From bc05050524e3ade854ef36194fad4cdd4b5e15e5 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Thu, 14 Apr 2022 14:14:02 +0200 Subject: [PATCH] anastasis: make iban auth work again --- .../src/challenge-feedback-types.ts | 4 +- packages/anastasis-core/src/index.ts | 39 ++++++++++---- packages/anastasis-core/src/provider-types.ts | 52 +++++++++---------- packages/anastasis-core/src/reducer-types.ts | 18 ++++--- .../home/ChallengeOverviewScreen.stories.tsx | 2 +- .../pages/home/ChallengeOverviewScreen.tsx | 4 +- .../src/pages/home/SolveScreen.tsx | 2 +- .../home/authMethod/AuthMethodEmailSolve.tsx | 20 ++++++- .../AuthMethodQuestionSolve.stories.tsx | 2 +- 9 files changed, 92 insertions(+), 51 deletions(-) diff --git a/packages/anastasis-core/src/challenge-feedback-types.ts b/packages/anastasis-core/src/challenge-feedback-types.ts index 30f42288f..a5fcc6be9 100644 --- a/packages/anastasis-core/src/challenge-feedback-types.ts +++ b/packages/anastasis-core/src/challenge-feedback-types.ts @@ -28,7 +28,7 @@ export enum ChallengeFeedbackStatus { TalerPayment = "taler-payment", Unsupported = "unsupported", RateLimitExceeded = "rate-limit-exceeded", - AuthIban = "auth-iban", + IbanInstructions = "iban-instructions", IncorrectAnswer = "incorrect-answer", } @@ -93,7 +93,7 @@ export interface ChallengeFeedbackRateLimitExceeded { * IBAN bank transfer. */ export interface ChallengeFeedbackBankTransferRequired { - state: ChallengeFeedbackStatus.AuthIban; + state: ChallengeFeedbackStatus.IbanInstructions; /** * Amount that should be transfered for a successful authentication. diff --git a/packages/anastasis-core/src/index.ts b/packages/anastasis-core/src/index.ts index 055f3fb62..012667879 100644 --- a/packages/anastasis-core/src/index.ts +++ b/packages/anastasis-core/src/index.ts @@ -1,3 +1,22 @@ +/* + This file is part of GNU Anastasis + (C) 2021-2022 Anastasis SARL + + GNU Anastasis is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + GNU Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + GNU Anastasis; see the file COPYING. If not, see + */ + +/** + * Imports. + */ import { AmountJson, AmountLike, @@ -22,6 +41,7 @@ import { TalerSignaturePurpose, AbsoluteTime, URL, + j2s, } from "@gnu-taler/taler-util"; import { anastasisData } from "./anastasis-data.js"; import { @@ -879,7 +899,7 @@ async function pollChallenges( ); continue; } - if (feedback.state === ChallengeFeedbackStatus.AuthIban) { + if (feedback.state === ChallengeFeedbackStatus.IbanInstructions) { const s2 = await requestTruth(state, truth, { pin: feedback.answer_code, }); @@ -1080,7 +1100,7 @@ async function changeVersion( ): Promise { const st: ReducerStateRecovery = { ...state, - selected_version: args.selection, + selected_version: args, }; return downloadPolicy(st); } @@ -1147,9 +1167,10 @@ async function selectChallenge( if (resp.status === HttpStatusCode.Ok) { const respBodyJson = await resp.json(); + logger.info(`validating ${j2s(respBodyJson)}`); const instr = codecForChallengeInstructionMessage().decode(respBodyJson); let feedback: ChallengeFeedback; - switch (instr.method) { + switch (instr.challenge_type) { case "FILE_WRITTEN": { feedback = { state: ChallengeFeedbackStatus.CodeInFile, @@ -1160,12 +1181,12 @@ async function selectChallenge( } case "IBAN_WIRE": { feedback = { - state: ChallengeFeedbackStatus.AuthIban, - answer_code: instr.answer_code, - target_business_name: instr.business_name, - challenge_amount: instr.amount, - target_iban: instr.credit_iban, - wire_transfer_subject: instr.wire_transfer_subject, + state: ChallengeFeedbackStatus.IbanInstructions, + answer_code: instr.wire_details.answer_code, + target_business_name: instr.wire_details.business_name, + challenge_amount: instr.wire_details.challenge_amount, + target_iban: instr.wire_details.credit_iban, + wire_transfer_subject: instr.wire_details.wire_transfer_subject, }; break; } diff --git a/packages/anastasis-core/src/provider-types.ts b/packages/anastasis-core/src/provider-types.ts index 4da62fc04..1724b0ed1 100644 --- a/packages/anastasis-core/src/provider-types.ts +++ b/packages/anastasis-core/src/provider-types.ts @@ -20,6 +20,7 @@ import { buildCodecForUnion, Codec, codecForAmountString, + codecForAny, codecForConstString, codecForNumber, codecForString, @@ -137,32 +138,34 @@ export type ChallengeInstructionMessage = export interface IbanChallengeInstructionMessage { // What kind of challenge is this? - method: "IBAN_WIRE"; + challenge_type: "IBAN_WIRE"; - // How much should be wired? - amount: AmountString; + wire_details: { + // How much should be wired? + challenge_amount: AmountString; - // What is the target IBAN? - credit_iban: string; + // What is the target IBAN? + credit_iban: string; - // What is the receiver name? - business_name: string; + // What is the receiver name? + business_name: string; - // What is the expected wire transfer subject? - wire_transfer_subject: string; + // What is the expected wire transfer subject? + wire_transfer_subject: string; - // What is the numeric code (also part of the - // wire transfer subject) to be hashed when - // solving the challenge? - answer_code: number; + // What is the numeric code (also part of the + // wire transfer subject) to be hashed when + // solving the challenge? + answer_code: number; - // Hint about the origin account that must be used. - debit_account_hint: string; + // Hint about the origin account that must be used. + debit_account_hint: string; + }; } export interface PinChallengeInstructionMessage { // What kind of challenge is this? - method: "TAN_SENT"; + challenge_type: "TAN_SENT"; // Where was the PIN code sent? Note that this // address will most likely have been obscured @@ -172,7 +175,7 @@ export interface PinChallengeInstructionMessage { export interface FileChallengeInstructionMessage { // What kind of challenge is this? - method: "FILE_WRITTEN"; + challenge_type: "FILE_WRITTEN"; // Name of the file where the PIN code was written. filename: string; @@ -181,33 +184,28 @@ export interface FileChallengeInstructionMessage { export const codecForFileChallengeInstructionMessage = (): Codec => buildCodecForObject() - .property("method", codecForConstString("FILE_WRITTEN")) + .property("challenge_type", codecForConstString("FILE_WRITTEN")) .property("filename", codecForString()) .build("FileChallengeInstructionMessage"); export const codecForPinChallengeInstructionMessage = (): Codec => buildCodecForObject() - .property("method", codecForConstString("TAN_SENT")) + .property("challenge_type", codecForConstString("TAN_SENT")) .property("tan_address_hint", codecForString()) .build("PinChallengeInstructionMessage"); export const codecForIbanChallengeInstructionMessage = (): Codec => buildCodecForObject() - .property("method", codecForConstString("IBAN_WIRE")) - .property("amount", codecForAmountString()) - .property("business_name", codecForString()) - .property("credit_iban", codecForString()) - .property("wire_transfer_subject", codecForString()) - .property("answer_code", codecForNumber()) - .property("debit_account_hint", codecForString()) + .property("challenge_type", codecForConstString("IBAN_WIRE")) + .property("wire_details", codecForAny()) .build("IbanChallengeInstructionMessage"); export const codecForChallengeInstructionMessage = (): Codec => buildCodecForUnion() - .discriminateOn("method") + .discriminateOn("challenge_type") .alternative("FILE_WRITTEN", codecForFileChallengeInstructionMessage()) .alternative("IBAN_WIRE", codecForIbanChallengeInstructionMessage()) .alternative("TAN_SENT", codecForPinChallengeInstructionMessage()) diff --git a/packages/anastasis-core/src/reducer-types.ts b/packages/anastasis-core/src/reducer-types.ts index b7e3148cb..bb06ea7c3 100644 --- a/packages/anastasis-core/src/reducer-types.ts +++ b/packages/anastasis-core/src/reducer-types.ts @@ -221,7 +221,7 @@ export interface ReducerStateRecovery { /** * Explicitly selected version by the user. */ - selected_version?: AggregatedPolicyMetaInfo; + selected_version?: SelectedVersionInfo; challenge_feedback?: { [uuid: string]: ChallengeFeedback }; @@ -464,10 +464,16 @@ export interface ActionArgsUpdateExpiration { expiration: TalerProtocolTimestamp; } -export interface ActionArgsChangeVersion { - selection: AggregatedPolicyMetaInfo; +export interface SelectedVersionInfo { + attribute_mask: number; + providers: { + url: string; + version: number; + }[]; } +export type ActionArgsChangeVersion = SelectedVersionInfo; + export interface ActionArgsUpdatePolicy { policy_index: number; policy: PolicyMember[]; @@ -518,10 +524,8 @@ export interface DiscoveryResult { cursor?: DiscoveryCursor; } -export const codecForActionArgsChangeVersion = () => - buildCodecForObject() - .property("selection", codecForAny()) - .build("ActionArgsChangeVersion"); +// FIXME: specify schema! +export const codecForActionArgsChangeVersion = codecForAny; export const codecForPolicyMember = () => buildCodecForObject() diff --git a/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.stories.tsx b/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.stories.tsx index 3d765aa86..1acb2470c 100644 --- a/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.stories.tsx +++ b/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.stories.tsx @@ -250,7 +250,7 @@ export const OnePolicyWithAllTheChallengesInDifferentState = createExample( challenge_feedback: { "uuid-1": { state: ChallengeFeedbackStatus.Solved.toString() }, "uuid-3": { - state: ChallengeFeedbackStatus.AuthIban.toString(), + state: ChallengeFeedbackStatus.IbanInstructions.toString(), challenge_amount: "EUR:1", target_iban: "DE12345789000", target_business_name: "Data Loss Incorporated", diff --git a/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.tsx b/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.tsx index 6660e63de..84d2588e0 100644 --- a/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.tsx +++ b/packages/anastasis-webui/src/pages/home/ChallengeOverviewScreen.tsx @@ -16,7 +16,7 @@ function OverviewFeedbackDisplay(props: { feedback?: ChallengeFeedback }) { switch (feedback.state) { case ChallengeFeedbackStatus.Solved: return
; - case ChallengeFeedbackStatus.AuthIban: + case ChallengeFeedbackStatus.IbanInstructions: return null; case ChallengeFeedbackStatus.ServerFailure: return
Server error.
; @@ -173,7 +173,7 @@ export function ChallengeOverviewScreen(): VNode { case ChallengeFeedbackStatus.TruthUnknown: case ChallengeFeedbackStatus.RateLimitExceeded: return
; - case ChallengeFeedbackStatus.AuthIban: + case ChallengeFeedbackStatus.IbanInstructions: case ChallengeFeedbackStatus.TalerPayment: return (
diff --git a/packages/anastasis-webui/src/pages/home/SolveScreen.tsx b/packages/anastasis-webui/src/pages/home/SolveScreen.tsx index 3691d1416..941bfb93b 100644 --- a/packages/anastasis-webui/src/pages/home/SolveScreen.tsx +++ b/packages/anastasis-webui/src/pages/home/SolveScreen.tsx @@ -32,7 +32,7 @@ export function SolveOverviewFeedbackDisplay(props: { ]} /> ); - case ChallengeFeedbackStatus.AuthIban: + case ChallengeFeedbackStatus.IbanInstructions: return ( + */ + +/** + * Imports. + */ import { - ChallengeFeedbackStatus, ChallengeInfo, } from "@gnu-taler/anastasis-core"; import { h, VNode } from "preact"; diff --git a/packages/anastasis-webui/src/pages/home/authMethod/AuthMethodQuestionSolve.stories.tsx b/packages/anastasis-webui/src/pages/home/authMethod/AuthMethodQuestionSolve.stories.tsx index 51d0a9993..5ba621b68 100644 --- a/packages/anastasis-webui/src/pages/home/authMethod/AuthMethodQuestionSolve.stories.tsx +++ b/packages/anastasis-webui/src/pages/home/authMethod/AuthMethodQuestionSolve.stories.tsx @@ -158,7 +158,7 @@ export const TruthUnknownFeedback = createExample(TestedComponent[type].solve, { } as ReducerState); const ibanFeedback: ChallengeFeedbackBankTransferRequired = { - state: ChallengeFeedbackStatus.AuthIban, + state: ChallengeFeedbackStatus.IbanInstructions, challenge_amount: "EUR:1", target_iban: "DE12345789000", target_business_name: "Data Loss Incorporated",