commit 614a17d5993fd98304adb8b45966cdbc3aa3d002
parent 669d3b615784d20cc503ec0d74a14c2864efa183
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 8 May 2024 09:38:03 +0200
fix warnings, improve structure
Diffstat:
8 files changed, 142 insertions(+), 117 deletions(-)
diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst
@@ -440,9 +440,11 @@ Security Considerations
=======================
For implementors:
+
* The withdrawal operation ID must contain enough entropy to be unguessable.
Design:
+
* The user must complete the 2FA step of the withdrawal in the context of their banking
app or online banking Website.
We explicitly reject any design where the user would have to enter a confirmation code
diff --git a/core/api-common.rst b/core/api-common.rst
@@ -255,6 +255,11 @@ hashed data. See `base32`_.
// 32-byte hash code.
type ShortHashCode = string;
+.. ts:def:: AccountAccessToken
+
+ // 32-byte nonce.
+ type AccountAccessToken = string;
+
.. ts:def:: WireSalt
// 16-byte salt.
diff --git a/design-documents/023-taler-kyc.rst b/design-documents/023-taler-kyc.rst
@@ -200,7 +200,7 @@ user for *voluntary* KYC processes related to attestation (#7365).
Proposed Solution
=================
-The main state of an account is represented by a set of `KycRules` (the
+The main state of an account is represented by a set of `KYC rules <KycRule>` (the
`LegitimizationRuleSet`) which specify the current *rules* to apply to
transactions involving the account. Rules can *exposed* to the account owner,
or can be secret. Each *rule* specifies certain *conditions* which, if met,
@@ -1154,11 +1154,11 @@ New endpoints
// True if the account is under investigation by AML staff
// after this decision.
- to_investigate: bool;
+ to_investigate: boolean;
// True if this is the active decision for the
// account.
- is_active: bool;
+ is_active: boolean;
}
@@ -1270,7 +1270,7 @@ New endpoints
new_rules: LegitimizationRuleSet;
// True if the account should remain under investigation by AML staff.
- keep_investigating: bool;
+ keep_investigating: boolean;
// When was the decision made?
decision_time: Timestamp;
@@ -1600,7 +1600,7 @@ AML programs are helper programs that can:
// rule determines which set of measures will
// be activated and thus become visible for the
// user.
- display_priority: integer;
+ display_priority: Integer;
// True if the rule (specifically, operation_type,
// threshold, timeframe) and the general nature of
diff --git a/frags/regional-manual-use.rst b/frags/regional-manual-use.rst
@@ -1,110 +0,0 @@
-.. _regional-use:
-
-Using the Regional Currency
-===========================
-
-The very first step you should check after the installation process has been
-completed successfully, is to make sure all three URLs (bank, backend and exchange),
-are available (this means to see a Website, and not any NGINX error).
-
-
-Bank backend walkthrough
-+++++++++++++++++++++++++
-
-- As stated above, please visit before "https://bank.$DOMAIN_NAME", to make sure it is available.
-
-- Now login with the username "admin" and the password you have choosen during the installation process, or use the one which might
- have been generated automatically (and shown on your terminal screen), during the installation process.
- Once inside the Bank Administrator area, please create the "very first" customer account.
-
-- Transfer some funds from the "admin" bank account to this new customer account.
-
-- Now logout from the "admin" account, and login again using the recently "customer" account you have created, and make sure the funds you have transfered from admin, have arrived correctly.
-
-- Now, please choose the option "Send Money to a Taler Wallet", and try to send for example 100 units of your regional currency to the
- wallet installed on your browser or mobile phone.
-
-- Now try to spend some of these funds from your wallet, and try to buy something somewhere, with the same digital currency you have choosen, during your installation process, let's say Netzbon.
-
-- Lastly, you can also try to transfer funds to another "bank account",for that you will need to know the recipient's username or the bank account ID.
-
-If you have successfully accomplished all the previous steps, for the bank administrator
-backend and your installed Wallet, you can move now to test other components such
-as the Merchant backend (https://backend.$DOMAIN_NAME).
-
-Wallet Setup
-++++++++++++
-
-This section describes the interaction between the Taler graphical wallet (Android,
-iOS, WebExtensions) and the regional currency system.
-
-You need to add your regional currency exchange to the wallet. This can
-be done by scanning a QR code with a ``taler://withdraw-exchange/exchange.$DOMAIN_NAME/$MASTER_PUBLIC_KEY``
-URL or by manually entering the URL into the respective ``Add exchange``
-dialogue.
-
-.. _regional-use-cashin:
-
-Cash-In
-+++++++
-
-Next, start the withdraw process in the Taler wallet for the respective
-currency and specify the desired amount. The wallet will then show you the
-details of the fiat wire transfer that must be made for the cash-in to be
-completed. Once the money has arrived at the fiat bank account, Nexus will
-obtain the transaction data and the regional currency bank will create the
-corresponding amount in regional currency, crediting the GNU Taler exchange
-account. In turn, the exchange will issue the respective amount to your
-wallet.
-
-.. note::
-
- Cash-in operations may be subject to conversion rates, conversion fees and
- minimum amounts to be transferred.
-
-.. warning::
-
- Cash-in operations can take a long time, hours at the best of times, and even days on weekends or holidays when the bank is closed.
-
-Making payments
-+++++++++++++++
-
-For testing, you should be able to *deposit* regional currency directly into
-your regional currency libeufin-bank account directly from the Taler wallet.
-For this, you primarily need to know your bank account details (which should
-be accessible by clicking on your name in the bank Web site after logging in).
-
-.. note::
-
- There may be a short delay between the wallet making the deposit and
- the exchange crediting your bank account. This is because the wallet
- uses a small wire transfer delay by default when initiating a deposit
- into a bank account.
-
-For production, it is more common for a shop to configure a :ref:`Taler
-merchant backend <taler-merchant-backend-operator-manual>` or at least use an
-instance within such a setup. To configure an instance, you primarily need
-again the bank account details to :ref:`setup instance bank accounts
-<instance-bank-account>`.
-
-.. _regional-use-cashout:
-
-Cash-Out
-++++++++
-
-Regional currency accounts that have a positive balance could be eligible for
-cash-out. Cash-out operations may again be restricted by the regional
-currency operator and will *only* be made to the respective pre-configured
-fiat currency bank account. To cash-out, simply log into your regional
-currency account, select cash-out, specify the desired amount and pass the
-second-factor authorization challenge by entering the TAN you receive at the
-registered e-mail address or mobile phone number.
-
-.. note::
-
- Cash-out operations may be subject to conversion rates, conversion fees and
- minimum amounts to be transferred.
-
-.. warning::
-
- Cash-out operations can take a long time, hours at the best of times, and even days on weekends or holidays when the bank is closed.
diff --git a/libeufin/index.rst b/libeufin/index.rst
@@ -31,4 +31,5 @@ LibEuFin is a project providing free software tooling for European FinTech.
bank-manual
regional-automated-manual
regional-custom-manual
+ regional-manual-use
setup-ebics-at-postfinance
diff --git a/libeufin/regional-automated-manual.rst b/libeufin/regional-automated-manual.rst
@@ -241,7 +241,6 @@ manual setup and in the the manpage of ``taler-exchange-offline``.
.. include:: ../frags/regional-system-on.rst
.. include:: ../frags/deploying-tos.rst
-.. include:: ../frags/regional-manual-use.rst
Installing Updates
diff --git a/libeufin/regional-custom-manual.rst b/libeufin/regional-custom-manual.rst
@@ -141,7 +141,6 @@ account with "CHF".
.. include:: ../frags/regional-system-on.rst
.. include:: ../frags/deploying-tos.rst
-.. include:: ../frags/regional-manual-use.rst
Maintenance
diff --git a/libeufin/regional-manual-use.rst b/libeufin/regional-manual-use.rst
@@ -0,0 +1,129 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Florian Dold
+ @author Marcello Stanisci
+ @author Christian Grothoff
+
+.. _regional-use:
+
+Using the Regional Currency
+===========================
+
+The very first step you should check after the installation process has been
+completed successfully, is to make sure all three URLs (bank, backend and exchange),
+are available (this means to see a Website, and not any NGINX error).
+
+
+Bank backend walkthrough
++++++++++++++++++++++++++
+
+- As stated above, please visit before "https://bank.$DOMAIN_NAME", to make sure it is available.
+
+- Now login with the username "admin" and the password you have choosen during the installation process, or use the one which might
+ have been generated automatically (and shown on your terminal screen), during the installation process.
+ Once inside the Bank Administrator area, please create the "very first" customer account.
+
+- Transfer some funds from the "admin" bank account to this new customer account.
+
+- Now logout from the "admin" account, and login again using the recently "customer" account you have created, and make sure the funds you have transfered from admin, have arrived correctly.
+
+- Now, please choose the option "Send Money to a Taler Wallet", and try to send for example 100 units of your regional currency to the
+ wallet installed on your browser or mobile phone.
+
+- Now try to spend some of these funds from your wallet, and try to buy something somewhere, with the same digital currency you have choosen, during your installation process, let's say Netzbon.
+
+- Lastly, you can also try to transfer funds to another "bank account",for that you will need to know the recipient's username or the bank account ID.
+
+If you have successfully accomplished all the previous steps, for the bank administrator
+backend and your installed Wallet, you can move now to test other components such
+as the Merchant backend (https://backend.$DOMAIN_NAME).
+
+Wallet Setup
+++++++++++++
+
+This section describes the interaction between the Taler graphical wallet (Android,
+iOS, WebExtensions) and the regional currency system.
+
+You need to add your regional currency exchange to the wallet. This can
+be done by scanning a QR code with a ``taler://withdraw-exchange/exchange.$DOMAIN_NAME/$MASTER_PUBLIC_KEY``
+URL or by manually entering the URL into the respective ``Add exchange``
+dialogue.
+
+.. _regional-use-cashin:
+
+Cash-In
++++++++
+
+Next, start the withdraw process in the Taler wallet for the respective
+currency and specify the desired amount. The wallet will then show you the
+details of the fiat wire transfer that must be made for the cash-in to be
+completed. Once the money has arrived at the fiat bank account, Nexus will
+obtain the transaction data and the regional currency bank will create the
+corresponding amount in regional currency, crediting the GNU Taler exchange
+account. In turn, the exchange will issue the respective amount to your
+wallet.
+
+.. note::
+
+ Cash-in operations may be subject to conversion rates, conversion fees and
+ minimum amounts to be transferred.
+
+.. warning::
+
+ Cash-in operations can take a long time, hours at the best of times, and even days on weekends or holidays when the bank is closed.
+
+Making payments
++++++++++++++++
+
+For testing, you should be able to *deposit* regional currency directly into
+your regional currency libeufin-bank account directly from the Taler wallet.
+For this, you primarily need to know your bank account details (which should
+be accessible by clicking on your name in the bank Web site after logging in).
+
+.. note::
+
+ There may be a short delay between the wallet making the deposit and
+ the exchange crediting your bank account. This is because the wallet
+ uses a small wire transfer delay by default when initiating a deposit
+ into a bank account.
+
+For production, it is more common for a shop to configure a :ref:`Taler
+merchant backend <taler-merchant-backend-operator-manual>` or at least use an
+instance within such a setup. To configure an instance, you primarily need
+again the bank account details to :ref:`setup instance bank accounts
+<instance-bank-account>`.
+
+.. _regional-use-cashout:
+
+Cash-Out
+++++++++
+
+Regional currency accounts that have a positive balance could be eligible for
+cash-out. Cash-out operations may again be restricted by the regional
+currency operator and will *only* be made to the respective pre-configured
+fiat currency bank account. To cash-out, simply log into your regional
+currency account, select cash-out, specify the desired amount and pass the
+second-factor authorization challenge by entering the TAN you receive at the
+registered e-mail address or mobile phone number.
+
+.. note::
+
+ Cash-out operations may be subject to conversion rates, conversion fees and
+ minimum amounts to be transferred.
+
+.. warning::
+
+ Cash-out operations can take a long time, hours at the best of times, and even days on weekends or holidays when the bank is closed.
