1 files changed, 67 insertions, 15 deletions

diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h
index 91a88f8..a9d993d 100644
--- a/src/include/anastasis_authorization_plugin.h
+++ b/src/include/anastasis_authorization_plugin.h
@@ -3,7 +3,7 @@
   Copyright (C) 2019 Anastasis SARL
 
   Anastasis is free software; you can redistribute it and/or modify it under the
-  terms of the GNU Lesser General Public License as published by the Free Software
+  terms of the GNU Affero General Public License as published by the Free Software
   Foundation; either version 3, or (at your option) any later version.
 
   Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
@@ -33,21 +33,21 @@ struct ANASTASIS_AUTHORIZATION_State;
 
 /**
  * Enumeration values indicating the various possible
- * outcomes of the plugin's `process` function.
+ * outcomes of the plugin's `challenge` function.
  */
-enum ANASTASIS_AUTHORIZATION_Result
+enum ANASTASIS_AUTHORIZATION_ChallengeResult
 {
   /**
    * We successfully sent the authorization challenge
    * and queued a reply to MHD.
    */
-  ANASTASIS_AUTHORIZATION_RES_SUCCESS = 0,
+  ANASTASIS_AUTHORIZATION_CRES_SUCCESS = 0,
 
   /**
    * We failed to transmit the authorization challenge,
    * but successfully queued a failure response to MHD.
    */
-  ANASTASIS_AUTHORIZATION_RES_FAILED = 1,
+  ANASTASIS_AUTHORIZATION_CRES_FAILED = 1,
 
   /**
    * The plugin suspended the MHD connection as it needs some more
@@ -55,7 +55,7 @@ enum ANASTASIS_AUTHORIZATION_Result
    * plugin will resume the MHD connection when its work is done, and
    * then the `process` function should be called again.
    */
-  ANASTASIS_AUTHORIZATION_RES_SUSPENDED = 2,
+  ANASTASIS_AUTHORIZATION_CRES_SUSPENDED = 2,
 
   /**
    * The plugin tried to queue a reply on the MHD connection and
@@ -65,7 +65,7 @@ enum ANASTASIS_AUTHORIZATION_Result
    * However, we were successful at transmitting the challenge,
    * so the challenge should be marked as sent.
    */
-  ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED = 4,
+  ANASTASIS_AUTHORIZATION_CRES_SUCCESS_REPLY_FAILED = 4,
 
   /**
    * The plugin tried to queue a reply on the MHD connection and
@@ -74,14 +74,45 @@ enum ANASTASIS_AUTHORIZATION_Result
    *
    * Additionally, we failed to transmit the challenge.
    */
-  ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED = 5,
+  ANASTASIS_AUTHORIZATION_CRES_FAILED_REPLY_FAILED = 5
+};
+
+
+/**
+ * Enumeration values indicating the various possible
+ * outcomes of the plugin's `solve` function.
+ */
+enum ANASTASIS_AUTHORIZATION_SolveResult
+{
+  /**
+   * We failed to transmit the authorization challenge,
+   * but successfully queued a failure response to MHD.
+   */
+  ANASTASIS_AUTHORIZATION_SRES_FAILED = 0,
+
+  /**
+   * The plugin suspended the MHD connection as it needs some more
+   * time to do its (asynchronous) work before we can proceed. The
+   * plugin will resume the MHD connection when its work is done, and
+   * then the `process` function should be called again.
+   */
+  ANASTASIS_AUTHORIZATION_SRES_SUSPENDED = 1,
+
+  /**
+   * The plugin tried to queue a reply on the MHD connection and
+   * failed to do so.  We should return #MHD_NO to MHD to cause the
+   * HTTP connection to be closed without any reply.
+   *
+   * Additionally, we failed to transmit the challenge.
+   */
+  ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED = 2,
 
   /**
    * The authentication process completed successfully
    * and we should signal success to the client by
    * returning the truth.
    */
-  ANASTASIS_AUTHORIZATION_RES_FINISHED = 6
+  ANASTASIS_AUTHORIZATION_SRES_FINISHED = 3
 };
 
 
@@ -127,6 +158,14 @@ struct ANASTASIS_AuthorizationPlugin
   bool payment_plugin_managed;
 
   /**
+   * The plugin expects the "code" in the "start" function to be
+   * provided by the user and not generated by the Anastasis
+   * backend. The plugin will then validate the code using its own
+   * means.  Used by TOTP.
+   */
+  bool user_provided_code;
+
+  /**
    * How often are retries allowed for challenges created
    * by this plugin?
    */
@@ -202,18 +241,31 @@ struct ANASTASIS_AuthorizationPlugin
   /**
    * Continue issuing authentication challenge to user based on @a data.
    * I.e. check if the transmission of the challenge via SMS or e-mail
-   * has completed and/or manipulate @a connection to redirect the client
-   * to a video identification site.
+   * has completed and/or manipulate @a connection to direct the client towards solving the challenge.
+   *
+   * @param as authorization state
+   * @param connection HTTP client request (for queuing response, such as redirection to video portal)
+   * @return state of the request
+   */
+  enum ANASTASIS_AUTHORIZATION_ChallengeResult
+  (*challenge)(struct ANASTASIS_AUTHORIZATION_State *as,
+               struct MHD_Connection *connection);
+
+
+  /**
+   * Check if the client has solved the challenge.
    *
    * @param as authorization state
    * @param timeout how long do we have to produce a reply
+   * @param challenge_response hash of the challenge response, or NULL
    * @param connection HTTP client request (for queuing response, such as redirection to video portal)
    * @return state of the request
    */
-  enum ANASTASIS_AUTHORIZATION_Result
-  (*process)(struct ANASTASIS_AUTHORIZATION_State *as,
-             struct GNUNET_TIME_Absolute timeout,
-             struct MHD_Connection *connection);
+  enum ANASTASIS_AUTHORIZATION_SolveResult
+  (*solve)(struct ANASTASIS_AUTHORIZATION_State *as,
+           struct GNUNET_TIME_Absolute timeout,
+           const struct GNUNET_HashCode *challenge_response,
+           struct MHD_Connection *connection);
 
 
   /**