commit 1d99fd2ab6946aeacd69258bedcf73a8ada39f9e
parent 56385d9aa0eb242be47c1239883804167fccedf9
Author: Sebastian <sebasjm@gmail.com>
Date: Fri, 28 Jun 2024 10:59:21 -0300
missing solved status
using auth_attempts_left to know when the challenge is already solved
return the redirect uri when asking for challenge
Diffstat:
6 files changed, 67 insertions(+), 14 deletions(-)
diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c
@@ -153,6 +153,11 @@ struct ChallengeContext
bool retransmit;
/**
+ * Is the challenge already solved?
+ */
+ bool solved;
+
+ /**
* Did we do the DB interaction?
*/
bool db_finished;
@@ -653,7 +658,8 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
&bc->pin_attempts_left,
&bc->retransmit,
&bc->client_redirect_uri,
- &bc->address_refused);
+ &bc->address_refused,
+ &bc->solved);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -677,15 +683,35 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
break;
}
bc->db_finished = true;
+ if (bc->solved)
+ {
+ struct MHD_Response *response;
+ MHD_RESULT ret;
+
+ json_t *args = GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_string ("type",
+ "completed"),
+ GNUNET_JSON_pack_string ("redirect_url",
+ bc->client_redirect_uri)
+ );
+
+ response = TALER_MHD_make_json (args);
+
+ ret = MHD_queue_response (hc->connection,
+ MHD_HTTP_OK,
+ response);
+ MHD_destroy_response (response);
+ return ret;
+ }
if (bc->address_refused)
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Address changes exhausted address change limit for this process\n");
return reply_error (bc,
- "unauthorized_client",
- MHD_HTTP_FORBIDDEN,
- 1, // TALER_EC_CHALLENGER_TOO_MANY_ADDRESSES_ATTEMPTED
- "client exceeded authorization attempts limit (too many addresses attempted)");
+ "unauthorized_client",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_TOO_MANY_ADDRESSES_ATTEMPTED
+ "client exceeded authorization attempts limit (too many addresses attempted)");
}
if (0 == bc->pin_attempts_left)
@@ -693,10 +719,10 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Address changes exhausted PIN limit for this address\n");
return reply_error (bc,
- "unauthorized_client",
- MHD_HTTP_FORBIDDEN,
- 1, // TALER_EC_CHALLENGER_TOO_MANY_PIN_ATTEMPTED
- "client exceeded authorization attempts limit (too many PINs)");
+ "unauthorized_client",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_TOO_MANY_PIN_ATTEMPTED
+ "client exceeded authorization attempts limit (too many PINs)");
}
if (bc->retransmit)
diff --git a/src/challengerdb/challenger_do_challenge_set_address_and_pin.sql b/src/challengerdb/challenger_do_challenge_set_address_and_pin.sql
@@ -28,7 +28,8 @@ CREATE OR REPLACE FUNCTION challenger_do_challenge_set_address_and_pin (
OUT out_pin_transmit BOOLEAN,
OUT out_auth_attempts_left INT4,
OUT out_client_redirect_uri TEXT,
- OUT out_address_refused BOOLEAN)
+ OUT out_address_refused BOOLEAN,
+ OUT out_solved BOOLEAN)
LANGUAGE plpgsql
AS $$
DECLARE
@@ -59,6 +60,7 @@ THEN
out_auth_attempts_left=0;
out_client_redirect_uri=NULL;
out_address_refused=TRUE;
+ out_solved=FALSE;
out_state=NULL;
RETURN;
END IF;
@@ -70,6 +72,15 @@ out_auth_attempts_left=my_status.auth_attempts_left;
out_state=my_status.client_state;
out_client_redirect_uri=my_status.client_redirect_uri;
+IF ( 0 > my_status.auth_attempts_left ) -- this challenge is solved
+THEN
+ out_address_refused=TRUE;
+ out_solved=TRUE;
+ out_auth_attempts_left=0;
+ RETURN;
+END IF;
+out_solved=FALSE;
+
IF ( (0 = my_status.address_attempts_left) AND
(in_address != my_status.address) )
THEN
diff --git a/src/challengerdb/challenger_do_validate_and_solve_pin.sql b/src/challengerdb/challenger_do_validate_and_solve_pin.sql
@@ -71,6 +71,14 @@ THEN
END IF;
out_no_challenge=FALSE;
+IF (0 > my_status.auth_attempts_left)
+THEN
+ out_solved=TRUE;
+ out_exhausted=TRUE;
+ out_auth_attempts_left=0;
+ RETURN;
+END IF;
+
IF (0 = my_status.auth_attempts_left)
THEN
out_solved=FALSE;
@@ -85,7 +93,7 @@ IF NOT out_solved
THEN
out_auth_attempts_left=my_status.auth_attempts_left-1;
ELSE
- out_auth_attempts_left=0; -- solved: no more attempts
+ out_auth_attempts_left=-1; -- solved: no more attempts
END IF;
UPDATE validations
diff --git a/src/challengerdb/pg_challenge_set_address_and_pin.c b/src/challengerdb/pg_challenge_set_address_and_pin.c
@@ -38,7 +38,8 @@ CH_PG_challenge_set_address_and_pin (
uint32_t *auth_attempts_left,
bool *pin_transmit,
char **client_redirect_uri,
- bool *address_refused)
+ bool *address_refused,
+ bool *solved)
{
struct PostgresClosure *pg = cls;
struct GNUNET_TIME_Absolute now
@@ -76,6 +77,8 @@ CH_PG_challenge_set_address_and_pin (
NULL),
GNUNET_PQ_result_spec_bool ("address_refused",
address_refused),
+ GNUNET_PQ_result_spec_bool ("solved",
+ solved),
GNUNET_PQ_result_spec_end
};
enum GNUNET_DB_QueryStatus qs;
@@ -92,6 +95,7 @@ CH_PG_challenge_set_address_and_pin (
",out_auth_attempts_left AS auth_attempts_left"
",out_client_redirect_uri AS client_redirect_uri"
",out_address_refused AS address_refused"
+ ",out_solved AS solved"
" FROM challenger_do_challenge_set_address_and_pin"
" ($1,$2,$3,$4,$5);");
qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
diff --git a/src/challengerdb/pg_challenge_set_address_and_pin.h b/src/challengerdb/pg_challenge_set_address_and_pin.h
@@ -43,6 +43,7 @@
* @param[out] auth_attempts_left set to number of attempts the user has left on this pin
* @param[out] client_redirect_uri redirection URI of the client (for reporting failures)
* @param[out] address_refused set to true if the address was refused (address change attempts exhausted)
+ * @param[out] solved set to true if the challenge is already solved
* @return transaction status:
* #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
* #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
@@ -60,6 +61,7 @@ CH_PG_challenge_set_address_and_pin (
uint32_t *auth_attempts_left,
bool *pin_transmit,
char **client_redirect_uri,
- bool *address_refused);
+ bool *address_refused,
+ bool *solved);
#endif
diff --git a/src/include/challenger_database_plugin.h b/src/include/challenger_database_plugin.h
@@ -268,6 +268,7 @@ struct CHALLENGER_DatabasePlugin
* @param[out] auth_attempts_left set to number of attempts the user has left on this pin
* @param[out] client_redirect_uri redirection URI of the client (for reporting failures)
* @param[out] address_refused set to true if the address was refused (address change attempts exhausted)
+ * @param[out] solved set to true if the challenge is already solved
* @return transaction status:
* #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
* #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
@@ -285,7 +286,8 @@ struct CHALLENGER_DatabasePlugin
uint32_t *auth_attempts_left,
bool *pin_transmit,
char **client_redirect_uri,
- bool *address_refused);
+ bool *address_refused,
+ bool *solved);
/**
