diff options
author | Sebastian <sebasjm@gmail.com> | 2023-01-13 12:15:45 -0300 |
---|---|---|
committer | Sebastian <sebasjm@gmail.com> | 2023-01-13 12:16:44 -0300 |
commit | f8ddd0b685ad464f23009412584edfe4f3c5deea (patch) | |
tree | dd005be483b98d18e400df9cac499a055eda43d0 /src/exchange | |
parent | 4374b1868e2f1c74014c976d2d98d0c58b3ac561 (diff) | |
download | exchange-f8ddd0b685ad464f23009412584edfe4f3c5deea.tar.gz exchange-f8ddd0b685ad464f23009412584edfe4f3c5deea.tar.bz2 exchange-f8ddd0b685ad464f23009412584edfe4f3c5deea.zip |
fix kyc-proof handle
1.- redirect_uri has an extra slash
2.- response_type=code is required https://www.rfc-editor.org/rfc/rfc6749#section-3.1.1
3.- add more info to "Unexpected response from KYC gateway"
4.- relax the requirements on the login response, marked as optional
5.- redirect_uri should be the same when exchanging the code for the access_token,
6.- remove legi and payto from kyc-proof path
7.- use state to transport h_payto https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
Diffstat (limited to 'src/exchange')
-rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-proof.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.c b/src/exchange/taler-exchange-httpd_kyc-proof.c index 5d89c4203..e550d28e2 100644 --- a/src/exchange/taler-exchange-httpd_kyc-proof.c +++ b/src/exchange/taler-exchange-httpd_kyc-proof.c @@ -259,27 +259,39 @@ TEH_handler_kyc_proof ( const char *const args[3]) { struct KycProofContext *kpc = rc->rh_ctx; - + const char *h_payto; if (NULL == kpc) { /* first time */ - if ( (NULL == args[0]) || - (NULL == args[1]) ) + if ( (NULL == args[0])) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_NOT_FOUND, TALER_EC_GENERIC_ENDPOINT_UNKNOWN, - "'/kyc-proof/$H_PATYO/$LOGIC' required"); + "'/kyc-proof/$LOGIC?state=$H_PAYTO' required"); + } + + h_payto = MHD_lookup_connection_value (rc->connection, + MHD_GET_ARGUMENT_KIND, + "state"); + if ( (NULL == h_payto) ) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "h_payto"); } + kpc = GNUNET_new (struct KycProofContext); kpc->rc = rc; rc->rh_ctx = kpc; rc->rh_cleaner = &clean_kpc; if (GNUNET_OK != - GNUNET_STRINGS_string_to_data (args[0], - strlen (args[0]), + GNUNET_STRINGS_string_to_data (h_payto, + strlen (h_payto), &kpc->h_payto, sizeof (kpc->h_payto))) { @@ -290,7 +302,7 @@ TEH_handler_kyc_proof ( "h_payto"); } if (GNUNET_OK != - TALER_KYCLOGIC_lookup_logic (args[1], + TALER_KYCLOGIC_lookup_logic (args[0], &kpc->logic, &kpc->pd, &kpc->provider_section)) @@ -299,14 +311,14 @@ TEH_handler_kyc_proof ( return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_NOT_FOUND, TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_UNKNOWN, - args[1]); + args[0]); } if (NULL != kpc->provider_section) { enum GNUNET_DB_QueryStatus qs; struct GNUNET_TIME_Absolute expiration; - if (0 != strcmp (args[1], + if (0 != strcmp (args[0], kpc->provider_section)) { GNUNET_break_op (0); @@ -352,7 +364,7 @@ TEH_handler_kyc_proof ( } kpc->ph = kpc->logic->proof (kpc->logic->cls, kpc->pd, - &args[2], + &args[1], rc->connection, &kpc->h_payto, kpc->process_row, |