summaryrefslogtreecommitdiff
path: root/src/kyclogic/plugin_kyclogic_persona.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/kyclogic/plugin_kyclogic_persona.c')
-rw-r--r--src/kyclogic/plugin_kyclogic_persona.c734
1 files changed, 433 insertions, 301 deletions
diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c
index 651388c99..c68b7f881 100644
--- a/src/kyclogic/plugin_kyclogic_persona.c
+++ b/src/kyclogic/plugin_kyclogic_persona.c
@@ -1,6 +1,6 @@
/*
This file is part of GNU Taler
- Copyright (C) 2022 Taler Systems SA
+ Copyright (C) 2022, 2023 Taler Systems SA
Taler is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
@@ -19,6 +19,7 @@
* @author Christian Grothoff
*/
#include "platform.h"
+#include "taler_attributes.h"
#include "taler_kyclogic_plugin.h"
#include "taler_mhd_lib.h"
#include "taler_curl_lib.h"
@@ -62,9 +63,10 @@ struct PluginState
struct GNUNET_CURL_RescheduleContext *curl_rc;
/**
- * Authorization token to use when receiving webhooks from the Persona service. Optional. Note that
- * webhooks are *global* and not per template.
- */
+ * Authorization token to use when receiving webhooks from the Persona
+ * service. Optional. Note that webhooks are *global* and not per
+ * template.
+ */
char *webhook_token;
@@ -110,6 +112,12 @@ struct TALER_KYCLOGIC_ProviderDetails
char *subdomain;
/**
+ * Name of the program we use to convert outputs
+ * from Persona into our JSON inputs.
+ */
+ char *conversion_binary;
+
+ /**
* Where to redirect the client upon completion.
*/
char *post_kyc_redirect_url;
@@ -229,6 +237,12 @@ struct TALER_KYCLOGIC_ProofHandle
char *url;
/**
+ * Handle to an external process that converts the
+ * Persona response to our internal format.
+ */
+ struct TALER_JSON_ExternalConversion *ec;
+
+ /**
* Hash of the payto:// URI we are checking the KYC for.
*/
struct TALER_PaytoHashP h_payto;
@@ -245,6 +259,11 @@ struct TALER_KYCLOGIC_ProofHandle
char *provider_user_id;
/**
+ * Account ID from the service.
+ */
+ char *account_id;
+
+ /**
* Inquiry ID at the provider.
*/
char *inquiry_id;
@@ -293,6 +312,11 @@ struct TALER_KYCLOGIC_WebhookHandle
char *inquiry_id;
/**
+ * Account ID from the service.
+ */
+ char *account_id;
+
+ /**
* URL of the cURL request.
*/
char *url;
@@ -314,6 +338,12 @@ struct TALER_KYCLOGIC_WebhookHandle
const char *template_id;
/**
+ * Handle to an external process that converts the
+ * Persona response to our internal format.
+ */
+ struct TALER_JSON_ExternalConversion *ec;
+
+ /**
* Our account ID.
*/
struct TALER_PaytoHashP h_payto;
@@ -342,6 +372,7 @@ persona_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
GNUNET_free (pd->auth_token);
GNUNET_free (pd->template_id);
GNUNET_free (pd->subdomain);
+ GNUNET_free (pd->conversion_binary);
GNUNET_free (pd->salt);
GNUNET_free (pd->section);
GNUNET_free (pd->post_kyc_redirect_url);
@@ -369,31 +400,31 @@ persona_load_configuration (void *cls,
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (ps->cfg,
provider_section_name,
- "PERSONA_VALIDITY",
+ "KYC_PERSONA_VALIDITY",
&pd->validity))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
provider_section_name,
- "PERSONA_VALIDITY");
+ "KYC_PERSONA_VALIDITY");
persona_unload_configuration (pd);
return NULL;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
- "PERSONA_AUTH_TOKEN",
+ "KYC_PERSONA_AUTH_TOKEN",
&pd->auth_token))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
provider_section_name,
- "PERSONA_AUTH_TOKEN");
+ "KYC_PERSONA_AUTH_TOKEN");
persona_unload_configuration (pd);
return NULL;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
- "SALT",
+ "KYC_PERSONA_SALT",
&pd->salt))
{
uint32_t salt[8];
@@ -407,36 +438,48 @@ persona_load_configuration (void *cls,
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
- "PERSONA_SUBDOMAIN",
+ "KYC_PERSONA_SUBDOMAIN",
&pd->subdomain))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
provider_section_name,
- "PERSONA_SUBDOMAIN");
+ "KYC_PERSONA_SUBDOMAIN");
+ persona_unload_configuration (pd);
+ return NULL;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (ps->cfg,
+ provider_section_name,
+ "KYC_PERSONA_CONVERTER_HELPER",
+ &pd->conversion_binary))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ provider_section_name,
+ "KYC_PERSONA_CONVERTER_HELPER");
persona_unload_configuration (pd);
return NULL;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
- "KYC_POST_URL",
+ "KYC_PERSONA_POST_URL",
&pd->post_kyc_redirect_url))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
provider_section_name,
- "KYC_POST_URL");
+ "KYC_PERSONA_POST_URL");
persona_unload_configuration (pd);
return NULL;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
- "PERSONA_TEMPLATE_ID",
+ "KYC_PERSONA_TEMPLATE_ID",
&pd->template_id))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
provider_section_name,
- "PERSONA_TEMPLATE_ID");
+ "KYC_PERSONA_TEMPLATE_ID");
persona_unload_configuration (pd);
return NULL;
}
@@ -747,13 +790,14 @@ persona_initiate (void *cls,
(unsigned long long) ih->legitimization_uuid);
payto_s = GNUNET_STRINGS_data_to_string_alloc (&ih->h_payto,
sizeof (ih->h_payto));
- /* NOTE: check here that exchange_base_url ends
- with a '/'? */
+ GNUNET_break ('/' ==
+ pd->ps->exchange_base_url[strlen (
+ pd->ps->exchange_base_url) - 1]);
GNUNET_asprintf (&proof_url,
- "%skyc-proof/%s/%s",
+ "%skyc-proof/%s?state=%s",
pd->ps->exchange_base_url,
- payto_s,
- pd->section);
+ pd->section,
+ payto_s);
body = GNUNET_JSON_PACK (
GNUNET_JSON_pack_object_steal (
"data",
@@ -835,8 +879,14 @@ persona_proof_cancel (struct TALER_KYCLOGIC_ProofHandle *ph)
GNUNET_CURL_job_cancel (ph->job);
ph->job = NULL;
}
+ if (NULL != ph->ec)
+ {
+ TALER_JSON_external_conversion_stop (ph->ec);
+ ph->ec = NULL;
+ }
GNUNET_free (ph->url);
GNUNET_free (ph->provider_user_id);
+ GNUNET_free (ph->account_id);
GNUNET_free (ph->inquiry_id);
GNUNET_free (ph);
}
@@ -865,12 +915,9 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
{
struct MHD_Response *resp;
enum GNUNET_GenericReturnValue ret;
- struct GNUNET_TIME_Absolute expiration;
- if (TALER_KYCLOGIC_STATUS_SUCCESS == status)
- expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity);
- else
- expiration = GNUNET_TIME_UNIT_ZERO_ABS;
+ /* This API is not usable for successful replies */
+ GNUNET_assert (TALER_KYCLOGIC_STATUS_SUCCESS != status);
ret = TALER_TEMPLATING_build (ph->connection,
&http_status,
template,
@@ -888,7 +935,8 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph,
status,
account_id,
inquiry_id,
- expiration,
+ GNUNET_TIME_UNIT_ZERO_ABS,
+ NULL,
http_status,
resp);
}
@@ -922,8 +970,132 @@ proof_reply_error (struct TALER_KYCLOGIC_ProofHandle *ph,
/**
+ * Return a response for the @a ph request indicating a
+ * protocol violation by the Persona server.
+ *
+ * @param[in,out] ph request we are processing
+ * @param response_code HTTP status returned by Persona
+ * @param inquiry_id ID of the inquiry this is about
+ * @param detail where the response was wrong
+ * @param data full response data to output
+ */
+static void
+return_invalid_response (struct TALER_KYCLOGIC_ProofHandle *ph,
+ unsigned int response_code,
+ const char *inquiry_id,
+ const char *detail,
+ const json_t *data)
+{
+ proof_reply_error (
+ ph,
+ inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-invalid-response",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ GNUNET_JSON_pack_string ("persona_inquiry_id",
+ inquiry_id),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
+ GNUNET_JSON_pack_string ("detail",
+ detail),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
+}
+
+
+/**
+ * Start the external conversion helper.
+ *
+ * @param pd configuration details
+ * @param attr attributes to give to the helper
+ * @param cb function to call with the result
+ * @param cb_cls closure for @a cb
+ * @return handle for the helper
+ */
+static struct TALER_JSON_ExternalConversion *
+start_conversion (const struct TALER_KYCLOGIC_ProviderDetails *pd,
+ const json_t *attr,
+ TALER_JSON_JsonCallback cb,
+ void *cb_cls)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Calling converter `%s' with JSON\n",
+ pd->conversion_binary);
+ json_dumpf (attr,
+ stderr,
+ JSON_INDENT (2));
+ return TALER_JSON_external_conversion_start (
+ attr,
+ cb,
+ cb_cls,
+ pd->conversion_binary,
+ pd->conversion_binary,
+ "-a",
+ pd->auth_token,
+ NULL
+ );
+}
+
+
+/**
+ * Type of a callback that receives a JSON @a result.
+ *
+ * @param cls closure with a `struct TALER_KYCLOGIC_ProofHandle *`
+ * @param status_type how did the process die
+ * @param code termination status code from the process
+ * @param attr result some JSON result, NULL if we failed to get an JSON output
+ */
+static void
+proof_post_conversion_cb (void *cls,
+ enum GNUNET_OS_ProcessStatusType status_type,
+ unsigned long code,
+ const json_t *attr)
+{
+ struct TALER_KYCLOGIC_ProofHandle *ph = cls;
+ struct MHD_Response *resp;
+ struct GNUNET_TIME_Absolute expiration;
+
+ ph->ec = NULL;
+ if ( (NULL == attr) ||
+ (0 != code) )
+ {
+ GNUNET_break_op (0);
+ return_invalid_response (ph,
+ MHD_HTTP_OK,
+ ph->inquiry_id,
+ "converter",
+ NULL);
+ persona_proof_cancel (ph);
+ return;
+ }
+ expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity);
+ resp = MHD_create_response_from_buffer (0,
+ "",
+ MHD_RESPMEM_PERSISTENT);
+ GNUNET_break (MHD_YES ==
+ MHD_add_response_header (resp,
+ MHD_HTTP_HEADER_LOCATION,
+ ph->pd->post_kyc_redirect_url));
+ TALER_MHD_add_global_headers (resp);
+ ph->cb (ph->cb_cls,
+ TALER_KYCLOGIC_STATUS_SUCCESS,
+ ph->account_id,
+ ph->inquiry_id,
+ expiration,
+ attr,
+ MHD_HTTP_SEE_OTHER,
+ resp);
+ persona_proof_cancel (ph);
+}
+
+
+/**
* Function called when we're done processing the
- * HTTP "/api/v1/verifications/{verification-id}" request.
+ * HTTP "/api/v1/inquiries/{inquiry-id}" request.
*
* @param cls the `struct TALER_KYCLOGIC_InitiateHandle`
* @param response_code HTTP response code, 0 on error
@@ -947,14 +1119,17 @@ handle_proof_finished (void *cls,
const char *inquiry_id;
const char *account_id;
const char *type = NULL;
- json_t *attributes;
+ const json_t *attributes;
+ const json_t *relationships;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("type",
&type),
GNUNET_JSON_spec_string ("id",
&inquiry_id),
- GNUNET_JSON_spec_json ("attributes",
- &attributes),
+ GNUNET_JSON_spec_object_const ("attributes",
+ &attributes),
+ GNUNET_JSON_spec_object_const ("relationships",
+ &relationships),
GNUNET_JSON_spec_end ()
};
@@ -967,25 +1142,11 @@ handle_proof_finished (void *cls,
"inquiry")) )
{
GNUNET_break_op (0);
- json_dumpf (j,
- stderr,
- JSON_INDENT (2));
- proof_reply_error (ph,
- inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-logic-failure",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *) data))));
+ return_invalid_response (ph,
+ response_code,
+ inquiry_id,
+ "data",
+ data);
break;
}
@@ -996,10 +1157,10 @@ handle_proof_finished (void *cls,
struct GNUNET_JSON_Specification ispec[] = {
GNUNET_JSON_spec_string ("status",
&status),
- GNUNET_JSON_spec_string ("reference_id",
+ GNUNET_JSON_spec_string ("reference-id",
&reference_id),
GNUNET_JSON_spec_mark_optional (
- GNUNET_JSON_spec_string ("expired_at",
+ GNUNET_JSON_spec_string ("expired-at",
&expired_at),
NULL),
GNUNET_JSON_spec_end ()
@@ -1011,27 +1172,11 @@ handle_proof_finished (void *cls,
NULL, NULL))
{
GNUNET_break_op (0);
- json_dumpf (j,
- stderr,
- JSON_INDENT (2));
- proof_reply_error (ph,
- inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-invalid-response",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data-attributes"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *) data))));
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
+ return_invalid_response (ph,
+ response_code,
+ inquiry_id,
+ "data-attributes",
+ data);
break;
}
{
@@ -1045,25 +1190,11 @@ handle_proof_finished (void *cls,
(idr != ph->process_row) )
{
GNUNET_break_op (0);
- proof_reply_error (ph,
- inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-invalid-response",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data-attributes-reference_id"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
+ return_invalid_response (ph,
+ response_code,
+ inquiry_id,
+ "data-attributes-reference_id",
+ data);
break;
}
}
@@ -1072,25 +1203,11 @@ handle_proof_finished (void *cls,
ph->inquiry_id))
{
GNUNET_break_op (0);
- proof_reply_error (ph,
- inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-invalid-response",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data-id"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
+ return_invalid_response (ph,
+ response_code,
+ inquiry_id,
+ "data-id",
+ data);
break;
}
@@ -1098,9 +1215,7 @@ handle_proof_finished (void *cls,
json_object_get (
json_object_get (
json_object_get (
- json_object_get (
- data,
- "relationships"),
+ relationships,
"account"),
"data"),
"id"));
@@ -1108,77 +1223,56 @@ handle_proof_finished (void *cls,
if (0 != strcmp (status,
"completed"))
{
- proof_generic_reply (ph,
- TALER_KYCLOGIC_STATUS_FAILED,
- account_id,
- inquiry_id,
- MHD_HTTP_OK,
- "persona-kyc-failed",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
+ proof_generic_reply (
+ ph,
+ TALER_KYCLOGIC_STATUS_FAILED,
+ account_id,
+ inquiry_id,
+ MHD_HTTP_OK,
+ "persona-kyc-failed",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ GNUNET_JSON_pack_string ("persona_inquiry_id",
+ inquiry_id),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
}
if (NULL == account_id)
{
GNUNET_break_op (0);
- json_dumpf (data,
- stderr,
- JSON_INDENT (2));
- proof_reply_error (ph,
- inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-invalid-response",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- GNUNET_JSON_pack_string ("persona_inquiry_id",
- inquiry_id),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data-relationships-account-data-id"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ return_invalid_response (ph,
+ response_code,
+ inquiry_id,
+ "data-relationships-account-data-id",
+ data);
break;
}
-
+ ph->account_id = GNUNET_strdup (account_id);
+ ph->ec = start_conversion (ph->pd,
+ j,
+ &proof_post_conversion_cb,
+ ph);
+ if (NULL == ph->ec)
{
- struct MHD_Response *resp;
- struct GNUNET_TIME_Absolute expiration;
-
- expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity);
- resp = MHD_create_response_from_buffer (0,
- "",
- MHD_RESPMEM_PERSISTENT);
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (resp,
- MHD_HTTP_HEADER_LOCATION,
- ph->pd->post_kyc_redirect_url));
- TALER_MHD_add_global_headers (resp);
- ph->cb (ph->cb_cls,
- TALER_KYCLOGIC_STATUS_SUCCESS,
- account_id,
- inquiry_id,
- expiration,
- MHD_HTTP_SEE_OTHER,
- resp);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to start Persona conversion helper\n");
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-logic-failure",
+ GNUNET_JSON_PACK (
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_GENERIC_KYC_CONVERTER_FAILED)));
+ break;
}
- GNUNET_JSON_parse_free (ispec);
}
- GNUNET_JSON_parse_free (spec);
- break;
+ return; /* continued in proof_post_conversion_cb */
}
case MHD_HTTP_BAD_REQUEST:
case MHD_HTTP_NOT_FOUND:
@@ -1191,59 +1285,61 @@ handle_proof_finished (void *cls,
json_dumpf (j,
stderr,
JSON_INDENT (2));
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-logic-failure",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
-
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-logic-failure",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
+
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
case MHD_HTTP_UNAUTHORIZED:
/* These are failures of the exchange operator */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Refused access with HTTP status code %u\n",
(unsigned int) response_code);
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- "persona-exchange-unauthorized",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-exchange-unauthorized",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
case MHD_HTTP_PAYMENT_REQUIRED:
/* These are failures of the exchange operator */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Refused access with HTTP status code %u\n",
(unsigned int) response_code);
-
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_INTERNAL_SERVER_ERROR,
- "persona-exchange-unpaid",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_SERVICE_UNAVAILABLE,
+ "persona-exchange-unpaid",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
case MHD_HTTP_REQUEST_TIMEOUT:
/* These are networking issues */
@@ -1253,19 +1349,20 @@ handle_proof_finished (void *cls,
json_dumpf (j,
stderr,
JSON_INDENT (2));
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_GATEWAY_TIMEOUT,
- "persona-network-timeout",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_TIMEOUT),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_GATEWAY_TIMEOUT,
+ "persona-network-timeout",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_TIMEOUT),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
case MHD_HTTP_TOO_MANY_REQUESTS:
/* This is a load issue */
@@ -1275,19 +1372,20 @@ handle_proof_finished (void *cls,
json_dumpf (j,
stderr,
JSON_INDENT (2));
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_SERVICE_UNAVAILABLE,
- "persona-load-failure",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_RATE_LIMIT_EXCEEDED),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_SERVICE_UNAVAILABLE,
+ "persona-load-failure",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_RATE_LIMIT_EXCEEDED),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* This is an issue with Persona */
@@ -1297,19 +1395,20 @@ handle_proof_finished (void *cls,
json_dumpf (j,
stderr,
JSON_INDENT (2));
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-provider-failure",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_PROOF_BACKEND_ERROR),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-provider-failure",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_PROOF_BACKEND_ERROR),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
default:
/* This is an issue with Persona */
@@ -1319,21 +1418,20 @@ handle_proof_finished (void *cls,
json_dumpf (j,
stderr,
JSON_INDENT (2));
- proof_reply_error (ph,
- ph->inquiry_id,
- MHD_HTTP_BAD_GATEWAY,
- "persona-invalid-response",
- GNUNET_JSON_PACK (
- GNUNET_JSON_pack_uint64 ("persona_http_status",
- response_code),
- TALER_JSON_pack_ec (
- TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
- GNUNET_JSON_pack_string ("detail",
- "data-relationships-account-data-id"),
- GNUNET_JSON_pack_allow_null (
- GNUNET_JSON_pack_object_incref ("data",
- (json_t *)
- data))));
+ proof_reply_error (
+ ph,
+ ph->inquiry_id,
+ MHD_HTTP_BAD_GATEWAY,
+ "persona-invalid-response",
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_uint64 ("persona_http_status",
+ response_code),
+ TALER_JSON_pack_ec (
+ TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_object_incref ("data",
+ (json_t *)
+ data))));
break;
}
persona_proof_cancel (ph);
@@ -1345,7 +1443,6 @@ handle_proof_finished (void *cls,
*
* @param cls the @e cls of this struct with the plugin-specific state
* @param pd provider configuration details
- * @param url_path rest of the URL after `/kyc-webhook/`
* @param connection MHD connection object (for HTTP headers)
* @param account_id which account to trigger process for
* @param process_row row in the legitimization processes table the legitimization is for
@@ -1358,7 +1455,6 @@ handle_proof_finished (void *cls,
static struct TALER_KYCLOGIC_ProofHandle *
persona_proof (void *cls,
const struct TALER_KYCLOGIC_ProviderDetails *pd,
- const char *const url_path[],
struct MHD_Connection *connection,
const struct TALER_PaytoHashP *account_id,
uint64_t process_row,
@@ -1432,6 +1528,12 @@ persona_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh)
GNUNET_CURL_job_cancel (wh->job);
wh->job = NULL;
}
+ if (NULL != wh->ec)
+ {
+ TALER_JSON_external_conversion_stop (wh->ec);
+ wh->ec = NULL;
+ }
+ GNUNET_free (wh->account_id);
GNUNET_free (wh->inquiry_id);
GNUNET_free (wh->url);
GNUNET_free (wh);
@@ -1445,6 +1547,7 @@ persona_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh)
* @param status status to return
* @param account_id account to return
* @param inquiry_id inquiry ID to supply
+ * @param attr KYC attribute data for the client
* @param http_status HTTP status to use
*/
static void
@@ -1452,6 +1555,7 @@ webhook_generic_reply (struct TALER_KYCLOGIC_WebhookHandle *wh,
enum TALER_KYCLOGIC_KycStatus status,
const char *account_id,
const char *inquiry_id,
+ const json_t *attr,
unsigned int http_status)
{
struct MHD_Response *resp;
@@ -1468,11 +1572,12 @@ webhook_generic_reply (struct TALER_KYCLOGIC_WebhookHandle *wh,
wh->cb (wh->cb_cls,
wh->process_row,
&wh->h_payto,
- account_id,
wh->pd->section,
+ account_id,
inquiry_id,
status,
expiration,
+ attr,
http_status,
resp);
}
@@ -1494,13 +1599,40 @@ webhook_reply_error (struct TALER_KYCLOGIC_WebhookHandle *wh,
TALER_KYCLOGIC_STATUS_PROVIDER_FAILED,
NULL, /* user id */
inquiry_id,
+ NULL, /* attributes */
http_status);
}
/**
+ * Type of a callback that receives a JSON @a result.
+ *
+ * @param cls closure with a `struct TALER_KYCLOGIC_WebhookHandle *`
+ * @param status_type how did the process die
+ * @param code termination status code from the process
+ * @param attr some JSON result, NULL if we failed to get an JSON output
+ */
+static void
+webhook_post_conversion_cb (void *cls,
+ enum GNUNET_OS_ProcessStatusType status_type,
+ unsigned long code,
+ const json_t *attr)
+{
+ struct TALER_KYCLOGIC_WebhookHandle *wh = cls;
+
+ wh->ec = NULL;
+ webhook_generic_reply (wh,
+ TALER_KYCLOGIC_STATUS_SUCCESS,
+ wh->account_id,
+ wh->inquiry_id,
+ attr,
+ MHD_HTTP_OK);
+}
+
+
+/**
* Function called when we're done processing the
- * HTTP "/verifications/{verification_id}" request.
+ * HTTP "/api/v1/inquiries/{inquiry_id}" request.
*
* @param cls the `struct TALER_KYCLOGIC_WebhookHandle`
* @param response_code HTTP response code, 0 on error
@@ -1524,14 +1656,17 @@ handle_webhook_finished (void *cls,
const char *inquiry_id;
const char *account_id;
const char *type = NULL;
- json_t *attributes;
+ const json_t *attributes;
+ const json_t *relationships;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("type",
&type),
GNUNET_JSON_spec_string ("id",
&inquiry_id),
- GNUNET_JSON_spec_json ("attributes",
- &attributes),
+ GNUNET_JSON_spec_object_const ("attributes",
+ &attributes),
+ GNUNET_JSON_spec_object_const ("relationships",
+ &relationships),
GNUNET_JSON_spec_end ()
};
@@ -1560,10 +1695,10 @@ handle_webhook_finished (void *cls,
struct GNUNET_JSON_Specification ispec[] = {
GNUNET_JSON_spec_string ("status",
&status),
- GNUNET_JSON_spec_string ("reference_id",
+ GNUNET_JSON_spec_string ("reference-id",
&reference_id),
GNUNET_JSON_spec_mark_optional (
- GNUNET_JSON_spec_string ("expired_at",
+ GNUNET_JSON_spec_string ("expired-at",
&expired_at),
NULL),
GNUNET_JSON_spec_end ()
@@ -1581,8 +1716,6 @@ handle_webhook_finished (void *cls,
webhook_reply_error (wh,
inquiry_id,
MHD_HTTP_BAD_GATEWAY);
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
break;
}
{
@@ -1599,8 +1732,6 @@ handle_webhook_finished (void *cls,
webhook_reply_error (wh,
inquiry_id,
MHD_HTTP_BAD_GATEWAY);
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
break;
}
}
@@ -1612,8 +1743,6 @@ handle_webhook_finished (void *cls,
webhook_reply_error (wh,
inquiry_id,
MHD_HTTP_BAD_GATEWAY);
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
break;
}
@@ -1621,9 +1750,7 @@ handle_webhook_finished (void *cls,
json_object_get (
json_object_get (
json_object_get (
- json_object_get (
- data,
- "relationships"),
+ relationships,
"account"),
"data"),
"id"));
@@ -1635,9 +1762,8 @@ handle_webhook_finished (void *cls,
TALER_KYCLOGIC_STATUS_FAILED,
account_id,
inquiry_id,
+ NULL,
MHD_HTTP_OK);
- GNUNET_JSON_parse_free (ispec);
- GNUNET_JSON_parse_free (spec);
break;
}
@@ -1652,16 +1778,22 @@ handle_webhook_finished (void *cls,
MHD_HTTP_BAD_GATEWAY);
break;
}
-
- webhook_generic_reply (wh,
- TALER_KYCLOGIC_STATUS_SUCCESS,
- account_id,
+ wh->account_id = GNUNET_strdup (account_id);
+ wh->ec = start_conversion (wh->pd,
+ j,
+ &webhook_post_conversion_cb,
+ wh);
+ if (NULL == wh->ec)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to start Persona conversion helper\n");
+ webhook_reply_error (wh,
inquiry_id,
- MHD_HTTP_OK);
- GNUNET_JSON_parse_free (ispec);
+ MHD_HTTP_INTERNAL_SERVER_ERROR);
+ break;
+ }
}
- GNUNET_JSON_parse_free (spec);
- break;
+ return; /* continued in webhook_post_conversion_cb */
}
case MHD_HTTP_BAD_REQUEST:
case MHD_HTTP_NOT_FOUND:
@@ -1772,6 +1904,7 @@ async_webhook_reply (void *cls)
wh->inquiry_id, /* provider legi ID */
TALER_KYCLOGIC_STATUS_PROVIDER_FAILED,
GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */
+ NULL,
wh->response_code,
wh->resp);
persona_webhook_cancel (wh);
@@ -1853,13 +1986,13 @@ persona_webhook (void *cls,
wh->ps = ps;
wh->connection = connection;
wh->pd = pd;
-
auth_header = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_AUTHORIZATION);
if ( (NULL != ps->webhook_token) &&
- (0 != strcmp (ps->webhook_token,
- auth_header)) )
+ ( (NULL == auth_header) ||
+ (0 != strcmp (ps->webhook_token,
+ auth_header)) ) )
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Invalid authorization header `%s' received for Persona webhook\n",
@@ -1891,7 +2024,7 @@ persona_webhook (void *cls,
"payload"),
"data"),
"relationships"),
- "inquiry_template"),
+ "inquiry-template"),
"data"),
"id"));
if (NULL == wh->template_id)
@@ -1934,7 +2067,6 @@ persona_webhook (void *cls,
return wh;
}
-
persona_inquiry_id
= json_string_value (
json_object_get (
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-08 22:13:08 +0000