aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-19 15:11:17 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-19 15:11:17 +0200
commit5b3ded24a329d25b77372f17d75ff6b3d68bfa5d (patch)
treef80c75ed651c0180ae4467dd96f51d6610ad80ce
parent677c7e87a5da584e68194c9cca19a91191c3140c (diff)
downloadanastasis-5b3ded24a329d25b77372f17d75ff6b3d68bfa5d.tar.gz
anastasis-5b3ded24a329d25b77372f17d75ff6b3d68bfa5d.zip
document reducer return values for IBAN auth
-rw-r--r--doc/sphinx/reducer.rst44
-rw-r--r--src/authorization/anastasis_authorization_plugin_iban.c32
-rw-r--r--src/authorization/authorization-iban-messages.json4
-rw-r--r--src/reducer/anastasis_api_recovery_redux.c84
4 files changed, 140 insertions, 24 deletions
diff --git a/doc/sphinx/reducer.rst b/doc/sphinx/reducer.rst
index 68df5b1..dcfc522 100644
--- a/doc/sphinx/reducer.rst
+++ b/doc/sphinx/reducer.rst
@@ -1591,7 +1591,7 @@ that applications must all handle. States other than ``solved`` are:
1591 } 1591 }
1592 } 1592 }
1593 1593
1594 - **rate-limit-exceeded**: 1594 - **rate-limit-exceeded**: This indicates that the user has made too many invalid attempts in too short an amount of time.
1595 1595
1596 .. code-block:: json 1596 .. code-block:: json
1597 1597
@@ -1609,7 +1609,7 @@ that applications must all handle. States other than ``solved`` are:
1609 } 1609 }
1610 } 1610 }
1611 1611
1612 - **authentication-timeout**: 1612 - **authentication-timeout**: This indicates that the challenge is awaiting for some external authentication process to complete. The application should ``poll`` for it to complete, or proceed with selecting other challenges.
1613 1613
1614 .. code-block:: json 1614 .. code-block:: json
1615 1615
@@ -1627,6 +1627,46 @@ that applications must all handle. States other than ``solved`` are:
1627 } 1627 }
1628 } 1628 }
1629 1629
1630 - **authentication-instructions**: This indicates that the challenge requires the user to perform some authetnication method-specific actions. Details about what the user should do are provided.
1631
1632 .. code-block:: json
1633
1634 {
1635 "recovery_state": "CHALLENGE_SELECTING",
1636 "recovery_information": {
1637 "...": "..."
1638 }
1639 "selected_challenge_uuid": "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0",
1640 "challenge_feedback": {
1641 "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0": {
1642 "state": "external-instructions",
1643 "method": "iban",
1644 "details": {
1645 "...": "..."
1646 }
1647 }
1648 }
1649 }
1650
1651 The specific instructions depend on the ``method``.
1652 They include:
1653
1654 - **iban**: The user must perform a wire transfer from their account to the Anastasis provider.
1655
1656 .. code-block:: json
1657
1658 {
1659 "challenge_amount": "EUR:1",
1660 "credit_iban": "DE12345789000",
1661 "business_name": "Data Loss Incorporated",
1662 "wire_transfer_subject": 987654321
1663 }
1664
1665 Note that the actual wire transfer subject must contain both
1666 the numeric ``wire_transfer_subject`` given above as well as
1667 the string ``Anastasis``. Thus, when generating human-readable
1668 instructions from the above, the display output should be
1669 ``Anastasis 987654321``.
1630 1670
1631**poll:** 1671**poll:**
1632 1672
diff --git a/src/authorization/anastasis_authorization_plugin_iban.c b/src/authorization/anastasis_authorization_plugin_iban.c
index 4f43d3f..ef11b88 100644
--- a/src/authorization/anastasis_authorization_plugin_iban.c
+++ b/src/authorization/anastasis_authorization_plugin_iban.c
@@ -319,14 +319,6 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
319 /* Build HTTP response */ 319 /* Build HTTP response */
320 { 320 {
321 struct MHD_Response *resp; 321 struct MHD_Response *resp;
322 const char *end;
323 size_t slen;
324
325 slen = strlen (as->iban_number);
326 if (slen > 4)
327 end = &as->iban_number[slen - 4];
328 else
329 end = &as->iban_number[slen / 2];
330 322
331 if (TALER_MHD_xmime_matches (mime, 323 if (TALER_MHD_xmime_matches (mime,
332 "application/json")) 324 "application/json"))
@@ -334,16 +326,17 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
334 resp = TALER_MHD_MAKE_JSON_PACK ( 326 resp = TALER_MHD_MAKE_JSON_PACK (
335 GNUNET_JSON_pack_string ("method", 327 GNUNET_JSON_pack_string ("method",
336 "iban"), 328 "iban"),
337 TALER_JSON_pack_amount ("challenge_amount", 329 GNUNET_JSON_pack_object_steal (
338 &ctx->expected_amount), 330 "details",
339 GNUNET_JSON_pack_string ("credit_iban", 331 GNUNET_JSON_PACK (
340 ctx->business_iban), 332 TALER_JSON_pack_amount ("challenge_amount",
341 GNUNET_JSON_pack_string ("business_name", 333 &ctx->expected_amount),
342 ctx->business_name), 334 GNUNET_JSON_pack_string ("credit_iban",
343 GNUNET_JSON_pack_uint64 ("wire_transfer_subject", 335 ctx->business_iban),
344 as->code), 336 GNUNET_JSON_pack_string ("business_name",
345 GNUNET_JSON_pack_string ("debit_account_hint", 337 ctx->business_name),
346 end)); 338 GNUNET_JSON_pack_uint64 ("wire_transfer_subject",
339 as->code))));
347 } 340 }
348 else 341 else
349 { 342 {
@@ -357,8 +350,7 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
357 TALER_amount2s (&ctx->expected_amount), 350 TALER_amount2s (&ctx->expected_amount),
358 ctx->business_name, 351 ctx->business_name,
359 ctx->business_iban, 352 ctx->business_iban,
360 (unsigned long long) as->code, 353 (unsigned long long) as->code);
361 end);
362 resp = MHD_create_response_from_buffer (reply_len, 354 resp = MHD_create_response_from_buffer (reply_len,
363 reply, 355 reply,
364 MHD_RESPMEM_MUST_COPY); 356 MHD_RESPMEM_MUST_COPY);
diff --git a/src/authorization/authorization-iban-messages.json b/src/authorization/authorization-iban-messages.json
index 8c6295b..9575856 100644
--- a/src/authorization/authorization-iban-messages.json
+++ b/src/authorization/authorization-iban-messages.json
@@ -1,6 +1,6 @@
1{ 1{
2 "instructions" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of %llu from your bank account ending with %s", 2 "instructions" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of 'Anastasis %llu' from your bank account",
3 "instructions_i18n" : { 3 "instructions_i18n" : {
4 "en_EN" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of %llu from your bank account ending with %s" 4 "en_EN" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of 'Anastasis %llu' from your bank account"
5 } 5 }
6} 6}
diff --git a/src/reducer/anastasis_api_recovery_redux.c b/src/reducer/anastasis_api_recovery_redux.c
index 95632cc..c549d35 100644
--- a/src/reducer/anastasis_api_recovery_redux.c
+++ b/src/reducer/anastasis_api_recovery_redux.c
@@ -708,6 +708,90 @@ answer_feedback_cb (
708 sctx->state); 708 sctx->state);
709 sctx_free (sctx); 709 sctx_free (sctx);
710 return; 710 return;
711
712 case ANASTASIS_CHALLENGE_STATUS_EXTERNAL_INSTRUCTIONS:
713 {
714 json_t *body = NULL;
715 const char *mime;
716
717 mime = csr->details.open_challenge.content_type;
718 if (0 == strcasecmp (mime,
719 "application/json"))
720 {
721 body = json_loadb (csr->details.open_challenge.body,
722 csr->details.open_challenge.body_size,
723 JSON_REJECT_DUPLICATES,
724 NULL);
725 GNUNET_break_op (NULL != body);
726 }
727 if (NULL == body)
728 {
729 json_t *err;
730
731 err = GNUNET_JSON_PACK (
732 GNUNET_JSON_pack_string ("state",
733 "server-failure"),
734 GNUNET_JSON_pack_uint64 ("error_code",
735 TALER_EC_GENERIC_INVALID_RESPONSE));
736 GNUNET_assert (0 ==
737 json_object_set_new (feedback,
738 uuid,
739 err));
740 }
741 else
742 {
743 const char *method;
744 json_t *details;
745 struct GNUNET_JSON_Specification spec[] = {
746 GNUNET_JSON_spec_string ("method",
747 &method),
748 GNUNET_JSON_spec_json ("details",
749 &details),
750 GNUNET_JSON_spec_end ()
751 };
752 json_t *reply;
753
754 if (GNUNET_OK !=
755 GNUNET_JSON_parse (body,
756 spec,
757 NULL, NULL))
758 {
759 json_t *err;
760
761 GNUNET_break_op (0);
762 err = GNUNET_JSON_PACK (
763 GNUNET_JSON_pack_string ("state",
764 "server-failure"),
765 GNUNET_JSON_pack_uint64 ("error_code",
766 TALER_EC_GENERIC_REPLY_MALFORMED));
767 GNUNET_assert (0 ==
768 json_object_set_new (feedback,
769 uuid,
770 err));
771 return;
772 }
773
774 reply = GNUNET_JSON_PACK (
775 GNUNET_JSON_pack_string ("state",
776 "external-instructions"),
777 GNUNET_JSON_pack_string ("method",
778 method),
779 GNUNET_JSON_pack_object_incref ("details",
780 details));
781 GNUNET_JSON_parse_free (spec);
782 GNUNET_assert (0 ==
783 json_object_set_new (feedback,
784 uuid,
785 reply));
786 }
787 }
788 set_state (sctx->state,
789 ANASTASIS_RECOVERY_STATE_CHALLENGE_SELECTING);
790 sctx->cb (sctx->cb_cls,
791 TALER_EC_NONE,
792 sctx->state);
793 sctx_free (sctx);
794 return;
711 } 795 }
712 GNUNET_break (0); 796 GNUNET_break (0);
713 ANASTASIS_redux_fail_ (sctx->cb, 797 ANASTASIS_redux_fail_ (sctx->cb,