Merge branch 'master' of git.taler.net:/var/git/wallet-webex
This commit is contained in:
commit
33e7fb56a1
6
articles/ui/figs/taler-contract.html
Normal file
6
articles/ui/figs/taler-contract.html
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<script src="taler-wallet-lib.js"></script>
|
||||||
|
<script>
|
||||||
|
taler.offerContractFrom("https://myshop/products/article/42", (err) => {
|
||||||
|
alert("Error while offering contract");
|
||||||
|
});
|
||||||
|
</script>
|
@ -1,35 +0,0 @@
|
|||||||
/* Trigger Taler contract generation on the server, and pass the
|
|
||||||
contract to the extension once we got it. */
|
|
||||||
function taler_pay(form) {
|
|
||||||
var contract_request = new XMLHttpRequest();
|
|
||||||
|
|
||||||
/* Note that the URL we give here is simply an example
|
|
||||||
and not dictated by the protocol: each web shop can
|
|
||||||
have its own way of generating and transmitting the
|
|
||||||
contract, there just must be a way to get the contract
|
|
||||||
and to pass it to the wallet when the user selects 'Pay'. */
|
|
||||||
contract_request.open("GET", "generate-taler-contract", true);
|
|
||||||
contract_request.onload = function (e) {
|
|
||||||
if (contract_request.readyState == 4) {
|
|
||||||
if (contract_request.status == 200) {
|
|
||||||
/* Send contract to the extension. */
|
|
||||||
handle_contract(contract_request.responseText);
|
|
||||||
} else {
|
|
||||||
/* There was an error obtaining the contract from the merchant,
|
|
||||||
obviously this should not happen. To keep it simple, we just
|
|
||||||
alert the user to the error. */
|
|
||||||
alert("Failure to download contract " +
|
|
||||||
"(" + contract_request.status + "):\n" +
|
|
||||||
contract_request.responseText);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
contract_request.onerror = function (e) {
|
|
||||||
/* There was an error obtaining the contract from the merchant,
|
|
||||||
obviously this should not happen. To keep it simple, we just
|
|
||||||
alert the user to the error. */
|
|
||||||
alert("Failure requesting the contract:\n" +
|
|
||||||
contract_request.statusText);
|
|
||||||
};
|
|
||||||
contract_request.send();
|
|
||||||
}
|
|
@ -1,10 +1,9 @@
|
|||||||
<script src="taler-wallet-lib.js"></script>
|
<script src="taler-wallet-lib.js"></script>
|
||||||
<script>
|
<script>
|
||||||
taler.onPresent(() => {
|
taler.onPresent(() => {
|
||||||
|
alert("Taler wallet is installed");
|
||||||
});
|
});
|
||||||
|
|
||||||
taler.onAbsent(() => {
|
taler.onAbsent(() => {
|
||||||
alert("Taler isn't installed");
|
alert("Taler wallet is not installed");
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
@ -747,8 +747,8 @@ merchant, the customer may choose to cover them.
|
|||||||
|
|
||||||
|
|
||||||
\begin{figure*}[h!]
|
\begin{figure*}[h!]
|
||||||
\lstset{language=JavaScript}
|
\lstset{language=HTML5}
|
||||||
\lstinputlisting{figs/taler-contract.js}
|
\lstinputlisting{figs/taler-contract.html}
|
||||||
\caption{Sample code to pass a contract to the Taler wallet.
|
\caption{Sample code to pass a contract to the Taler wallet.
|
||||||
Here, the contract is fetched on-demand from the server.
|
Here, the contract is fetched on-demand from the server.
|
||||||
The {\tt taler\_pay()} function needs to be invoked
|
The {\tt taler\_pay()} function needs to be invoked
|
||||||
@ -769,10 +769,55 @@ detect the presence of a Taler wallet (Figure~\ref{listing:presence}),
|
|||||||
so that the selection of alternative payment methods can be skipped if
|
so that the selection of alternative payment methods can be skipped if
|
||||||
a Taler wallet is installed (as it is in Figure~\ref{fig:shopping}).
|
a Taler wallet is installed (as it is in Figure~\ref{fig:shopping}).
|
||||||
|
|
||||||
% FIXME: add figure for 402 payment!
|
\begin{figure*}[h!]
|
||||||
|
\lstset{language=JavaScript}
|
||||||
|
\begin{lstlisting}
|
||||||
|
{
|
||||||
|
"H_wire":"JCDAV...",
|
||||||
|
"amount":{"currency":"EUR","fraction":100000,"value":0},
|
||||||
|
"auditors":[],
|
||||||
|
"exchanges":[{"master_pub":"CQA...","url":"https://myexchange/"}],
|
||||||
|
"expiry":"/Date(1480119270)/",
|
||||||
|
"fulfillment_url": "https://myshop/essay/...",
|
||||||
|
"max_fee":{"currency":"EUR","fraction":0,"value":3},
|
||||||
|
"merchant":{"address":"Somewhere","jurisdiction":"none","name":"Kudos Inc."},
|
||||||
|
"merchant_pub":"YDP...",
|
||||||
|
"products":[{
|
||||||
|
"description":"Essay: The GNU Project",
|
||||||
|
"price":{"currency":"EUR","fraction":100000,"value":0},
|
||||||
|
"product_id":0,"quantity":1}],
|
||||||
|
"refund_deadline":"/Date(1471522470)/",
|
||||||
|
"timestamp":"/Date(1471479270)/",
|
||||||
|
"transaction_id":249960194066269
|
||||||
|
}
|
||||||
|
\end{lstlisting}
|
||||||
|
\caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}}
|
||||||
|
\label{listing:json-contract}
|
||||||
|
\end{figure*}
|
||||||
|
|
||||||
|
\begin{figure*}[h!]
|
||||||
|
\lstset{language={}}
|
||||||
|
\begin{lstlisting}
|
||||||
|
HTTP/1.1 402 Payment Required
|
||||||
|
Content-Type: text/html; charset=UTF-8
|
||||||
|
X-Taler-Contract-Url: https://myshop/generate-contract?product=42
|
||||||
|
...
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
...
|
||||||
|
You don't seem to have Taler installed, here are
|
||||||
|
other payment options:
|
||||||
|
...
|
||||||
|
</html>
|
||||||
|
\end{lstlisting}
|
||||||
|
\caption{Sample HTTP response for a web resource that requires a payment.}
|
||||||
|
\label{listing:http-contract}
|
||||||
|
\end{figure*}
|
||||||
|
|
||||||
The offer URL of the Web shop can then initiate payments by sending a
|
The offer URL of the Web shop can then initiate payments by sending a
|
||||||
\emph{contract proposal} to the wallet, either via the HTTP status
|
\emph{contract proposal} (Figure~\ref{listing:json-contract}) to the wallet, either via the HTTP status
|
||||||
code {\tt 402 Payment Required}, or via Taler's JavaScript API
|
code {\tt 402 Payment Required} (Figure~\ref{listing:http-contract}), or via Taler's JavaScript API
|
||||||
(Figure~\ref{listing:contract}). The wallet then presents the
|
(Figure~\ref{listing:contract}). The wallet then presents the
|
||||||
contract to the user. The format of the contract is in an extensible
|
contract to the user. The format of the contract is in an extensible
|
||||||
JSON-based format defined by Taler and not HTML, as the rendering of
|
JSON-based format defined by Taler and not HTML, as the rendering of
|
||||||
@ -841,6 +886,28 @@ URL in a browser will show the resource associated with the purchase.
|
|||||||
This resource can be a digital good such as a news article, or simply
|
This resource can be a digital good such as a news article, or simply
|
||||||
a confirmation for products that are delivered by other means.
|
a confirmation for products that are delivered by other means.
|
||||||
|
|
||||||
|
\begin{figure*}[h!]
|
||||||
|
\lstset{language={}}
|
||||||
|
\begin{lstlisting}
|
||||||
|
HTTP/1.1 402 Payment Required
|
||||||
|
Content-Type: text/html; charset=UTF-8
|
||||||
|
X-Taler-Contract-Hash: RA67CB1...
|
||||||
|
X-Taler-Offer-Url: https://myshop/article/42
|
||||||
|
...
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
...
|
||||||
|
You don't seem to have Taler installed, here are
|
||||||
|
other payment options:
|
||||||
|
...
|
||||||
|
</html>
|
||||||
|
\end{lstlisting}
|
||||||
|
\caption{Sample HTTP response when the user agent navigates to a fulfillment URL without
|
||||||
|
the session state that indicates they have paid for the resource.}
|
||||||
|
\label{listing:http-execute}
|
||||||
|
\end{figure*}
|
||||||
|
|
||||||
In order to ensure that only the paying customer has access to the Web
|
In order to ensure that only the paying customer has access to the Web
|
||||||
resources behind the fulfillment URL, the Web store's server must
|
resources behind the fulfillment URL, the Web store's server must
|
||||||
check the browser's session state. If the merchant can confirm that
|
check the browser's session state. If the merchant can confirm that
|
||||||
@ -850,7 +917,7 @@ for example because the session state was lost,\footnote{This can
|
|||||||
happen when when privacy conscious users delete their cookies.
|
happen when when privacy conscious users delete their cookies.
|
||||||
Also, some user agents (such as the TOR browser) do not support
|
Also, some user agents (such as the TOR browser) do not support
|
||||||
persistent (non-session) cookies.} it {\em again} triggers a payment
|
persistent (non-session) cookies.} it {\em again} triggers a payment
|
||||||
process (either via JavaScript or using {\tt 402 Payment Required}).
|
process (either via JavaScript or using {\tt 402 Payment Required}, see Figure~\ref{listing:http-execute}).
|
||||||
If the wallet remembers paying for the contract previously, this
|
If the wallet remembers paying for the contract previously, this
|
||||||
causes the wallet to retransmit the signed coins that are associated
|
causes the wallet to retransmit the signed coins that are associated
|
||||||
with the purchase to the merchant.
|
with the purchase to the merchant.
|
||||||
@ -930,6 +997,23 @@ it has the following key advantages:
|
|||||||
|
|
||||||
\subsection{Giving change and refunds}
|
\subsection{Giving change and refunds}
|
||||||
|
|
||||||
|
\begin{figure*}[h!]
|
||||||
|
\lstset{language={HTML5}}
|
||||||
|
\begin{lstlisting}
|
||||||
|
<script src="taler-wallet-lib.js"></script>
|
||||||
|
<script>
|
||||||
|
// Obtain refund permissions from the merchant backend
|
||||||
|
// ...
|
||||||
|
let refundPermissions = /* ... */;
|
||||||
|
taler.acceptRefunds(refundPermissions, (err) => {
|
||||||
|
alert("An error occured while attempting a refund");
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
\end{lstlisting}
|
||||||
|
\caption{Sample JavaScript code to trigger a refund from the merchant's web shop}
|
||||||
|
\label{listing:refund}
|
||||||
|
\end{figure*}
|
||||||
|
|
||||||
An important cryptographic difference between Taler and previous
|
An important cryptographic difference between Taler and previous
|
||||||
transaction systems based on blind signing is that Taler is able to
|
transaction systems based on blind signing is that Taler is able to
|
||||||
provide unlinkable change and refunds. From the user's point of view,
|
provide unlinkable change and refunds. From the user's point of view,
|
||||||
@ -945,13 +1029,11 @@ the exchange providers and fee structure, but not the cryptographic
|
|||||||
coins. Consequently, the major cryptographic advances of Taler are
|
coins. Consequently, the major cryptographic advances of Taler are
|
||||||
invisible to the user.
|
invisible to the user.
|
||||||
|
|
||||||
Taler's refresh protocol~\cite{talercrypto} also allows merchants to
|
Taler's refresh protocol~\cite{talercrypto} also allows merchants to give
|
||||||
give refunds to customers. For this, the merchant merely has to send a
|
refunds to customers. To refund a purchase, the merchant obtains a signed refund permission
|
||||||
signed message to the exchange confirming the refund, and notify the
|
from the exchange, which the customer's wallet processes
|
||||||
customer's wallet that the respective transaction was refunded. This
|
(Figure~\ref{listing:refund}) to obtain new, unlinkable coins as refund.
|
||||||
can even be done with anonymous customers, as refunds are given as
|
This process allows the customer to say anonymous when receiving refunds.
|
||||||
additional change to the owner of the coins that were originally spent
|
|
||||||
to pay for the refunded transaction.
|
|
||||||
|
|
||||||
Taler's refresh protocol ensures unlinkability for both change and
|
Taler's refresh protocol ensures unlinkability for both change and
|
||||||
refunds, thereby assuring that the user has key conveniences of other
|
refunds, thereby assuring that the user has key conveniences of other
|
||||||
|
Loading…
Reference in New Issue
Block a user