commit a0943ee6ab8e9bd0558e2ce57735a9a0a6a8dd5c
parent 32a2db29269eabd48c855c1757d0a8378c7a87f5
Author: Florian Dold <florian@dold.me>
Date: Thu, 8 May 2025 20:54:40 +0200
kyc: return 500 when aml program outcome is bad
Diffstat:
3 files changed, 48 insertions(+), 4 deletions(-)
diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c b/src/exchange/taler-exchange-httpd_common_kyc.c
@@ -169,6 +169,7 @@ kyc_aml_finished (
struct TEH_KycMeasureRunContext *kat = cls;
enum GNUNET_DB_QueryStatus qs;
struct GNUNET_AsyncScopeSave old_scope;
+ enum TALER_EXCHANGEDB_PersistProgramResultStatus pprs;
kat->kyc_aml = NULL;
if (NULL != kat->async_task)
@@ -186,7 +187,8 @@ kyc_aml_finished (
TEH_plugin,
kat->process_row,
&kat->account_id,
- apr);
+ apr,
+ &pprs);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -202,6 +204,19 @@ kyc_aml_finished (
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
+ switch (pprs)
+ {
+ case TALER_EXCHANGEDB_PPRS_OK:
+ break;
+ case TALER_EXCHANGEDB_PPRS_BAD_OUTCOME:
+ GNUNET_break (0);
+ kat->cb (kat->cb_cls,
+ TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT,
+ "persist_aml_program_result");
+ TEH_kyc_run_measure_cancel (kat);
+ GNUNET_async_scope_restore (&old_scope);
+ return;
+ }
switch (apr->status)
{
case TALER_KYCLOGIC_AMLR_FAILURE:
diff --git a/src/exchangedb/exchangedb_aml.c b/src/exchangedb/exchangedb_aml.c
@@ -37,12 +37,17 @@ TALER_EXCHANGEDB_persist_aml_program_result (
struct TALER_EXCHANGEDB_Plugin *plugin,
uint64_t process_row,
const struct TALER_NormalizedPaytoHashP *account_id,
- const struct TALER_KYCLOGIC_AmlProgramResult *apr)
+ const struct TALER_KYCLOGIC_AmlProgramResult *apr,
+ enum TALER_EXCHANGEDB_PersistProgramResultStatus *ret_pprs)
{
enum GNUNET_DB_QueryStatus qs;
json_t *jmeasures = NULL;
struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs = NULL;
+ GNUNET_assert (NULL != ret_pprs);
+
+ *ret_pprs = TALER_EXCHANGEDB_PPRS_OK;
+
if ( (TALER_KYCLOGIC_AMLR_SUCCESS == apr->status) &&
(NULL != apr->details.success.new_measures) )
{
@@ -78,6 +83,7 @@ TALER_EXCHANGEDB_persist_aml_program_result (
account_id,
err,
TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT);
+ *ret_pprs = TALER_EXCHANGEDB_PPRS_BAD_OUTCOME;
GNUNET_free (err);
GNUNET_break (qs > 0);
return qs;
@@ -310,6 +316,7 @@ aml_result_callback (
struct TALER_EXCHANGEDB_RuleUpdater *ru = cls;
enum GNUNET_DB_QueryStatus qs;
enum GNUNET_GenericReturnValue res;
+ enum TALER_EXCHANGEDB_PersistProgramResultStatus pprs;
ru->amlh = NULL;
res = ru->plugin->start (ru->plugin->cls,
@@ -327,7 +334,8 @@ aml_result_callback (
ru->plugin,
0LLU, /* 0: no existing legitimization process, creates new row */
&ru->account,
- apr);
+ apr,
+ &pprs);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -351,6 +359,16 @@ aml_result_callback (
/* normal case */
break;
}
+ switch (pprs)
+ {
+ case TALER_EXCHANGEDB_PPRS_OK:
+ break;
+ case TALER_EXCHANGEDB_PPRS_BAD_OUTCOME:
+ fail_update (ru,
+ TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT,
+ "persist_aml_program_result");
+ return;
+ }
switch (apr->status)
{
case TALER_KYCLOGIC_AMLR_SUCCESS:
diff --git a/src/include/taler_exchangedb_lib.h b/src/include/taler_exchangedb_lib.h
@@ -29,6 +29,15 @@
#include "taler_kyclogic_lib.h"
#include "taler_util.h"
+/**
+ * Detailed status for persisting an AML program result.
+ */
+enum TALER_EXCHANGEDB_PersistProgramResultStatus
+{
+ TALER_EXCHANGEDB_PPRS_OK = 0,
+ TALER_EXCHANGEDB_PPRS_BAD_OUTCOME = 1,
+};
+
/**
* Initialize the plugin.
@@ -385,6 +394,7 @@ TALER_EXCHANGEDB_update_rules_cancel (
* expiration triggering something) and we should simply
* create a new row
* @param account_id hash of account the result is about
+ * @param ret_pprs
* @param apr AML program result to persist
*/
enum GNUNET_DB_QueryStatus
@@ -392,7 +402,8 @@ TALER_EXCHANGEDB_persist_aml_program_result (
struct TALER_EXCHANGEDB_Plugin *plugin,
uint64_t process_row,
const struct TALER_NormalizedPaytoHashP *account_id,
- const struct TALER_KYCLOGIC_AmlProgramResult *apr);
+ const struct TALER_KYCLOGIC_AmlProgramResult *apr,
+ enum TALER_EXCHANGEDB_PersistProgramResultStatus *ret_pprs);
#endif
