exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit 5566b11d10e057c90e33870db395b583b2709364
parent 191f5e9a543ba581e129783313a4a6e8ed598a07
Author: Christian Grothoff <christian@grothoff.org>
Date:   Fri, 19 Jul 2024 15:09:27 +0200

introduce default check

Diffstat:

Msrc/kyclogic/kyclogic_api.c | 26+++++++++++++++++++++++---


Msrc/kyclogic/taler-exchange-helper-measure-freeze | 1+


Msrc/kyclogic/taler-exchange-helper-measure-test-oauth | 1+


Msrc/testing/test_exchange_api.conf | 31+++++++++++++++++++++++++++++--


4 files changed, 54 insertions(+), 5 deletions(-)

diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
@@ -1237,6 +1237,13 @@ add_check (const struct GNUNET_CONFIGURATION_Handle *cfg,
   char *outputs = NULL;
   char *fallback = NULL;
 
+  if (0 == strcasecmp (&section[strlen ("kyc-check-")],
+                       "SKIP"))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "The kyc-check-skip section must not exist, 'skip' is reserved name for a build-in check\n");
+    return GNUNET_SYSERR;
+  }
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Parsing KYC check %s\n",
               section);
@@ -1811,9 +1818,7 @@ add_measure (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                              "CHECK_NAME",
                                              &check_name))
   {
-    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-                               section,
-                               "CHECK_NAME");
+    check_name = GNUNET_strdup ("SKIP");
     goto fail;
   }
   if (GNUNET_OK !=
@@ -1959,6 +1964,18 @@ TALER_KYCLOGIC_kyc_init (const struct GNUNET_CONFIGURATION_Handle *cfg)
            default_rules.num_kyc_rules,
            sizeof (struct TALER_KYCLOGIC_KycRule *),
            &sort_by_timeframe);
+
+  {
+    const struct TALER_KYCLOGIC_KycCheck *check;
+
+    check = find_check ("default");
+    if (NULL == check)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "A 'default' check should be defined\n");
+    }
+  }
+
   for (unsigned int i=0; i<default_rules.num_kyc_rules; i++)
   {
     const struct TALER_KYCLOGIC_KycRule *rule
@@ -1989,6 +2006,9 @@ TALER_KYCLOGIC_kyc_init (const struct GNUNET_CONFIGURATION_Handle *cfg)
     const struct TALER_KYCLOGIC_KycCheck *check;
     const struct TALER_KYCLOGIC_AmlProgram *program;
 
+    if (0 == strcasecmp (measure->check_name,
+                         "SKIP"))
+      continue;
     check = find_check (measure->check_name);
     if (NULL == check)
     {
diff --git a/src/kyclogic/taler-exchange-helper-measure-freeze b/src/kyclogic/taler-exchange-helper-measure-freeze
@@ -48,6 +48,7 @@ jq -n \
     --arg expiration "$EXPIRATION" \
     '{ "to_investigate": true,
        "new_rules" : {
+         "new_check" : "info-frozen",
          "expiration_time" : { "t_s": $expiration },
          "rules" : [
            {
diff --git a/src/kyclogic/taler-exchange-helper-measure-test-oauth b/src/kyclogic/taler-exchange-helper-measure-test-oauth
@@ -64,6 +64,7 @@ jq -n \
     --arg expiration "$EXPIRATION" \
     '{ "to_investigate": false,
        "new_rules" : {
+         "new_check" : "info-oauth-test-passed",
          "expiration_time" : { "t_s": $expiration },
          "rules" : [ {
            "operation_type": "CLOSE",
diff --git a/src/testing/test_exchange_api.conf b/src/testing/test_exchange_api.conf
@@ -99,7 +99,6 @@ WIRE_GATEWAY_URL = "http://localhost:8082/accounts/2/taler-wire-gateway/"
 [kyc-provider-test-oauth2]
 LOGIC = oauth2
 CONVERTER = taler-exchange-helper-converter-oauth2-address
-# PROVIDED_CHECKS = DUMMY
 KYC_OAUTH2_VALIDITY = forever
 KYC_OAUTH2_TOKEN_URL = http://localhost:6666/oauth/v2/token
 KYC_OAUTH2_AUTHORIZE_URL = http://localhost:6666/oauth/v2/login
@@ -122,6 +121,20 @@ FALLBACK = manual-freeze
 # This check runs on oauth2
 PROVIDER_ID = test-oauth2
 
+# This is the "default" setting for an account if
+# it has not yet triggered anything.
+[kyc-check-default]
+VOLUNTARY = NO
+TYPE = INFO
+DESCRIPTION = "Your account is operating normally"
+DESCRIPTION_I18N = {}
+# No context requirements
+REQUIRES =
+# Measure to execute if check failed. Well,
+# this check cannot really fail, but the
+# conservative answer is to freeze.
+FALLBACK = manual-freeze
+
 # If this "check" is triggered, we merely inform
 # the user that their account has been frozen. The
 # user cannot proceed manually.
@@ -137,6 +150,20 @@ REQUIRES =
 # where we are: frozen.
 FALLBACK = manual-freeze
 
+# If this "check" is triggered, we merely inform
+# the user that we got their oauth-test data on file.
+[kyc-check-info-oauth-test-passed]
+VOLUNTARY = NO
+TYPE = INFO
+DESCRIPTION = "You passed the OAuth2 check. Thank you."
+DESCRIPTION_I18N = {}
+# No context requirements
+REQUIRES =
+# Measure to execute if check failed. Well,
+# this check cannot really fail, but we stay
+# where we are: frozen.
+FALLBACK = manual-freeze
+
 [aml-program-oauth-output-check]
 DESCRIPTION = "Validates the output from OAauth2 and then permits the reserve closing to proceed"
 # Command that runs on the output of the OAuth provider
@@ -158,7 +185,7 @@ CONTEXT = {}
 # whenever something goes wrong. We freeze the
 # account and ask AML staff to investigate.
 [kyc-measure-manual-freeze]
-CHECK_NAME = info-frozen
+CHECK_NAME = skip
 # AML program that freezes the account and flags
 # it for investigation.
 PROGRAM = taler-exchange-helper-measure-freeze