPE = DEPOSIT +REQUIRED_CHECKS = DUMMY +THRESHOLD = EUR:10 +TIMEFRAME = 1d + [kyc-legitimization-withdraw] OPERATION_TYPE = WITHDRAW REQUIRED_CHECKS = DUMMY THRESHOLD = EUR:15 TIMEFRAME = 1d +[kyc-legitimization-merge] +OPERATION_TYPE = MERGE +REQUIRED_CHECKS = DUMMY +THRESHOLD = EUR:15 +TIMEFRAME = 1d + [exchange-extension-age_restriction] ENABLED = YES diff --git a/src/testing/test_kyc_api.conf b/src/testing/test_kyc_api.conf index 903439904..7a212623a 100644 --- a/src/testing/test_kyc_api.conf +++ b/src/testing/test_kyc_api.conf @@ -31,7 +31,7 @@ TIMEFRAME = 1d [kyc-legitimization-withdraw] OPERATION_TYPE = WITHDRAW REQUIRED_CHECKS = DUMMY -THRESHOLD = EUR:8 +THRESHOLD = EUR:10 TIMEFRAME = 1d [kyc-legitimization-merge] diff --git a/src/testing/testing_api_cmd_withdraw.c b/src/testing/testing_api_cmd_withdraw.c index cf0b49983..8873c2409 100644 --- a/src/testing/testing_api_cmd_withdraw.c +++ b/src/testing/testing_api_cmd_withdraw.c @@ -283,9 +283,10 @@ reserve_withdraw_cb (void *cls, return; } } - TALER_TESTING_unexpected_status (is, - wr->hr.http_status, - ws->expected_response_code); + TALER_TESTING_unexpected_status_with_body (is, + wr->hr.http_status, + ws->expected_response_code, + wr->hr.reply); return; } switch (wr->hr.http_status)