commit 599b246db984dadf845b7a99f689e523be3f0df1
parent 7fd3be28acb8ff76a0e86a7a0ee791dee0852355
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 4 May 2025 13:39:15 +0200
filter zero-limits in /kyc-check also by is_wallet
Diffstat:
8 files changed, 61 insertions(+), 12 deletions(-)
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c
@@ -203,6 +203,7 @@ TEH_handler_kyc_check (
bool aml_review;
bool kyc_required;
bool access_ok = false;
+ bool is_wallet;
uint64_t rule_gen = 0;
if (NULL == kyp)
@@ -308,6 +309,7 @@ TEH_handler_kyc_check (
TEH_plugin->cls,
&kyp->h_payto,
&account_pub,
+ &is_wallet,
&reserve_pub.reserve_pub,
&access_token,
&rule_gen,
@@ -428,7 +430,15 @@ TEH_handler_kyc_check (
&account_pub));
}
- jlimits = TALER_KYCLOGIC_rules_to_limits (jrules);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "KYC rules apply:\n");
+ if (NULL != jrules)
+ json_dumpf (jrules,
+ stderr,
+ JSON_INDENT (2));
+
+ jlimits = TALER_KYCLOGIC_rules_to_limits (jrules,
+ is_wallet);
if (NULL == jlimits)
{
GNUNET_break_op (0);
@@ -444,6 +454,12 @@ TEH_handler_kyc_check (
jrules = NULL;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "KYC limits apply:\n");
+ json_dumpf (jlimits,
+ stderr,
+ JSON_INDENT (2));
+
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Returning KYC %s\n",
kyc_required ? "required" : "optional");
return TALER_MHD_REPLY_JSON_PACK (
diff --git a/src/exchangedb/exchange_do_lookup_kyc_requirement_by_row.sql b/src/exchangedb/exchange_do_lookup_kyc_requirement_by_row.sql
@@ -23,6 +23,7 @@ CREATE FUNCTION exchange_do_lookup_kyc_requirement_by_row(
OUT out_reserve_pub BYTEA, -- NULL allowed
OUT out_access_token BYTEA, -- NULL if 'out_not_found'
OUT out_jrules TEXT, -- NULL allowed
+ OUT out_payto TEXT, -- NULL allowed
OUT out_not_found BOOLEAN,
OUT out_rule_gen INT8, -- NULL allowed
OUT out_aml_review BOOLEAN, -- NULL allowed
@@ -37,6 +38,7 @@ BEGIN
-- Find the access token and the current account public key.
SELECT access_token
,target_pub
+ ,payto_uri
INTO my_wtrec
FROM wire_targets
WHERE h_normalized_payto=in_h_normalized_payto;
@@ -49,6 +51,7 @@ THEN
END IF;
out_not_found = FALSE;
+out_payto = my_wtrec.payto_uri;
out_account_pub = my_wtrec.target_pub;
out_access_token = my_wtrec.access_token;
diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
@@ -31,6 +31,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
void *cls,
const struct TALER_NormalizedPaytoHashP *h_payto,
union TALER_AccountPublicKeyP *account_pub,
+ bool *is_wallet,
struct TALER_ReservePublicKeyP *reserve_pub,
struct TALER_AccountAccessTokenP *access_token,
uint64_t *rule_gen,
@@ -44,6 +45,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
GNUNET_PQ_query_param_end
};
bool not_found;
+ char *payto = NULL;
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_allow_null (
GNUNET_PQ_result_spec_auto_from_type ("account_pub",
@@ -64,6 +66,11 @@ TEH_PG_lookup_kyc_requirement_by_row (
NULL),
GNUNET_PQ_result_spec_allow_null (
/* can be NULL due to LEFT JOIN */
+ GNUNET_PQ_result_spec_string ("payto",
+ &payto),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ /* can be NULL due to LEFT JOIN */
GNUNET_PQ_result_spec_bool ("aml_review",
aml_review),
NULL),
@@ -81,6 +88,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
*jrules = NULL;
*aml_review = false;
+ *is_wallet = false;
*rule_gen = 0;
memset (account_pub,
0,
@@ -98,6 +106,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
",out_reserve_pub AS reserve_pub"
",out_access_token AS access_token"
",out_jrules AS jrules"
+ ",out_payto AS payto"
",out_not_found AS not_found"
",out_aml_review AS aml_review"
",out_kyc_required AS kyc_required"
@@ -111,6 +120,11 @@ TEH_PG_lookup_kyc_requirement_by_row (
rs);
if (qs <= 0)
return qs;
+ if (NULL != payto)
+ {
+ *is_wallet = TALER_payto_is_wallet (payto);
+ GNUNET_free (payto);
+ }
if (not_found)
return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
return qs;
diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h
@@ -33,6 +33,8 @@
* @param h_payto identifies account to look up requirement for
* @param[out] account_pub set to public key of the account
* needed to authorize access, all zeros if not known
+ * @param[out] is_wallet set to true if the account is
+ * that of a wallet (false is used if unknown)
* @param[out] reserve_pub set to last reserve public key
* used for a wire transfer from the account to the
* exchange; alternatively used to authorize access,
@@ -54,6 +56,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
void *cls,
const struct TALER_NormalizedPaytoHashP *h_payto,
union TALER_AccountPublicKeyP *account_pub,
+ bool *is_wallet,
struct TALER_ReservePublicKeyP *reserve_pub,
struct TALER_AccountAccessTokenP *access_token,
uint64_t *rule_gen,
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
@@ -7416,6 +7416,8 @@ struct TALER_EXCHANGEDB_Plugin
* @param h_payto identifies account to look up requirement for
* @param[out] account_pub set to public key of the account
* needed to authorize access, all zeros if not known
+ * @param[out] is_wallet set to true if the account is
+ * that of a wallet (false is used if unknown)
* @param[out] reserve_pub set to last reserve public key
* used for a wire transfer from the account to the
* exchange; alternatively used to authorize access,
@@ -7437,6 +7439,7 @@ struct TALER_EXCHANGEDB_Plugin
void *cls,
const struct TALER_NormalizedPaytoHashP *h_payto,
union TALER_AccountPublicKeyP *account_pub,
+ bool *is_wallet,
struct TALER_ReservePublicKeyP *reserve_pub,
struct TALER_AccountAccessTokenP *access_token,
uint64_t *rule_gen,
diff --git a/src/include/taler_kyclogic_lib.h b/src/include/taler_kyclogic_lib.h
@@ -486,11 +486,13 @@ TALER_KYCLOGIC_check_to_jmeasures (
*
* @param jrules a ``LegitimizationRuleSet`` with KYC rules;
* NULL to use default rules
+ * @param is_wallet true if this is for a wallet
* @return set to JSON array with public limits
* of type ``AccountLimit``
*/
json_t *
-TALER_KYCLOGIC_rules_to_limits (const json_t *jrules);
+TALER_KYCLOGIC_rules_to_limits (const json_t *jrules,
+ bool is_wallet);
/**
diff --git a/src/json/json_helper.c b/src/json/json_helper.c
@@ -2005,16 +2005,17 @@ TALER_JSON_spec_array_of_data (
cls = GNUNET_new (struct closure_array_of_data);
cls->num_entries = num_entries;
cls->entry_size = entry_size;
+ {
+ struct GNUNET_JSON_Specification ret = {
+ .parser = &parse_array_of_data,
+ .ptr = entries,
+ .field = field,
+ .cleaner = &cleaner_array_of_data,
+ .cls = (void *) cls,
+ };
- struct GNUNET_JSON_Specification ret = {
- .parser = &parse_array_of_data,
- .ptr = entries,
- .field = field,
- .cleaner = &cleaner_array_of_data,
- .cls = (void *) cls,
- };
-
- return ret;
+ return ret;
+ }
}
diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
@@ -966,7 +966,8 @@ TALER_KYCLOGIC_status2s (enum TALER_KYCLOGIC_KycStatus status)
json_t *
-TALER_KYCLOGIC_rules_to_limits (const json_t *jrules)
+TALER_KYCLOGIC_rules_to_limits (const json_t *jrules,
+ bool is_wallet)
{
if (NULL == jrules)
{
@@ -986,6 +987,9 @@ TALER_KYCLOGIC_rules_to_limits (const json_t *jrules)
if (! rule->exposed)
continue;
+ if (! trigger_applies (rule->trigger,
+ is_wallet))
+ continue;
limit = GNUNET_JSON_PACK (
GNUNET_JSON_pack_allow_null (
GNUNET_JSON_pack_string ("rule_name",
@@ -1057,6 +1061,9 @@ TALER_KYCLOGIC_rules_to_limits (const json_t *jrules)
}
if (! exposed)
continue;
+ if (! trigger_applies (operation_type,
+ is_wallet))
+ continue;
json_array_foreach (jmeasures, i, jmeasure)
{
const char *val;
