diff options
author | Antoine A <> | 2023-11-22 13:44:31 +0000 |
---|---|---|
committer | Antoine A <> | 2023-11-23 23:50:29 +0000 |
commit | 73a50ce167c1b1edef50329c11592db7a6732083 (patch) | |
tree | 93c976663df230ceaf32604eb8709c12b0fd59f3 | |
parent | e80df0caed7fe98be0888e7d94ae31559de79f84 (diff) | |
download | docs-dev/antoine/fix_withdrawal.tar.gz docs-dev/antoine/fix_withdrawal.tar.bz2 docs-dev/antoine/fix_withdrawal.zip |
Fix withdrawal API securitydev/antoine/fix_withdrawal
-rw-r--r-- | core/api-bank-integration.rst | 60 | ||||
-rw-r--r-- | core/api-corebank.rst | 51 |
2 files changed, 58 insertions, 53 deletions
diff --git a/core/api-bank-integration.rst b/core/api-bank-integration.rst index ef2f7e02..9d8e1b91 100644 --- a/core/api-bank-integration.rst +++ b/core/api-bank-integration.rst @@ -74,9 +74,11 @@ for the withdrawal operation (the ``WITHDRAWAL_ID``) to interact with the withdr :query long_poll_ms: *Optional.* If specified, the bank will wait up to ``long_poll_ms`` - milliseconds for completion of the transfer before sending the HTTP + milliseconds for operationt state to be different from ``old_state`` before sending the HTTP response. A client must never rely on this behavior, as the bank may return a response immediately. + :query old_state: + *Optional.* Default to "pending". **Response:** @@ -91,17 +93,12 @@ for the withdrawal operation (the ``WITHDRAWAL_ID``) to interact with the withdr .. ts:def:: BankWithdrawalOperationStatus export class BankWithdrawalOperationStatus { - // Indicates whether the withdrawal was aborted. - aborted: boolean; - - // Has the wallet selected parameters for the withdrawal operation - // (exchange and reserve public key) and successfully sent it - // to the bank? - selection_done: boolean; - - // The transfer has been confirmed and registered by the bank. - // Does not guarantee that the funds have arrived at the exchange already. - transfer_done: boolean; + // Current status of the operation + // pending: the operation is pending parameters selection (exchange and reserve public key) + // selected: the operations has been selected and is pending confirmation + // aborted: the operation has been aborted + // confirmed: the transfer has been confirmed and registered by the bank + status: "pending" | "selected" | "aborted" | "confirmed"; // Amount that will be withdrawn with this operation // (raw amount without fee considerations). @@ -121,6 +118,29 @@ for the withdrawal operation (the ``WITHDRAWAL_ID``) to interact with the withdr // Wire transfer types supported by the bank. wire_types: string[]; + + // Reserve public key selected by the exchange, + // only non-null if ``status`` is ``selected`` or ``confirmed``. + selected_reserve_pub?: string; + + // Exchange account selected by the wallet + // only non-null if ``status`` is ``selected`` or ``confirmed``. + selected_exchange_account?: string; + + // Deprecated field use ``status`` instead + // Indicates whether the withdrawal was aborted. + aborted: boolean; + + // Deprecated field use ``status`` instead + // Has the wallet selected parameters for the withdrawal operation + // (exchange and reserve public key) and successfully sent it + // to the bank? + selection_done: boolean; + + // Deprecated field use ``status`` instead + // The transfer has been confirmed and registered by the bank. + // Does not guarantee that the funds have arrived at the exchange already. + transfer_done: boolean; } .. http:post:: /withdrawal-operation/$WITHDRAWAL_ID @@ -156,14 +176,22 @@ for the withdrawal operation (the ``WITHDRAWAL_ID``) to interact with the withdr .. ts:def:: BankWithdrawalOperationPostResponse interface BankWithdrawalOperationPostResponse { - // The transfer has been confirmed and registered by the bank. - // Does not guarantee that the funds have arrived at the exchange already. - transfer_done: boolean; + // Current status of the operation + // pending: the operation is pending parameters selection (exchange and reserve public key) + // selected: the operations has been selected and is pending confirmation + // aborted: the operation has been aborted + // confirmed: the transfer has been confirmed and registered by the bank + status: "selected" | "aborted" | "confirmed"; // URL that the user needs to navigate to in order to // complete some final confirmation (e.g. 2FA). // - // Only applicable when ``transfer_done`` is ``false``. + // Only applicable when ``status`` is ``selected``. // It may contain withdrawal operation id confirm_transfer_url?: string; + + // Deprecated field use ``status`` instead + // The transfer has been confirmed and registered by the bank. + // Does not guarantee that the funds have arrived at the exchange already. + transfer_done: boolean; } diff --git a/core/api-corebank.rst b/core/api-corebank.rst index 1a0bae01..fd11bea9 100644 --- a/core/api-corebank.rst +++ b/core/api-corebank.rst @@ -589,20 +589,17 @@ Taler Withdrawals .. ts:def:: BankAccountCreateWithdrawalResponse interface BankAccountCreateWithdrawalResponse { - // ID of the withdrawal, can be used to view/modify the withdrawal operation. - // This ID will be globally unique and grant control over the operation to - // abort or confirm it. + // ID identifying the operation being created withdrawal_id: string; - // URI that can be passed to the wallet to initiate the withdrawal. + // URI that can be passed to the wallet to initiate the withdrawal taler_withdraw_uri: string; } -.. http:post:: /withdrawals/$WITHDRAWAL_ID/abort +.. http:post:: /accounts/$USERNAME/withdrawals/$WITHDRAWAL_ID/abort Aborts ``WITHDRAWAL_ID`` operation. Has no effect on an already aborted - operation. Does not require further authentication as knowledge - of the withdrawal ID serves as an authenticator. + operation. **Response:** @@ -613,12 +610,11 @@ Taler Withdrawals :http:statuscode:`409 Conflict`: The withdrawal operation has been confirmed previously and can't be aborted. -.. http:post:: /withdrawals/$WITHDRAWAL_ID/confirm +.. http:post:: /accounts/$USERNAME/withdrawals/$WITHDRAWAL_ID/confirm Confirms ``WITHDRAWAL_ID`` operation. Has no effect on an already confirmed withdrawal operation. This call is responsible for wiring the funds to the - exchange. Does not require further authentication as knowledge of the - withdrawal ID serves as an authenticator. + exchange. **Response:** @@ -633,43 +629,24 @@ Taler Withdrawals .. http:get:: /withdrawals/$WITHDRAWAL_ID - Query the status of a withdrawal operation. Does not require further - authentication as knowledge of the withdrawal ID serves as an authenticator. + Retrieve public information about ``WITHDRAWAL_ID`` withdrawal operation. + Does not require further authentication as knowledge of ``WITHDRAWAL_ID`` + serves as an authenticator. **Response:** :http:statuscode:`200 Ok`: - The bank responds with an `BankAccountGetWithdrawalResponse` object. + The bank responds with an `WithdrawalPublicInfo` object. :http:statuscode:`404 Not found`: The operation was not found. **Details:** - .. ts:def:: BankAccountGetWithdrawalResponse - - interface BankAccountGetWithdrawalResponse { - // Amount that will be withdrawn with this withdrawal operation. - amount: Amount; - - // Was the withdrawal aborted? - aborted: boolean; + .. ts:def:: WithdrawalPublicInfo - // Has the withdrawal been confirmed by the bank? - // The wire transfer for a withdrawal is only executed once - // both ``confirmation_done`` is ``true`` and ``selection_done`` is ``true``. - confirmation_done: boolean; - - // Did the wallet select reserve details? - selection_done: boolean; - - // Reserve public key selected by the exchange, - // only non-null if ``selection_done`` is ``true``. - selected_reserve_pub: string | null; - - // Exchange account selected by the wallet, or by the bank - // (with the default exchange) in case the wallet did not provide one - // through the Integration API. - selected_exchange_account: string | null; + interface WithdrawalPublicInfo { + // Account username + username: string; } Cashouts |