commit 1867e4bd6ad9928db921db6c7866464bc45c6696
parent f5e541b0973ddc496bf628ba194a7d917769c58b
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 4 Sep 2025 12:02:36 +0200
adjust MFA code to latest spec
Diffstat:
3 files changed, 75 insertions(+), 69 deletions(-)
diff --git a/contrib/ci/Containerfile b/contrib/ci/Containerfile
@@ -46,8 +46,8 @@ RUN apt-get update -yqq && \
&& rm -rf /var/lib/apt/lists/*
# Install Taler (and friends) packages
-RUN curl -sS https://deb.taler.net/apt-nightly/taler-bookworm-ci.sources \
- | tee /etc/apt/sources.list.d/taler-bookworm-ci.sources
+RUN curl -sS https://deb.taler.net/apt-nightly/taler-trixie-ci.sources \
+ | tee /etc/apt/sources.list.d/taler-trixie-ci.sources
RUN echo '\
Package: * \n\
diff --git a/src/backend/taler-merchant-httpd_mfa.c b/src/backend/taler-merchant-httpd_mfa.c
@@ -335,6 +335,57 @@ struct Challenge
/**
+ * Obtain hint about the @a target_address of type @a channel to
+ * return to the client.
+ *
+ * @param channel type of challenge
+ * @param target_address address we will sent the challenge to
+ * @return hint for the user about the address
+ */
+static char *
+get_hint (enum TALER_MERCHANT_MFA_Channel channel,
+ const char *target_address)
+{
+ switch (channel)
+ {
+ case TALER_MERCHANT_MFA_CHANNEL_NONE:
+ GNUNET_assert (0);
+ return NULL;
+ case TALER_MERCHANT_MFA_CHANNEL_SMS:
+ {
+ size_t slen = strlen (target_address);
+ const char *end;
+
+ if (slen > 4)
+ end = &target_address[slen - 4];
+ else
+ end = &target_address[slen / 2];
+ return GNUNET_strdup (end);
+ }
+ case TALER_MERCHANT_MFA_CHANNEL_EMAIL:
+ {
+ const char *at;
+ size_t len;
+
+ at = strchr (target_address,
+ '@');
+ if (NULL == at)
+ len = 0;
+ else
+ len = at - target_address;
+ return GNUNET_strndup (target_address,
+ len);
+ }
+ case TALER_MERCHANT_MFA_CHANNEL_TOTP:
+ GNUNET_break (0);
+ return GNUNET_strdup ("TOTP is not implemented: #10327");
+ }
+ GNUNET_break (0);
+ return NULL;
+}
+
+
+/**
* Check that a set of MFA challenges has been satisfied by the
* client for the request in @a hc.
*
@@ -547,10 +598,26 @@ TMH_mfa_challenges_do (
GNUNET_assert (NULL != jchallenges);
for (size_t i = 0; i<num_challenges; i++)
{
+ const struct Challenge *c = &challenges[i];
+ json_t *jc;
+ char *hint;
+
+ hint = get_hint (c->channel,
+ c->required_address);
+
+ jc = GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_string ("address_hint",
+ hint),
+ GNUNET_JSON_pack_string ("challenge_type",
+ TALER_MERCHANT_MFA_channel_to_string (
+ c->channel)),
+ GNUNET_JSON_pack_string ("challenge_id",
+ c->challenge_id));
+ GNUNET_free (hint);
GNUNET_assert (0 ==
json_array_append_new (
jchallenges,
- json_string (challenges[i].challenge_id)));
+ jc));
}
ret = (MHD_NO ==
TALER_MHD_REPLY_JSON_PACK (
diff --git a/src/backend/taler-merchant-httpd_post-challenge-ID.c b/src/backend/taler-merchant-httpd_post-challenge-ID.c
@@ -207,57 +207,6 @@ TMH_challenge_done ()
/**
- * Obtain hint about the @a target_address of type @a channel to
- * return to the client.
- *
- * @param channel type of challenge
- * @param target_address address we will sent the challenge to
- * @return hint for the user about the address
- */
-static char *
-get_hint (enum TALER_MERCHANT_MFA_Channel channel,
- const char *target_address)
-{
- switch (channel)
- {
- case TALER_MERCHANT_MFA_CHANNEL_NONE:
- GNUNET_assert (0);
- return NULL;
- case TALER_MERCHANT_MFA_CHANNEL_SMS:
- {
- size_t slen = strlen (target_address);
- const char *end;
-
- if (slen > 4)
- end = &target_address[slen - 4];
- else
- end = &target_address[slen / 2];
- return GNUNET_strdup (end);
- }
- case TALER_MERCHANT_MFA_CHANNEL_EMAIL:
- {
- const char *at;
- size_t len;
-
- at = strchr (target_address,
- '@');
- if (NULL == at)
- len = 0;
- else
- len = at - target_address;
- return GNUNET_strndup (target_address,
- len);
- }
- case TALER_MERCHANT_MFA_CHANNEL_TOTP:
- GNUNET_break (0);
- return GNUNET_strdup ("TOTP is not implemented: #10327");
- }
- GNUNET_break (0);
- return NULL;
-}
-
-
-/**
* Send the given @a response for the @a mfa request.
*
* @param[in,out] mfa process to generate an error response for
@@ -312,7 +261,6 @@ static void
phase_sent (struct MfaState *mfa)
{
enum GNUNET_DB_QueryStatus qs;
- char *address_hint;
if (! mfa->send_ok)
{
@@ -354,22 +302,13 @@ phase_sent (struct MfaState *mfa)
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
- address_hint = get_hint (mfa->channel,
- mfa->required_address);
respond_to_challenge_with_response (
mfa,
- MHD_HTTP_ACCEPTED,
- TALER_MHD_MAKE_JSON_PACK (
- GNUNET_JSON_pack_string ("address_hint",
- address_hint),
- GNUNET_JSON_pack_string ("challenge_type",
- TALER_MERCHANT_MFA_channel_to_string (
- mfa->channel)),
- GNUNET_JSON_pack_uint64 ("challenge_id",
- mfa->challenge_id),
- GNUNET_JSON_pack_data_auto ("h_body",
- &mfa->h_body)));
- GNUNET_free (address_hint);
+ MHD_HTTP_NO_CONTENT,
+ MHD_create_response_from_data (0,
+ NULL,
+ MHD_NO,
+ MHD_NO));
}
