diff options
Diffstat (limited to 'src/kyclogic/plugin_kyclogic_persona.c')
-rw-r--r-- | src/kyclogic/plugin_kyclogic_persona.c | 734 |
1 files changed, 433 insertions, 301 deletions
diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c index 651388c99..c68b7f881 100644 --- a/src/kyclogic/plugin_kyclogic_persona.c +++ b/src/kyclogic/plugin_kyclogic_persona.c @@ -1,6 +1,6 @@ /* This file is part of GNU Taler - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2022, 2023 Taler Systems SA Taler is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -19,6 +19,7 @@ * @author Christian Grothoff */ #include "platform.h" +#include "taler_attributes.h" #include "taler_kyclogic_plugin.h" #include "taler_mhd_lib.h" #include "taler_curl_lib.h" @@ -62,9 +63,10 @@ struct PluginState struct GNUNET_CURL_RescheduleContext *curl_rc; /** - * Authorization token to use when receiving webhooks from the Persona service. Optional. Note that - * webhooks are *global* and not per template. - */ + * Authorization token to use when receiving webhooks from the Persona + * service. Optional. Note that webhooks are *global* and not per + * template. + */ char *webhook_token; @@ -110,6 +112,12 @@ struct TALER_KYCLOGIC_ProviderDetails char *subdomain; /** + * Name of the program we use to convert outputs + * from Persona into our JSON inputs. + */ + char *conversion_binary; + + /** * Where to redirect the client upon completion. */ char *post_kyc_redirect_url; @@ -229,6 +237,12 @@ struct TALER_KYCLOGIC_ProofHandle char *url; /** + * Handle to an external process that converts the + * Persona response to our internal format. + */ + struct TALER_JSON_ExternalConversion *ec; + + /** * Hash of the payto:// URI we are checking the KYC for. */ struct TALER_PaytoHashP h_payto; @@ -245,6 +259,11 @@ struct TALER_KYCLOGIC_ProofHandle char *provider_user_id; /** + * Account ID from the service. + */ + char *account_id; + + /** * Inquiry ID at the provider. */ char *inquiry_id; @@ -293,6 +312,11 @@ struct TALER_KYCLOGIC_WebhookHandle char *inquiry_id; /** + * Account ID from the service. + */ + char *account_id; + + /** * URL of the cURL request. */ char *url; @@ -314,6 +338,12 @@ struct TALER_KYCLOGIC_WebhookHandle const char *template_id; /** + * Handle to an external process that converts the + * Persona response to our internal format. + */ + struct TALER_JSON_ExternalConversion *ec; + + /** * Our account ID. */ struct TALER_PaytoHashP h_payto; @@ -342,6 +372,7 @@ persona_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd) GNUNET_free (pd->auth_token); GNUNET_free (pd->template_id); GNUNET_free (pd->subdomain); + GNUNET_free (pd->conversion_binary); GNUNET_free (pd->salt); GNUNET_free (pd->section); GNUNET_free (pd->post_kyc_redirect_url); @@ -369,31 +400,31 @@ persona_load_configuration (void *cls, if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (ps->cfg, provider_section_name, - "PERSONA_VALIDITY", + "KYC_PERSONA_VALIDITY", &pd->validity)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, provider_section_name, - "PERSONA_VALIDITY"); + "KYC_PERSONA_VALIDITY"); persona_unload_configuration (pd); return NULL; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (ps->cfg, provider_section_name, - "PERSONA_AUTH_TOKEN", + "KYC_PERSONA_AUTH_TOKEN", &pd->auth_token)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, provider_section_name, - "PERSONA_AUTH_TOKEN"); + "KYC_PERSONA_AUTH_TOKEN"); persona_unload_configuration (pd); return NULL; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (ps->cfg, provider_section_name, - "SALT", + "KYC_PERSONA_SALT", &pd->salt)) { uint32_t salt[8]; @@ -407,36 +438,48 @@ persona_load_configuration (void *cls, if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (ps->cfg, provider_section_name, - "PERSONA_SUBDOMAIN", + "KYC_PERSONA_SUBDOMAIN", &pd->subdomain)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, provider_section_name, - "PERSONA_SUBDOMAIN"); + "KYC_PERSONA_SUBDOMAIN"); + persona_unload_configuration (pd); + return NULL; + } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (ps->cfg, + provider_section_name, + "KYC_PERSONA_CONVERTER_HELPER", + &pd->conversion_binary)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + provider_section_name, + "KYC_PERSONA_CONVERTER_HELPER"); persona_unload_configuration (pd); return NULL; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (ps->cfg, provider_section_name, - "KYC_POST_URL", + "KYC_PERSONA_POST_URL", &pd->post_kyc_redirect_url)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, provider_section_name, - "KYC_POST_URL"); + "KYC_PERSONA_POST_URL"); persona_unload_configuration (pd); return NULL; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (ps->cfg, provider_section_name, - "PERSONA_TEMPLATE_ID", + "KYC_PERSONA_TEMPLATE_ID", &pd->template_id)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, provider_section_name, - "PERSONA_TEMPLATE_ID"); + "KYC_PERSONA_TEMPLATE_ID"); persona_unload_configuration (pd); return NULL; } @@ -747,13 +790,14 @@ persona_initiate (void *cls, (unsigned long long) ih->legitimization_uuid); payto_s = GNUNET_STRINGS_data_to_string_alloc (&ih->h_payto, sizeof (ih->h_payto)); - /* NOTE: check here that exchange_base_url ends - with a '/'? */ + GNUNET_break ('/' == + pd->ps->exchange_base_url[strlen ( + pd->ps->exchange_base_url) - 1]); GNUNET_asprintf (&proof_url, - "%skyc-proof/%s/%s", + "%skyc-proof/%s?state=%s", pd->ps->exchange_base_url, - payto_s, - pd->section); + pd->section, + payto_s); body = GNUNET_JSON_PACK ( GNUNET_JSON_pack_object_steal ( "data", @@ -835,8 +879,14 @@ persona_proof_cancel (struct TALER_KYCLOGIC_ProofHandle *ph) GNUNET_CURL_job_cancel (ph->job); ph->job = NULL; } + if (NULL != ph->ec) + { + TALER_JSON_external_conversion_stop (ph->ec); + ph->ec = NULL; + } GNUNET_free (ph->url); GNUNET_free (ph->provider_user_id); + GNUNET_free (ph->account_id); GNUNET_free (ph->inquiry_id); GNUNET_free (ph); } @@ -865,12 +915,9 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph, { struct MHD_Response *resp; enum GNUNET_GenericReturnValue ret; - struct GNUNET_TIME_Absolute expiration; - if (TALER_KYCLOGIC_STATUS_SUCCESS == status) - expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity); - else - expiration = GNUNET_TIME_UNIT_ZERO_ABS; + /* This API is not usable for successful replies */ + GNUNET_assert (TALER_KYCLOGIC_STATUS_SUCCESS != status); ret = TALER_TEMPLATING_build (ph->connection, &http_status, template, @@ -888,7 +935,8 @@ proof_generic_reply (struct TALER_KYCLOGIC_ProofHandle *ph, status, account_id, inquiry_id, - expiration, + GNUNET_TIME_UNIT_ZERO_ABS, + NULL, http_status, resp); } @@ -922,8 +970,132 @@ proof_reply_error (struct TALER_KYCLOGIC_ProofHandle *ph, /** + * Return a response for the @a ph request indicating a + * protocol violation by the Persona server. + * + * @param[in,out] ph request we are processing + * @param response_code HTTP status returned by Persona + * @param inquiry_id ID of the inquiry this is about + * @param detail where the response was wrong + * @param data full response data to output + */ +static void +return_invalid_response (struct TALER_KYCLOGIC_ProofHandle *ph, + unsigned int response_code, + const char *inquiry_id, + const char *detail, + const json_t *data) +{ + proof_reply_error ( + ph, + inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-invalid-response", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + GNUNET_JSON_pack_string ("persona_inquiry_id", + inquiry_id), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), + GNUNET_JSON_pack_string ("detail", + detail), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); +} + + +/** + * Start the external conversion helper. + * + * @param pd configuration details + * @param attr attributes to give to the helper + * @param cb function to call with the result + * @param cb_cls closure for @a cb + * @return handle for the helper + */ +static struct TALER_JSON_ExternalConversion * +start_conversion (const struct TALER_KYCLOGIC_ProviderDetails *pd, + const json_t *attr, + TALER_JSON_JsonCallback cb, + void *cb_cls) +{ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Calling converter `%s' with JSON\n", + pd->conversion_binary); + json_dumpf (attr, + stderr, + JSON_INDENT (2)); + return TALER_JSON_external_conversion_start ( + attr, + cb, + cb_cls, + pd->conversion_binary, + pd->conversion_binary, + "-a", + pd->auth_token, + NULL + ); +} + + +/** + * Type of a callback that receives a JSON @a result. + * + * @param cls closure with a `struct TALER_KYCLOGIC_ProofHandle *` + * @param status_type how did the process die + * @param code termination status code from the process + * @param attr result some JSON result, NULL if we failed to get an JSON output + */ +static void +proof_post_conversion_cb (void *cls, + enum GNUNET_OS_ProcessStatusType status_type, + unsigned long code, + const json_t *attr) +{ + struct TALER_KYCLOGIC_ProofHandle *ph = cls; + struct MHD_Response *resp; + struct GNUNET_TIME_Absolute expiration; + + ph->ec = NULL; + if ( (NULL == attr) || + (0 != code) ) + { + GNUNET_break_op (0); + return_invalid_response (ph, + MHD_HTTP_OK, + ph->inquiry_id, + "converter", + NULL); + persona_proof_cancel (ph); + return; + } + expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity); + resp = MHD_create_response_from_buffer (0, + "", + MHD_RESPMEM_PERSISTENT); + GNUNET_break (MHD_YES == + MHD_add_response_header (resp, + MHD_HTTP_HEADER_LOCATION, + ph->pd->post_kyc_redirect_url)); + TALER_MHD_add_global_headers (resp); + ph->cb (ph->cb_cls, + TALER_KYCLOGIC_STATUS_SUCCESS, + ph->account_id, + ph->inquiry_id, + expiration, + attr, + MHD_HTTP_SEE_OTHER, + resp); + persona_proof_cancel (ph); +} + + +/** * Function called when we're done processing the - * HTTP "/api/v1/verifications/{verification-id}" request. + * HTTP "/api/v1/inquiries/{inquiry-id}" request. * * @param cls the `struct TALER_KYCLOGIC_InitiateHandle` * @param response_code HTTP response code, 0 on error @@ -947,14 +1119,17 @@ handle_proof_finished (void *cls, const char *inquiry_id; const char *account_id; const char *type = NULL; - json_t *attributes; + const json_t *attributes; + const json_t *relationships; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("type", &type), GNUNET_JSON_spec_string ("id", &inquiry_id), - GNUNET_JSON_spec_json ("attributes", - &attributes), + GNUNET_JSON_spec_object_const ("attributes", + &attributes), + GNUNET_JSON_spec_object_const ("relationships", + &relationships), GNUNET_JSON_spec_end () }; @@ -967,25 +1142,11 @@ handle_proof_finished (void *cls, "inquiry")) ) { GNUNET_break_op (0); - json_dumpf (j, - stderr, - JSON_INDENT (2)); - proof_reply_error (ph, - inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-logic-failure", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) data)))); + return_invalid_response (ph, + response_code, + inquiry_id, + "data", + data); break; } @@ -996,10 +1157,10 @@ handle_proof_finished (void *cls, struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ("status", &status), - GNUNET_JSON_spec_string ("reference_id", + GNUNET_JSON_spec_string ("reference-id", &reference_id), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("expired_at", + GNUNET_JSON_spec_string ("expired-at", &expired_at), NULL), GNUNET_JSON_spec_end () @@ -1011,27 +1172,11 @@ handle_proof_finished (void *cls, NULL, NULL)) { GNUNET_break_op (0); - json_dumpf (j, - stderr, - JSON_INDENT (2)); - proof_reply_error (ph, - inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-invalid-response", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data-attributes"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) data)))); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); + return_invalid_response (ph, + response_code, + inquiry_id, + "data-attributes", + data); break; } { @@ -1045,25 +1190,11 @@ handle_proof_finished (void *cls, (idr != ph->process_row) ) { GNUNET_break_op (0); - proof_reply_error (ph, - inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-invalid-response", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data-attributes-reference_id"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); + return_invalid_response (ph, + response_code, + inquiry_id, + "data-attributes-reference_id", + data); break; } } @@ -1072,25 +1203,11 @@ handle_proof_finished (void *cls, ph->inquiry_id)) { GNUNET_break_op (0); - proof_reply_error (ph, - inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-invalid-response", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data-id"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); + return_invalid_response (ph, + response_code, + inquiry_id, + "data-id", + data); break; } @@ -1098,9 +1215,7 @@ handle_proof_finished (void *cls, json_object_get ( json_object_get ( json_object_get ( - json_object_get ( - data, - "relationships"), + relationships, "account"), "data"), "id")); @@ -1108,77 +1223,56 @@ handle_proof_finished (void *cls, if (0 != strcmp (status, "completed")) { - proof_generic_reply (ph, - TALER_KYCLOGIC_STATUS_FAILED, - account_id, - inquiry_id, - MHD_HTTP_OK, - "persona-kyc-failed", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); + proof_generic_reply ( + ph, + TALER_KYCLOGIC_STATUS_FAILED, + account_id, + inquiry_id, + MHD_HTTP_OK, + "persona-kyc-failed", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + GNUNET_JSON_pack_string ("persona_inquiry_id", + inquiry_id), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; } if (NULL == account_id) { GNUNET_break_op (0); - json_dumpf (data, - stderr, - JSON_INDENT (2)); - proof_reply_error (ph, - inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-invalid-response", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - GNUNET_JSON_pack_string ("persona_inquiry_id", - inquiry_id), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data-relationships-account-data-id"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + return_invalid_response (ph, + response_code, + inquiry_id, + "data-relationships-account-data-id", + data); break; } - + ph->account_id = GNUNET_strdup (account_id); + ph->ec = start_conversion (ph->pd, + j, + &proof_post_conversion_cb, + ph); + if (NULL == ph->ec) { - struct MHD_Response *resp; - struct GNUNET_TIME_Absolute expiration; - - expiration = GNUNET_TIME_relative_to_absolute (ph->pd->validity); - resp = MHD_create_response_from_buffer (0, - "", - MHD_RESPMEM_PERSISTENT); - GNUNET_break (MHD_YES == - MHD_add_response_header (resp, - MHD_HTTP_HEADER_LOCATION, - ph->pd->post_kyc_redirect_url)); - TALER_MHD_add_global_headers (resp); - ph->cb (ph->cb_cls, - TALER_KYCLOGIC_STATUS_SUCCESS, - account_id, - inquiry_id, - expiration, - MHD_HTTP_SEE_OTHER, - resp); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to start Persona conversion helper\n"); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-logic-failure", + GNUNET_JSON_PACK ( + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_GENERIC_KYC_CONVERTER_FAILED))); + break; } - GNUNET_JSON_parse_free (ispec); } - GNUNET_JSON_parse_free (spec); - break; + return; /* continued in proof_post_conversion_cb */ } case MHD_HTTP_BAD_REQUEST: case MHD_HTTP_NOT_FOUND: @@ -1191,59 +1285,61 @@ handle_proof_finished (void *cls, json_dumpf (j, stderr, JSON_INDENT (2)); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-logic-failure", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-logic-failure", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), + + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; case MHD_HTTP_UNAUTHORIZED: /* These are failures of the exchange operator */ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Refused access with HTTP status code %u\n", (unsigned int) response_code); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_INTERNAL_SERVER_ERROR, - "persona-exchange-unauthorized", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-exchange-unauthorized", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; case MHD_HTTP_PAYMENT_REQUIRED: /* These are failures of the exchange operator */ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Refused access with HTTP status code %u\n", (unsigned int) response_code); - - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_INTERNAL_SERVER_ERROR, - "persona-exchange-unpaid", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_SERVICE_UNAVAILABLE, + "persona-exchange-unpaid", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_ACCESS_REFUSED), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; case MHD_HTTP_REQUEST_TIMEOUT: /* These are networking issues */ @@ -1253,19 +1349,20 @@ handle_proof_finished (void *cls, json_dumpf (j, stderr, JSON_INDENT (2)); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_GATEWAY_TIMEOUT, - "persona-network-timeout", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_TIMEOUT), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_GATEWAY_TIMEOUT, + "persona-network-timeout", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_TIMEOUT), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; case MHD_HTTP_TOO_MANY_REQUESTS: /* This is a load issue */ @@ -1275,19 +1372,20 @@ handle_proof_finished (void *cls, json_dumpf (j, stderr, JSON_INDENT (2)); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_SERVICE_UNAVAILABLE, - "persona-load-failure", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_RATE_LIMIT_EXCEEDED), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_SERVICE_UNAVAILABLE, + "persona-load-failure", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_RATE_LIMIT_EXCEEDED), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; case MHD_HTTP_INTERNAL_SERVER_ERROR: /* This is an issue with Persona */ @@ -1297,19 +1395,20 @@ handle_proof_finished (void *cls, json_dumpf (j, stderr, JSON_INDENT (2)); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-provider-failure", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_PROOF_BACKEND_ERROR), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-provider-failure", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_PROOF_BACKEND_ERROR), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; default: /* This is an issue with Persona */ @@ -1319,21 +1418,20 @@ handle_proof_finished (void *cls, json_dumpf (j, stderr, JSON_INDENT (2)); - proof_reply_error (ph, - ph->inquiry_id, - MHD_HTTP_BAD_GATEWAY, - "persona-invalid-response", - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_uint64 ("persona_http_status", - response_code), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), - GNUNET_JSON_pack_string ("detail", - "data-relationships-account-data-id"), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_incref ("data", - (json_t *) - data)))); + proof_reply_error ( + ph, + ph->inquiry_id, + MHD_HTTP_BAD_GATEWAY, + "persona-invalid-response", + GNUNET_JSON_PACK ( + GNUNET_JSON_pack_uint64 ("persona_http_status", + response_code), + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_KYC_GENERIC_PROVIDER_UNEXPECTED_REPLY), + GNUNET_JSON_pack_allow_null ( + GNUNET_JSON_pack_object_incref ("data", + (json_t *) + data)))); break; } persona_proof_cancel (ph); @@ -1345,7 +1443,6 @@ handle_proof_finished (void *cls, * * @param cls the @e cls of this struct with the plugin-specific state * @param pd provider configuration details - * @param url_path rest of the URL after `/kyc-webhook/` * @param connection MHD connection object (for HTTP headers) * @param account_id which account to trigger process for * @param process_row row in the legitimization processes table the legitimization is for @@ -1358,7 +1455,6 @@ handle_proof_finished (void *cls, static struct TALER_KYCLOGIC_ProofHandle * persona_proof (void *cls, const struct TALER_KYCLOGIC_ProviderDetails *pd, - const char *const url_path[], struct MHD_Connection *connection, const struct TALER_PaytoHashP *account_id, uint64_t process_row, @@ -1432,6 +1528,12 @@ persona_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh) GNUNET_CURL_job_cancel (wh->job); wh->job = NULL; } + if (NULL != wh->ec) + { + TALER_JSON_external_conversion_stop (wh->ec); + wh->ec = NULL; + } + GNUNET_free (wh->account_id); GNUNET_free (wh->inquiry_id); GNUNET_free (wh->url); GNUNET_free (wh); @@ -1445,6 +1547,7 @@ persona_webhook_cancel (struct TALER_KYCLOGIC_WebhookHandle *wh) * @param status status to return * @param account_id account to return * @param inquiry_id inquiry ID to supply + * @param attr KYC attribute data for the client * @param http_status HTTP status to use */ static void @@ -1452,6 +1555,7 @@ webhook_generic_reply (struct TALER_KYCLOGIC_WebhookHandle *wh, enum TALER_KYCLOGIC_KycStatus status, const char *account_id, const char *inquiry_id, + const json_t *attr, unsigned int http_status) { struct MHD_Response *resp; @@ -1468,11 +1572,12 @@ webhook_generic_reply (struct TALER_KYCLOGIC_WebhookHandle *wh, wh->cb (wh->cb_cls, wh->process_row, &wh->h_payto, - account_id, wh->pd->section, + account_id, inquiry_id, status, expiration, + attr, http_status, resp); } @@ -1494,13 +1599,40 @@ webhook_reply_error (struct TALER_KYCLOGIC_WebhookHandle *wh, TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, NULL, /* user id */ inquiry_id, + NULL, /* attributes */ http_status); } /** + * Type of a callback that receives a JSON @a result. + * + * @param cls closure with a `struct TALER_KYCLOGIC_WebhookHandle *` + * @param status_type how did the process die + * @param code termination status code from the process + * @param attr some JSON result, NULL if we failed to get an JSON output + */ +static void +webhook_post_conversion_cb (void *cls, + enum GNUNET_OS_ProcessStatusType status_type, + unsigned long code, + const json_t *attr) +{ + struct TALER_KYCLOGIC_WebhookHandle *wh = cls; + + wh->ec = NULL; + webhook_generic_reply (wh, + TALER_KYCLOGIC_STATUS_SUCCESS, + wh->account_id, + wh->inquiry_id, + attr, + MHD_HTTP_OK); +} + + +/** * Function called when we're done processing the - * HTTP "/verifications/{verification_id}" request. + * HTTP "/api/v1/inquiries/{inquiry_id}" request. * * @param cls the `struct TALER_KYCLOGIC_WebhookHandle` * @param response_code HTTP response code, 0 on error @@ -1524,14 +1656,17 @@ handle_webhook_finished (void *cls, const char *inquiry_id; const char *account_id; const char *type = NULL; - json_t *attributes; + const json_t *attributes; + const json_t *relationships; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("type", &type), GNUNET_JSON_spec_string ("id", &inquiry_id), - GNUNET_JSON_spec_json ("attributes", - &attributes), + GNUNET_JSON_spec_object_const ("attributes", + &attributes), + GNUNET_JSON_spec_object_const ("relationships", + &relationships), GNUNET_JSON_spec_end () }; @@ -1560,10 +1695,10 @@ handle_webhook_finished (void *cls, struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ("status", &status), - GNUNET_JSON_spec_string ("reference_id", + GNUNET_JSON_spec_string ("reference-id", &reference_id), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("expired_at", + GNUNET_JSON_spec_string ("expired-at", &expired_at), NULL), GNUNET_JSON_spec_end () @@ -1581,8 +1716,6 @@ handle_webhook_finished (void *cls, webhook_reply_error (wh, inquiry_id, MHD_HTTP_BAD_GATEWAY); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); break; } { @@ -1599,8 +1732,6 @@ handle_webhook_finished (void *cls, webhook_reply_error (wh, inquiry_id, MHD_HTTP_BAD_GATEWAY); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); break; } } @@ -1612,8 +1743,6 @@ handle_webhook_finished (void *cls, webhook_reply_error (wh, inquiry_id, MHD_HTTP_BAD_GATEWAY); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); break; } @@ -1621,9 +1750,7 @@ handle_webhook_finished (void *cls, json_object_get ( json_object_get ( json_object_get ( - json_object_get ( - data, - "relationships"), + relationships, "account"), "data"), "id")); @@ -1635,9 +1762,8 @@ handle_webhook_finished (void *cls, TALER_KYCLOGIC_STATUS_FAILED, account_id, inquiry_id, + NULL, MHD_HTTP_OK); - GNUNET_JSON_parse_free (ispec); - GNUNET_JSON_parse_free (spec); break; } @@ -1652,16 +1778,22 @@ handle_webhook_finished (void *cls, MHD_HTTP_BAD_GATEWAY); break; } - - webhook_generic_reply (wh, - TALER_KYCLOGIC_STATUS_SUCCESS, - account_id, + wh->account_id = GNUNET_strdup (account_id); + wh->ec = start_conversion (wh->pd, + j, + &webhook_post_conversion_cb, + wh); + if (NULL == wh->ec) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to start Persona conversion helper\n"); + webhook_reply_error (wh, inquiry_id, - MHD_HTTP_OK); - GNUNET_JSON_parse_free (ispec); + MHD_HTTP_INTERNAL_SERVER_ERROR); + break; + } } - GNUNET_JSON_parse_free (spec); - break; + return; /* continued in webhook_post_conversion_cb */ } case MHD_HTTP_BAD_REQUEST: case MHD_HTTP_NOT_FOUND: @@ -1772,6 +1904,7 @@ async_webhook_reply (void *cls) wh->inquiry_id, /* provider legi ID */ TALER_KYCLOGIC_STATUS_PROVIDER_FAILED, GNUNET_TIME_UNIT_ZERO_ABS, /* expiration */ + NULL, wh->response_code, wh->resp); persona_webhook_cancel (wh); @@ -1853,13 +1986,13 @@ persona_webhook (void *cls, wh->ps = ps; wh->connection = connection; wh->pd = pd; - auth_header = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION); if ( (NULL != ps->webhook_token) && - (0 != strcmp (ps->webhook_token, - auth_header)) ) + ( (NULL == auth_header) || + (0 != strcmp (ps->webhook_token, + auth_header)) ) ) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid authorization header `%s' received for Persona webhook\n", @@ -1891,7 +2024,7 @@ persona_webhook (void *cls, "payload"), "data"), "relationships"), - "inquiry_template"), + "inquiry-template"), "data"), "id")); if (NULL == wh->template_id) @@ -1934,7 +2067,6 @@ persona_webhook (void *cls, return wh; } - persona_inquiry_id = json_string_value ( json_object_get ( |