diff options
Diffstat (limited to 'doc/sphinx/reducer.rst')
-rw-r--r-- | doc/sphinx/reducer.rst | 135 |
1 files changed, 102 insertions, 33 deletions
diff --git a/doc/sphinx/reducer.rst b/doc/sphinx/reducer.rst index 9728d7d..50fec42 100644 --- a/doc/sphinx/reducer.rst +++ b/doc/sphinx/reducer.rst @@ -1,6 +1,6 @@ .. This file is part of Anastasis - Copyright (C) 2019-2021 Anastasis SARL + Copyright (C) 2019-2022 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -499,7 +499,8 @@ If contacting the provider failed, the information returned is: **add_provider**: -This operation can be performed in state ``USER_ATTRIBUTES_COLLECTING``. It +This operation can be performed in state ``USER_ATTRIBUTES_COLLECTING``. +It adds one or more Anastasis providers to the list of providers the reducer should henceforth consider. Note that removing providers is not possible at this time. @@ -513,8 +514,8 @@ use. For example: { "http://localhost:8088/" : { "disabled" : false }, - "http://localhost:8089/" : { "disabled" : false } - "http://localhost:8090/" : { "disabled" : true }, + "http://localhost:8089/" : { "disabled" : false }, + "http://localhost:8090/" : { "disabled" : true } } Note that existing providers will remain in the state they were in. The following is an @@ -1055,7 +1056,7 @@ The reducer will simply transition to the ``SECRET_EDITING`` state: { "backup_state": "SECRET_EDITING", - "upload_fees" : [ "KUDOS:42" ], + "upload_fees" : [ { "fee": "KUDOS:42" } ], "expiration" : { "t_ms" : 1245362362 } } @@ -1101,7 +1102,7 @@ be updated. "mime" : "text/plain" }, "expiration" : { "t_ms" : 1245362362 }, - "upload_fees" : [ "KUDOS:42" ] + "upload_fees" : [ { "fee": "KUDOS:42" } ] } @@ -1293,11 +1294,73 @@ the backup process. Example arguments would thus be: } } -However, in contrast to the backup process, the reducer will attempt to -retrieve the latest recovery document from all known providers for the -selected currency given the above inputs. If a recovery document was found -by any provider, the reducer will attempt to load it and transition to -a state where the user can choose which challenges to satisfy: +Afterwards, the reducer transitions into the ``SECRET_SELECTING`` state: + +.. code-block:: json + + { + "recovery_state": "SECRET_SELECTING", + "identity_attributes": { + "full_name": "Max Musterman", + "social_security_number": "123456789", + "birthdate": "2000-01-01", + "birthplace": "Earth" + } + } + +Typically, the special policy discovery process (outside of the state +machine) is expected to be run in this state. The discovery process +will use the state (and in particular the identity attributes and the +list of active providers) to discover a set of possible recovery +documents with their respective provider URLs, policy version and +identity attribute mask. An identity attribute mask is a bitmask that +describes which of the optional attributes from the identity +attributes should be omitted to recover this backup. Once the user +has selected a backup providing this triplet, it is possible to +proceed using ``next``. + +Especially if the discovered policies are inadequate, it is again +possible to add providers using ``add_provider``. + + +**add_provider**: + +This operation can be performed in state ``SECRET_SELECTING``. It +adds one additional Anastasis provider to the list of providers that +the discovery process should henceforth consider. Note that removing +providers is not possible at this time. + +Here, the client must provide an object with the base URL of the +providers to add, for example: + +.. code-block:: json + + { + "provider_url" : "http://localhost:8088/" + } + + +**select_version**: + +Using the ``select_version`` transition in the ``SECRET_SELECTING`` state, +it is possible to trigger the download and decryption of a recovery +policy document. Here, the arguments specify which provider, version +and mask should be used to download the document: + +.. code-block:: json + + { + "providers" : [ { + "url": "https://localhost:8088/", + "version": 0 + } ], + "attribute_mask": 0 + } + +The reducer will attempt to retrieve the specified recovery document +from that provider. If a recovery document was found, the reducer +will attempt to load it and transition to a state where the user can +choose which challenges to satisfy: .. code-block:: json @@ -1307,13 +1370,13 @@ a state where the user can choose which challenges to satisfy: "challenges": [ { "uuid": "MW2R3RCBZPHNC78AW8AKWRCHF9KV3Y82EN62T831ZP54S3K5599G", - "cost": "TESTKUDOS:0", + "uuid-display": "MW2R3RC", "type": "question", "instructions": "q1" }, { "uuid": "TXYKGE1SJZHJ4M2FKSV1P2RZVNTHZFB9E3A79QE956D3SCAWXPK0", - "cost": "TESTKUDOS:0", + "uuid-display": "TXYKGE", "type": "email", "instructions": "e-mail address m?il@f*.bar" }, @@ -1347,12 +1410,11 @@ obtained and its ``version`` are also provided. Each challenge comes with four mandatory fields: - **uuid**: A unique identifier of the challenge; this is what the - UUIDs in the policies array refer to, but also this UUID may be - included in messages sent to the user. They allow the user to + UUIDs in the policies array refer to. + - **uuid-display**: Shortened idenfier which is included in messages + send to the user. Allows the user to distinguish different PIN/TANs should say the same phone number be used for SMS-authentication with different providers. - - **cost**: This is the amount the Anastasis provider will charge - to allow the user to pass the challenge. - **type**: This is the type of the challenge, as a string. - **instructions**: Contains additional important hints for the user to allow the user to satisfy the challenge. It typically includes @@ -1383,26 +1445,33 @@ However, in general it should be sufficient to display the slightly more generic Taler error code that is returned with the new state. -**change_version:** +**sync_providers** + +The downloaded policy may include secrets from providers for which +we do not (yet) have the cost structure or even the salt. So here +an application can use the ``sync_providers`` request to download +``/config`` from providers that are in the challenge list but not +yet known with their salt and other attributes in the provider list. -Even if a recovery document was found, it is possible that the user -intended to recover a different version, or recover a backup where -the recovery document is stored at a different provider. Thus, the -reducer allows the user to explicitly switch to a different provider -or recovery document version using the ``change_version`` transition, -which takes a provider URL and policy version as arguments: +The transition fails if all providers relevant for the selected +policy are already downloaded. Applications may either internally +check the state for this, or call ``sync_providers`` until it fails +with this error: .. code-block:: json - { - "provider_url": "https://localhost:8080/", - "version": 2 - } + { + "detail": "already in sync", + "code": 8400, + "hint": "The given action is invalid for the current state of the reducer." + } -Note that using a version of 0 implies fetching "the latest version". The -resulting states are the same as those of the ``enter_user_attributes`` -transition, except that the recovery document version is not necessarily the -latest available version at the provider. +As providers may fail to respond, this action may need to be called +repeatedly. The action will block until progress is made on any provider. +As some providers may never respond, the application should disable +challenge buttons for challenges where providers are down. However, +users should be able to solve challenges where the provider is up while +the reducer is polling for ``/config`` in the background. **select_challenge:** @@ -1691,7 +1760,7 @@ that applications must all handle. States other than ``solved`` are: **poll:** -With a ``poll`` transition, the application indicates that it wants to wait longer for one or more of the challenges that are in state ``authentication-timeout`` to possibly complete. While technically optional, the ``timeout`` argument should really be provided to enable long-polling, for example: +With a ``poll`` transition, the application indicates that it wants to wait longer for one or more of the challenges that are awaiting some external authentication (state ``external-instructions``) or experienced some kind of timeout (state ``authentication-timeout``) to possibly complete. While technically optional, the ``timeout`` argument should really be provided to enable long-polling, for example: .. code-block:: json |