aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2024-08-08 10:02:56 +0200
committerChristian Grothoff <christian@grothoff.org>2024-08-08 10:02:56 +0200
commit8339980393cf93b947f5b1fa50aa669d6a8d9177 (patch)
treecf42e1f98a5e4628f77cf1f1672bbcbebe0962a9
parenta9a40d1e58f0b2d48285511dc8f216f6d99e115d (diff)
add clear option to enable/disable KYC
-rw-r--r--src/exchange/exchange.conf4
-rw-r--r--src/exchange/taler-exchange-aggregator.c15
-rw-r--r--src/exchange/taler-exchange-httpd.c33
-rw-r--r--src/exchange/taler-exchange-httpd.h4
-rw-r--r--src/exchange/taler-exchange-httpd_common_kyc.c14
-rw-r--r--src/exchange/taler-exchange-httpd_keys.c3
-rw-r--r--src/exchange/taler-exchange-httpd_kyc-check.c2
-rw-r--r--src/include/taler_kyclogic_lib.h10
-rw-r--r--src/kyclogic/kyclogic_api.c15
-rw-r--r--src/testing/test_exchange_api.conf1
-rw-r--r--src/testing/test_exchange_api_age_restriction.conf1
11 files changed, 52 insertions, 50 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index cc534de1a..f88c8e7b0 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -20,8 +20,8 @@ CURRENCY_FRACTION_DIGITS = 2
# in the database. Should be a high-entropy nonce.
ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE
-# Set to NO to disable rewards.
-ENABLE_REWARDS = YES
+# Set to YES to enable AML/KYC.
+ENABLE_KYC = NO
# How long do we allow /keys to be cached at most? The actual
# limit is the minimum of this value and the first expected
diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c
index ab65829d5..b4ff32cd2 100644
--- a/src/exchange/taler-exchange-aggregator.c
+++ b/src/exchange/taler-exchange-aggregator.c
@@ -268,6 +268,21 @@ shutdown_task (void *cls)
static enum GNUNET_GenericReturnValue
parse_aggregator_config (void)
{
+ enum GNUNET_GenericReturnValue enable_kyc;
+
+ enable_kyc
+ = GNUNET_CONFIGURATION_get_value_yesno (
+ cfg,
+ "exchange",
+ "ENABLE_KYC");
+ if (GNUNET_SYSERR == enable_kyc)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Need YES or NO in section `exchange' under `ENABLE_KYC'\n");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_NO == enable_kyc)
+ kyc_off = true;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (cfg,
"exchange",
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index b04a56429..38bf10719 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -181,11 +181,6 @@ static char *toplevel_redirect_url;
char *TEH_currency;
/**
- * Option set to #GNUNET_YES if rewards are enabled.
- */
-int TEH_enable_rewards;
-
-/**
* Our base URL.
*/
char *TEH_base_url;
@@ -201,6 +196,11 @@ static unsigned int connection_timeout = 30;
static int connection_close;
/**
+ * Option set to #GNUNET_YES if KYC/AML are enabled.
+ */
+int TEH_enable_kyc;
+
+/**
* -I command-line flag given?
*/
int TEH_check_invariants_flag;
@@ -2115,6 +2115,17 @@ handle_mhd_request (void *cls,
static enum GNUNET_GenericReturnValue
exchange_serve_process_config (void)
{
+ TEH_enable_kyc
+ = GNUNET_CONFIGURATION_get_value_yesno (
+ TEH_cfg,
+ "exchange",
+ "ENABLE_KYC");
+ if (GNUNET_SYSERR == TEH_enable_kyc)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Need YES or NO in section `exchange' under `ENABLE_KYC'\n");
+ return GNUNET_SYSERR;
+ }
if (GNUNET_OK !=
TALER_KYCLOGIC_kyc_init (TEH_cfg))
{
@@ -2222,18 +2233,6 @@ exchange_serve_process_config (void)
TEH_stefan_lin = 0.0f;
}
- TEH_enable_rewards
- = GNUNET_CONFIGURATION_get_value_yesno (
- TEH_cfg,
- "exchange",
- "ENABLE_REWARDS");
- if (GNUNET_SYSERR == TEH_enable_rewards)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Need YES or NO in section `exchange' under `ENABLE_REWARDS'\n")
- ;
- return GNUNET_SYSERR;
- }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange",
diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h
index 293455af6..7bdc79649 100644
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@@ -65,9 +65,9 @@ extern int TEH_check_invariants_flag;
extern int TEH_allow_keys_timetravel;
/**
- * Option set to #GNUNET_YES if rewards are allowed.
+ * Option set to #GNUNET_YES if KYC/AML are enabled.
*/
-extern int TEH_enable_rewards;
+extern int TEH_enable_kyc;
/**
* Main directory with revocation data.
diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c b/src/exchange/taler-exchange-httpd_common_kyc.c
index b01d5fbe6..8bcda3977 100644
--- a/src/exchange/taler-exchange-httpd_common_kyc.c
+++ b/src/exchange/taler-exchange-httpd_common_kyc.c
@@ -1435,7 +1435,19 @@ legitimization_check_run (
enum GNUNET_DB_QueryStatus qs;
const struct TALER_KYCLOGIC_Measure *instant_ms;
- // FIXME: add global flag to disable legitimizations!
+ if (! TEH_enable_kyc)
+ {
+ /* AML/KYC disabled, just immediately return success! */
+ lch->lcr.kyc.requirement_row = 0;
+ lch->lcr.kyc.ok = true;
+ lch->lcr.http_status = 0;
+ lch->lcr.response = NULL;
+ lch->async_task
+ = GNUNET_SCHEDULER_add_now (
+ &async_return_legi_result,
+ lch);
+ return;
+ }
// FIXME: enter (+exit) lch->scope!
{
json_t *jrules;
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index 650cce4df..490e4a9ac 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -2422,8 +2422,7 @@ create_krd (struct TEH_KeyStateHandle *ksh,
GNUNET_JSON_pack_string ("asset_type",
asset_type),
GNUNET_JSON_pack_bool ("rewards_allowed",
- GNUNET_YES ==
- TEH_enable_rewards),
+ false),
GNUNET_JSON_pack_data_auto ("master_public_key",
&TEH_master_public_key),
GNUNET_JSON_pack_time_rel ("reserve_closing_delay",
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c
index 9481ea002..78073d83b 100644
--- a/src/exchange/taler-exchange-httpd_kyc-check.c
+++ b/src/exchange/taler-exchange-httpd_kyc-check.c
@@ -230,7 +230,7 @@ TEH_handler_kyc_check (
&kyp->timeout);
}
- if (! TALER_KYCLOGIC_is_enabled ())
+ if (! TEH_enable_kyc)
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"KYC not enabled\n");
diff --git a/src/include/taler_kyclogic_lib.h b/src/include/taler_kyclogic_lib.h
index 9dbcf92fd..b852ba14c 100644
--- a/src/include/taler_kyclogic_lib.h
+++ b/src/include/taler_kyclogic_lib.h
@@ -400,16 +400,6 @@ TALER_KYCLOGIC_is_satisfiable (
/**
- * Check if any KYC checks are enabled.
- *
- * @return true if KYC is enabled
- * false if no KYC checks are possible
- */
-bool
-TALER_KYCLOGIC_is_enabled (void);
-
-
-/**
* A KYC rule @a r has been triggered. Convert the resulting requirements into
* JSON of type ``LegitimizationMeasures`` for the legitimization measures table.
*
diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
index 7c52b93c3..d0b8b7315 100644
--- a/src/kyclogic/kyclogic_api.c
+++ b/src/kyclogic/kyclogic_api.c
@@ -2325,25 +2325,10 @@ TALER_KYCLOGIC_kyc_init (
return GNUNET_SYSERR;
}
}
-
-
return GNUNET_OK;
}
-/**
- * Check if any KYC checks are enabled.
- *
- * @return true if KYC is enabled
- * false if no KYC checks are possible
- */
-bool
-TALER_KYCLOGIC_is_enabled (void)
-{
- return 0 != num_kyc_providers;
-}
-
-
void
TALER_KYCLOGIC_kyc_done (void)
{
diff --git a/src/testing/test_exchange_api.conf b/src/testing/test_exchange_api.conf
index 008aaa919..2215918b3 100644
--- a/src/testing/test_exchange_api.conf
+++ b/src/testing/test_exchange_api.conf
@@ -49,6 +49,7 @@ EXPIRE_SHARD_SIZE ="300 ms"
EXPIRE_IDLE_SLEEP_INTERVAL ="1 s"
STEFAN_ABS = EUR:0
STEFAN_LOG = EUR:0.005
+ENABLE_KYC = YES
[exchangedb-postgres]
CONFIG = "postgres:///talercheck"
diff --git a/src/testing/test_exchange_api_age_restriction.conf b/src/testing/test_exchange_api_age_restriction.conf
index d7780e7e2..d814519da 100644
--- a/src/testing/test_exchange_api_age_restriction.conf
+++ b/src/testing/test_exchange_api_age_restriction.conf
@@ -29,6 +29,7 @@ DB = postgres
BASE_URL = "http://localhost:8081/"
EXPIRE_SHARD_SIZE ="300 ms"
EXPIRE_IDLE_SLEEP_INTERVAL ="1 s"
+ENABLE_KYC = YES
[exchangedb-postgres]
CONFIG = "postgres:///talercheck"