diff options
Diffstat (limited to 'src/exchange/taler-exchange-httpd_kyc-check.c')
-rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-check.c | 180 |
1 files changed, 128 insertions, 52 deletions
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c index 55199593e..362c20a2e 100644 --- a/src/exchange/taler-exchange-httpd_kyc-check.c +++ b/src/exchange/taler-exchange-httpd_kyc-check.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2021-2022 Taler Systems SA + Copyright (C) 2021-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -93,6 +93,11 @@ struct KycPoller struct GNUNET_TIME_Absolute timeout; /** + * If the KYC complete, what kind of data was collected? + */ + json_t *kyc_details; + + /** * Set to starting URL of KYC process if KYC is required. */ char *kyc_url; @@ -108,6 +113,11 @@ struct KycPoller const char *section_name; /** + * Set to AML status of the account. + */ + enum TALER_AmlDecisionState aml_status; + + /** * Set to error encountered with KYC logic, if any. */ enum TALER_ErrorCode ec; @@ -195,6 +205,7 @@ kyp_cleanup (struct TEH_RequestContext *rc) kyp->ih_logic->initiate_cancel (kyp->ih); kyp->ih = NULL; } + json_decref (kyp->kyc_details); GNUNET_free (kyp->kyc_url); GNUNET_free (kyp->hint); GNUNET_free (kyp); @@ -227,7 +238,8 @@ initiate_cb ( kyp->ih = NULL; kyp->ih_done = true; GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "KYC initiation completed with status %d (%s)\n", + "KYC initiation `%s' completed with ec=%d (%s)\n", + provider_legitimization_id, ec, (TALER_EC_NONE == ec) ? redirect_url @@ -248,8 +260,9 @@ initiate_cb ( &kyp->h_payto, provider_user_id, provider_legitimization_id, + redirect_url, GNUNET_TIME_UNIT_ZERO_ABS); - if (qs < 0) + if (qs <= 0) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "KYC requirement update failed for %s with status %d at %s:%u\n", TALER_B2S (&kyp->h_payto), @@ -291,11 +304,14 @@ kyc_check (void *cls, enum GNUNET_GenericReturnValue ret; struct TALER_PaytoHashP h_payto; char *requirements; + char *redirect_url; + bool satisfied; qs = TEH_plugin->lookup_kyc_requirement_by_row ( TEH_plugin->cls, kyp->requirement_row, &requirements, + &kyp->aml_status, &h_payto); if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { @@ -324,12 +340,33 @@ kyc_check (void *cls, GNUNET_free (requirements); return GNUNET_DB_STATUS_HARD_ERROR; } - if (TALER_KYCLOGIC_check_satisfied ( - requirements, - &h_payto, - TEH_plugin->select_satisfied_kyc_processes, - TEH_plugin->cls)) + qs = TALER_KYCLOGIC_check_satisfied ( + &requirements, + &h_payto, + &kyp->kyc_details, + TEH_plugin->select_satisfied_kyc_processes, + TEH_plugin->cls, + &satisfied); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "kyc_test_required"); + GNUNET_free (requirements); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (satisfied) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "KYC requirements `%s' already satisfied\n", + requirements); + GNUNET_free (requirements); return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; + } kyp->kyc_required = true; ret = TALER_KYCLOGIC_requirements_to_logic (requirements, @@ -353,14 +390,50 @@ kyc_check (void *cls, if (kyp->ih_done) return qs; - - qs = TEH_plugin->insert_kyc_requirement_process ( + qs = TEH_plugin->get_pending_kyc_requirement_process ( TEH_plugin->cls, &h_payto, kyp->section_name, - NULL, - NULL, - &kyp->process_row); + &redirect_url); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "insert_kyc_requirement_process"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if ( (qs > 0) && + (NULL != redirect_url) ) + { + kyp->kyc_url = redirect_url; + return qs; + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + /* set up new requirement process */ + qs = TEH_plugin->insert_kyc_requirement_process ( + TEH_plugin->cls, + &h_payto, + kyp->section_name, + NULL, + NULL, + &kyp->process_row); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "insert_kyc_requirement_process"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Initiating KYC check with logic %s\n", kyp->ih_logic->name); @@ -475,34 +548,19 @@ TEH_handler_kyc_check ( "usertype"); } - { - const char *ts; - - ts = MHD_lookup_connection_value (rc->connection, - MHD_GET_ARGUMENT_KIND, - "timeout_ms"); - if (NULL != ts) - { - char dummy; - unsigned long long tms; - - if (1 != - sscanf (ts, - "%llu%c", - &tms, - &dummy)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "timeout_ms"); - } - kyp->timeout = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, - tms)); - } - } + TALER_MHD_parse_request_timeout (rc->connection, + &kyp->timeout); + } + /* KYC plugin generated reply? */ + if (NULL != kyp->kyc_url) + { + return TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_ACCEPTED, + GNUNET_JSON_pack_uint64 ("aml_status", + kyp->aml_status), + GNUNET_JSON_pack_string ("kyc_url", + kyp->kyc_url)); } if ( (NULL == kyp->eh) && @@ -537,10 +595,32 @@ TEH_handler_kyc_check ( "Transaction failed.\n"); return res; } + /* KYC plugin generated reply? */ + if (NULL != kyp->kyc_url) + { + return TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_ACCEPTED, + GNUNET_JSON_pack_uint64 ("aml_status", + kyp->aml_status), + GNUNET_JSON_pack_string ("kyc_url", + kyp->kyc_url)); + } if ( (NULL == kyp->ih) && (! kyp->kyc_required) ) { + if (TALER_AML_NORMAL != kyp->aml_status) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "KYC is OK, but AML active: %d\n", + (int) kyp->aml_status); + return TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS, + GNUNET_JSON_pack_uint64 ("aml_status", + kyp->aml_status)); + } /* KYC not required */ GNUNET_log (GNUNET_ERROR_TYPE_INFO, "KYC not required %llu\n", @@ -571,11 +651,12 @@ TEH_handler_kyc_check ( { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Suspending HTTP request on timeout (%s) now...\n", - GNUNET_TIME_relative2s (GNUNET_TIME_absolute_get_duration ( + GNUNET_TIME_relative2s (GNUNET_TIME_absolute_get_remaining ( kyp->timeout), true)); GNUNET_assert (NULL != kyp->eh); kyp->suspended = true; + kyp->section_name = NULL; GNUNET_CONTAINER_DLL_insert (kyp_head, kyp_tail, kyp); @@ -583,16 +664,6 @@ TEH_handler_kyc_check ( return MHD_YES; } - /* KYC plugin generated reply? */ - if (NULL != kyp->kyc_url) - { - return TALER_MHD_REPLY_JSON_PACK ( - rc->connection, - MHD_HTTP_ACCEPTED, - GNUNET_JSON_pack_string ("kyc_url", - kyp->kyc_url)); - } - if (TALER_EC_NONE != kyp->ec) { return TALER_MHD_reply_with_ec (rc->connection, @@ -610,6 +681,7 @@ TEH_handler_kyc_check ( (ec = TALER_exchange_online_account_setup_success_sign ( &TEH_keys_exchange_sign_, &kyp->h_payto, + kyp->kyc_details, now, &pub, &sig))) @@ -625,6 +697,10 @@ TEH_handler_kyc_check ( &sig), GNUNET_JSON_pack_data_auto ("exchange_pub", &pub), + GNUNET_JSON_pack_uint64 ("aml_status", + kyp->aml_status), + GNUNET_JSON_pack_object_incref ("kyc_details", + kyp->kyc_details), GNUNET_JSON_pack_timestamp ("now", now)); } |