keep redirect_url in KYC table to improve idempotency of GET

11 files changed, 202 insertions, 22 deletions

diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c
index b55f0a9a8..82c5072b0 100644
--- a/src/exchange/taler-exchange-httpd_kyc-check.c
+++ b/src/exchange/taler-exchange-httpd_kyc-check.c
@@ -260,6 +260,7 @@ initiate_cb (
     &kyp->h_payto,
     provider_user_id,
     provider_legitimization_id,
+    redirect_url,
     GNUNET_TIME_UNIT_ZERO_ABS);
   if (qs <= 0)
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -303,6 +304,7 @@ kyc_check (void *cls,
   enum GNUNET_GenericReturnValue ret;
   struct TALER_PaytoHashP h_payto;
   char *requirements;
+  char *redirect_url;
   bool satisfied;
 
   qs = TEH_plugin->lookup_kyc_requirement_by_row (
@@ -388,7 +390,27 @@ kyc_check (void *cls,
 
   if (kyp->ih_done)
     return qs;
-
+  qs = TEH_plugin->get_pending_kyc_requirement_process (
+    THE_plugin->cls,
+    &h_payto,
+    kyp->section_name,
+    &redirect_url);
+  if (qs < 0)
+  {
+    if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
+      return qs;
+    GNUNET_break (0);
+    *mhd_ret = TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_GENERIC_DB_STORE_FAILED,
+                                           "insert_kyc_requirement_process");
+    return GNUNET_DB_STATUS_HARD_ERROR;
+  }
+  if (qs > 0)
+  {
+    kyp->kyc_url = redirect_url;
+    return qs;
+  }
   qs = TEH_plugin->insert_kyc_requirement_process (
     TEH_plugin->cls,
     &h_payto,
@@ -525,6 +547,17 @@ TEH_handler_kyc_check (
     TALER_MHD_parse_request_timeout (rc->connection,
                                      &kyp->timeout);
   }
+  /* KYC plugin generated reply? */
+  if (NULL != kyp->kyc_url)
+  {
+    return TALER_MHD_REPLY_JSON_PACK (
+      rc->connection,
+      MHD_HTTP_ACCEPTED,
+      GNUNET_JSON_pack_uint64 ("aml_status",
+                               kyp->aml_status),
+      GNUNET_JSON_pack_string ("kyc_url",
+                               kyp->kyc_url));
+  }
 
   if ( (NULL == kyp->eh) &&
        GNUNET_TIME_absolute_is_future (kyp->timeout) )
@@ -558,6 +591,17 @@ TEH_handler_kyc_check (
                 "Transaction failed.\n");
     return res;
   }
+  /* KYC plugin generated reply? */
+  if (NULL != kyp->kyc_url)
+  {
+    return TALER_MHD_REPLY_JSON_PACK (
+      rc->connection,
+      MHD_HTTP_ACCEPTED,
+      GNUNET_JSON_pack_uint64 ("aml_status",
+                               kyp->aml_status),
+      GNUNET_JSON_pack_string ("kyc_url",
+                               kyp->kyc_url));
+  }
 
   if ( (NULL == kyp->ih) &&
        (! kyp->kyc_required) )
@@ -616,18 +660,6 @@ TEH_handler_kyc_check (
     return MHD_YES;
   }
 
-  /* KYC plugin generated reply? */
-  if (NULL != kyp->kyc_url)
-  {
-    return TALER_MHD_REPLY_JSON_PACK (
-      rc->connection,
-      MHD_HTTP_ACCEPTED,
-      GNUNET_JSON_pack_uint64 ("aml_status",
-                               kyp->aml_status),
-      GNUNET_JSON_pack_string ("kyc_url",
-                               kyp->kyc_url));
-  }
-
   if (TALER_EC_NONE != kyp->ec)
   {
     return TALER_MHD_reply_with_ec (rc->connection,
diff --git a/src/exchangedb/0002-legitimization_processes.sql b/src/exchangedb/0002-legitimization_processes.sql
index 5b70108ea..3212b1c06 100644
--- a/src/exchangedb/0002-legitimization_processes.sql
+++ b/src/exchangedb/0002-legitimization_processes.sql
@@ -25,12 +25,13 @@ BEGIN
     'CREATE TABLE %I'
       '(legitimization_process_serial_id BIGINT GENERATED BY DEFAULT AS IDENTITY'
       ',h_payto BYTEA NOT NULL CHECK (LENGTH(h_payto)=32)'
+      ',start_time INT8 NOT NULL'
       ',expiration_time INT8 NOT NULL DEFAULT (0)'
       ',provider_section TEXT NOT NULL'
       ',provider_user_id TEXT DEFAULT NULL'
       ',provider_legitimization_id TEXT DEFAULT NULL'
+      ',redirect_url TEXT DEFAULT NULL'
       ',finished BOOLEAN DEFAULT (FALSE)'
-      ',UNIQUE (h_payto, provider_section)'
     ') %s ;'
     ,'legitimization_processes'
     ,'PARTITION BY HASH (h_payto)'
@@ -54,6 +55,18 @@ BEGIN
     ,shard_suffix
   );
   PERFORM comment_partitioned_column(
+     'time when the KYC check was initiated, useful for garbage collection'
+    ,'expiration_time'
+    ,'legitimization_processes'
+    ,shard_suffix
+  );
+  PERFORM comment_partitioned_column(
+     'URL where the user should go to begin the KYC process'
+    ,'redirect_url'
+    ,'legitimization_processes'
+    ,shard_suffix
+  );
+  PERFORM comment_partitioned_column(
      'in the future if the respective KYC check was passed successfully'
     ,'expiration_time'
     ,'legitimization_processes'
diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am
index 33a5722c2..84bd53018 100644
--- a/src/exchangedb/Makefile.am
+++ b/src/exchangedb/Makefile.am
@@ -77,6 +77,7 @@ libtaler_plugin_exchangedb_postgres_la_SOURCES = \
   pg_select_aggregation_amounts_for_kyc_check.h pg_select_aggregation_amounts_for_kyc_check.c \
   pg_lookup_wire_fee_by_time.h pg_lookup_wire_fee_by_time.c \
   pg_select_satisfied_kyc_processes.h pg_select_satisfied_kyc_processes.c \
+  pg_get_pending_kyc_requirement_process.h pg_get_pending_kyc_requirement_process.c \
   pg_kyc_provider_account_lookup.h pg_kyc_provider_account_lookup.c \
   pg_lookup_kyc_requirement_by_row.h pg_lookup_kyc_requirement_by_row.c \
   pg_insert_kyc_requirement_for_account.h pg_insert_kyc_requirement_for_account.c \
diff --git a/src/exchangedb/pg_get_pending_kyc_requirement_process.c b/src/exchangedb/pg_get_pending_kyc_requirement_process.c
new file mode 100644
index 000000000..2a5808ff3
--- /dev/null
+++ b/src/exchangedb/pg_get_pending_kyc_requirement_process.c
@@ -0,0 +1,63 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file exchangedb/pg_get_pending_kyc_requirement_process.c
+ * @brief Implementation of the get_pending_kyc_requirement_process function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_get_pending_kyc_requirement_process.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TEH_PG_get_pending_kyc_requirement_process (
+  void *cls,
+  const struct TALER_PaytoHashP *h_payto,
+  const char *provider_section,
+  char **redirect_url)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_string (provider_section),
+    GNUNET_PQ_query_param_auto_from_type (h_payto),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_string ("redirect_url",
+                                  redirect_url),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "get_pending_kyc_requirement_process",
+           "SELECT"
+           "  redirect_url"
+           " FROM legitimization_processes"
+           " WHERE provider_section=$1"
+           "  AND h_payto=$2"
+           "  AND NOT finished"
+           " ORDER BY start_time DESC"
+           "  LIMIT 1");
+  return GNUNET_PQ_eval_prepared_singleton_select (
+    pg->conn,
+    "get_pending_kyc_requirement_process",
+    params,
+    rs);
+}
diff --git a/src/exchangedb/pg_get_pending_kyc_requirement_process.h b/src/exchangedb/pg_get_pending_kyc_requirement_process.h
new file mode 100644
index 000000000..738c4d65b
--- /dev/null
+++ b/src/exchangedb/pg_get_pending_kyc_requirement_process.h
@@ -0,0 +1,45 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2023 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file exchangedb/pg_get_pending_kyc_requirement_process.h
+ * @brief implementation of the get_pending_kyc_requirement_process function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_GET_PENDING_KYC_REQUIREMENT_PROCESS_H
+#define PG_GET_PENDING_KYC_REQUIREMENT_PROCESS_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_exchangedb_plugin.h"
+
+
+/**
+ * Fetch information about pending KYC requirement process.
+ *
+ * @param cls closure
+ * @param h_payto account that must be KYC'ed
+ * @param provider_section provider that must be checked
+ * @param[out] redirect_url set to redirect URL for the process
+ * @return database transaction status
+ */
+enum GNUNET_DB_QueryStatus
+TEH_PG_get_pending_kyc_requirement_process (
+  void *cls,
+  const struct TALER_PaytoHashP *h_payto,
+  const char *provider_section,
+  char **redirect_url);
+
+#endif
diff --git a/src/exchangedb/pg_insert_kyc_requirement_process.c b/src/exchangedb/pg_insert_kyc_requirement_process.c
index 97b82eff6..a20db3388 100644
--- a/src/exchangedb/pg_insert_kyc_requirement_process.c
+++ b/src/exchangedb/pg_insert_kyc_requirement_process.c
@@ -36,8 +36,11 @@ TEH_PG_insert_kyc_requirement_process (
   uint64_t *process_row)
 {
   struct PostgresClosure *pg = cls;
+  struct GNUNET_TIME_Absolute now
+    = GNUNET_TIME_absolute_get ();
   struct GNUNET_PQ_QueryParam params[] = {
     GNUNET_PQ_query_param_auto_from_type (h_payto),
+    GNUNET_PQ_query_param_absolute_time (&now),
     GNUNET_PQ_query_param_string (provider_section),
     (NULL != provider_account_id)
     ? GNUNET_PQ_query_param_string (provider_account_id)
@@ -53,20 +56,16 @@ TEH_PG_insert_kyc_requirement_process (
     GNUNET_PQ_result_spec_end
   };
 
-  /* Used in #postgres_insert_kyc_requirement_process() */
   PREPARE (pg,
            "insert_legitimization_process",
            "INSERT INTO legitimization_processes"
            "  (h_payto"
+           "  ,start_time"
            "  ,provider_section"
            "  ,provider_user_id"
            "  ,provider_legitimization_id"
            "  ) VALUES "
-           "  ($1, $2, $3, $4)"
-           " ON CONFLICT (h_payto,provider_section) "
-           "   DO UPDATE SET"
-           "      provider_user_id=$3"
-           "     ,provider_legitimization_id=$4"
+           "  ($1, $2, $3, $4, $5)"
            " RETURNING legitimization_process_serial_id");
   return GNUNET_PQ_eval_prepared_singleton_select (
     pg->conn,
diff --git a/src/exchangedb/pg_lookup_records_by_table.c b/src/exchangedb/pg_lookup_records_by_table.c
index b1656aaf1..fc4af32a8 100644
--- a/src/exchangedb/pg_lookup_records_by_table.c
+++ b/src/exchangedb/pg_lookup_records_by_table.c
@@ -1147,7 +1147,6 @@ lrbt_cb_table_batch_deposits (void *cls,
                               unsigned int num_results)
 {
   struct LookupRecordsByTableContext *ctx = cls;
-  struct PostgresClosure *pg = ctx->pg;
   struct TALER_EXCHANGEDB_TableData td = {
     .table = TALER_EXCHANGEDB_RT_BATCH_DEPOSITS
   };
diff --git a/src/exchangedb/pg_update_kyc_process_by_row.c b/src/exchangedb/pg_update_kyc_process_by_row.c
index 9f8a18cf7..d379ee81d 100644
--- a/src/exchangedb/pg_update_kyc_process_by_row.c
+++ b/src/exchangedb/pg_update_kyc_process_by_row.c
@@ -25,6 +25,7 @@
 #include "pg_update_kyc_process_by_row.h"
 #include "pg_helper.h"
 
+
 enum GNUNET_DB_QueryStatus
 TEH_PG_update_kyc_process_by_row (
   void *cls,
@@ -33,6 +34,7 @@ TEH_PG_update_kyc_process_by_row (
   const struct TALER_PaytoHashP *h_payto,
   const char *provider_account_id,
   const char *provider_legitimization_id,
+  const char *redirect_url,
   struct GNUNET_TIME_Absolute expiration)
 {
   struct PostgresClosure *pg = cls;
@@ -46,6 +48,7 @@ TEH_PG_update_kyc_process_by_row (
     (NULL != provider_legitimization_id)
     ? GNUNET_PQ_query_param_string (provider_legitimization_id)
     : GNUNET_PQ_query_param_null (),
+    GNUNET_PQ_query_param_string (redirect_url),
     GNUNET_PQ_query_param_absolute_time (&expiration),
     GNUNET_PQ_query_param_end
   };
@@ -60,7 +63,8 @@ TEH_PG_update_kyc_process_by_row (
            "UPDATE legitimization_processes"
            " SET provider_user_id=$4"
            "    ,provider_legitimization_id=$5"
-           "    ,expiration_time=GREATEST(expiration_time,$6)"
+           "    ,redirect_url=$6"
+           "    ,expiration_time=GREATEST(expiration_time,$7)"
            " WHERE"
            "      h_payto=$3"
            "  AND legitimization_process_serial_id=$1"
diff --git a/src/exchangedb/pg_update_kyc_process_by_row.h b/src/exchangedb/pg_update_kyc_process_by_row.h
index 07e896dbc..7ef5285e9 100644
--- a/src/exchangedb/pg_update_kyc_process_by_row.h
+++ b/src/exchangedb/pg_update_kyc_process_by_row.h
@@ -35,6 +35,7 @@
  * @param h_payto account that must be KYC'ed (helps access by shard, otherwise also redundant)
  * @param provider_account_id provider account ID
  * @param provider_legitimization_id provider legitimization ID
+ * @param redirect_url where the user should be redirected to start the KYC process
  * @param expiration how long is this KYC check set to be valid (in the past if invalid)
  * @return database transaction status
  */
@@ -46,6 +47,7 @@ TEH_PG_update_kyc_process_by_row (
   const struct TALER_PaytoHashP *h_payto,
   const char *provider_account_id,
   const char *provider_legitimization_id,
+  const char *redirect_url,
   struct GNUNET_TIME_Absolute expiration);
 
 #endif
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index ea43c8ff9..652ff49ca 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -46,6 +46,7 @@
 #include "pg_insert_close_request.h"
 #include "pg_insert_records_by_table.h"
 #include "pg_insert_reserve_open_deposit.h"
+#include "pg_get_pending_kyc_requirement_process.h"
 #include "pg_iterate_kyc_reference.h"
 #include "pg_iterate_reserve_close_info.h"
 #include "pg_lookup_records_by_table.h"
@@ -744,6 +745,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
     = &TEH_PG_select_purse_by_merge_pub;
   plugin->set_purse_balance
     = &TEH_PG_set_purse_balance;
+  plugin->get_pending_kyc_requirement_process
+    = &TEH_PG_get_pending_kyc_requirement_process;
   plugin->insert_kyc_attributes
     = &TEH_PG_insert_kyc_attributes;
   plugin->select_similar_kyc_attributes
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 9d541ac12..704f8012a 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -6669,6 +6669,23 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
+   * Fetch information about pending KYC requirement process.
+   *
+   * @param cls closure
+   * @param h_payto account that must be KYC'ed
+   * @param provider_section provider that must be checked
+   * @param[out] redirect_url set to redirect URL for the process
+   * @return database transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*get_pending_kyc_requirement_process)(
+    void *cls,
+    const struct TALER_PaytoHashP *h_payto,
+    const char *provider_section,
+    char **redirect_url);
+
+
+  /**
    * Update KYC process with updated provider-linkage and/or
    * expiration data.
    *
@@ -6678,6 +6695,7 @@ struct TALER_EXCHANGEDB_Plugin
    * @param h_payto account that must be KYC'ed (helps access by shard, otherwise also redundant)
    * @param provider_account_id provider account ID
    * @param provider_legitimization_id provider legitimization ID
+   * @param redirect_url where the user should be redirected to start the KYC process
    * @param expiration how long is this KYC check set to be valid (in the past if invalid)
    * @return database transaction status
    */
@@ -6689,6 +6707,7 @@ struct TALER_EXCHANGEDB_Plugin
     const struct TALER_PaytoHashP *h_payto,
     const char *provider_account_id,
     const char *provider_legitimization_id,
+    const char *redirect_url,
     struct GNUNET_TIME_Absolute expiration);