/* This file is part of GNU Taler (C) 2019-2022 Taler Systems S.A. GNU Taler is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Taler; see the file COPYING. If not, see */ /** * Implementation of the payment operation, including downloading and * claiming of proposals. * * @author Florian Dold */ /** * Imports. */ import { AbortingCoin, AbortRequest, AbsoluteTime, AmountJson, Amounts, ApplyRefundResponse, codecForAbortResponse, codecForMerchantContractTerms, codecForMerchantOrderRefundPickupResponse, codecForMerchantOrderStatusPaid, codecForMerchantPayResponse, codecForProposal, CoinDepositPermission, CoinRefreshRequest, CoinStatus, ConfirmPayResult, ConfirmPayResultType, constructPayUri, ContractTermsUtil, Duration, encodeCrock, ForcedCoinSel, getRandomBytes, HttpStatusCode, j2s, Logger, makeErrorDetail, makePendingOperationFailedError, MerchantCoinRefundFailureStatus, MerchantCoinRefundStatus, MerchantCoinRefundSuccessStatus, MerchantContractTerms, MerchantPayResponse, NotificationType, parsePayUri, parseRefundUri, PayCoinSelection, PreparePayResult, PreparePayResultType, PrepareRefundResult, RefreshReason, TalerError, TalerErrorCode, TalerErrorDetail, TalerProtocolTimestamp, TalerProtocolViolationError, TransactionMajorState, TransactionMinorState, TransactionState, TransactionType, URL, } from "@gnu-taler/taler-util"; import { getHttpResponseErrorDetails, readSuccessResponseJsonOrErrorCode, readSuccessResponseJsonOrThrow, readTalerErrorResponse, readUnexpectedResponseDetails, throwUnexpectedRequestError, } from "@gnu-taler/taler-util/http"; import { EddsaKeypair } from "../crypto/cryptoImplementation.js"; import { BackupProviderStateTag, CoinRecord, DenominationRecord, PurchaseRecord, PurchaseStatus, RefundReason, RefundState, WalletContractData, WalletStoresV1, } from "../db.js"; import { GetReadWriteAccess, PendingTaskType } from "../index.js"; import { EXCHANGE_COINS_LOCK, InternalWalletState, } from "../internal-wallet-state.js"; import { assertUnreachable } from "../util/assertUnreachable.js"; import { PreviousPayCoins, selectPayCoinsNew } from "../util/coinSelection.js"; import { checkDbInvariant } from "../util/invariants.js"; import { GetReadOnlyAccess } from "../util/query.js"; import { constructTaskIdentifier, OperationAttemptResult, OperationAttemptResultType, RetryInfo, scheduleRetry, TaskIdentifiers, } from "../util/retries.js"; import { makeTransactionId, runOperationWithErrorReporting, spendCoins, } from "./common.js"; import { createRefreshGroup, getTotalRefreshCost } from "./refresh.js"; /** * Logger. */ const logger = new Logger("pay-merchant.ts"); /** * Compute the total cost of a payment to the customer. * * This includes the amount taken by the merchant, fees (wire/deposit) contributed * by the customer, refreshing fees, fees for withdraw-after-refresh and "trimmings" * of coins that are too small to spend. */ export async function getTotalPaymentCost( ws: InternalWalletState, pcs: PayCoinSelection, ): Promise { return ws.db .mktx((x) => [x.coins, x.denominations]) .runReadOnly(async (tx) => { const costs: AmountJson[] = []; for (let i = 0; i < pcs.coinPubs.length; i++) { const coin = await tx.coins.get(pcs.coinPubs[i]); if (!coin) { throw Error("can't calculate payment cost, coin not found"); } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { throw Error( "can't calculate payment cost, denomination for coin not found", ); } const allDenoms = await tx.denominations.indexes.byExchangeBaseUrl .iter(coin.exchangeBaseUrl) .filter((x) => Amounts.isSameCurrency( DenominationRecord.getValue(x), pcs.coinContributions[i], ), ); const amountLeft = Amounts.sub( DenominationRecord.getValue(denom), pcs.coinContributions[i], ).amount; const refreshCost = getTotalRefreshCost( allDenoms, DenominationRecord.toDenomInfo(denom), amountLeft, ws.config.testing.denomselAllowLate, ); costs.push(Amounts.parseOrThrow(pcs.coinContributions[i])); costs.push(refreshCost); } const zero = Amounts.zeroOfAmount(pcs.paymentAmount); return Amounts.sum([zero, ...costs]).amount; }); } async function failProposalPermanently( ws: InternalWalletState, proposalId: string, err: TalerErrorDetail, ): Promise { await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { return; } p.purchaseStatus = PurchaseStatus.ProposalDownloadFailed; await tx.purchases.put(p); }); } function getProposalRequestTimeout(retryInfo?: RetryInfo): Duration { return Duration.clamp({ lower: Duration.fromSpec({ seconds: 1 }), upper: Duration.fromSpec({ seconds: 60 }), value: retryInfo ? RetryInfo.getDuration(retryInfo) : Duration.fromSpec({}), }); } function getPayRequestTimeout(purchase: PurchaseRecord): Duration { return Duration.multiply( { d_ms: 15000 }, 1 + (purchase.payInfo?.payCoinSelection.coinPubs.length ?? 0) / 5, ); } /** * Return the proposal download data for a purchase, throw if not available. * * (Async since in the future this will query the DB.) */ export async function expectProposalDownload( ws: InternalWalletState, p: PurchaseRecord, parentTx?: GetReadOnlyAccess<{ contractTerms: typeof WalletStoresV1.contractTerms; }>, ): Promise<{ contractData: WalletContractData; contractTermsRaw: any; }> { if (!p.download) { throw Error("expected proposal to be downloaded"); } const download = p.download; async function getFromTransaction( tx: Exclude, ): Promise> { const contractTerms = await tx.contractTerms.get( download.contractTermsHash, ); if (!contractTerms) { throw Error("contract terms not found"); } return { contractData: extractContractData( contractTerms.contractTermsRaw, download.contractTermsHash, download.contractTermsMerchantSig, ), contractTermsRaw: contractTerms.contractTermsRaw, }; } if (parentTx) { return getFromTransaction(parentTx); } return await ws.db .mktx((x) => [x.contractTerms]) .runReadOnly(getFromTransaction); } export function extractContractData( parsedContractTerms: MerchantContractTerms, contractTermsHash: string, merchantSig: string, ): WalletContractData { const amount = Amounts.parseOrThrow(parsedContractTerms.amount); let maxWireFee: AmountJson; if (parsedContractTerms.max_wire_fee) { maxWireFee = Amounts.parseOrThrow(parsedContractTerms.max_wire_fee); } else { maxWireFee = Amounts.zeroOfCurrency(amount.currency); } return { amount: Amounts.stringify(amount), contractTermsHash: contractTermsHash, fulfillmentUrl: parsedContractTerms.fulfillment_url ?? "", merchantBaseUrl: parsedContractTerms.merchant_base_url, merchantPub: parsedContractTerms.merchant_pub, merchantSig, orderId: parsedContractTerms.order_id, summary: parsedContractTerms.summary, autoRefund: parsedContractTerms.auto_refund, maxWireFee: Amounts.stringify(maxWireFee), payDeadline: parsedContractTerms.pay_deadline, refundDeadline: parsedContractTerms.refund_deadline, wireFeeAmortization: parsedContractTerms.wire_fee_amortization || 1, allowedAuditors: parsedContractTerms.auditors.map((x) => ({ auditorBaseUrl: x.url, auditorPub: x.auditor_pub, })), allowedExchanges: parsedContractTerms.exchanges.map((x) => ({ exchangeBaseUrl: x.url, exchangePub: x.master_pub, })), timestamp: parsedContractTerms.timestamp, wireMethod: parsedContractTerms.wire_method, wireInfoHash: parsedContractTerms.h_wire, maxDepositFee: Amounts.stringify(parsedContractTerms.max_fee), merchant: parsedContractTerms.merchant, products: parsedContractTerms.products, summaryI18n: parsedContractTerms.summary_i18n, minimumAge: parsedContractTerms.minimum_age, deliveryDate: parsedContractTerms.delivery_date, deliveryLocation: parsedContractTerms.delivery_location, }; } export async function processDownloadProposal( ws: InternalWalletState, proposalId: string, options: object = {}, ): Promise { const proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return await tx.purchases.get(proposalId); }); if (!proposal) { return { type: OperationAttemptResultType.Finished, result: undefined, }; } if (proposal.purchaseStatus != PurchaseStatus.DownloadingProposal) { return { type: OperationAttemptResultType.Finished, result: undefined, }; } const orderClaimUrl = new URL( `orders/${proposal.orderId}/claim`, proposal.merchantBaseUrl, ).href; logger.trace("downloading contract from '" + orderClaimUrl + "'"); const requestBody: { nonce: string; token?: string; } = { nonce: proposal.noncePub, }; if (proposal.claimToken) { requestBody.token = proposal.claimToken; } const opId = TaskIdentifiers.forPay(proposal); const retryRecord = await ws.db .mktx((x) => [x.operationRetries]) .runReadOnly(async (tx) => { return tx.operationRetries.get(opId); }); // FIXME: Do this in the background using the new return value const httpResponse = await ws.http.postJson(orderClaimUrl, requestBody, { timeout: getProposalRequestTimeout(retryRecord?.retryInfo), }); const r = await readSuccessResponseJsonOrErrorCode( httpResponse, codecForProposal(), ); if (r.isError) { switch (r.talerErrorResponse.code) { case TalerErrorCode.MERCHANT_POST_ORDERS_ID_CLAIM_ALREADY_CLAIMED: throw TalerError.fromDetail( TalerErrorCode.WALLET_ORDER_ALREADY_CLAIMED, { orderId: proposal.orderId, claimUrl: orderClaimUrl, }, "order already claimed (likely by other wallet)", ); default: throwUnexpectedRequestError(httpResponse, r.talerErrorResponse); } } const proposalResp = r.response; // The proposalResp contains the contract terms as raw JSON, // as the coded to parse them doesn't necessarily round-trip. // We need this raw JSON to compute the contract terms hash. // FIXME: Do better error handling, check if the // contract terms have all their forgettable information still // present. The wallet should never accept contract terms // with missing information from the merchant. const isWellFormed = ContractTermsUtil.validateForgettable( proposalResp.contract_terms, ); if (!isWellFormed) { logger.trace( `malformed contract terms: ${j2s(proposalResp.contract_terms)}`, ); const err = makeErrorDetail( TalerErrorCode.WALLET_CONTRACT_TERMS_MALFORMED, {}, "validation for well-formedness failed", ); await failProposalPermanently(ws, proposalId, err); throw makePendingOperationFailedError( err, TransactionType.Payment, proposalId, ); } const contractTermsHash = ContractTermsUtil.hashContractTerms( proposalResp.contract_terms, ); logger.info(`Contract terms hash: ${contractTermsHash}`); let parsedContractTerms: MerchantContractTerms; try { parsedContractTerms = codecForMerchantContractTerms().decode( proposalResp.contract_terms, ); } catch (e) { const err = makeErrorDetail( TalerErrorCode.WALLET_CONTRACT_TERMS_MALFORMED, {}, `schema validation failed: ${e}`, ); await failProposalPermanently(ws, proposalId, err); throw makePendingOperationFailedError( err, TransactionType.Payment, proposalId, ); } const sigValid = await ws.cryptoApi.isValidContractTermsSignature({ contractTermsHash, merchantPub: parsedContractTerms.merchant_pub, sig: proposalResp.sig, }); if (!sigValid) { const err = makeErrorDetail( TalerErrorCode.WALLET_CONTRACT_TERMS_SIGNATURE_INVALID, { merchantPub: parsedContractTerms.merchant_pub, orderId: parsedContractTerms.order_id, }, "merchant's signature on contract terms is invalid", ); await failProposalPermanently(ws, proposalId, err); throw makePendingOperationFailedError( err, TransactionType.Payment, proposalId, ); } const fulfillmentUrl = parsedContractTerms.fulfillment_url; const baseUrlForDownload = proposal.merchantBaseUrl; const baseUrlFromContractTerms = parsedContractTerms.merchant_base_url; if (baseUrlForDownload !== baseUrlFromContractTerms) { const err = makeErrorDetail( TalerErrorCode.WALLET_CONTRACT_TERMS_BASE_URL_MISMATCH, { baseUrlForDownload, baseUrlFromContractTerms, }, "merchant base URL mismatch", ); await failProposalPermanently(ws, proposalId, err); throw makePendingOperationFailedError( err, TransactionType.Payment, proposalId, ); } const contractData = extractContractData( parsedContractTerms, contractTermsHash, proposalResp.sig, ); logger.trace(`extracted contract data: ${j2s(contractData)}`); await ws.db .mktx((x) => [x.purchases, x.contractTerms]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { return; } if (p.purchaseStatus !== PurchaseStatus.DownloadingProposal) { return; } p.download = { contractTermsHash, contractTermsMerchantSig: contractData.merchantSig, currency: Amounts.currencyOf(contractData.amount), fulfillmentUrl: contractData.fulfillmentUrl, }; await tx.contractTerms.put({ h: contractTermsHash, contractTermsRaw: proposalResp.contract_terms, }); if ( fulfillmentUrl && (fulfillmentUrl.startsWith("http://") || fulfillmentUrl.startsWith("https://")) ) { const differentPurchase = await tx.purchases.indexes.byFulfillmentUrl.get(fulfillmentUrl); if (differentPurchase) { logger.warn("repurchase detected"); p.purchaseStatus = PurchaseStatus.RepurchaseDetected; p.repurchaseProposalId = differentPurchase.proposalId; await tx.purchases.put(p); return; } } p.purchaseStatus = PurchaseStatus.Proposed; await tx.purchases.put(p); }); ws.notify({ type: NotificationType.ProposalDownloaded, proposalId: proposal.proposalId, }); return { type: OperationAttemptResultType.Finished, result: undefined, }; } /** * Download a proposal and store it in the database. * Returns an id for it to retrieve it later. * * @param sessionId Current session ID, if the proposal is being * downloaded in the context of a session ID. */ async function startDownloadProposal( ws: InternalWalletState, merchantBaseUrl: string, orderId: string, sessionId: string | undefined, claimToken: string | undefined, noncePriv: string | undefined, ): Promise { const oldProposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.indexes.byUrlAndOrderId.get([ merchantBaseUrl, orderId, ]); }); /* If we have already claimed this proposal with the same sessionId * nonce and claim token, reuse it. */ if ( oldProposal && oldProposal.downloadSessionId === sessionId && (!noncePriv || oldProposal.noncePriv === noncePriv) && oldProposal.claimToken === claimToken ) { await processDownloadProposal(ws, oldProposal.proposalId); return oldProposal.proposalId; } let noncePair: EddsaKeypair; if (noncePriv) { noncePair = { priv: noncePriv, pub: (await ws.cryptoApi.eddsaGetPublic({ priv: noncePriv })).pub, }; } else { noncePair = await ws.cryptoApi.createEddsaKeypair({}); } const { priv, pub } = noncePair; const proposalId = encodeCrock(getRandomBytes(32)); const proposalRecord: PurchaseRecord = { download: undefined, noncePriv: priv, noncePub: pub, claimToken, timestamp: AbsoluteTime.toTimestamp(AbsoluteTime.now()), merchantBaseUrl, orderId, proposalId: proposalId, purchaseStatus: PurchaseStatus.DownloadingProposal, repurchaseProposalId: undefined, downloadSessionId: sessionId, autoRefundDeadline: undefined, lastSessionId: undefined, merchantPaySig: undefined, payInfo: undefined, refundAmountAwaiting: undefined, refunds: {}, timestampAccept: undefined, timestampFirstSuccessfulPay: undefined, timestampLastRefundStatus: undefined, pendingRemovedCoinPubs: undefined, posConfirmation: undefined, }; await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const existingRecord = await tx.purchases.indexes.byUrlAndOrderId.get([ merchantBaseUrl, orderId, ]); if (existingRecord) { // Created concurrently return; } await tx.purchases.put(proposalRecord); }); await processDownloadProposal(ws, proposalId); return proposalId; } async function storeFirstPaySuccess( ws: InternalWalletState, proposalId: string, sessionId: string | undefined, payResponse: MerchantPayResponse, ): Promise { const now = AbsoluteTime.toTimestamp(AbsoluteTime.now()); await ws.db .mktx((x) => [x.purchases, x.contractTerms]) .runReadWrite(async (tx) => { const purchase = await tx.purchases.get(proposalId); if (!purchase) { logger.warn("purchase does not exist anymore"); return; } const isFirst = purchase.timestampFirstSuccessfulPay === undefined; if (!isFirst) { logger.warn("payment success already stored"); return; } if (purchase.purchaseStatus === PurchaseStatus.Paying) { purchase.purchaseStatus = PurchaseStatus.Paid; } purchase.timestampFirstSuccessfulPay = now; purchase.lastSessionId = sessionId; purchase.merchantPaySig = payResponse.sig; purchase.posConfirmation = payResponse.pos_confirmation; const dl = purchase.download; checkDbInvariant(!!dl); const contractTermsRecord = await tx.contractTerms.get( dl.contractTermsHash, ); checkDbInvariant(!!contractTermsRecord); const contractData = extractContractData( contractTermsRecord.contractTermsRaw, dl.contractTermsHash, dl.contractTermsMerchantSig, ); const protoAr = contractData.autoRefund; if (protoAr) { const ar = Duration.fromTalerProtocolDuration(protoAr); logger.info("auto_refund present"); purchase.purchaseStatus = PurchaseStatus.QueryingAutoRefund; purchase.autoRefundDeadline = AbsoluteTime.toTimestamp( AbsoluteTime.addDuration(AbsoluteTime.now(), ar), ); } await tx.purchases.put(purchase); }); } async function storePayReplaySuccess( ws: InternalWalletState, proposalId: string, sessionId: string | undefined, ): Promise { await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const purchase = await tx.purchases.get(proposalId); if (!purchase) { logger.warn("purchase does not exist anymore"); return; } const isFirst = purchase.timestampFirstSuccessfulPay === undefined; if (isFirst) { throw Error("invalid payment state"); } if ( purchase.purchaseStatus === PurchaseStatus.Paying || purchase.purchaseStatus === PurchaseStatus.PayingReplay ) { purchase.purchaseStatus = PurchaseStatus.Paid; } purchase.lastSessionId = sessionId; await tx.purchases.put(purchase); }); } /** * Handle a 409 Conflict response from the merchant. * * We do this by going through the coin history provided by the exchange and * (1) verifying the signatures from the exchange * (2) adjusting the remaining coin value and refreshing it * (3) re-do coin selection with the bad coin removed */ async function handleInsufficientFunds( ws: InternalWalletState, proposalId: string, err: TalerErrorDetail, ): Promise { logger.trace("handling insufficient funds, trying to re-select coins"); const proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!proposal) { return; } logger.trace(`got error details: ${j2s(err)}`); const exchangeReply = (err as any).exchange_reply; if ( exchangeReply.code !== TalerErrorCode.EXCHANGE_GENERIC_INSUFFICIENT_FUNDS ) { // FIXME: set as failed if (logger.shouldLogTrace()) { logger.trace("got exchange error reply (see below)"); logger.trace(j2s(exchangeReply)); } throw Error(`unable to handle /pay error response (${exchangeReply.code})`); } const brokenCoinPub = (exchangeReply as any).coin_pub; logger.trace(`excluded broken coin pub=${brokenCoinPub}`); if (!brokenCoinPub) { throw new TalerProtocolViolationError(); } const { contractData } = await expectProposalDownload(ws, proposal); const prevPayCoins: PreviousPayCoins = []; const payInfo = proposal.payInfo; if (!payInfo) { return; } const payCoinSelection = payInfo.payCoinSelection; await ws.db .mktx((x) => [x.coins, x.denominations]) .runReadOnly(async (tx) => { for (let i = 0; i < payCoinSelection.coinPubs.length; i++) { const coinPub = payCoinSelection.coinPubs[i]; if (coinPub === brokenCoinPub) { continue; } const contrib = payCoinSelection.coinContributions[i]; const coin = await tx.coins.get(coinPub); if (!coin) { continue; } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { continue; } prevPayCoins.push({ coinPub, contribution: Amounts.parseOrThrow(contrib), exchangeBaseUrl: coin.exchangeBaseUrl, feeDeposit: Amounts.parseOrThrow(denom.fees.feeDeposit), }); } }); const res = await selectPayCoinsNew(ws, { auditors: contractData.allowedAuditors, exchanges: contractData.allowedExchanges, wireMethod: contractData.wireMethod, contractTermsAmount: Amounts.parseOrThrow(contractData.amount), depositFeeLimit: Amounts.parseOrThrow(contractData.maxDepositFee), wireFeeAmortization: contractData.wireFeeAmortization ?? 1, wireFeeLimit: Amounts.parseOrThrow(contractData.maxWireFee), prevPayCoins, requiredMinimumAge: contractData.minimumAge, }); if (res.type !== "success") { logger.trace("insufficient funds for coin re-selection"); return; } logger.trace("re-selected coins"); await ws.db .mktx((x) => [ x.purchases, x.coins, x.coinAvailability, x.denominations, x.refreshGroups, ]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { return; } const payInfo = p.payInfo; if (!payInfo) { return; } payInfo.payCoinSelection = res.coinSel; payInfo.payCoinSelectionUid = encodeCrock(getRandomBytes(32)); await tx.purchases.put(p); await spendCoins(ws, tx, { allocationId: `txn:proposal:${p.proposalId}`, coinPubs: payInfo.payCoinSelection.coinPubs, contributions: payInfo.payCoinSelection.coinContributions.map((x) => Amounts.parseOrThrow(x), ), refreshReason: RefreshReason.PayMerchant, }); }); } async function unblockBackup( ws: InternalWalletState, proposalId: string, ): Promise { await ws.db .mktx((x) => [x.backupProviders]) .runReadWrite(async (tx) => { await tx.backupProviders.indexes.byPaymentProposalId .iter(proposalId) .forEachAsync(async (bp) => { bp.state = { tag: BackupProviderStateTag.Ready, nextBackupTimestamp: TalerProtocolTimestamp.now(), }; tx.backupProviders.put(bp); }); }); } export async function checkPaymentByProposalId( ws: InternalWalletState, proposalId: string, sessionId?: string, ): Promise { let proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!proposal) { throw Error(`could not get proposal ${proposalId}`); } if (proposal.purchaseStatus === PurchaseStatus.RepurchaseDetected) { const existingProposalId = proposal.repurchaseProposalId; if (!existingProposalId) { throw Error("invalid proposal state"); } logger.trace("using existing purchase for same product"); proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(existingProposalId); }); if (!proposal) { throw Error("existing proposal is in wrong state"); } } const d = await expectProposalDownload(ws, proposal); const contractData = d.contractData; const merchantSig = d.contractData.merchantSig; if (!merchantSig) { throw Error("BUG: proposal is in invalid state"); } proposalId = proposal.proposalId; const talerUri = constructPayUri( proposal.merchantBaseUrl, proposal.orderId, proposal.lastSessionId ?? proposal.downloadSessionId ?? "", proposal.claimToken, proposal.noncePriv, ); // First check if we already paid for it. const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase || purchase.purchaseStatus === PurchaseStatus.Proposed) { // If not already paid, check if we could pay for it. const res = await selectPayCoinsNew(ws, { auditors: contractData.allowedAuditors, exchanges: contractData.allowedExchanges, contractTermsAmount: Amounts.parseOrThrow(contractData.amount), depositFeeLimit: Amounts.parseOrThrow(contractData.maxDepositFee), wireFeeAmortization: contractData.wireFeeAmortization ?? 1, wireFeeLimit: Amounts.parseOrThrow(contractData.maxWireFee), prevPayCoins: [], requiredMinimumAge: contractData.minimumAge, wireMethod: contractData.wireMethod, }); if (res.type !== "success") { logger.info("not allowing payment, insufficient coins"); logger.info( `insufficient balance details: ${j2s(res.insufficientBalanceDetails)}`, ); return { status: PreparePayResultType.InsufficientBalance, contractTerms: d.contractTermsRaw, proposalId: proposal.proposalId, noncePriv: proposal.noncePriv, amountRaw: Amounts.stringify(d.contractData.amount), talerUri, balanceDetails: res.insufficientBalanceDetails, }; } const totalCost = await getTotalPaymentCost(ws, res.coinSel); logger.trace("costInfo", totalCost); logger.trace("coinsForPayment", res); return { status: PreparePayResultType.PaymentPossible, contractTerms: d.contractTermsRaw, proposalId: proposal.proposalId, noncePriv: proposal.noncePriv, amountEffective: Amounts.stringify(totalCost), amountRaw: Amounts.stringify(res.coinSel.paymentAmount), contractTermsHash: d.contractData.contractTermsHash, talerUri, }; } if ( purchase.purchaseStatus === PurchaseStatus.Paid && purchase.lastSessionId !== sessionId ) { logger.trace( "automatically re-submitting payment with different session ID", ); logger.trace(`last: ${purchase.lastSessionId}, current: ${sessionId}`); await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { return; } p.lastSessionId = sessionId; p.purchaseStatus = PurchaseStatus.PayingReplay; await tx.purchases.put(p); }); const r = await processPurchasePay(ws, proposalId, { forceNow: true }); if (r.type !== OperationAttemptResultType.Finished) { // FIXME: This does not surface the original error throw Error("submitting pay failed"); } const download = await expectProposalDownload(ws, purchase); return { status: PreparePayResultType.AlreadyConfirmed, contractTerms: download.contractTermsRaw, contractTermsHash: download.contractData.contractTermsHash, paid: true, amountRaw: Amounts.stringify(download.contractData.amount), amountEffective: Amounts.stringify(purchase.payInfo?.totalPayCost!), proposalId, talerUri, }; } else if (!purchase.timestampFirstSuccessfulPay) { const download = await expectProposalDownload(ws, purchase); return { status: PreparePayResultType.AlreadyConfirmed, contractTerms: download.contractTermsRaw, contractTermsHash: download.contractData.contractTermsHash, paid: false, amountRaw: Amounts.stringify(download.contractData.amount), amountEffective: Amounts.stringify(purchase.payInfo?.totalPayCost!), proposalId, talerUri, }; } else { const paid = purchase.purchaseStatus === PurchaseStatus.Paid || purchase.purchaseStatus === PurchaseStatus.QueryingRefund || purchase.purchaseStatus === PurchaseStatus.QueryingAutoRefund; const download = await expectProposalDownload(ws, purchase); return { status: PreparePayResultType.AlreadyConfirmed, contractTerms: download.contractTermsRaw, contractTermsHash: download.contractData.contractTermsHash, paid, amountRaw: Amounts.stringify(download.contractData.amount), amountEffective: Amounts.stringify(purchase.payInfo?.totalPayCost!), ...(paid ? { nextUrl: download.contractData.orderId } : {}), proposalId, talerUri, }; } } export async function getContractTermsDetails( ws: InternalWalletState, proposalId: string, ): Promise { const proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!proposal) { throw Error(`proposal with id ${proposalId} not found`); } const d = await expectProposalDownload(ws, proposal); return d.contractData; } /** * Check if a payment for the given taler://pay/ URI is possible. * * If the payment is possible, the signature are already generated but not * yet send to the merchant. */ export async function preparePayForUri( ws: InternalWalletState, talerPayUri: string, ): Promise { const uriResult = parsePayUri(talerPayUri); if (!uriResult) { throw TalerError.fromDetail( TalerErrorCode.WALLET_INVALID_TALER_PAY_URI, { talerPayUri, }, `invalid taler://pay URI (${talerPayUri})`, ); } const proposalId = await startDownloadProposal( ws, uriResult.merchantBaseUrl, uriResult.orderId, uriResult.sessionId, uriResult.claimToken, uriResult.noncePriv, ); return checkPaymentByProposalId(ws, proposalId, uriResult.sessionId); } /** * Generate deposit permissions for a purchase. * * Accesses the database and the crypto worker. */ export async function generateDepositPermissions( ws: InternalWalletState, payCoinSel: PayCoinSelection, contractData: WalletContractData, ): Promise { const depositPermissions: CoinDepositPermission[] = []; const coinWithDenom: Array<{ coin: CoinRecord; denom: DenominationRecord; }> = []; await ws.db .mktx((x) => [x.coins, x.denominations]) .runReadOnly(async (tx) => { for (let i = 0; i < payCoinSel.coinPubs.length; i++) { const coin = await tx.coins.get(payCoinSel.coinPubs[i]); if (!coin) { throw Error("can't pay, allocated coin not found anymore"); } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { throw Error( "can't pay, denomination of allocated coin not found anymore", ); } coinWithDenom.push({ coin, denom }); } }); for (let i = 0; i < payCoinSel.coinPubs.length; i++) { const { coin, denom } = coinWithDenom[i]; let wireInfoHash: string; wireInfoHash = contractData.wireInfoHash; logger.trace( `signing deposit permission for coin with ageRestriction=${j2s( coin.ageCommitmentProof, )}`, ); const dp = await ws.cryptoApi.signDepositPermission({ coinPriv: coin.coinPriv, coinPub: coin.coinPub, contractTermsHash: contractData.contractTermsHash, denomPubHash: coin.denomPubHash, denomKeyType: denom.denomPub.cipher, denomSig: coin.denomSig, exchangeBaseUrl: coin.exchangeBaseUrl, feeDeposit: Amounts.parseOrThrow(denom.fees.feeDeposit), merchantPub: contractData.merchantPub, refundDeadline: contractData.refundDeadline, spendAmount: Amounts.parseOrThrow(payCoinSel.coinContributions[i]), timestamp: contractData.timestamp, wireInfoHash, ageCommitmentProof: coin.ageCommitmentProof, requiredMinimumAge: contractData.minimumAge, }); depositPermissions.push(dp); } return depositPermissions; } /** * Run the operation handler for a payment * and return the result as a {@link ConfirmPayResult}. */ export async function runPayForConfirmPay( ws: InternalWalletState, proposalId: string, ): Promise { logger.trace("processing proposal for confirmPay"); const taskId = constructTaskIdentifier({ tag: PendingTaskType.Purchase, proposalId, }); const res = await runOperationWithErrorReporting(ws, taskId, async () => { return await processPurchasePay(ws, proposalId, { forceNow: true }); }); logger.trace(`processPurchasePay response type ${res.type}`); switch (res.type) { case OperationAttemptResultType.Finished: { const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase) { throw Error("purchase record not available anymore"); } const d = await expectProposalDownload(ws, purchase); return { type: ConfirmPayResultType.Done, contractTerms: d.contractTermsRaw, transactionId: makeTransactionId(TransactionType.Payment, proposalId), }; } case OperationAttemptResultType.Error: { // We hide transient errors from the caller. const opRetry = await ws.db .mktx((x) => [x.operationRetries]) .runReadOnly(async (tx) => tx.operationRetries.get(taskId)); return { type: ConfirmPayResultType.Pending, lastError: opRetry?.lastError, transactionId: makeTransactionId(TransactionType.Payment, proposalId), }; } case OperationAttemptResultType.Pending: logger.trace("reporting pending as confirmPay response"); return { type: ConfirmPayResultType.Pending, transactionId: makeTransactionId(TransactionType.Payment, proposalId), lastError: undefined, }; case OperationAttemptResultType.Longpoll: throw Error("unexpected processPurchasePay result (longpoll)"); default: assertUnreachable(res); } } /** * Confirm payment for a proposal previously claimed by the wallet. */ export async function confirmPay( ws: InternalWalletState, proposalId: string, sessionIdOverride?: string, forcedCoinSel?: ForcedCoinSel, ): Promise { logger.trace( `executing confirmPay with proposalId ${proposalId} and sessionIdOverride ${sessionIdOverride}`, ); const proposal = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!proposal) { throw Error(`proposal with id ${proposalId} not found`); } const d = await expectProposalDownload(ws, proposal); if (!d) { throw Error("proposal is in invalid state"); } const existingPurchase = await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const purchase = await tx.purchases.get(proposalId); if ( purchase && sessionIdOverride !== undefined && sessionIdOverride != purchase.lastSessionId ) { logger.trace(`changing session ID to ${sessionIdOverride}`); purchase.lastSessionId = sessionIdOverride; if (purchase.purchaseStatus === PurchaseStatus.Paid) { purchase.purchaseStatus = PurchaseStatus.PayingReplay; } await tx.purchases.put(purchase); } return purchase; }); if (existingPurchase && existingPurchase.payInfo) { logger.trace("confirmPay: submitting payment for existing purchase"); return runPayForConfirmPay(ws, proposalId); } logger.trace("confirmPay: purchase record does not exist yet"); const contractData = d.contractData; const selectCoinsResult = await selectPayCoinsNew(ws, { auditors: contractData.allowedAuditors, exchanges: contractData.allowedExchanges, wireMethod: contractData.wireMethod, contractTermsAmount: Amounts.parseOrThrow(contractData.amount), depositFeeLimit: Amounts.parseOrThrow(contractData.maxDepositFee), wireFeeAmortization: contractData.wireFeeAmortization ?? 1, wireFeeLimit: Amounts.parseOrThrow(contractData.maxWireFee), prevPayCoins: [], requiredMinimumAge: contractData.minimumAge, forcedSelection: forcedCoinSel, }); logger.trace("coin selection result", selectCoinsResult); if (selectCoinsResult.type === "failure") { // Should not happen, since checkPay should be called first // FIXME: Actually, this should be handled gracefully, // and the status should be stored in the DB. logger.warn("not confirming payment, insufficient coins"); throw Error("insufficient balance"); } const coinSelection = selectCoinsResult.coinSel; const payCostInfo = await getTotalPaymentCost(ws, coinSelection); let sessionId: string | undefined; if (sessionIdOverride) { sessionId = sessionIdOverride; } else { sessionId = proposal.downloadSessionId; } logger.trace( `recording payment on ${proposal.orderId} with session ID ${sessionId}`, ); await ws.db .mktx((x) => [ x.purchases, x.coins, x.refreshGroups, x.denominations, x.coinAvailability, ]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposal.proposalId); if (!p) { return; } switch (p.purchaseStatus) { case PurchaseStatus.Proposed: p.payInfo = { payCoinSelection: coinSelection, payCoinSelectionUid: encodeCrock(getRandomBytes(16)), totalPayCost: Amounts.stringify(payCostInfo), }; p.lastSessionId = sessionId; p.timestampAccept = TalerProtocolTimestamp.now(); p.purchaseStatus = PurchaseStatus.Paying; await tx.purchases.put(p); await spendCoins(ws, tx, { allocationId: `txn:proposal:${p.proposalId}`, coinPubs: coinSelection.coinPubs, contributions: coinSelection.coinContributions.map((x) => Amounts.parseOrThrow(x), ), refreshReason: RefreshReason.PayMerchant, }); break; case PurchaseStatus.Paid: case PurchaseStatus.Paying: default: break; } }); ws.notify({ type: NotificationType.ProposalAccepted, proposalId: proposal.proposalId, }); return runPayForConfirmPay(ws, proposalId); } export async function processPurchase( ws: InternalWalletState, proposalId: string, options: Record = {}, ): Promise { const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase) { return { type: OperationAttemptResultType.Error, errorDetail: { // FIXME: allocate more specific error code code: TalerErrorCode.WALLET_UNEXPECTED_EXCEPTION, when: AbsoluteTime.now(), hint: `trying to pay for purchase that is not in the database`, proposalId: proposalId, }, }; } switch (purchase.purchaseStatus) { case PurchaseStatus.DownloadingProposal: return processDownloadProposal(ws, proposalId, options); case PurchaseStatus.Paying: case PurchaseStatus.PayingReplay: return processPurchasePay(ws, proposalId, options); case PurchaseStatus.QueryingRefund: case PurchaseStatus.QueryingAutoRefund: case PurchaseStatus.AbortingWithRefund: return processPurchaseQueryRefund(ws, proposalId, options); case PurchaseStatus.ProposalDownloadFailed: case PurchaseStatus.Paid: case PurchaseStatus.RepurchaseDetected: case PurchaseStatus.Proposed: case PurchaseStatus.ProposalRefused: case PurchaseStatus.PaymentAbortFinished: return { type: OperationAttemptResultType.Finished, result: undefined, }; default: assertUnreachable(purchase.purchaseStatus); // throw Error(`unexpected purchase status (${purchase.purchaseStatus})`); } } export async function processPurchasePay( ws: InternalWalletState, proposalId: string, options: unknown = {}, ): Promise { const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase) { return { type: OperationAttemptResultType.Error, errorDetail: { // FIXME: allocate more specific error code code: TalerErrorCode.WALLET_UNEXPECTED_EXCEPTION, when: AbsoluteTime.now(), hint: `trying to pay for purchase that is not in the database`, proposalId: proposalId, }, }; } switch (purchase.purchaseStatus) { case PurchaseStatus.Paying: case PurchaseStatus.PayingReplay: break; default: return OperationAttemptResult.finishedEmpty(); } logger.trace(`processing purchase pay ${proposalId}`); const sessionId = purchase.lastSessionId; logger.trace(`paying with session ID ${sessionId}`); const payInfo = purchase.payInfo; checkDbInvariant(!!payInfo, "payInfo"); const download = await expectProposalDownload(ws, purchase); if (!purchase.merchantPaySig) { const payUrl = new URL( `orders/${download.contractData.orderId}/pay`, download.contractData.merchantBaseUrl, ).href; let depositPermissions: CoinDepositPermission[]; // FIXME: Cache! depositPermissions = await generateDepositPermissions( ws, payInfo.payCoinSelection, download.contractData, ); const reqBody = { coins: depositPermissions, session_id: purchase.lastSessionId, }; logger.trace( "making pay request ... ", JSON.stringify(reqBody, undefined, 2), ); const resp = await ws.runSequentialized([EXCHANGE_COINS_LOCK], () => ws.http.fetch(payUrl, { method: "POST", body: reqBody, timeout: getPayRequestTimeout(purchase), }), ); logger.trace(`got resp ${JSON.stringify(resp)}`); if (resp.status >= 500 && resp.status <= 599) { const errDetails = await readUnexpectedResponseDetails(resp); return { type: OperationAttemptResultType.Error, errorDetail: makeErrorDetail( TalerErrorCode.WALLET_PAY_MERCHANT_SERVER_ERROR, { requestError: errDetails, }, ), }; } if (resp.status === HttpStatusCode.Conflict) { const err = await readTalerErrorResponse(resp); if ( err.code === TalerErrorCode.MERCHANT_POST_ORDERS_ID_PAY_INSUFFICIENT_FUNDS ) { // Do this in the background, as it might take some time handleInsufficientFunds(ws, proposalId, err).catch(async (e) => { console.log("handling insufficient funds failed"); await scheduleRetry(ws, TaskIdentifiers.forPay(purchase), { code: TalerErrorCode.WALLET_UNEXPECTED_EXCEPTION, when: AbsoluteTime.now(), message: "unexpected exception", hint: "unexpected exception", details: { exception: e.toString(), }, }); }); return { type: OperationAttemptResultType.Pending, result: undefined, }; } } if (resp.status >= 400 && resp.status <= 499) { logger.trace("got generic 4xx from merchant"); const err = await readTalerErrorResponse(resp); throwUnexpectedRequestError(resp, err); } const merchantResp = await readSuccessResponseJsonOrThrow( resp, codecForMerchantPayResponse(), ); logger.trace("got success from pay URL", merchantResp); const merchantPub = download.contractData.merchantPub; const { valid } = await ws.cryptoApi.isValidPaymentSignature({ contractHash: download.contractData.contractTermsHash, merchantPub, sig: merchantResp.sig, }); if (!valid) { logger.error("merchant payment signature invalid"); // FIXME: properly display error throw Error("merchant payment signature invalid"); } await storeFirstPaySuccess(ws, proposalId, sessionId, merchantResp); await unblockBackup(ws, proposalId); } else { const payAgainUrl = new URL( `orders/${download.contractData.orderId}/paid`, download.contractData.merchantBaseUrl, ).href; const reqBody = { sig: purchase.merchantPaySig, h_contract: download.contractData.contractTermsHash, session_id: sessionId ?? "", }; logger.trace(`/paid request body: ${j2s(reqBody)}`); const resp = await ws.runSequentialized([EXCHANGE_COINS_LOCK], () => ws.http.postJson(payAgainUrl, reqBody), ); logger.trace(`/paid response status: ${resp.status}`); if ( resp.status !== HttpStatusCode.NoContent && resp.status != HttpStatusCode.Ok ) { throw TalerError.fromDetail( TalerErrorCode.WALLET_UNEXPECTED_REQUEST_ERROR, getHttpResponseErrorDetails(resp), "/paid failed", ); } await storePayReplaySuccess(ws, proposalId, sessionId); await unblockBackup(ws, proposalId); } ws.notify({ type: NotificationType.PayOperationSuccess, proposalId: purchase.proposalId, }); return OperationAttemptResult.finishedEmpty(); } export async function refuseProposal( ws: InternalWalletState, proposalId: string, ): Promise { const success = await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const proposal = await tx.purchases.get(proposalId); if (!proposal) { logger.trace(`proposal ${proposalId} not found, won't refuse proposal`); return false; } if (proposal.purchaseStatus !== PurchaseStatus.Proposed) { return false; } proposal.purchaseStatus = PurchaseStatus.ProposalRefused; await tx.purchases.put(proposal); return true; }); if (success) { ws.notify({ type: NotificationType.ProposalRefused, }); } } export async function prepareRefund( ws: InternalWalletState, talerRefundUri: string, ): Promise { const parseResult = parseRefundUri(talerRefundUri); logger.trace("preparing refund offer", parseResult); if (!parseResult) { throw Error("invalid refund URI"); } const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.indexes.byUrlAndOrderId.get([ parseResult.merchantBaseUrl, parseResult.orderId, ]); }); if (!purchase) { throw Error( `no purchase for the taler://refund/ URI (${talerRefundUri}) was found`, ); } const awaiting = await queryAndSaveAwaitingRefund(ws, purchase); const summary = await calculateRefundSummary(ws, purchase); const proposalId = purchase.proposalId; const { contractData: c } = await expectProposalDownload(ws, purchase); return { proposalId, effectivePaid: Amounts.stringify(summary.amountEffectivePaid), gone: Amounts.stringify(summary.amountRefundGone), granted: Amounts.stringify(summary.amountRefundGranted), pending: summary.pendingAtExchange, awaiting: Amounts.stringify(awaiting), info: { contractTermsHash: c.contractTermsHash, merchant: c.merchant, orderId: c.orderId, products: c.products, summary: c.summary, fulfillmentMessage: c.fulfillmentMessage, summary_i18n: c.summaryI18n, fulfillmentMessage_i18n: c.fulfillmentMessageI18n, }, }; } function getRefundKey(d: MerchantCoinRefundStatus): string { return `${d.coin_pub}-${d.rtransaction_id}`; } async function applySuccessfulRefund( tx: GetReadWriteAccess<{ coins: typeof WalletStoresV1.coins; denominations: typeof WalletStoresV1.denominations; }>, p: PurchaseRecord, refreshCoinsMap: Record, r: MerchantCoinRefundSuccessStatus, denomselAllowLate: boolean, ): Promise { // FIXME: check signature before storing it as valid! const refundKey = getRefundKey(r); const coin = await tx.coins.get(r.coin_pub); if (!coin) { logger.warn("coin not found, can't apply refund"); return; } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { throw Error("inconsistent database"); } const refundAmount = Amounts.parseOrThrow(r.refund_amount); const refundFee = denom.fees.feeRefund; const amountLeft = Amounts.sub(refundAmount, refundFee).amount; coin.status = CoinStatus.Dormant; await tx.coins.put(coin); const allDenoms = await tx.denominations.indexes.byExchangeBaseUrl .iter(coin.exchangeBaseUrl) .toArray(); const totalRefreshCostBound = getTotalRefreshCost( allDenoms, DenominationRecord.toDenomInfo(denom), amountLeft, denomselAllowLate, ); refreshCoinsMap[coin.coinPub] = { coinPub: coin.coinPub, amount: Amounts.stringify(amountLeft), }; p.refunds[refundKey] = { type: RefundState.Applied, obtainedTime: AbsoluteTime.toTimestamp(AbsoluteTime.now()), executionTime: r.execution_time, refundAmount: Amounts.stringify(r.refund_amount), refundFee: Amounts.stringify(denom.fees.feeRefund), totalRefreshCostBound: Amounts.stringify(totalRefreshCostBound), coinPub: r.coin_pub, rtransactionId: r.rtransaction_id, }; } async function storePendingRefund( tx: GetReadWriteAccess<{ denominations: typeof WalletStoresV1.denominations; coins: typeof WalletStoresV1.coins; }>, p: PurchaseRecord, r: MerchantCoinRefundFailureStatus, denomselAllowLate: boolean, ): Promise { const refundKey = getRefundKey(r); const coin = await tx.coins.get(r.coin_pub); if (!coin) { logger.warn("coin not found, can't apply refund"); return; } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { throw Error("inconsistent database"); } const allDenoms = await tx.denominations.indexes.byExchangeBaseUrl .iter(coin.exchangeBaseUrl) .toArray(); // Refunded amount after fees. const amountLeft = Amounts.sub( Amounts.parseOrThrow(r.refund_amount), denom.fees.feeRefund, ).amount; const totalRefreshCostBound = getTotalRefreshCost( allDenoms, DenominationRecord.toDenomInfo(denom), amountLeft, denomselAllowLate, ); p.refunds[refundKey] = { type: RefundState.Pending, obtainedTime: AbsoluteTime.toTimestamp(AbsoluteTime.now()), executionTime: r.execution_time, refundAmount: Amounts.stringify(r.refund_amount), refundFee: Amounts.stringify(denom.fees.feeRefund), totalRefreshCostBound: Amounts.stringify(totalRefreshCostBound), coinPub: r.coin_pub, rtransactionId: r.rtransaction_id, }; } async function storeFailedRefund( tx: GetReadWriteAccess<{ coins: typeof WalletStoresV1.coins; denominations: typeof WalletStoresV1.denominations; }>, p: PurchaseRecord, refreshCoinsMap: Record, r: MerchantCoinRefundFailureStatus, denomselAllowLate: boolean, ): Promise { const refundKey = getRefundKey(r); const coin = await tx.coins.get(r.coin_pub); if (!coin) { logger.warn("coin not found, can't apply refund"); return; } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { throw Error("inconsistent database"); } const allDenoms = await tx.denominations.indexes.byExchangeBaseUrl .iter(coin.exchangeBaseUrl) .toArray(); const amountLeft = Amounts.sub( Amounts.parseOrThrow(r.refund_amount), denom.fees.feeRefund, ).amount; const totalRefreshCostBound = getTotalRefreshCost( allDenoms, DenominationRecord.toDenomInfo(denom), amountLeft, denomselAllowLate, ); p.refunds[refundKey] = { type: RefundState.Failed, obtainedTime: TalerProtocolTimestamp.now(), executionTime: r.execution_time, refundAmount: Amounts.stringify(r.refund_amount), refundFee: Amounts.stringify(denom.fees.feeRefund), totalRefreshCostBound: Amounts.stringify(totalRefreshCostBound), coinPub: r.coin_pub, rtransactionId: r.rtransaction_id, }; if (p.purchaseStatus === PurchaseStatus.AbortingWithRefund) { // Refund failed because the merchant didn't even try to deposit // the coin yet, so we try to refresh. // FIXME: Is this case tested?! if (r.exchange_code === TalerErrorCode.EXCHANGE_REFUND_DEPOSIT_NOT_FOUND) { const coin = await tx.coins.get(r.coin_pub); if (!coin) { logger.warn("coin not found, can't apply refund"); return; } const denom = await tx.denominations.get([ coin.exchangeBaseUrl, coin.denomPubHash, ]); if (!denom) { logger.warn("denomination for coin missing"); return; } const payCoinSelection = p.payInfo?.payCoinSelection; if (!payCoinSelection) { logger.warn("no pay coin selection, can't apply refund"); return; } let contrib: AmountJson | undefined; for (let i = 0; i < payCoinSelection.coinPubs.length; i++) { if (payCoinSelection.coinPubs[i] === r.coin_pub) { contrib = Amounts.parseOrThrow(payCoinSelection.coinContributions[i]); } } // FIXME: Is this case tested?! refreshCoinsMap[coin.coinPub] = { coinPub: coin.coinPub, amount: Amounts.stringify(amountLeft), }; await tx.coins.put(coin); } } } async function acceptRefunds( ws: InternalWalletState, proposalId: string, refunds: MerchantCoinRefundStatus[], reason: RefundReason, ): Promise { logger.trace("handling refunds", refunds); const now = TalerProtocolTimestamp.now(); await ws.db .mktx((x) => [ x.purchases, x.coins, x.coinAvailability, x.denominations, x.refreshGroups, ]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { logger.error("purchase not found, not adding refunds"); return; } const refreshCoinsMap: Record = {}; for (const refundStatus of refunds) { const refundKey = getRefundKey(refundStatus); const existingRefundInfo = p.refunds[refundKey]; const isPermanentFailure = refundStatus.type === "failure" && refundStatus.exchange_status >= 400 && refundStatus.exchange_status < 500; // Already failed. if (existingRefundInfo?.type === RefundState.Failed) { continue; } // Already applied. if (existingRefundInfo?.type === RefundState.Applied) { continue; } // Still pending. if ( refundStatus.type === "failure" && !isPermanentFailure && existingRefundInfo?.type === RefundState.Pending ) { continue; } // Invariant: (!existingRefundInfo) || (existingRefundInfo === Pending) if (refundStatus.type === "success") { await applySuccessfulRefund( tx, p, refreshCoinsMap, refundStatus, ws.config.testing.denomselAllowLate, ); } else if (isPermanentFailure) { await storeFailedRefund( tx, p, refreshCoinsMap, refundStatus, ws.config.testing.denomselAllowLate, ); } else { await storePendingRefund( tx, p, refundStatus, ws.config.testing.denomselAllowLate, ); } } if (reason !== RefundReason.AbortRefund) { // For abort-refunds, the refresh group has already been // created before the refund was started. // For other refunds, we need to create it after we know // the amounts. const refreshCoinsPubs = Object.values(refreshCoinsMap); logger.info(`refreshCoinMap ${j2s(refreshCoinsMap)}`); if (refreshCoinsPubs.length > 0) { await createRefreshGroup( ws, tx, Amounts.currencyOf(refreshCoinsPubs[0].amount), refreshCoinsPubs, RefreshReason.Refund, ); } } // Are we done with querying yet, or do we need to do another round // after a retry delay? let queryDone = true; let numPendingRefunds = 0; for (const ri of Object.values(p.refunds)) { switch (ri.type) { case RefundState.Pending: numPendingRefunds++; break; } } if (numPendingRefunds > 0) { queryDone = false; } if (queryDone) { p.timestampLastRefundStatus = now; if (p.purchaseStatus === PurchaseStatus.AbortingWithRefund) { p.purchaseStatus = PurchaseStatus.PaymentAbortFinished; } else if (p.purchaseStatus === PurchaseStatus.QueryingAutoRefund) { const autoRefundDeadline = p.autoRefundDeadline; checkDbInvariant(!!autoRefundDeadline); if ( AbsoluteTime.isExpired( AbsoluteTime.fromTimestamp(autoRefundDeadline), ) ) { p.purchaseStatus = PurchaseStatus.Paid; } } else if (p.purchaseStatus === PurchaseStatus.QueryingRefund) { p.purchaseStatus = PurchaseStatus.Paid; p.refundAmountAwaiting = undefined; } logger.trace("refund query done"); ws.notify({ type: NotificationType.RefundFinished, transactionId: makeTransactionId( TransactionType.Payment, p.proposalId, ), }); } else { // No error, but we need to try again! p.timestampLastRefundStatus = now; logger.trace("refund query not done"); } await tx.purchases.put(p); }); ws.notify({ type: NotificationType.RefundQueried, transactionId: makeTransactionId(TransactionType.Payment, proposalId), }); } async function calculateRefundSummary( ws: InternalWalletState, p: PurchaseRecord, ): Promise { const download = await expectProposalDownload(ws, p); let amountRefundGranted = Amounts.zeroOfAmount(download.contractData.amount); let amountRefundGone = Amounts.zeroOfAmount(download.contractData.amount); let pendingAtExchange = false; const payInfo = p.payInfo; if (!payInfo) { throw Error("can't calculate refund summary without payInfo"); } Object.keys(p.refunds).forEach((rk) => { const refund = p.refunds[rk]; if (refund.type === RefundState.Pending) { pendingAtExchange = true; } if ( refund.type === RefundState.Applied || refund.type === RefundState.Pending ) { amountRefundGranted = Amounts.add( amountRefundGranted, Amounts.sub( refund.refundAmount, refund.refundFee, refund.totalRefreshCostBound, ).amount, ).amount; } else { amountRefundGone = Amounts.add( amountRefundGone, refund.refundAmount, ).amount; } }); return { amountEffectivePaid: Amounts.parseOrThrow(payInfo.totalPayCost), amountRefundGone, amountRefundGranted, pendingAtExchange, }; } /** * Summary of the refund status of a purchase. */ export interface RefundSummary { pendingAtExchange: boolean; amountEffectivePaid: AmountJson; amountRefundGranted: AmountJson; amountRefundGone: AmountJson; } /** * Accept a refund, return the contract hash for the contract * that was involved in the refund. */ export async function applyRefund( ws: InternalWalletState, talerRefundUri: string, ): Promise { const parseResult = parseRefundUri(talerRefundUri); logger.trace("applying refund", parseResult); if (!parseResult) { throw Error("invalid refund URI"); } const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.indexes.byUrlAndOrderId.get([ parseResult.merchantBaseUrl, parseResult.orderId, ]); }); if (!purchase) { throw Error( `no purchase for the taler://refund/ URI (${talerRefundUri}) was found`, ); } return applyRefundFromPurchaseId(ws, purchase.proposalId); } export async function applyRefundFromPurchaseId( ws: InternalWalletState, proposalId: string, ): Promise { logger.trace("applying refund for purchase", proposalId); logger.info("processing purchase for refund"); const success = await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { logger.error("no purchase found for refund URL"); return false; } if (p.purchaseStatus === PurchaseStatus.Paid) { p.purchaseStatus = PurchaseStatus.QueryingRefund; } await tx.purchases.put(p); return true; }); if (success) { ws.notify({ type: NotificationType.RefundStarted, }); await processPurchaseQueryRefund(ws, proposalId, { forceNow: true, waitForAutoRefund: false, }); } const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase) { throw Error("purchase no longer exists"); } const summary = await calculateRefundSummary(ws, purchase); const download = await expectProposalDownload(ws, purchase); const lastExec = Object.values(purchase.refunds).reduce( (prev, cur) => { return TalerProtocolTimestamp.max(cur.executionTime, prev); }, { t_s: 0 } as TalerProtocolTimestamp, ); const transactionId = lastExec.t_s === "never" || lastExec.t_s === 0 ? makeTransactionId(TransactionType.Payment, proposalId) : makeTransactionId( TransactionType.Refund, proposalId, String(lastExec.t_s), ); return { contractTermsHash: download.contractData.contractTermsHash, proposalId: purchase.proposalId, transactionId, amountEffectivePaid: Amounts.stringify(summary.amountEffectivePaid), amountRefundGone: Amounts.stringify(summary.amountRefundGone), amountRefundGranted: Amounts.stringify(summary.amountRefundGranted), pendingAtExchange: summary.pendingAtExchange, info: { contractTermsHash: download.contractData.contractTermsHash, merchant: download.contractData.merchant, orderId: download.contractData.orderId, products: download.contractData.products, summary: download.contractData.summary, fulfillmentMessage: download.contractData.fulfillmentMessage, summary_i18n: download.contractData.summaryI18n, fulfillmentMessage_i18n: download.contractData.fulfillmentMessageI18n, }, }; } async function queryAndSaveAwaitingRefund( ws: InternalWalletState, purchase: PurchaseRecord, waitForAutoRefund?: boolean, ): Promise { const download = await expectProposalDownload(ws, purchase); const requestUrl = new URL( `orders/${download.contractData.orderId}`, download.contractData.merchantBaseUrl, ); requestUrl.searchParams.set( "h_contract", download.contractData.contractTermsHash, ); // Long-poll for one second if (waitForAutoRefund) { requestUrl.searchParams.set("timeout_ms", "1000"); requestUrl.searchParams.set("await_refund_obtained", "yes"); logger.trace("making long-polling request for auto-refund"); } const resp = await ws.http.get(requestUrl.href); const orderStatus = await readSuccessResponseJsonOrThrow( resp, codecForMerchantOrderStatusPaid(), ); if (!orderStatus.refunded) { // Wait for retry ... return Amounts.zeroOfAmount(download.contractData.amount); } const refundAwaiting = Amounts.sub( Amounts.parseOrThrow(orderStatus.refund_amount), Amounts.parseOrThrow(orderStatus.refund_taken), ).amount; if ( purchase.refundAmountAwaiting === undefined || Amounts.cmp(refundAwaiting, purchase.refundAmountAwaiting) !== 0 ) { await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(purchase.proposalId); if (!p) { logger.warn("purchase does not exist anymore"); return; } p.refundAmountAwaiting = Amounts.stringify(refundAwaiting); await tx.purchases.put(p); }); } return refundAwaiting; } export async function processPurchaseQueryRefund( ws: InternalWalletState, proposalId: string, options: { forceNow?: boolean; waitForAutoRefund?: boolean; } = {}, ): Promise { logger.trace(`processing refund query for proposal ${proposalId}`); const waitForAutoRefund = options.waitForAutoRefund ?? false; const purchase = await ws.db .mktx((x) => [x.purchases]) .runReadOnly(async (tx) => { return tx.purchases.get(proposalId); }); if (!purchase) { return OperationAttemptResult.finishedEmpty(); } if ( !( purchase.purchaseStatus === PurchaseStatus.QueryingAutoRefund || purchase.purchaseStatus === PurchaseStatus.QueryingRefund || purchase.purchaseStatus === PurchaseStatus.AbortingWithRefund ) ) { return OperationAttemptResult.finishedEmpty(); } const download = await expectProposalDownload(ws, purchase); if (purchase.timestampFirstSuccessfulPay) { if ( !purchase.autoRefundDeadline || !AbsoluteTime.isExpired( AbsoluteTime.fromTimestamp(purchase.autoRefundDeadline), ) ) { const awaitingAmount = await queryAndSaveAwaitingRefund( ws, purchase, waitForAutoRefund, ); if (Amounts.isZero(awaitingAmount)) { // Maybe the user wanted to check for refund to find out // that there is no refund pending from merchant await ws.db .mktx((x) => [x.purchases]) .runReadWrite(async (tx) => { const p = await tx.purchases.get(proposalId); if (!p) { logger.warn("purchase does not exist anymore"); return; } p.purchaseStatus = PurchaseStatus.Paid; await tx.purchases.put(p); }); // No new refunds, but we still need to notify // the wallet client that the query finished. ws.notify({ type: NotificationType.RefundQueried, transactionId: makeTransactionId(TransactionType.Payment, proposalId), }); return OperationAttemptResult.finishedEmpty(); } } const requestUrl = new URL( `orders/${download.contractData.orderId}/refund`, download.contractData.merchantBaseUrl, ); logger.trace(`making refund request to ${requestUrl.href}`); const request = await ws.http.postJson(requestUrl.href, { h_contract: download.contractData.contractTermsHash, }); const refundResponse = await readSuccessResponseJsonOrThrow( request, codecForMerchantOrderRefundPickupResponse(), ); await acceptRefunds( ws, proposalId, refundResponse.refunds, RefundReason.NormalRefund, ); } else if (purchase.purchaseStatus === PurchaseStatus.AbortingWithRefund) { const requestUrl = new URL( `orders/${download.contractData.orderId}/abort`, download.contractData.merchantBaseUrl, ); const abortingCoins: AbortingCoin[] = []; const payCoinSelection = purchase.payInfo?.payCoinSelection; if (!payCoinSelection) { throw Error("can't abort, no coins selected"); } await ws.db .mktx((x) => [x.coins]) .runReadOnly(async (tx) => { for (let i = 0; i < payCoinSelection.coinPubs.length; i++) { const coinPub = payCoinSelection.coinPubs[i]; const coin = await tx.coins.get(coinPub); checkDbInvariant(!!coin, "expected coin to be present"); abortingCoins.push({ coin_pub: coinPub, contribution: Amounts.stringify( payCoinSelection.coinContributions[i], ), exchange_url: coin.exchangeBaseUrl, }); } }); const abortReq: AbortRequest = { h_contract: download.contractData.contractTermsHash, coins: abortingCoins, }; logger.trace(`making order abort request to ${requestUrl.href}`); const request = await ws.http.postJson(requestUrl.href, abortReq); const abortResp = await readSuccessResponseJsonOrThrow( request, codecForAbortResponse(), ); const refunds: MerchantCoinRefundStatus[] = []; if (abortResp.refunds.length != abortingCoins.length) { // FIXME: define error code! throw Error("invalid order abort response"); } for (let i = 0; i < abortResp.refunds.length; i++) { const r = abortResp.refunds[i]; refunds.push({ ...r, coin_pub: payCoinSelection.coinPubs[i], refund_amount: Amounts.stringify(payCoinSelection.coinContributions[i]), rtransaction_id: 0, execution_time: AbsoluteTime.toTimestamp( AbsoluteTime.addDuration( AbsoluteTime.fromTimestamp(download.contractData.timestamp), Duration.fromSpec({ seconds: 1 }), ), ), }); } await acceptRefunds(ws, proposalId, refunds, RefundReason.AbortRefund); } return OperationAttemptResult.finishedEmpty(); } export async function abortPayMerchant( ws: InternalWalletState, proposalId: string, cancelImmediately?: boolean, ): Promise { const opId = constructTaskIdentifier({ tag: PendingTaskType.Purchase, proposalId, }); await ws.db .mktx((x) => [ x.purchases, x.refreshGroups, x.denominations, x.coinAvailability, x.coins, x.operationRetries, ]) .runReadWrite(async (tx) => { const purchase = await tx.purchases.get(proposalId); if (!purchase) { throw Error("purchase not found"); } const oldStatus = purchase.purchaseStatus; if (purchase.timestampFirstSuccessfulPay) { // No point in aborting it. We don't even report an error. logger.warn(`tried to abort successful payment`); return; } if (oldStatus === PurchaseStatus.Paying) { purchase.purchaseStatus = PurchaseStatus.AbortingWithRefund; } if ( cancelImmediately && oldStatus === PurchaseStatus.AbortingWithRefund ) { purchase.purchaseStatus = PurchaseStatus.PaymentAbortFinished; } await tx.purchases.put(purchase); if (oldStatus === PurchaseStatus.Paying) { if (purchase.payInfo) { const coinSel = purchase.payInfo.payCoinSelection; const currency = Amounts.currencyOf(purchase.payInfo.totalPayCost); const refreshCoins: CoinRefreshRequest[] = []; for (let i = 0; i < coinSel.coinPubs.length; i++) { refreshCoins.push({ amount: coinSel.coinContributions[i], coinPub: coinSel.coinPubs[i], }); } await createRefreshGroup( ws, tx, currency, refreshCoins, RefreshReason.AbortPay, ); } } await tx.operationRetries.delete(opId); }); runOperationWithErrorReporting(ws, opId, async () => { return await processPurchaseQueryRefund(ws, proposalId, { forceNow: true, }); }); } export function computePayMerchantTransactionState( purchaseRecord: PurchaseRecord, ): TransactionState { switch (purchaseRecord.purchaseStatus) { case PurchaseStatus.DownloadingProposal: return { major: TransactionMajorState.Pending, minor: TransactionMinorState.ClaimProposal, }; case PurchaseStatus.Paid: return { major: TransactionMajorState.Done, }; case PurchaseStatus.PaymentAbortFinished: return { major: TransactionMajorState.Aborted, }; case PurchaseStatus.Proposed: return { major: TransactionMajorState.Dialog, minor: TransactionMinorState.MerchantOrderProposed, }; case PurchaseStatus.ProposalDownloadFailed: return { major: TransactionMajorState.Failed, minor: TransactionMinorState.ClaimProposal, }; case PurchaseStatus.RepurchaseDetected: return { major: TransactionMajorState.Failed, minor: TransactionMinorState.Repurchase, }; case PurchaseStatus.AbortingWithRefund: return { major: TransactionMajorState.Aborting, }; case PurchaseStatus.Paying: return { major: TransactionMajorState.Pending, minor: TransactionMinorState.Pay, }; case PurchaseStatus.PayingReplay: return { major: TransactionMajorState.Pending, minor: TransactionMinorState.RebindSession, }; case PurchaseStatus.ProposalRefused: return { major: TransactionMajorState.Failed, minor: TransactionMinorState.Refused, }; case PurchaseStatus.QueryingAutoRefund: return { major: TransactionMajorState.Pending, minor: TransactionMinorState.AutoRefund, }; case PurchaseStatus.QueryingRefund: return { major: TransactionMajorState.Pending, minor: TransactionMinorState.CheckRefunds, }; } }