summaryrefslogtreecommitdiff
path: root/src/backend
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-04-13 22:04:37 +0200
committerChristian Grothoff <christian@grothoff.org>2022-04-13 22:04:37 +0200
commite3e3b0637264b6cbccf9c69b4546429187faa8e7 (patch)
treed588fe4ba00b39efd35ad435b64ca002369c90b4 /src/backend
parent1398cca51c44709cd990fc7ed7b854b802004a97 (diff)
downloadanastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.tar.gz
anastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.tar.bz2
anastasis-e3e3b0637264b6cbccf9c69b4546429187faa8e7.zip
-get IBAN test to pass again
Diffstat (limited to 'src/backend')
-rw-r--r--src/backend/anastasis-httpd_truth-challenge.c4
-rw-r--r--src/backend/anastasis-httpd_truth-solve.c112
2 files changed, 97 insertions, 19 deletions
diff --git a/src/backend/anastasis-httpd_truth-challenge.c b/src/backend/anastasis-httpd_truth-challenge.c
index 9d2429d..30379a7 100644
--- a/src/backend/anastasis-httpd_truth-challenge.c
+++ b/src/backend/anastasis-httpd_truth-challenge.c
@@ -911,7 +911,9 @@ run_authorization_process (struct MHD_Connection *connection,
case ANASTASIS_AUTHORIZATION_CRES_SUCCESS:
/* Challenge sent successfully */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Authorization request sent successfully\n");
+ "Authorization request %llu for %s sent successfully\n",
+ (unsigned long long) gc->code,
+ TALER_B2S (&gc->truth_uuid));
qs = db->mark_challenge_sent (db->cls,
&gc->payment_identifier,
&gc->truth_uuid,
diff --git a/src/backend/anastasis-httpd_truth-solve.c b/src/backend/anastasis-httpd_truth-solve.c
index 5e72e42..8133cc9 100644
--- a/src/backend/anastasis-httpd_truth-solve.c
+++ b/src/backend/anastasis-httpd_truth-solve.c
@@ -755,6 +755,8 @@ return_key_share (
static void
gc_suspended (struct SolveContext *gc)
{
+ GNUNET_assert (NULL == gc->hn);
+ GNUNET_assert (! gc->suspended);
gc->suspended = true;
if (NULL == AH_to_heap)
AH_to_heap = GNUNET_CONTAINER_heap_create (
@@ -885,6 +887,8 @@ rate_limit (struct SolveContext *gc)
? GNUNET_NO
: GNUNET_SYSERR;
}
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Using intentionally wrong answer to produce rate-limiting\n");
/* decrement trial counter */
ANASTASIS_hash_answer (code + 1, /* always use wrong answer */
&hc);
@@ -968,8 +972,8 @@ handle_security_question (struct SolveContext *gc,
/**
* Handle special case of an answer being directly checked by the
- * plugin and not by our database. Rate limits answers against brute
- * forcing.
+ * plugin and not by our database. Also ensures that the
+ * request is rate-limited.
*
* @param[in,out] gc request to handle
* @param decrypted_truth hash to check against
@@ -983,11 +987,11 @@ direct_validation (struct SolveContext *gc,
{
/* Non-random code, call plugin directly! */
enum ANASTASIS_AUTHORIZATION_SolveResult aar;
- enum GNUNET_GenericReturnValue res;
+ enum GNUNET_GenericReturnValue ret;
- res = rate_limit (gc);
- if (GNUNET_OK != res)
- return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
+ ret = rate_limit (gc);
+ if (GNUNET_OK != ret)
+ return (GNUNET_NO == ret) ? MHD_YES : MHD_NO;
gc->as = gc->authorization->start (gc->authorization->cls,
&AH_trigger_daemon,
NULL,
@@ -1012,7 +1016,7 @@ direct_validation (struct SolveContext *gc,
"solve method not implemented for authorization method");
}
aar = gc->authorization->solve (gc->as,
- GNUNET_TIME_UNIT_ZERO_ABS,
+ gc->timeout,
&gc->challenge_response,
gc->connection);
switch (aar)
@@ -1020,6 +1024,74 @@ direct_validation (struct SolveContext *gc,
case ANASTASIS_AUTHORIZATION_SRES_FAILED:
return MHD_YES;
case ANASTASIS_AUTHORIZATION_SRES_SUSPENDED:
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Suspending request handling\n");
+ gc_suspended (gc);
+ return MHD_YES;
+ case ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED:
+ return MHD_NO;
+ case ANASTASIS_AUTHORIZATION_SRES_FINISHED:
+ return return_key_share (&gc->truth_uuid,
+ gc->connection);
+ }
+ GNUNET_break (0);
+ return MHD_NO;
+}
+
+
+/**
+ * Handle special case of an answer being checked
+ * by the plugin asynchronously (IBAN) after we inverted
+ * the hash using the database.
+ *
+ * @param[in,out] gc request to handle
+ * @param code validation code provided by the client
+ * @param decrypted_truth hash to check against
+ * @param decrypted_truth_size number of bytes in @a decrypted_truth
+ * @return MHD status code
+ */
+static MHD_RESULT
+iban_validation (struct SolveContext *gc,
+ uint64_t code,
+ const void *decrypted_truth,
+ size_t decrypted_truth_size)
+{
+ enum ANASTASIS_AUTHORIZATION_SolveResult aar;
+
+ gc->as = gc->authorization->start (gc->authorization->cls,
+ &AH_trigger_daemon,
+ NULL,
+ &gc->truth_uuid,
+ code,
+ decrypted_truth,
+ decrypted_truth_size);
+ if (NULL == gc->as)
+ {
+ GNUNET_break (0);
+ return TALER_MHD_reply_with_error (gc->connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_ANASTASIS_TRUTH_AUTHORIZATION_START_FAILED,
+ NULL);
+ }
+ if (NULL == gc->authorization->solve)
+ {
+ GNUNET_break (0);
+ return TALER_MHD_reply_with_error (gc->connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_ANASTASIS_TRUTH_AUTHORIZATION_START_FAILED,
+ "solve method not implemented for authorization method");
+ }
+ aar = gc->authorization->solve (gc->as,
+ gc->timeout,
+ &gc->challenge_response,
+ gc->connection);
+ switch (aar)
+ {
+ case ANASTASIS_AUTHORIZATION_SRES_FAILED:
+ return MHD_YES;
+ case ANASTASIS_AUTHORIZATION_SRES_SUSPENDED:
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Suspending request handling\n");
gc_suspended (gc);
return MHD_YES;
case ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED:
@@ -1121,7 +1193,6 @@ AH_handler_truth_solve (
GNUNET_assert (! gc->suspended);
return run_authorization_process (connection,
gc);
-
}
/* We get here if the async check for payment said this request
was indeed paid! */
@@ -1353,9 +1424,11 @@ AH_handler_truth_solve (
if (GNUNET_TIME_absolute_is_past (gc->timeout))
{
GNUNET_free (decrypted_truth);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Timeout with user provided code\n");
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_FORBIDDEN,
- TALER_EC_ANASTASIS_TRUTH_AUTH_TIMEOUT,
+ TALER_EC_ANASTASIS_IBAN_MISSING_TRANSFER,
"timeout awaiting validation");
}
res = direct_validation (gc,
@@ -1391,21 +1464,24 @@ AH_handler_truth_solve (
"verify_challenge_code");
case ANASTASIS_DB_CODE_STATUS_NO_RESULTS:
GNUNET_free (decrypted_truth);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Specified challenge code %s was not issued\n",
+ GNUNET_h2s (&gc->challenge_response));
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_NOT_FOUND,
+ MHD_HTTP_FORBIDDEN,
TALER_EC_ANASTASIS_TRUTH_CHALLENGE_UNKNOWN,
- NULL);
+ "specific challenge code was not issued");
case ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED:
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Response code valid (%s)\n",
- satisfied ? "satisfied" : "unsatisfied");
if (! satisfied)
{
+ MHD_RESULT res;
+
+ res = iban_validation (gc,
+ code,
+ decrypted_truth,
+ decrypted_truth_size);
GNUNET_free (decrypted_truth);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_NOT_FOUND,
- TALER_EC_ANASTASIS_TRUTH_CHALLENGE_UNKNOWN,
- NULL);
+ return res;
}
GNUNET_free (decrypted_truth);
return return_key_share (&gc->truth_uuid,