commit a9486c3d0ced223becfc8511fc5e44a72a6bd10d
parent c3786169623f2d61d76d15d7af16b6d2f6779930
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 5 May 2025 22:05:50 +0200
fix #9856
Diffstat:
1 file changed, 67 insertions(+), 64 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_exchanges.c b/src/backend/taler-merchant-httpd_exchanges.c
@@ -676,11 +676,7 @@ TMH_exchange_check_debit (
struct TALER_Amount *max_amount)
{
const struct TALER_EXCHANGE_Keys *keys = exchange->keys;
- struct TALER_NormalizedPayto np;
- bool account_ok;
bool have_kyc = false;
- struct TALER_Amount kyc_limit;
- bool unlimited = true;
bool no_access_token = true;
if (NULL == keys)
@@ -695,15 +691,22 @@ TMH_exchange_check_debit (
max_amount->currency);
return GNUNET_SYSERR;
}
+ {
+ struct TALER_NormalizedPayto np;
+ bool account_ok;
+
+ np = TALER_payto_normalize (wm->payto_uri);
+ account_ok = TALER_EXCHANGE_keys_test_account_allowed (keys,
+ false,
+ np);
+ GNUNET_free (np.normalized_payto);
+ if (! account_ok)
+ return GNUNET_NO;
+ }
+ if (! keys->kyc_enabled)
+ return GNUNET_YES;
- np = TALER_payto_normalize (wm->payto_uri);
- account_ok = TALER_EXCHANGE_keys_test_account_allowed (keys,
- false,
- np);
- GNUNET_free (np.normalized_payto);
- if (keys->kyc_enabled)
{
- bool kyc_ok = false;
json_t *jlimits = NULL;
enum GNUNET_DB_QueryStatus qs;
@@ -711,7 +714,7 @@ TMH_exchange_check_debit (
wm->payto_uri,
instance_id,
exchange->url,
- &kyc_ok,
+ &have_kyc,
&no_access_token,
&jlimits);
GNUNET_break (qs >= 0);
@@ -719,13 +722,15 @@ TMH_exchange_check_debit (
"get_kyc_limits for %s at %s returned %s/%s\n",
wm->payto_uri.full_payto,
exchange->url,
- kyc_ok ? "KYC OK" : "KYC missing",
+ have_kyc ? "KYC OK" : "KYC missing",
NULL == jlimits ? "default limits" : "custom limits");
if ( (qs > 0) &&
(NULL != jlimits) )
{
json_t *jlimit;
size_t idx;
+ struct TALER_Amount kyc_limit;
+ bool unlimited = true;
json_array_foreach (jlimits, idx, jlimit)
{
@@ -774,64 +779,62 @@ TMH_exchange_check_debit (
}
}
json_decref (jlimits);
- }
- if (kyc_ok)
- have_kyc = true;
+ /* We had custom rules, do not evaluate default rules */
+ if (! unlimited)
+ TALER_amount_min (max_amount,
+ max_amount,
+ &kyc_limit);
+ return GNUNET_YES;
+ } /* END of if qs > 0, NULL != jlimits */
}
- if (! unlimited)
- TALER_amount_min (max_amount,
- max_amount,
- &kyc_limit);
- if (keys->kyc_enabled)
- {
- /* apply both deposit and transaction limits */
- if ( (no_access_token) ||
- ( (! have_kyc) &&
- (TALER_EXCHANGE_keys_evaluate_zero_limits (
- keys,
- TALER_KYCLOGIC_KYC_TRIGGER_DEPOSIT) ||
- TALER_EXCHANGE_keys_evaluate_zero_limits (
- keys,
- TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION)) ) )
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "KYC requirements of %s not satisfied\n",
- exchange->url);
- GNUNET_assert (GNUNET_OK ==
- TALER_amount_set_zero (
- max_amount->currency,
- max_amount));
- }
- else
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Evaluating default limits of %s\n",
- exchange->url);
- TALER_EXCHANGE_keys_evaluate_hard_limits (
- keys,
- TALER_KYCLOGIC_KYC_TRIGGER_DEPOSIT,
- max_amount);
- TALER_EXCHANGE_keys_evaluate_hard_limits (
- keys,
- TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION,
- max_amount);
- if (TALER_EXCHANGE_keys_evaluate_zero_limits (
+ /* Check zero limits *only* if we did no KYC process at all yet.
+ Because if we did, there is at least a chance that those have
+ been lifted. */
+ if ( (no_access_token) ||
+ ( (! have_kyc) &&
+ (TALER_EXCHANGE_keys_evaluate_zero_limits (
keys,
TALER_KYCLOGIC_KYC_TRIGGER_DEPOSIT) ||
TALER_EXCHANGE_keys_evaluate_zero_limits (
keys,
- TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Operation is zero-limited by default\n");
- GNUNET_assert (GNUNET_OK ==
- TALER_amount_set_zero (max_amount->currency,
- max_amount));
- }
- }
+ TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION)) ) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "KYC requirements of %s not satisfied\n",
+ exchange->url);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_amount_set_zero (
+ max_amount->currency,
+ max_amount));
+ return GNUNET_YES;
+ }
+ /* In any case, abide by hard limits (unless we have custom rules). */
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Evaluating default hard limits of %s\n",
+ exchange->url);
+ TALER_EXCHANGE_keys_evaluate_hard_limits (
+ keys,
+ TALER_KYCLOGIC_KYC_TRIGGER_DEPOSIT,
+ max_amount);
+ TALER_EXCHANGE_keys_evaluate_hard_limits (
+ keys,
+ TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION,
+ max_amount);
+ if (TALER_EXCHANGE_keys_evaluate_zero_limits (
+ keys,
+ TALER_KYCLOGIC_KYC_TRIGGER_DEPOSIT) ||
+ TALER_EXCHANGE_keys_evaluate_zero_limits (
+ keys,
+ TALER_KYCLOGIC_KYC_TRIGGER_TRANSACTION))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Operation is zero-limited by default\n");
+ GNUNET_assert (GNUNET_OK ==
+ TALER_amount_set_zero (max_amount->currency,
+ max_amount));
}
- return account_ok ? GNUNET_YES : GNUNET_NO;
+ return GNUNET_YES;
}
