diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-19 15:11:17 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-19 15:11:17 +0200 |
commit | 5b3ded24a329d25b77372f17d75ff6b3d68bfa5d (patch) | |
tree | f80c75ed651c0180ae4467dd96f51d6610ad80ce | |
parent | 677c7e87a5da584e68194c9cca19a91191c3140c (diff) | |
download | anastasis-5b3ded24a329d25b77372f17d75ff6b3d68bfa5d.tar.gz anastasis-5b3ded24a329d25b77372f17d75ff6b3d68bfa5d.zip |
document reducer return values for IBAN auth
-rw-r--r-- | doc/sphinx/reducer.rst | 44 | ||||
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_iban.c | 32 | ||||
-rw-r--r-- | src/authorization/authorization-iban-messages.json | 4 | ||||
-rw-r--r-- | src/reducer/anastasis_api_recovery_redux.c | 84 |
4 files changed, 140 insertions, 24 deletions
diff --git a/doc/sphinx/reducer.rst b/doc/sphinx/reducer.rst index 68df5b1..dcfc522 100644 --- a/doc/sphinx/reducer.rst +++ b/doc/sphinx/reducer.rst | |||
@@ -1591,7 +1591,7 @@ that applications must all handle. States other than ``solved`` are: | |||
1591 | } | 1591 | } |
1592 | } | 1592 | } |
1593 | 1593 | ||
1594 | - **rate-limit-exceeded**: | 1594 | - **rate-limit-exceeded**: This indicates that the user has made too many invalid attempts in too short an amount of time. |
1595 | 1595 | ||
1596 | .. code-block:: json | 1596 | .. code-block:: json |
1597 | 1597 | ||
@@ -1609,7 +1609,7 @@ that applications must all handle. States other than ``solved`` are: | |||
1609 | } | 1609 | } |
1610 | } | 1610 | } |
1611 | 1611 | ||
1612 | - **authentication-timeout**: | 1612 | - **authentication-timeout**: This indicates that the challenge is awaiting for some external authentication process to complete. The application should ``poll`` for it to complete, or proceed with selecting other challenges. |
1613 | 1613 | ||
1614 | .. code-block:: json | 1614 | .. code-block:: json |
1615 | 1615 | ||
@@ -1627,6 +1627,46 @@ that applications must all handle. States other than ``solved`` are: | |||
1627 | } | 1627 | } |
1628 | } | 1628 | } |
1629 | 1629 | ||
1630 | - **authentication-instructions**: This indicates that the challenge requires the user to perform some authetnication method-specific actions. Details about what the user should do are provided. | ||
1631 | |||
1632 | .. code-block:: json | ||
1633 | |||
1634 | { | ||
1635 | "recovery_state": "CHALLENGE_SELECTING", | ||
1636 | "recovery_information": { | ||
1637 | "...": "..." | ||
1638 | } | ||
1639 | "selected_challenge_uuid": "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0", | ||
1640 | "challenge_feedback": { | ||
1641 | "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0": { | ||
1642 | "state": "external-instructions", | ||
1643 | "method": "iban", | ||
1644 | "details": { | ||
1645 | "...": "..." | ||
1646 | } | ||
1647 | } | ||
1648 | } | ||
1649 | } | ||
1650 | |||
1651 | The specific instructions depend on the ``method``. | ||
1652 | They include: | ||
1653 | |||
1654 | - **iban**: The user must perform a wire transfer from their account to the Anastasis provider. | ||
1655 | |||
1656 | .. code-block:: json | ||
1657 | |||
1658 | { | ||
1659 | "challenge_amount": "EUR:1", | ||
1660 | "credit_iban": "DE12345789000", | ||
1661 | "business_name": "Data Loss Incorporated", | ||
1662 | "wire_transfer_subject": 987654321 | ||
1663 | } | ||
1664 | |||
1665 | Note that the actual wire transfer subject must contain both | ||
1666 | the numeric ``wire_transfer_subject`` given above as well as | ||
1667 | the string ``Anastasis``. Thus, when generating human-readable | ||
1668 | instructions from the above, the display output should be | ||
1669 | ``Anastasis 987654321``. | ||
1630 | 1670 | ||
1631 | **poll:** | 1671 | **poll:** |
1632 | 1672 | ||
diff --git a/src/authorization/anastasis_authorization_plugin_iban.c b/src/authorization/anastasis_authorization_plugin_iban.c index 4f43d3f..ef11b88 100644 --- a/src/authorization/anastasis_authorization_plugin_iban.c +++ b/src/authorization/anastasis_authorization_plugin_iban.c | |||
@@ -319,14 +319,6 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as, | |||
319 | /* Build HTTP response */ | 319 | /* Build HTTP response */ |
320 | { | 320 | { |
321 | struct MHD_Response *resp; | 321 | struct MHD_Response *resp; |
322 | const char *end; | ||
323 | size_t slen; | ||
324 | |||
325 | slen = strlen (as->iban_number); | ||
326 | if (slen > 4) | ||
327 | end = &as->iban_number[slen - 4]; | ||
328 | else | ||
329 | end = &as->iban_number[slen / 2]; | ||
330 | 322 | ||
331 | if (TALER_MHD_xmime_matches (mime, | 323 | if (TALER_MHD_xmime_matches (mime, |
332 | "application/json")) | 324 | "application/json")) |
@@ -334,16 +326,17 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as, | |||
334 | resp = TALER_MHD_MAKE_JSON_PACK ( | 326 | resp = TALER_MHD_MAKE_JSON_PACK ( |
335 | GNUNET_JSON_pack_string ("method", | 327 | GNUNET_JSON_pack_string ("method", |
336 | "iban"), | 328 | "iban"), |
337 | TALER_JSON_pack_amount ("challenge_amount", | 329 | GNUNET_JSON_pack_object_steal ( |
338 | &ctx->expected_amount), | 330 | "details", |
339 | GNUNET_JSON_pack_string ("credit_iban", | 331 | GNUNET_JSON_PACK ( |
340 | ctx->business_iban), | 332 | TALER_JSON_pack_amount ("challenge_amount", |
341 | GNUNET_JSON_pack_string ("business_name", | 333 | &ctx->expected_amount), |
342 | ctx->business_name), | 334 | GNUNET_JSON_pack_string ("credit_iban", |
343 | GNUNET_JSON_pack_uint64 ("wire_transfer_subject", | 335 | ctx->business_iban), |
344 | as->code), | 336 | GNUNET_JSON_pack_string ("business_name", |
345 | GNUNET_JSON_pack_string ("debit_account_hint", | 337 | ctx->business_name), |
346 | end)); | 338 | GNUNET_JSON_pack_uint64 ("wire_transfer_subject", |
339 | as->code)))); | ||
347 | } | 340 | } |
348 | else | 341 | else |
349 | { | 342 | { |
@@ -357,8 +350,7 @@ respond_with_challenge (struct ANASTASIS_AUTHORIZATION_State *as, | |||
357 | TALER_amount2s (&ctx->expected_amount), | 350 | TALER_amount2s (&ctx->expected_amount), |
358 | ctx->business_name, | 351 | ctx->business_name, |
359 | ctx->business_iban, | 352 | ctx->business_iban, |
360 | (unsigned long long) as->code, | 353 | (unsigned long long) as->code); |
361 | end); | ||
362 | resp = MHD_create_response_from_buffer (reply_len, | 354 | resp = MHD_create_response_from_buffer (reply_len, |
363 | reply, | 355 | reply, |
364 | MHD_RESPMEM_MUST_COPY); | 356 | MHD_RESPMEM_MUST_COPY); |
diff --git a/src/authorization/authorization-iban-messages.json b/src/authorization/authorization-iban-messages.json index 8c6295b..9575856 100644 --- a/src/authorization/authorization-iban-messages.json +++ b/src/authorization/authorization-iban-messages.json | |||
@@ -1,6 +1,6 @@ | |||
1 | { | 1 | { |
2 | "instructions" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of %llu from your bank account ending with %s", | 2 | "instructions" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of 'Anastasis %llu' from your bank account", |
3 | "instructions_i18n" : { | 3 | "instructions_i18n" : { |
4 | "en_EN" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of %llu from your bank account ending with %s" | 4 | "en_EN" : "To authorize recovery, wire %s to %s at %s using a wire transfer subject of 'Anastasis %llu' from your bank account" |
5 | } | 5 | } |
6 | } | 6 | } |
diff --git a/src/reducer/anastasis_api_recovery_redux.c b/src/reducer/anastasis_api_recovery_redux.c index 95632cc..c549d35 100644 --- a/src/reducer/anastasis_api_recovery_redux.c +++ b/src/reducer/anastasis_api_recovery_redux.c | |||
@@ -708,6 +708,90 @@ answer_feedback_cb ( | |||
708 | sctx->state); | 708 | sctx->state); |
709 | sctx_free (sctx); | 709 | sctx_free (sctx); |
710 | return; | 710 | return; |
711 | |||
712 | case ANASTASIS_CHALLENGE_STATUS_EXTERNAL_INSTRUCTIONS: | ||
713 | { | ||
714 | json_t *body = NULL; | ||
715 | const char *mime; | ||
716 | |||
717 | mime = csr->details.open_challenge.content_type; | ||
718 | if (0 == strcasecmp (mime, | ||
719 | "application/json")) | ||
720 | { | ||
721 | body = json_loadb (csr->details.open_challenge.body, | ||
722 | csr->details.open_challenge.body_size, | ||
723 | JSON_REJECT_DUPLICATES, | ||
724 | NULL); | ||
725 | GNUNET_break_op (NULL != body); | ||
726 | } | ||
727 | if (NULL == body) | ||
728 | { | ||
729 | json_t *err; | ||
730 | |||
731 | err = GNUNET_JSON_PACK ( | ||
732 | GNUNET_JSON_pack_string ("state", | ||
733 | "server-failure"), | ||
734 | GNUNET_JSON_pack_uint64 ("error_code", | ||
735 | TALER_EC_GENERIC_INVALID_RESPONSE)); | ||
736 | GNUNET_assert (0 == | ||
737 | json_object_set_new (feedback, | ||
738 | uuid, | ||
739 | err)); | ||
740 | } | ||
741 | else | ||
742 | { | ||
743 | const char *method; | ||
744 | json_t *details; | ||
745 | struct GNUNET_JSON_Specification spec[] = { | ||
746 | GNUNET_JSON_spec_string ("method", | ||
747 | &method), | ||
748 | GNUNET_JSON_spec_json ("details", | ||
749 | &details), | ||
750 | GNUNET_JSON_spec_end () | ||
751 | }; | ||
752 | json_t *reply; | ||
753 | |||
754 | if (GNUNET_OK != | ||
755 | GNUNET_JSON_parse (body, | ||
756 | spec, | ||
757 | NULL, NULL)) | ||
758 | { | ||
759 | json_t *err; | ||
760 | |||
761 | GNUNET_break_op (0); | ||
762 | err = GNUNET_JSON_PACK ( | ||
763 | GNUNET_JSON_pack_string ("state", | ||
764 | "server-failure"), | ||
765 | GNUNET_JSON_pack_uint64 ("error_code", | ||
766 | TALER_EC_GENERIC_REPLY_MALFORMED)); | ||
767 | GNUNET_assert (0 == | ||
768 | json_object_set_new (feedback, | ||
769 | uuid, | ||
770 | err)); | ||
771 | return; | ||
772 | } | ||
773 | |||
774 | reply = GNUNET_JSON_PACK ( | ||
775 | GNUNET_JSON_pack_string ("state", | ||
776 | "external-instructions"), | ||
777 | GNUNET_JSON_pack_string ("method", | ||
778 | method), | ||
779 | GNUNET_JSON_pack_object_incref ("details", | ||
780 | details)); | ||
781 | GNUNET_JSON_parse_free (spec); | ||
782 | GNUNET_assert (0 == | ||
783 | json_object_set_new (feedback, | ||
784 | uuid, | ||
785 | reply)); | ||
786 | } | ||
787 | } | ||
788 | set_state (sctx->state, | ||
789 | ANASTASIS_RECOVERY_STATE_CHALLENGE_SELECTING); | ||
790 | sctx->cb (sctx->cb_cls, | ||
791 | TALER_EC_NONE, | ||
792 | sctx->state); | ||
793 | sctx_free (sctx); | ||
794 | return; | ||
711 | } | 795 | } |
712 | GNUNET_break (0); | 796 | GNUNET_break (0); |
713 | ANASTASIS_redux_fail_ (sctx->cb, | 797 | ANASTASIS_redux_fail_ (sctx->cb, |