diff options
Diffstat (limited to 'src/kyclogic/plugin_kyclogic_kycaid.c')
-rw-r--r-- | src/kyclogic/plugin_kyclogic_kycaid.c | 491 |
1 files changed, 237 insertions, 254 deletions
diff --git a/src/kyclogic/plugin_kyclogic_kycaid.c b/src/kyclogic/plugin_kyclogic_kycaid.c index 3273a51f1..243ff7c34 100644 --- a/src/kyclogic/plugin_kyclogic_kycaid.c +++ b/src/kyclogic/plugin_kyclogic_kycaid.c @@ -1,6 +1,6 @@ /* This file is part of GNU Taler - Copyright (C) 2022, 2023 Taler Systems SA + Copyright (C) 2022--2024 Taler Systems SA Taler is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -25,6 +25,7 @@ #include "taler_mhd_lib.h" #include "taler_curl_lib.h" #include "taler_json_lib.h" +#include "taler_templating_lib.h" #include <regex.h> #include "taler_util.h" @@ -88,6 +89,12 @@ struct TALER_KYCLOGIC_ProviderDetails char *form_id; /** + * Helper binary to convert attributes returned by + * KYCAID into our internal format. + */ + char *conversion_helper; + + /** * Validity time for a successful KYC process. */ struct GNUNET_TIME_Relative validity; @@ -216,6 +223,12 @@ struct TALER_KYCLOGIC_WebhookHandle struct PluginState *ps; /** + * Handle to helper process to extract attributes + * we care about. + */ + struct TALER_JSON_ExternalConversion *econ; + + /** * Our configuration details. */ const struct TALER_KYCLOGIC_ProviderDetails *pd; @@ -226,6 +239,11 @@ struct TALER_KYCLOGIC_WebhookHandle struct MHD_Connection *connection; /** + * JSON response we got back, or NULL for none. + */ + json_t *json_response; + + /** * Verification ID from the service. */ char *verification_id; @@ -262,6 +280,11 @@ struct TALER_KYCLOGIC_WebhookHandle uint64_t process_row; /** + * HTTP response code we got from KYCAID. + */ + unsigned int kycaid_response_code; + + /** * HTTP response code to return asynchronously. */ unsigned int response_code; @@ -277,6 +300,7 @@ static void kycaid_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd) { curl_slist_free_all (pd->slist); + GNUNET_free (pd->conversion_helper); GNUNET_free (pd->auth_token); GNUNET_free (pd->form_id); GNUNET_free (pd->section); @@ -337,6 +361,18 @@ kycaid_load_configuration (void *cls, kycaid_unload_configuration (pd); return NULL; } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (ps->cfg, + provider_section_name, + "KYC_KYCAID_CONVERTER_HELPER", + &pd->conversion_helper)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + provider_section_name, + "KYC_KYCAID_CONVERTER_HELPER"); + kycaid_unload_configuration (pd); + return NULL; + } { char *auth; @@ -394,11 +430,14 @@ handle_initiate_finished (void *cls, { const char *verification_id; const char *form_url; + const char *form_id; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("verification_id", &verification_id), GNUNET_JSON_spec_string ("form_url", &form_url), + GNUNET_JSON_spec_string ("form_id", + &form_id), GNUNET_JSON_spec_end () }; @@ -420,6 +459,10 @@ handle_initiate_finished (void *cls, "type"))); break; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Started new verification `%s' using form %s\n", + verification_id, + form_id); ih->cb (ih->cb_cls, TALER_EC_NONE, form_url, @@ -627,16 +670,30 @@ proof_reply (void *cls) { struct TALER_KYCLOGIC_ProofHandle *ph = cls; struct MHD_Response *resp; + enum GNUNET_GenericReturnValue ret; + json_t *body; + unsigned int http_status; - resp = TALER_MHD_make_error (TALER_EC_GENERIC_ENDPOINT_UNKNOWN, - "there is no '/kyc-proof' for kycaid"); + http_status = MHD_HTTP_BAD_REQUEST; + body = GNUNET_JSON_PACK ( + TALER_JSON_pack_ec (TALER_EC_GENERIC_ENDPOINT_UNKNOWN)); + GNUNET_assert (NULL != body); + ret = TALER_TEMPLATING_build (ph->connection, + &http_status, + "kycaid-invalid-request", + NULL, + NULL, + body, + &resp); + json_decref (body); + GNUNET_break (GNUNET_SYSERR != ret); ph->cb (ph->cb_cls, TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, NULL, /* user id */ NULL, /* provider legi ID */ GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ NULL, /* attributes */ - MHD_HTTP_BAD_REQUEST, + http_status, resp); } @@ -695,11 +752,21 @@ kycaid_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh) GNUNET_SCHEDULER_cancel (wh->task); wh->task = NULL; } + if (NULL != wh->econ) + { + TALER_JSON_external_conversion_stop (wh->econ); + wh->econ = NULL; + } if (NULL != wh->job) { GNUNET_CURL_job_cancel (wh->job); wh->job = NULL; } + if (NULL != wh->json_response) + { + json_decref (wh->json_response); + wh->json_response = NULL; + } GNUNET_free (wh->verification_id); GNUNET_free (wh->applicant_id); GNUNET_free (wh->url); @@ -713,11 +780,12 @@ kycaid_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh) * @param verifications JSON object with failure details */ static void -log_failure (json_t *verifications) +log_failure (const json_t *verifications) { - json_t *member; + const json_t *member; const char *name; - json_object_foreach (verifications, name, member) + + json_object_foreach ((json_t *) verifications, name, member) { bool iverified; const char *comment; @@ -751,6 +819,99 @@ log_failure (json_t *verifications) /** + * Type of a callback that receives a JSON @a result. + * + * @param cls closure our `struct TALER_KYCLOGIC_WebhookHandle *` + * @param status_type how did the process die + * @param code termination status code from the process + * @param result converted attribute data, NULL on failure + */ +static void +webhook_conversion_cb (void *cls, + enum GNUNET_OS_ProcessStatusType status_type, + unsigned long code, + const json_t *result) +{ + struct TALER_KYCLOGIC_WebhookHandle *wh = cls; + struct GNUNET_TIME_Absolute expiration; + struct MHD_Response *resp; + + wh->econ = NULL; + if ( (0 == code) && + (NULL == result) ) + { + /* No result, but *our helper* was OK => bad input */ + GNUNET_break_op (0); + json_dumpf (wh->json_response, + stderr, + JSON_INDENT (2)); + resp = TALER_MHD_MAKE_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("kycaid_http_status", + wh->kycaid_response_code), + GNUNET_JSON_pack_object_incref ("kycaid_body", + (json_t *) wh->json_response)); + wh->cb (wh->cb_cls, + wh->process_row, + &wh->h_payto, + wh->pd->section, + wh->applicant_id, + wh->verification_id, + TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, + GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ + NULL, + MHD_HTTP_BAD_GATEWAY, + resp); + kycaid_webhook_cancel (wh); + return; + } + if (NULL == result) + { + /* Failure in our helper */ + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Helper exited with status code %d\n", + (int) code); + json_dumpf (wh->json_response, + stderr, + JSON_INDENT (2)); + resp = TALER_MHD_MAKE_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("kycaid_http_status", + wh->kycaid_response_code), + GNUNET_JSON_pack_object_incref ("kycaid_body", + (json_t *) wh->json_response)); + wh->cb (wh->cb_cls, + wh->process_row, + &wh->h_payto, + wh->pd->section, + wh->applicant_id, + wh->verification_id, + TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, + GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ + NULL, + MHD_HTTP_BAD_GATEWAY, + resp); + kycaid_webhook_cancel (wh); + return; + } + expiration = GNUNET_TIME_relative_to_absolute (wh->pd->validity); + resp = MHD_create_response_from_buffer (0, + "", + MHD_RESPMEM_PERSISTENT); + wh->cb (wh->cb_cls, + wh->process_row, + &wh->h_payto, + wh->pd->section, + wh->applicant_id, + wh->verification_id, + TALER_KYCLOGIC_STATUS_SUCCESS, + expiration, + result, + MHD_HTTP_NO_CONTENT, + resp); + kycaid_webhook_cancel (wh); +} + + +/** * Function called when we're done processing the * HTTP "/applicants/{verification_id}" request. * @@ -768,267 +929,78 @@ handle_webhook_finished (void *cls, struct MHD_Response *resp; wh->job = NULL; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Webhook returned with HTTP status %u\n", + (unsigned int) response_code); + wh->kycaid_response_code = response_code; + wh->json_response = json_incref ((json_t *) j); switch (response_code) { case MHD_HTTP_OK: { - const char *type; const char *profile_status; - const char *first_name = NULL; - const char *last_name = NULL; - const char *middle_name = NULL; - const char *dob = NULL; - const char *residence_country = NULL; - const char *gender = NULL; - bool pep = false; - bool no_pep = false; - const char *company_name = NULL; - const char *business_activity_id = NULL; - const char *registration_country = NULL; - const char *email = NULL; - const char *phone = NULL; - json_t *addresses = NULL; - json_t *documents = NULL; - struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_string ("type", - &type), - GNUNET_JSON_spec_string ("profile_status", - &profile_status), /* valid, invalid, pending */ - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("email", - &email), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("phone", - &phone), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_json ("addresses", - &addresses), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_json ("documents", - &documents), - NULL), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification bspec[] = { - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("company_name", - &company_name), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("business_activity_id", - &business_activity_id), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("registration_country", - ®istration_country), - NULL), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification pspec[] = { - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("first_name", - &first_name), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("middle_name", - &middle_name), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("last_name", - &last_name), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("dob", - &dob), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("residence_country", - &residence_country), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("gender", - &gender), - NULL), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_bool ("pep", - &pep), - &no_pep), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification *ispec = NULL; - struct GNUNET_TIME_Absolute expiration; - bool no_parse; - enum TALER_KYCLOGIC_KycUserType ut; - - no_parse = (GNUNET_OK != - GNUNET_JSON_parse (j, - spec, - NULL, NULL)); - if (! no_parse) - { - ut = (0 == strcasecmp ("person", - type)) - ? TALER_KYCLOGIC_KYC_UT_INDIVIDUAL - : TALER_KYCLOGIC_KYC_UT_BUSINESS; - ispec = (ut == TALER_KYCLOGIC_KYC_UT_INDIVIDUAL) - ? pspec - : bspec; - no_parse = (GNUNET_OK != - GNUNET_JSON_parse (j, - ispec, - NULL, NULL)); - } - if (no_parse) - { - GNUNET_break_op (0); - json_dumpf (j, - stderr, - JSON_INDENT (2)); - resp = TALER_MHD_MAKE_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("kycaid_http_status", - response_code), - GNUNET_JSON_pack_object_incref ("kycaid_body", - (json_t *) j)); - wh->cb (wh->cb_cls, - wh->process_row, - &wh->h_payto, - wh->pd->section, - wh->applicant_id, - wh->verification_id, - TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, - GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ - NULL, - MHD_HTTP_BAD_GATEWAY, - resp); - break; - } - if (0 == strcasecmp ("valid", - profile_status)) - { - log_failure (json_object_get (j, - "decline_reasons")); - } - resp = MHD_create_response_from_buffer (0, - "", - MHD_RESPMEM_PERSISTENT); - if (0 == strcasecmp ("valid", + + profile_status = json_string_value ( + json_object_get ( + j, + "profile_status")); + if (0 != strcasecmp ("valid", profile_status)) { - json_t *attr; - - if (ut == TALER_KYCLOGIC_KYC_UT_INDIVIDUAL) - { - char *name = NULL; - - if ( (NULL != last_name) || - (NULL != first_name) || - (NULL != middle_name) ) - { - GNUNET_asprintf (&name, - "%s, %s %s", - (NULL != last_name) - ? last_name - : "", - (NULL != first_name) - ? first_name - : "", - (NULL != middle_name) - ? middle_name - : ""); - } - attr = GNUNET_JSON_PACK ( - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_BIRTHDATE, - dob)), - GNUNET_JSON_pack_allow_null ( - no_pep - ? GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_PEP, - NULL) - : GNUNET_JSON_pack_bool ( - TALER_ATTRIBUTE_PEP, - pep)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_FULL_NAME, - name)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_PHONE, - phone)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_EMAIL, - email)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_RESIDENCES, - residence_country)) - ); - GNUNET_free (name); - } - else - { - attr = GNUNET_JSON_PACK ( - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_COMPANY_NAME, - company_name)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_PHONE, - phone)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_EMAIL, - email)), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_string ( - TALER_ATTRIBUTE_REGISTRATION_COUNTRY, - residence_country)) - ); - } - // FIXME: do something about addresses & documents! - expiration = GNUNET_TIME_relative_to_absolute (wh->pd->validity); + enum TALER_KYCLOGIC_KycStatus ks; + + ks = (0 == strcasecmp ("pending", + profile_status)) + ? TALER_KYCLOGIC_STATUS_PENDING + : TALER_KYCLOGIC_STATUS_USER_ABORTED; + resp = MHD_create_response_from_buffer (0, + "", + MHD_RESPMEM_PERSISTENT); wh->cb (wh->cb_cls, wh->process_row, &wh->h_payto, wh->pd->section, wh->applicant_id, wh->verification_id, - TALER_KYCLOGIC_STATUS_SUCCESS, - expiration, - attr, + ks, + GNUNET_TIME_UNIT_ZERO_ABS, + NULL, MHD_HTTP_NO_CONTENT, resp); - json_decref (attr); + break; } - else + wh->econ + = TALER_JSON_external_conversion_start ( + j, + &webhook_conversion_cb, + wh, + wh->pd->conversion_helper, + wh->pd->conversion_helper, + "-a", + wh->pd->auth_token, + NULL); + if (NULL == wh->econ) { - enum TALER_KYCLOGIC_KycStatus ks; - - ks = (0 == strcasecmp ("pending", - profile_status)) - ? TALER_KYCLOGIC_STATUS_PENDING - : TALER_KYCLOGIC_STATUS_USER_ABORTED; + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to start KYCAID conversion helper `%s'\n", + wh->pd->conversion_helper); + resp = TALER_MHD_make_error ( + TALER_EC_EXCHANGE_GENERIC_KYC_CONVERTER_FAILED, + NULL); wh->cb (wh->cb_cls, wh->process_row, &wh->h_payto, wh->pd->section, wh->applicant_id, wh->verification_id, - ks, - GNUNET_TIME_UNIT_ZERO_ABS, + TALER_KYCLOGIC_STATUS_INTERNAL_ERROR, + GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ NULL, - MHD_HTTP_NO_CONTENT, + MHD_HTTP_INTERNAL_SERVER_ERROR, resp); + break; } - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); + return; } break; case MHD_HTTP_BAD_REQUEST: @@ -1248,12 +1220,13 @@ kycaid_webhook (void *cls, CURL *eh; const char *request_id; const char *type; - const char *verification_id; + const char *verification_id; /* = provider_legitimization_id */ const char *applicant_id; + const char *form_id; const char *status = NULL; bool verified = false; bool no_verified = true; - json_t *verifications = NULL; + const json_t *verifications = NULL; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("request_id", &request_id), @@ -1263,6 +1236,8 @@ kycaid_webhook (void *cls, &verification_id), GNUNET_JSON_spec_string ("applicant_id", &applicant_id), + GNUNET_JSON_spec_string ("form_id", + &form_id), GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_string ("status", &status), @@ -1272,8 +1247,8 @@ kycaid_webhook (void *cls, &verified), &no_verified), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_json ("verifications", - &verifications), + GNUNET_JSON_spec_object_const ("verifications", + &verifications), NULL), GNUNET_JSON_spec_end () }; @@ -1285,7 +1260,16 @@ kycaid_webhook (void *cls, wh->ps = ps; wh->pd = pd; wh->connection = connection; - + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "KYCAID webhook of `%s' triggered with %s\n", + pd->section, + http_method); +#if 1 + if (NULL != body) + json_dumpf (body, + stderr, + JSON_INDENT (2)); +#endif if (NULL == pd) { GNUNET_break_op (0); @@ -1330,21 +1314,20 @@ kycaid_webhook (void *cls, wh->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply, wh); - GNUNET_JSON_parse_free (spec); return wh; } if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Received webhook for unknown verification ID `%s'\n", - verification_id); + "Received webhook for unknown verification ID `%s' and section `%s'\n", + verification_id, + pd->section); wh->resp = TALER_MHD_make_error ( TALER_EC_EXCHANGE_KYC_PROOF_REQUEST_UNKNOWN, verification_id); wh->response_code = MHD_HTTP_NOT_FOUND; wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply, wh); - GNUNET_JSON_parse_free (spec); return wh; } wh->verification_id = GNUNET_strdup (verification_id); @@ -1357,13 +1340,15 @@ kycaid_webhook (void *cls, /* We don't need to re-confirm the failure by asking the API again. */ log_failure (verifications); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Webhook called with non-completion status: %s\n", + type); wh->response_code = MHD_HTTP_NO_CONTENT; wh->resp = MHD_create_response_from_buffer (0, "", MHD_RESPMEM_PERSISTENT); wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply, wh); - GNUNET_JSON_parse_free (spec); return wh; } @@ -1377,7 +1362,6 @@ kycaid_webhook (void *cls, wh->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; wh->task = GNUNET_SCHEDULER_add_now (&async_webhook_reply, wh); - GNUNET_JSON_parse_free (spec); return wh; } @@ -1401,7 +1385,6 @@ kycaid_webhook (void *cls, pd->slist, &handle_webhook_finished, wh); - GNUNET_JSON_parse_free (spec); return wh; } |