taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

KYC: misc. fixes to attribute attestation logic

Browse Source
This commit is contained in:
Christian Grothoff 2023-01-29 13:58:56 +01:00
parent 99753a5d31
commit ff202ef296
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
11 changed files with 55 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/exchange/taler-exchange-httpd_reserves_attest.c
View File

@ -76,7 +76,7 @@ struct ReserveAttestContext
struct TALER_ReserveSignatureP reserve_sig;
/**
* Attributes we are affirming.
* Attributes we are affirming. JSON object.
*/
json_t *json_attest;
@ -140,8 +140,12 @@ reply_reserve_attest_success (struct MHD_Connection *connection,
&exchange_sig),
GNUNET_JSON_pack_data_auto ("exchange_pub",
&exchange_pub),
GNUNET_JSON_pack_array_steal ("attest",
rhc->json_attest));
GNUNET_JSON_pack_timestamp ("exchange_timestamp",
now),
GNUNET_JSON_pack_timestamp ("expiration_time",
rhc->etime),
GNUNET_JSON_pack_object_steal ("attributes",
rhc->json_attest));
}
@ -201,7 +205,12 @@ kyc_process_cb (void *cls,
}
}
if (! requested)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Skipping attribute `%s': not requested\n",
name);
continue;
}
match = true;
GNUNET_assert (0 ==
json_object_set (rsc->json_attest, /* NOT set_new! */
@ -239,7 +248,7 @@ reserve_attest_transaction (void *cls,
struct ReserveAttestContext *rsc = cls;
enum GNUNET_DB_QueryStatus qs;
rsc->json_attest = json_array ();
rsc->json_attest = json_object ();
GNUNET_assert (NULL != rsc->json_attest);
qs = TEH_plugin->select_kyc_attributes (TEH_plugin->cls,
&rsc->h_payto,

6
src/exchange/taler-exchange-httpd_reserves_get_attest.c
View File

@ -210,6 +210,7 @@ TEH_handler_reserves_get_attest (struct TEH_RequestContext *rc,
&rsc))
{
json_decref (rsc.attributes);
rsc.attributes = NULL;
return mhd_ret;
}
}
@ -217,6 +218,7 @@ TEH_handler_reserves_get_attest (struct TEH_RequestContext *rc,
if (rsc.not_found)
{
json_decref (rsc.attributes);
rsc.attributes = NULL;
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_GENERIC_RESERVE_UNKNOWN,
@ -225,8 +227,8 @@ TEH_handler_reserves_get_attest (struct TEH_RequestContext *rc,
return TALER_MHD_REPLY_JSON_PACK (
rc->connection,
MHD_HTTP_OK,
GNUNET_JSON_pack_object_steal ("attributes",
rsc.attributes));
GNUNET_JSON_pack_array_steal ("details",
rsc.attributes));
}

2
src/exchangedb/0003-kyc_attributes.sql
View File

@ -32,7 +32,7 @@ BEGIN
',birthdate VARCHAR'
',collection_time INT8 NOT NULL'
',expiration_time INT8 NOT NULL'
',encrypted_attributes VARCHAR NOT NULL'
',encrypted_attributes BYTEA NOT NULL'
') %s ;'
,table_name
,'PARTITION BY HASH (h_payto)'

3
src/exchangedb/pg_select_kyc_attributes.c
View File

@ -75,7 +75,6 @@ get_attributes_cb (void *cls,
for (unsigned int i = 0; i < num_results; i++)
{
struct TALER_PaytoHashP h_payto;
struct GNUNET_TIME_Timestamp collection_time;
struct GNUNET_TIME_Timestamp expiration_time;
size_t enc_attributes_size;
@ -83,8 +82,6 @@ get_attributes_cb (void *cls,
char *provider;
char *birthdate = NULL;
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_auto_from_type ("h_payto",
&h_payto),
GNUNET_PQ_result_spec_string ("provider",
&provider),
GNUNET_PQ_result_spec_allow_null (

2
src/include/taler_exchange_service.h
View File

@ -5774,7 +5774,7 @@ struct TALER_EXCHANGE_ReservePostAttestResult
struct GNUNET_TIME_Timestamp exchange_time;
/**
* Current expiration time of the reserve.
* Expiration time of the attested attributes.
*/
struct GNUNET_TIME_Timestamp expiration_time;

2
src/kyclogic/kyclogic-oauth2.conf
View File

@ -32,4 +32,4 @@ KYC_OAUTH2_CLIENT_SECRET = password
# This is just an example, details will depend on the
# provider!
#
KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"
KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"fullname":"{{last_name}}, {{first_name}}","phone":"{{phone}}"}"

6
src/lib/exchange_api_reserves_attest.c
View File

@ -97,7 +97,7 @@ handle_reserves_attest_ok (struct TALER_EXCHANGE_ReservesAttestHandle *rsh,
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_timestamp ("exchange_timestamp",
&rs.details.ok.exchange_time),
GNUNET_JSON_spec_timestamp ("exchange_timestamp",
GNUNET_JSON_spec_timestamp ("expiration_time",
&rs.details.ok.expiration_time),
GNUNET_JSON_spec_fixed_auto ("exchange_sig",
&rs.details.ok.exchange_sig),
@ -311,8 +311,8 @@ TALER_EXCHANGE_reserves_attest (
&reserve_sig),
GNUNET_JSON_pack_timestamp ("request_timestamp",
ts),
GNUNET_JSON_pack_object_steal ("details",
details));
GNUNET_JSON_pack_array_steal ("details",
details));
if (GNUNET_OK !=
TALER_curl_easy_post (&rsh->post_ctx,

24
src/testing/test_kyc_api.c
View File

@ -23,6 +23,7 @@
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_attributes.h"
#include "taler_signatures.h"
#include "taler_exchange_service.h"
#include "taler_json_lib.h"
@ -91,15 +92,14 @@ static void
run (void *cls,
struct TALER_TESTING_Interpreter *is)
{
/**
* Test withdraw.
*/
struct TALER_TESTING_Command withdraw[] = {
CMD_TRANSFER_TO_EXCHANGE ("create-reserve-1",
"EUR:15.02"),
TALER_TESTING_cmd_check_bank_admin_transfer (
"check-create-reserve-1",
"EUR:15.02", bc.user42_payto, bc.exchange_payto,
"EUR:15.02",
bc.user42_payto,
bc.exchange_payto,
"create-reserve-1"),
CMD_EXEC_WIREWATCH ("wirewatch-1"),
TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-no-kyc",
@ -137,6 +137,12 @@ run (void *cls,
"EUR:5",
0, /* age restriction off */
MHD_HTTP_OK),
/* Attestations above are bound to the originating *bank* account,
not to the reserve (!). Hence, they are NOT found here! */
TALER_TESTING_cmd_reserve_get_attestable ("reserve-get-attestable",
"create-reserve-1",
MHD_HTTP_NOT_FOUND,
NULL),
TALER_TESTING_cmd_end ()
};
struct TALER_TESTING_Command spend[] = {
@ -216,6 +222,16 @@ run (void *cls,
TALER_TESTING_cmd_check_kyc_get ("wallet-kyc-check",
"wallet-kyc-fail",
MHD_HTTP_NO_CONTENT),
TALER_TESTING_cmd_reserve_get_attestable ("wallet-get-attestable",
"wallet-kyc-fail",
MHD_HTTP_OK,
TALER_ATTRIBUTE_FULL_NAME,
NULL),
TALER_TESTING_cmd_reserve_attest ("wallet-get-attestable",
"wallet-kyc-fail",
MHD_HTTP_OK,
TALER_ATTRIBUTE_FULL_NAME,
NULL),
TALER_TESTING_cmd_end ()
};

1
src/testing/test_kyc_api.conf
View File

@ -58,6 +58,7 @@ KYC_OAUTH2_INFO_URL = http://localhost:6666/api/user/me
KYC_OAUTH2_CLIENT_ID = taler-exchange
KYC_OAUTH2_CLIENT_SECRET = exchange-secret
KYC_OAUTH2_POST_URL = http://example.com/
KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"fullname":"{{last_name}}, {{first_name}}"}"
[kyc-legitimization-balance-high]
OPERATION_TYPE = BALANCE

7
src/testing/testing_api_cmd_oauth.c
View File

@ -188,7 +188,12 @@ handler_cb (void *cls,
"data",
GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("id",
"XXXID12345678"))));
"XXXID12345678"),
GNUNET_JSON_pack_string ("first_name",
"Bob"),
GNUNET_JSON_pack_string ("last_name",
"Builder")
)));
return TALER_MHD_reply_json_steal (connection,
body,
MHD_HTTP_OK);

10
src/testing/testing_api_cmd_reserve_get_attestable.c
View File

@ -122,23 +122,23 @@ get_attestable_run (void *cls,
struct TALER_TESTING_Interpreter *is)
{
struct GetAttestableState *ss = cls;
const struct TALER_TESTING_Command *create_reserve;
const struct TALER_TESTING_Command *ref_reserve;
const struct TALER_ReservePrivateKeyP *reserve_priv;
const struct TALER_ReservePublicKeyP *reserve_pub;
ss->is = is;
create_reserve
ref_reserve
= TALER_TESTING_interpreter_lookup_command (is,
ss->reserve_reference);
if (NULL == create_reserve)
if (NULL == ref_reserve)
{
GNUNET_break (0);
TALER_TESTING_interpreter_fail (is);
return;
}
if (GNUNET_OK ==
TALER_TESTING_get_trait_reserve_priv (create_reserve,
TALER_TESTING_get_trait_reserve_priv (ref_reserve,
&reserve_priv))
{
GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv,
@ -147,7 +147,7 @@ get_attestable_run (void *cls,
else
{
if (GNUNET_OK !=
TALER_TESTING_get_trait_reserve_pub (create_reserve,
TALER_TESTING_get_trait_reserve_pub (ref_reserve,
&reserve_pub))
{
GNUNET_break (0);