-towards storing KYC attribute data

author: Christian Grothoff <christian@grothoff.org> 2023-01-22 21:51:46 +0100
committer: Christian Grothoff <christian@grothoff.org> 2023-01-22 21:51:46 +0100
commit: a273b176da448cd27374acb94feee22c22dd8527 (patch)
tree: 3c19b5f6edcba35f4ed8b06214a2db59d9923434 /src/kyclogic/plugin_kyclogic_oauth2.c
parent: c2eee251c2eda2ce544a808d77a9a5615a2e7c34 (diff)
download: exchange-a273b176da448cd27374acb94feee22c22dd8527.tar.gz
exchange-a273b176da448cd27374acb94feee22c22dd8527.tar.bz2
exchange-a273b176da448cd27374acb94feee22c22dd8527.zip
1 files changed, 87 insertions, 0 deletions
diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c b/src/kyclogic/plugin_kyclogic_oauth2.c
index 5709b18f8..f5a08e92e 100644
--- a/src/kyclogic/plugin_kyclogic_oauth2.c
+++ b/src/kyclogic/plugin_kyclogic_oauth2.c
@@ -21,6 +21,7 @@
 #include "platform.h"
 #include "taler_kyclogic_plugin.h"
 #include "taler_mhd_lib.h"
+#include "taler_templating_lib.h"
 #include "taler_json_lib.h"
 #include <regex.h>
 #include "taler_util.h"
@@ -106,6 +107,12 @@ struct TALER_KYCLOGIC_ProviderDetails
   char *post_kyc_redirect_url;
 
   /**
+   * Template for converting user-data returned by
+   * the provider into our KYC attribute data.
+   */
+  char *attribute_template;
+
+  /**
    * Validity time for a successful KYC process.
    */
   struct GNUNET_TIME_Relative validity;
@@ -195,6 +202,11 @@ struct TALER_KYCLOGIC_ProofHandle
   char *post_body;
 
   /**
+   * KYC attributes returned about the user by the OAuth 2.0 server.
+   */
+  json_t *attributes;
+
+  /**
    * Response to return.
    */
   struct MHD_Response *response;
@@ -277,6 +289,7 @@ oauth2_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
   GNUNET_free (pd->client_id);
   GNUNET_free (pd->client_secret);
   GNUNET_free (pd->post_kyc_redirect_url);
+  GNUNET_free (pd->attribute_template);
   GNUNET_free (pd);
 }
 
@@ -443,6 +456,21 @@ oauth2_load_configuration (void *cls,
   }
   pd->post_kyc_redirect_url = s;
 
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (ps->cfg,
+                                             provider_section_name,
+                                             "KYC_OAUTH2_ATTRIBUTE_TEMPLATE",
+                                             &s))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_WARNING,
+                               provider_section_name,
+                               "KYC_OAUTH2_ATTRIBUTE_TEMPLATE");
+  }
+  else
+  {
+    pd->attribute_template = s;
+  }
+
   return pd;
 }
 
@@ -566,9 +594,12 @@ return_proof_response (void *cls)
           ph->provider_user_id,
           ph->provider_legitimization_id,
           GNUNET_TIME_relative_to_absolute (ph->pd->validity),
+          ph->attributes,
           ph->http_status,
           ph->response);
   GNUNET_free (ph->provider_user_id);
+  if (NULL != ph->attributes)
+    json_decref (ph->attributes);
   GNUNET_free (ph);
 }
 
@@ -641,6 +672,57 @@ handle_proof_error (struct TALER_KYCLOGIC_ProofHandle *ph,
 
 
 /**
+ * Convert user data returned by the provider into
+ * standardized attribute data.
+ *
+ * @param pd our provider configuration
+ * @param data user-data given by the provider
+ * @return converted KYC attribute data object
+ */
+static json_t *
+data2attributes (const struct TALER_KYCLOGIC_ProviderDetails *pd,
+                 const json_t *data)
+{
+  json_t *ret;
+  void *attr_data;
+  size_t attr_size;
+  int rv;
+  json_error_t err;
+
+  if (NULL == pd->attribute_template)
+    return json_object ();
+  if (0 !=
+      (rv = TALER_TEMPLATING_fill (pd->attribute_template,
+                                   data,
+                                   &attr_data,
+                                   &attr_size)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to convert KYC provider data to attributes: %d\n",
+                rv);
+    json_dumpf (data,
+                stderr,
+                JSON_INDENT (2));
+    return NULL;
+  }
+  ret = json_loadb (attr_data,
+                    attr_size,
+                    JSON_REJECT_DUPLICATES,
+                    &err);
+  GNUNET_free (attr_data);
+  if (NULL == ret)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to parse converted KYC attributes as JSON: %s (at offset %d)\n",
+                err.text,
+                err.position);
+    return NULL;
+  }
+  return ret;
+}
+
+
+/**
  * The request for @a ph succeeded (presumably).
  * Call continuation with the result.
  *
@@ -689,6 +771,7 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
     GNUNET_break_op (0);
     handle_proof_error (ph,
                         j);
+    GNUNET_JSON_parse_free (spec);
     return;
   }
   {
@@ -716,6 +799,7 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
             "Unexpected response from KYC gateway: data must contain id");
       ph->http_status
         = MHD_HTTP_BAD_GATEWAY;
+      GNUNET_JSON_parse_free (spec);
       return;
     }
     ph->status = TALER_KYCLOGIC_STATUS_SUCCESS;
@@ -731,6 +815,9 @@ parse_proof_success_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
     ph->http_status = MHD_HTTP_SEE_OTHER;
     ph->provider_user_id = GNUNET_strdup (id);
   }
+  ph->attributes = data2attributes (ph->pd,
+                                    data);
+  GNUNET_JSON_parse_free (spec);
 }
author	Christian Grothoff <christian@grothoff.org>	2023-01-22 21:51:46 +0100
committer	Christian Grothoff <christian@grothoff.org>	2023-01-22 21:51:46 +0100
commit	a273b176da448cd27374acb94feee22c22dd8527 (patch)
tree	3c19b5f6edcba35f4ed8b06214a2db59d9923434 /src/kyclogic/plugin_kyclogic_oauth2.c
parent	c2eee251c2eda2ce544a808d77a9a5615a2e7c34 (diff)
download	exchange-a273b176da448cd27374acb94feee22c22dd8527.tar.gz exchange-a273b176da448cd27374acb94feee22c22dd8527.tar.bz2 exchange-a273b176da448cd27374acb94feee22c22dd8527.zip