major rework of the KYC logic, making it more configurable, not complete, but tests pass again

6 files changed, 135 insertions, 36 deletions

diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index e14f01ca2..f4b67be9d 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -304,10 +304,16 @@ struct TALER_EXCHANGE_Keys
   struct GNUNET_TIME_Relative reserve_closing_delay;
 
   /**
-   * Maximum amount a wallet is allowed to hold from
-   * this exchange before it must undergo a KYC check.
+   * Array of amounts a wallet is allowed to hold from
+   * this exchange before it must undergo further KYC checks.
    */
-  struct TALER_Amount wallet_balance_limit_without_kyc;
+  struct TALER_Amount *wallet_balance_limit_without_kyc;
+
+  /**
+   * Length of the @e wallet_balance_limit_without_kyc
+   * array.
+   */
+  unsigned int wblwk_length;
 
   /**
    * Timestamp indicating the /keys generation.
@@ -3422,7 +3428,7 @@ typedef void
  * of a merchant.
  *
  * @param eh exchange handle to use
- * @param payment_target number identifying the target
+ * @param legitimization_uuid number identifying the legitimization process
  * @param h_payto hash of the payto:// URI at @a payment_target
  * @param timeout how long to wait for a positive KYC status
  * @param cb function to call with the result
@@ -3431,7 +3437,7 @@ typedef void
  */
 struct TALER_EXCHANGE_KycCheckHandle *
 TALER_EXCHANGE_kyc_check (struct TALER_EXCHANGE_Handle *eh,
-                          uint64_t payment_target,
+                          uint64_t legitimization_uuid,
                           const struct TALER_PaytoHashP *h_payto,
                           struct GNUNET_TIME_Relative timeout,
                           TALER_EXCHANGE_KycStatusCallback cb,
@@ -3500,8 +3506,10 @@ struct TALER_EXCHANGE_KycProofHandle;
  *
  * @param eh exchange handle to use
  * @param h_payto hash of payto URI identifying the target account
- * @param code OAuth 2.0 code argument
- * @param state OAuth 2.0 state argument
+ * @param logic name of the KYC logic to run
+ * @param args additional args to pass, can be NULL
+ *        or a string to append to the URL. Must
+ *        then begin with '/' or '?'.
  * @param cb function to call with the result
  * @param cb_cls closure for @a cb
  * @return NULL on error
@@ -3509,8 +3517,8 @@ struct TALER_EXCHANGE_KycProofHandle;
 struct TALER_EXCHANGE_KycProofHandle *
 TALER_EXCHANGE_kyc_proof (struct TALER_EXCHANGE_Handle *eh,
                           const struct TALER_PaytoHashP *h_payto,
-                          const char *code,
-                          const char *state,
+                          const char *logic,
+                          const char *args,
                           TALER_EXCHANGE_KycProofCallback cb,
                           void *cb_cls);
 
@@ -3573,6 +3581,7 @@ typedef void
  *
  * @param eh exchange handle to use
  * @param reserve_priv wallet private key to check
+ * @param balance balance (or balance threshold) crossed by the wallet
  * @param cb function to call with the result
  * @param cb_cls closure for @a cb
  * @return NULL on error
@@ -3580,6 +3589,7 @@ typedef void
 struct TALER_EXCHANGE_KycWalletHandle *
 TALER_EXCHANGE_kyc_wallet (struct TALER_EXCHANGE_Handle *eh,
                            const struct TALER_ReservePrivateKeyP *reserve_priv,
+                           const struct TALER_Amount *balance,
                            TALER_EXCHANGE_KycWalletCallback cb,
                            void *cb_cls);
 
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 42b8a7427..6967e7377 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -2327,11 +2327,13 @@ struct TALER_EXCHANGEDB_KycStatus
    * Number that identifies the KYC target the operation
    * was about.
    */
+  // FIXME: rename to 'legitimization_uuid'
   uint64_t payment_target_uuid;
 
   /**
    * What kind of KYC operation is this?
    */
+  // FIXME: kill!
   enum TALER_EXCHANGEDB_KycType type;
 
   /**
@@ -2583,6 +2585,26 @@ typedef enum GNUNET_GenericReturnValue
 
 
 /**
+ * Function called on transient aggregations matching
+ * a particular hash of a payto URI.
+ *
+ * @param cls
+ * @param payto_uri corresponding payto URI
+ * @param wtid wire transfer identifier of transient aggregation
+ * @param merchant_pub public key of the merchant
+ * @param total amount aggregated so far
+ * @return true to continue iterating
+ */
+typedef bool
+(*TALER_EXCHANGEDB_TransientAggregationCallback)(
+  void *cls,
+  const char *payto_uri,
+  const struct TALER_WireTransferIdentifierRawP *wtid,
+  const struct TALER_MerchantPublicKeyP *merchant_pub,
+  const struct TALER_Amount *total);
+
+
+/**
  * Callback with data about a prepared wire transfer.
  *
  * @param cls closure
@@ -3098,6 +3120,21 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
+   * Get the origin of funds of a reserve.
+   *
+   * @param cls the `struct PostgresClosure` with the plugin-specific state
+   * @param reserve_pub public key of the reserve
+   * @param[out] h_payto set to hash of the wire source payto://-URI
+   * @return transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*reserves_get_origin)(
+    void *cls,
+    const struct TALER_ReservePublicKeyP *reserve_pub,
+    struct TALER_PaytoHashP *h_payto);
+
+
+  /**
    * Set the KYC status to "OK" for a bank account.
    *
    * @param cls the @e cls of this struct with the plugin-specific state
@@ -3112,6 +3149,20 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
+   * Extract next KYC alert.  Deletes the alert.
+   *
+   * @param cls the @e cls of this struct with the plugin-specific state
+   * @param trigger_type which type of alert to drain
+   * @param[out] h_payto set to hash of payto-URI where KYC status changed
+   * @return transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*drain_kyc_alert)(void *cls,
+                     uint32_t trigger_type,
+                     struct TALER_PaytoHashP *h_payto);
+
+
+  /**
    * Get the @a kyc status and @a h_payto by UUID.
    *
    * @param cls the @e cls of this struct with the plugin-specific state
@@ -3207,7 +3258,6 @@ struct TALER_EXCHANGEDB_Plugin
    * @param[out] found set to true if the reserve was found
    * @param[out] balance_ok set to true if the balance was sufficient
    * @param[out] nonce_ok set to false if the nonce was reused
-   * @param[out] kyc set to the KYC status of the reserve
    * @param[out] ruuid set to the reserve's UUID (reserves table row)
    * @return query execution status
    */
@@ -3220,7 +3270,6 @@ struct TALER_EXCHANGEDB_Plugin
     bool *found,
     bool *balance_ok,
     bool *nonce_ok,
-    struct TALER_EXCHANGEDB_KycStatus *kyc_ok,
     uint64_t *ruuid);
 
 
@@ -3235,7 +3284,6 @@ struct TALER_EXCHANGEDB_Plugin
    * @param amount total amount to withdraw
    * @param[out] found set to true if the reserve was found
    * @param[out] balance_ok set to true if the balance was sufficient
-   * @param[out] kyc set to the KYC status of the reserve
    * @param[out] ruuid set to the reserve's UUID (reserves table row)
    * @return query execution status
    */
@@ -3247,7 +3295,6 @@ struct TALER_EXCHANGEDB_Plugin
     const struct TALER_Amount *amount,
     bool *found,
     bool *balance_ok,
-    struct TALER_EXCHANGEDB_KycStatus *kyc_ok,
     uint64_t *ruuid);
 
 
@@ -3692,8 +3739,6 @@ struct TALER_EXCHANGEDB_Plugin
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param start_shard_row minimum shard row to select
    * @param end_shard_row maximum shard row to select (inclusive)
-   * @param kyc_off true if we should not check the KYC status because
-   *                this exchange does not need/support KYC checks.
    * @param[out] merchant_pub set to the public key of a merchant with a ready deposit
    * @param[out] payto_uri set to the account of the merchant, to be freed by caller
    * @return transaction status code
@@ -3702,7 +3747,6 @@ struct TALER_EXCHANGEDB_Plugin
   (*get_ready_deposit)(void *cls,
                        uint64_t start_shard_row,
                        uint64_t end_shard_row,
-                       bool kyc_off,
                        struct TALER_MerchantPublicKeyP *merchant_pub,
                        char **payto_uri);
 
@@ -3740,6 +3784,7 @@ struct TALER_EXCHANGEDB_Plugin
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param h_payto destination of the wire transfer
    * @param exchange_account_section exchange account to use
+   * @param merchant_pub public key of the merchant
    * @param wtid the raw wire transfer identifier to be used
    * @param total amount to be wired in the future
    * @return transaction status
@@ -3749,15 +3794,17 @@ struct TALER_EXCHANGEDB_Plugin
     void *cls,
     const struct TALER_PaytoHashP *h_payto,
     const char *exchange_account_section,
+    const struct TALER_MerchantPublicKeyP *merchant_pub,
     const struct TALER_WireTransferIdentifierRawP *wtid,
     const struct TALER_Amount *total);
 
 
   /**
-   * Find existing entry in the transient aggregation table.
+   * Select existing entry in the transient aggregation table.
    *
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param h_payto destination of the wire transfer
+   * @param merchant_pub public key of the merchant
    * @param exchange_account_section exchange account to use
    * @param[out] wtid set to the raw wire transfer identifier to be used
    * @param[out] total existing amount to be wired in the future
@@ -3767,12 +3814,30 @@ struct TALER_EXCHANGEDB_Plugin
   (*select_aggregation_transient)(
     void *cls,
     const struct TALER_PaytoHashP *h_payto,
+    const struct TALER_MerchantPublicKeyP *merchant_pub,
     const char *exchange_account_section,
     struct TALER_WireTransferIdentifierRawP *wtid,
     struct TALER_Amount *total);
 
 
   /**
+   * Find existing entry in the transient aggregation table.
+   *
+   * @param cls the @e cls of this struct with the plugin-specific state
+   * @param h_payto destination of the wire transfer
+   * @param cb function to call on each matching entry
+   * @param cb_cls closure for @a cb
+   * @return transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*find_aggregation_transient)(
+    void *cls,
+    const struct TALER_PaytoHashP *h_payto,
+    TALER_EXCHANGEDB_TransientAggregationCallback cb,
+    void *cb_cls);
+
+
+  /**
    * Update existing entry in the transient aggregation table.
    * @a h_payto is only needed for query performance.
    *
diff --git a/src/include/taler_kyclogic_lib.h b/src/include/taler_kyclogic_lib.h
index 6b54276f6..fedb26a99 100644
--- a/src/include/taler_kyclogic_lib.h
+++ b/src/include/taler_kyclogic_lib.h
@@ -163,6 +163,19 @@ typedef void
 
 
 /**
+ * Function called to iterate over KYC-relevant
+ * transaction thresholds amounts.
+ *
+ * @param cls closure, identifies the event type and
+ *        account to iterate over events for
+ * @param threshold a relevant threshold amount
+ */
+typedef void
+(*TALER_KYCLOGIC_KycThresholdIterator)(void *cls,
+                                       const struct TALER_Amount *threshold);
+
+
+/**
  * Call us on KYC processes satisfied for the given
  * account. Must match the ``select_satisfied_kyc_processes`` of the exchange database plugin.
  *
@@ -210,6 +223,21 @@ TALER_KYCLOGIC_kyc_test_required (enum TALER_KYCLOGIC_KycTriggerEvent event,
 
 
 /**
+ * Iterate over all thresholds that are applicable
+ * to a particular type of @a event
+ *
+ * @param event tresholds to look up
+ * @param it function to call on each
+ * @param it_cls closure for @a it
+ */
+void
+TALER_KYCLOGIC_kyc_iterate_thresholds (
+  enum TALER_KYCLOGIC_KycTriggerEvent event,
+  TALER_KYCLOGIC_KycThresholdIterator it,
+  void *it_cls);
+
+
+/**
  * Obtain the provider logic for a given @a provider_section_name.
  *
  * @param provider_section_name identifies a KYC provider process
diff --git a/src/include/taler_kyclogic_plugin.h b/src/include/taler_kyclogic_plugin.h
index a4bddde61..f41944715 100644
--- a/src/include/taler_kyclogic_plugin.h
+++ b/src/include/taler_kyclogic_plugin.h
@@ -295,6 +295,7 @@ struct TALER_KYCLOGIC_Plugin
    * @param url_path rest of the URL after `/kyc-webhook/$H_PAYTO/$LOGIC`
    * @param connection MHD connection object (for HTTP headers)
    * @param account_id which account to trigger process for
+   * @param legi_row row in the table the legitimization is for
    * @param provider_user_id user ID (or NULL) the proof is for
    * @param provider_legitimization_id legitimization ID the proof is for
    * @param cb function to call with the result
@@ -307,6 +308,7 @@ struct TALER_KYCLOGIC_Plugin
            const char *const url_path[],
            struct MHD_Connection *connection,
            const struct TALER_PaytoHashP *account_id,
+           uint64_t legi_row,
            const char *provider_user_id,
            const char *provider_legitimization_id,
            TALER_KYCLOGIC_ProofCallback cb,
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 549539a3b..a99defbbc 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -2421,12 +2421,14 @@ TALER_TESTING_cmd_revoke_sign_key (
  *
  * @param label command label.
  * @param reserve_reference command with reserve private key to use (or NULL to create a fresh reserve key).
+ * @param threshold_balance balance amount to pass to the exchange
  * @param expected_response_code expected HTTP status
  * @return the command
  */
 struct TALER_TESTING_Command
 TALER_TESTING_cmd_wallet_kyc_get (const char *label,
                                   const char *reserve_reference,
+                                  const char *threshold_balance,
                                   unsigned int expected_response_code);
 
 
@@ -2445,21 +2447,26 @@ TALER_TESTING_cmd_check_kyc_get (const char *label,
 
 
 /**
- * Create a KYC proof request.
+ * Create a KYC proof request. Only useful in conjunction with the OAuth2.0
+ * logic, as it generates an OAuth2.0-specific request.
  *
  * @param label command label.
  * @param payment_target_reference command with a payment target to query
+ * @param logic_section name of the KYC provider section
+ *         in the exchange configuration for this proof
  * @param code OAuth 2.0 code to use
  * @param state OAuth 2.0 state to use
  * @param expected_response_code expected HTTP status
  * @return the command
  */
 struct TALER_TESTING_Command
-TALER_TESTING_cmd_proof_kyc (const char *label,
-                             const char *payment_target_reference,
-                             const char *code,
-                             const char *state,
-                             unsigned int expected_response_code);
+TALER_TESTING_cmd_proof_kyc_oauth2 (
+  const char *label,
+  const char *payment_target_reference,
+  const char *logic_section,
+  const char *code,
+  const char *state,
+  unsigned int expected_response_code);
 
 
 /**
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index afc8ebada..079f72ed6 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -362,19 +362,6 @@ TALER_payto_get_method (const char *payto_uri);
 
 
 /**
- * Construct a payto://-URI from a Taler @a reserve_pub at
- * @a exchange_base_url
- *
- * @param exchange_base_url the URL of the exchange
- * @param reserve_pub public key of the reserve
- * @return payto:// URI encoding the reserve's address
- */
-char *
-TALER_payto_from_reserve (const char *exchange_base_url,
-                          const struct TALER_ReservePublicKeyP *reserve_pub);
-
-
-/**
  * Obtain the account name from a payto URL.
  *
  * @param payto an x-taler-bank payto URL