-misc bugfixes for persona kyc logic

author: Christian Grothoff <christian@grothoff.org> 2022-08-18 21:10:37 +0200
committer: Christian Grothoff <christian@grothoff.org> 2022-08-18 21:10:37 +0200
commit: 62a7f9b7117cc98e4e1d964a0cd35de2215c39d0 (patch)
tree: 8b3a7f076be94e58fc5c0b496777d191c6ded7dc /src
parent: f0cd54dc102cc531805d14d4deb0d2d479ce591c (diff)
download: exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.tar.gz
exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.tar.bz2
exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.zip
5 files changed, 61 insertions, 23 deletions
diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.c b/src/exchange/taler-exchange-httpd_kyc-proof.c
index a8c31265e..f6fa12eeb 100644
--- a/src/exchange/taler-exchange-httpd_kyc-proof.c
+++ b/src/exchange/taler-exchange-httpd_kyc-proof.c
@@ -204,6 +204,8 @@ proof_cb (
     if (GNUNET_DB_STATUS_HARD_ERROR == qs)
     {
       GNUNET_break (0);
+      if (NULL != response)
+        MHD_destroy_response (response);
       kpc->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
       kpc->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED,
                                             "set_kyc_ok");
diff --git a/src/include/taler_templating_lib.h b/src/include/taler_templating_lib.h
index 9cce84f5a..e4f3f1f1c 100644
--- a/src/include/taler_templating_lib.h
+++ b/src/include/taler_templating_lib.h
@@ -48,7 +48,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
                         const char *template,
                         const char *instance_id,
                         const char *taler_uri,
-                        json_t *root,
+                        const json_t *root,
                         struct MHD_Response **reply);
 
 
@@ -72,7 +72,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,
                         const char *template,
                         const char *instance_id,
                         const char *taler_uri,
-                        json_t *root);
+                        const json_t *root);
 
 /**
  * Preload templates.
diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c
index d67ef697f..74bc53f02 100644
--- a/src/kyclogic/plugin_kyclogic_persona.c
+++ b/src/kyclogic/plugin_kyclogic_persona.c
@@ -89,6 +89,11 @@ struct TALER_KYCLOGIC_ProviderDetails
   char *section;
 
   /**
+   * Salt to use for idempotency.
+   */
+  char *salt;
+
+  /**
    * Authorization token to use when talking
    * to the service.
    */
@@ -336,6 +341,7 @@ persona_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
   GNUNET_free (pd->auth_token);
   GNUNET_free (pd->template_id);
   GNUNET_free (pd->subdomain);
+  GNUNET_free (pd->salt);
   GNUNET_free (pd->section);
   GNUNET_free (pd->post_kyc_redirect_url);
   GNUNET_free (pd);
@@ -386,6 +392,20 @@ persona_load_configuration (void *cls,
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (ps->cfg,
                                              provider_section_name,
+                                             "SALT",
+                                             &pd->salt))
+  {
+    uint32_t salt[8];
+
+    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                                salt,
+                                sizeof (salt));
+    pd->salt = GNUNET_STRINGS_data_to_string_alloc (salt,
+                                                    sizeof (salt));
+  }
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (ps->cfg,
+                                             provider_section_name,
                                              "PERSONA_SUBDOMAIN",
                                              &pd->subdomain))
   {
@@ -784,17 +804,13 @@ persona_initiate (void *cls,
                                   ih);
   GNUNET_CURL_extend_headers (ih->job,
                               pd->slist);
-  /* FIXME: this should be used, but IF we use it,
-     the testing should be moved to random/noncy legi rows;
-     or better: add some additional noncy thing here from
-     the config that we randomize if not given! */
-  if (0)
   {
     char *ikh;
 
     GNUNET_asprintf (&ikh,
-                     "Idempotency-Key: %llu",
-                     (unsigned long long) ih->legitimization_uuid);
+                     "Idempotency-Key: %llu-%s",
+                     (unsigned long long) ih->legitimization_uuid,
+                     pd->salt);
     ih->slist = curl_slist_append (NULL,
                                    ikh);
     GNUNET_free (ikh);
@@ -861,6 +877,7 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
                                 NULL,
                                 body,
                                 &resp);
+  json_decref (body);
   if (GNUNET_SYSERR == ret)
   {
     GNUNET_break (0);
@@ -1136,12 +1153,13 @@ handle_proof_finished (void *cls,
           break;
         }
 
+        // FIXME: do not generate kyc-completed from template, do redirect!
         proof_generic_reply (ph,
                              TALER_KYCLOGIC_STATUS_SUCCESS,
                              account_id,
                              inquiry_id,
                              MHD_HTTP_OK,
-                             "kyc-completed",
+                             "persona-kyc-completed",
                              GNUNET_JSON_PACK (
                                GNUNET_JSON_pack_allow_null (
                                  GNUNET_JSON_pack_object_incref ("attributes",
@@ -1487,9 +1505,6 @@ handle_webhook_finished (void *cls,
                                         "data");
 
   wh->job = NULL;
-  json_dumpf (j,
-              stderr,
-              JSON_INDENT (2));
   switch (response_code)
   {
   case MHD_HTTP_OK:
@@ -1734,6 +1749,7 @@ async_webhook_reply (void *cls)
 {
   struct TALER_KYCLOGIC_WebhookHandle *wh = cls;
 
+  wh->task = NULL;
   wh->cb (wh->cb_cls,
           wh->legitimization_uuid,
           (0 == wh->legitimization_uuid)
@@ -1862,9 +1878,27 @@ persona_webhook (void *cls,
                     "payload"),
                   "data"),
                 "relationships"),
-              "template"),
+              "inquiry_template"),
             "data"),
           "id"));
+  if (NULL == wh->template_id)
+  {
+    GNUNET_break_op (0);
+    json_dumpf (body,
+                stderr,
+                JSON_INDENT (2));
+    wh->resp = TALER_MHD_MAKE_JSON_PACK (
+      TALER_JSON_pack_ec (
+        TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
+      GNUNET_JSON_pack_string ("detail",
+                               "data-attributes-payload-data-id"),
+      GNUNET_JSON_pack_object_incref ("webhook_body",
+                                      (json_t *) body));
+    wh->response_code = MHD_HTTP_BAD_REQUEST;
+    wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply,
+                                         wh);
+    return wh;
+  }
   TALER_KYCLOGIC_kyc_get_details ("persona",
                                   &locate_details_cb,
                                   wh);
@@ -1920,7 +1954,7 @@ persona_webhook (void *cls,
     return wh;
   }
   qs = plc (plc_cls,
-            pd->section,
+            wh->pd->section,
             persona_inquiry_id,
             &wh->h_payto,
             &wh->legitimization_uuid);
@@ -1967,7 +2001,7 @@ persona_webhook (void *cls,
   GNUNET_break (CURLE_OK ==
                 curl_easy_setopt (eh,
                                   CURLOPT_VERBOSE,
-                                  1));
+                                  0));
   GNUNET_assert (CURLE_OK ==
                  curl_easy_setopt (eh,
                                    CURLOPT_MAXREDIRS,
@@ -1978,7 +2012,7 @@ persona_webhook (void *cls,
                                   wh->url));
   wh->job = GNUNET_CURL_job_add2 (ps->curl_ctx,
                                   eh,
-                                  pd->slist,
+                                  wh->pd->slist,
                                   &handle_webhook_finished,
                                   wh);
   return wh;
diff --git a/src/kyclogic/taler-exchange-kyc-tester.c b/src/kyclogic/taler-exchange-kyc-tester.c
index b13be4bee..bb2894b11 100644
--- a/src/kyclogic/taler-exchange-kyc-tester.c
+++ b/src/kyclogic/taler-exchange-kyc-tester.c
@@ -390,7 +390,6 @@ kwh_resume (struct KycWebhookContext *kwh)
                                kwh_tail,
                                kwh);
   MHD_resume_connection (kwh->rc->connection);
-  TALER_MHD_daemon_trigger ();
 }
 
 
@@ -464,6 +463,7 @@ webhook_finished_cb (
   kwh->response = response;
   kwh->response_code = http_status;
   kwh_resume (kwh);
+  TALER_MHD_daemon_trigger ();
 }
 
 
@@ -600,7 +600,7 @@ handler_kyc_webhook_generic (
 
   /* We resumed, but got no response? This should
      not happen. */
-  GNUNET_break (0);
+  GNUNET_assert (0);
   return TALER_MHD_reply_with_error (rc->connection,
                                      MHD_HTTP_INTERNAL_SERVER_ERROR,
                                      TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
@@ -829,6 +829,8 @@ handle_mhd_completion_callback (void *cls,
 
   TALER_MHD_parse_post_cleanup_callback (rc->opaque_post_parsing_context);
   /* Sanity-check that we didn't leave any transactions hanging */
+  if (NULL != rc->root)
+    json_decref (rc->root);
   GNUNET_free (rc);
   *con_cls = NULL;
 }
diff --git a/src/templating/templating_api.c b/src/templating/templating_api.c
index 999ba9dae..b51c3a5c3 100644
--- a/src/templating/templating_api.c
+++ b/src/templating/templating_api.c
@@ -177,7 +177,7 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
                         const char *template,
                         const char *instance_id,
                         const char *taler_uri,
-                        json_t *root,
+                        const json_t *root,
                         struct MHD_Response **reply)
 {
   char *body;
@@ -209,14 +209,14 @@ TALER_TEMPLATING_build (struct MHD_Connection *connection,
                                           instance_id);
 
       GNUNET_break (0 ==
-                    json_object_set_new (root,
+                    json_object_set_new ((json_t *) root,
                                          "static_url",
                                          json_string (static_url)));
       GNUNET_free (static_url);
     }
     if (0 !=
         (eno = mustach_jansson (tmpl,
-                                root,
+                                (json_t *) root,
                                 &body,
                                 &body_size)))
     {
@@ -284,7 +284,7 @@ TALER_TEMPLATING_reply (struct MHD_Connection *connection,
                         const char *template,
                         const char *instance_id,
                         const char *taler_uri,
-                        json_t *root)
+                        const json_t *root)
 {
   enum GNUNET_GenericReturnValue res;
   struct MHD_Response *reply;
author	Christian Grothoff <christian@grothoff.org>	2022-08-18 21:10:37 +0200
committer	Christian Grothoff <christian@grothoff.org>	2022-08-18 21:10:37 +0200
commit	62a7f9b7117cc98e4e1d964a0cd35de2215c39d0 (patch)
tree	8b3a7f076be94e58fc5c0b496777d191c6ded7dc /src
parent	f0cd54dc102cc531805d14d4deb0d2d479ce591c (diff)
download	exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.tar.gz exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.tar.bz2 exchange-62a7f9b7117cc98e4e1d964a0cd35de2215c39d0.zip