Fix withdrawal API securityfix_withdrawal

2 files changed, 32 insertions, 43 deletions

diff --git a/core/api-bank-integration.rst b/core/api-bank-integration.rst
index 4a9650dc..ae4c7c0e 100644
--- a/core/api-bank-integration.rst
+++ b/core/api-bank-integration.rst
@@ -64,11 +64,11 @@ Withdrawing
 Withdrawals with a Taler-integrated bank are based on withdrawal operations.
 Some user interaction (on the bank's website or a Taler-enabled ATM) creates a
 withdrawal operation record in the bank's database.  The wallet can use a unique identifier
-for the withdrawal operation (the ``wopid``) to interact with the withdrawal operation.
+for the withdrawal operation (the ``OP_UUID``) to interact with the withdrawal operation.
 
-.. http:get:: ${BANK_API_BASE_URL}/withdrawal-operation/${wopid}
+.. http:get:: ${BANK_API_BASE_URL}/withdrawal-operation/${OP_UUID}
 
-  Query information about a withdrawal operation, identified by the ``wopid``.
+  Query information about a withdrawal operation, identified by the ``OP_UUID``.
 
   **Request:**
 
@@ -91,17 +91,15 @@ for the withdrawal operation (the ``wopid``) to interact with the withdrawal ope
   .. ts:def:: BankWithdrawalOperationStatus
 
     export class BankWithdrawalOperationStatus {
-      // Indicates whether the withdrawal was aborted.
-      aborted: boolean;
+      // Account username
+      username: string;
 
-      // Has the wallet selected parameters for the withdrawal operation
-      // (exchange and reserve public key) and successfully sent it
-      // to the bank?
-      selection_done: boolean;
-
-      // The transfer has been confirmed and registered by the bank.
-      // Does not guarantee that the funds have arrived at the exchange already.
-      transfer_done: boolean;
+      // Current status of the operation
+      // pending: the operation is pending parameters selection (exchange and reserve public key)
+      // selected: the operations has been selected and is pending confirmation
+      // aborted: the operation has been aborted
+      // confirmed: the transfer has been confirmed and registered by the bank
+      status: "pending" | "selected" | "aborted" | "confirmed";
 
       // Amount that will be withdrawn with this operation
       // (raw amount without fee considerations).
@@ -123,7 +121,7 @@ for the withdrawal operation (the ``wopid``) to interact with the withdrawal ope
       wire_types: string[];
     }
 
-.. http:post:: ${BANK_API_BASE_URL}/withdrawal-operation/${wopid}
+.. http:post:: ${BANK_API_BASE_URL}/withdrawal-operation/${OP_UUID}
 
   **Request:**
 
@@ -144,7 +142,7 @@ for the withdrawal operation (the ``wopid``) to interact with the withdrawal ope
     The bank has accepted the withdrawal operation parameters chosen by the wallet.
     The response is a `BankWithdrawalOperationPostResponse`.
   :http:statuscode:`404 Not found`:
-    The bank does not know about a withdrawal operation with the specified ``wopid``.
+    The bank does not know about a withdrawal operation with the specified ``OP_UUID``.
   :http:statuscode:`409 Conflict`:
     * ``TALER_EC_BANK_WITHDRAWAL_OPERATION_RESERVE_SELECTION_CONFLICT`` : 
       The wallet selected a different exchange or reserve public key under the same withdrawal ID.
diff --git a/core/api-corebank.rst b/core/api-corebank.rst
index 07b43237..2f645227 100644
--- a/core/api-corebank.rst
+++ b/core/api-corebank.rst
@@ -595,20 +595,17 @@ Taler Withdrawals
   .. ts:def:: BankAccountCreateWithdrawalResponse
 
     interface BankAccountCreateWithdrawalResponse {
-      // ID of the withdrawal, can be used to view/modify the withdrawal operation.
-      // This ID will be globally unique and grant control over the operation to
-      // abort or confirm it.
-      withdrawal_id: string;
+      // ID identifying the operation being created
+      withdrawal_id: number;
 
       // URI that can be passed to the wallet to initiate the withdrawal.
       taler_withdraw_uri: string;
     }
 
-.. http:post:: ${BANK_API_BASE_URL}/withdrawals/${withdrawal_id}/abort
+.. http:post:: ${BANK_API_BASE_URL}/withdrawals/${OP_ID}/abort
 
-  Aborts ``withdrawal_id`` operation.  Has no effect on an already aborted
-  operation.  Does not require further authentication as knowledge
-  of the withdrawal ID serves as an authenticator.
+  Aborts ``OP_ID`` withdrawal operation.  Has no effect on an already aborted
+  operation.
 
   **Response:**
 
@@ -619,12 +616,11 @@ Taler Withdrawals
   :http:statuscode:`409 Conflict`: 
     The withdrawal operation has been confirmed previously and can't be aborted.
 
-.. http:post:: ${BANK_API_BASE_URL}/withdrawals/${withdrawal_id}/confirm
+.. http:post:: ${BANK_API_BASE_URL}/withdrawals/${OP_ID}/confirm
 
-  Confirms ``withdrawal_id`` operation.  Has no effect on an already confirmed
+  Confirms ``OP_ID`` withdrawal operation.  Has no effect on an already confirmed
   withdrawal operation.  This call is responsible for wiring the funds to the
-  exchange.  Does not require further authentication as knowledge of the
-  withdrawal ID serves as an authenticator.
+  exchange.
 
   **Response:**
 
@@ -637,10 +633,9 @@ Taler Withdrawals
     * ``TALER_EC_BANK_CONFIRM_INCOMPLETE`` : the withdraw operation cannot be confirmed because no exchange and reserve public key selection happened before.
     * ``TALER_EC_BANK_UNALLOWED_DEBIT`` : the account does not have sufficient funds.
 
-.. http:get:: ${BANK_API_BASE_URL}/withdrawals/${withdrawal_id}
+.. http:get:: ${BANK_API_BASE_URL}/withdrawals/${OP_ID}
 
-  Query the status of a withdrawal operation. Does not require further
-  authentication as knowledge of the withdrawal ID serves as an authenticator.
+  Query the status of a withdrawal operation.
 
   **Response:**
 
@@ -657,25 +652,21 @@ Taler Withdrawals
       // Amount that will be withdrawn with this withdrawal operation.
       amount: Amount;
 
-      // Was the withdrawal aborted?
-      aborted: boolean;
-
-      // Has the withdrawal been confirmed by the bank?
-      // The wire transfer for a withdrawal is only executed once
-      // both ``confirmation_done`` is ``true`` and ``selection_done`` is ``true``.
-      confirmation_done: boolean;
-
-      // Did the wallet select reserve details?
-      selection_done: boolean;
+      // Current status of the operation
+      // pending: the operation is pending parameters selection (exchange and reserve public key)
+      // selected: the operations has been selected and is pending confirmation
+      // aborted: the operation has been aborted
+      // confirmed: the transfer has been confirmed and registered by the bank
+      status: "pending" | "selected" | "aborted" | "confirmed";
 
       // Reserve public key selected by the exchange,
-      // only non-null if ``selection_done`` is ``true``.
-      selected_reserve_pub: string | null;
+      // only non-null if ``status`` is ``selected`` or ``confirmed``.
+      selected_reserve_pub?: string ;
 
       // Exchange account selected by the wallet, or by the bank
       // (with the default exchange) in case the wallet did not provide one
       // through the Integration API.
-      selected_exchange_account: string | null;
+      selected_exchange_account?: string;
     }
 
 Cashouts