diff options
| author | Christian Grothoff <christian@grothoff.org> | 2023-01-28 12:20:18 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2023-01-28 12:20:18 +0100 |
| commit | 8c5a12302ef6a1962121770c1ee67d3a1eaae042 (patch) | |
| tree | 9fe26e348adf51fedfbbb7421d46f0b35798921a /src/kyclogic | |
| parent | 35d50ba36a2d7b9896ed18eb68514c8c83375574 (diff) | |
-debug KYC webhook logic
Diffstat (limited to 'src/kyclogic')
| -rw-r--r-- | src/kyclogic/kyclogic-kycaid.conf | 2 | ||||
| -rw-r--r-- | src/kyclogic/kyclogic-oauth2.conf | 2 | ||||
| -rw-r--r-- | src/kyclogic/kyclogic-persona.conf | 9 | ||||
| -rw-r--r-- | src/kyclogic/plugin_kyclogic_persona.c | 46 | ||||
| -rw-r--r-- | src/kyclogic/taler-exchange-kyc-tester.c | 64 |
5 files changed, 72 insertions, 51 deletions
diff --git a/src/kyclogic/kyclogic-kycaid.conf b/src/kyclogic/kyclogic-kycaid.conf index 3cfb0e790..0e1fe96ef 100644 --- a/src/kyclogic/kyclogic-kycaid.conf +++ b/src/kyclogic/kyclogic-kycaid.conf @@ -18,5 +18,5 @@ KYC_KYCAID_AUTH_TOKEN = XXX # Form to use. KYC_KYCAID_FORM_ID = XXX -# Authentication token to use. +# URL to go to after the process is complete. KYC_KYCAID_POST_URL = https://example.com/ diff --git a/src/kyclogic/kyclogic-oauth2.conf b/src/kyclogic/kyclogic-oauth2.conf index d3df585d8..40e0bd127 100644 --- a/src/kyclogic/kyclogic-oauth2.conf +++ b/src/kyclogic/kyclogic-oauth2.conf @@ -32,4 +32,4 @@ KYC_OAUTH2_CLIENT_SECRET = password # This is just an example, details will depend on the # provider! # -KYC_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"
\ No newline at end of file +KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"fullname":"{{first_name}} {{last_name}}","phone":"{{phone}}"}"
\ No newline at end of file diff --git a/src/kyclogic/kyclogic-persona.conf b/src/kyclogic/kyclogic-persona.conf index e29d19dba..7f02bf498 100644 --- a/src/kyclogic/kyclogic-persona.conf +++ b/src/kyclogic/kyclogic-persona.conf @@ -6,7 +6,10 @@ [kyclogic-persona] -# Optional authorization token for the webhook +# Optional authorization token for the webhook. +# This must be the same for all uses of the +# Persona provider, and is thus not in a +# template-specific section. #WEBHOOK_AUTH_TOKEN = wbhsec_698b5a19-c790-47f6-b396-deb572ec82f9 @@ -31,3 +34,7 @@ KYC_PERSONA_TEMPLATE_ID = itempl_Uj6Xxxxx # Where do we redirect to after KYC finished successfully. KYC_PERSONA_POST_URL = https://taler.net/ + +# Salt to give to requests for idempotency. +# Optional. +# KYC_PERSONA_SALT = salt
\ No newline at end of file diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c index 2eec8a10e..50afb4241 100644 --- a/src/kyclogic/plugin_kyclogic_persona.c +++ b/src/kyclogic/plugin_kyclogic_persona.c @@ -942,35 +942,35 @@ convert_attributes (const json_t *attr) const char *birthdate = NULL; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("country_code", + GNUNET_JSON_spec_string ("country-code", &country_code), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("name_first", + GNUNET_JSON_spec_string ("name-first", &name_first), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("name_middle", + GNUNET_JSON_spec_string ("name-middle", &name_middle), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("name_last", + GNUNET_JSON_spec_string ("name-last", &name_last), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("address_street_1", + GNUNET_JSON_spec_string ("address-street-1", &address_street_1), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("address_street_2", + GNUNET_JSON_spec_string ("address-street-2", &address_street_2), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("address_city", + GNUNET_JSON_spec_string ("address-city", &address_city), NULL), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("address_postal_code", + GNUNET_JSON_spec_string ("address-postal-code", &address_postal_code), NULL), GNUNET_JSON_spec_mark_optional ( @@ -991,8 +991,8 @@ convert_attributes (const json_t *attr) } { char *name = NULL; - char *address_street = NULL; - char *address_city = NULL; + char *street = NULL; + char *city = NULL; if ( (NULL != name_last) || (NULL != name_first) || @@ -1013,7 +1013,7 @@ convert_attributes (const json_t *attr) if ( (NULL != address_city) || (NULL != address_postal_code) ) { - GNUNET_asprintf (&address_city, + GNUNET_asprintf (&city, "%s%s%s %s", (NULL != country_code) ? country_code @@ -1031,7 +1031,7 @@ convert_attributes (const json_t *attr) if ( (NULL != address_street_1) || (NULL != address_street_2) ) { - GNUNET_asprintf (&address_street, + GNUNET_asprintf (&street, "%s%s%s", (NULL != address_street_1) ? address_street_1 @@ -1056,16 +1056,18 @@ convert_attributes (const json_t *attr) GNUNET_JSON_pack_allow_null ( GNUNET_JSON_pack_string ( TALER_ATTRIBUTE_ADDRESS_STREET, - address_street)), + street)), GNUNET_JSON_pack_allow_null ( GNUNET_JSON_pack_string ( TALER_ATTRIBUTE_ADDRESS_CITY, - address_city)), + city)), GNUNET_JSON_pack_allow_null ( GNUNET_JSON_pack_string ( TALER_ATTRIBUTE_RESIDENCES, country_code)) ); + GNUNET_free (street); + GNUNET_free (city); GNUNET_free (name); } return ret; @@ -1170,7 +1172,6 @@ handle_proof_finished (void *cls, const char *type = NULL; json_t *attributes; json_t *relationships; - json_t *included; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("type", &type), @@ -1180,8 +1181,6 @@ handle_proof_finished (void *cls, &attributes), GNUNET_JSON_spec_json ("relationships", &relationships), - GNUNET_JSON_spec_json ("included", - &included), GNUNET_JSON_spec_end () }; @@ -1210,10 +1209,10 @@ handle_proof_finished (void *cls, struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ("status", &status), - GNUNET_JSON_spec_string ("reference_id", + GNUNET_JSON_spec_string ("reference-id", &reference_id), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("expired_at", + GNUNET_JSON_spec_string ("expired-at", &expired_at), NULL), GNUNET_JSON_spec_end () @@ -1319,7 +1318,7 @@ handle_proof_finished (void *cls, struct GNUNET_TIME_Absolute expiration; json_t *attr; - attr = extract_attributes (included); + attr = convert_attributes (attributes); if (NULL == attr) { GNUNET_break_op (0); @@ -1744,10 +1743,10 @@ handle_webhook_finished (void *cls, struct GNUNET_JSON_Specification ispec[] = { GNUNET_JSON_spec_string ("status", &status), - GNUNET_JSON_spec_string ("reference_id", + GNUNET_JSON_spec_string ("reference-id", &reference_id), GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_string ("expired_at", + GNUNET_JSON_spec_string ("expired-at", &expired_at), NULL), GNUNET_JSON_spec_end () @@ -2081,7 +2080,7 @@ persona_webhook (void *cls, "payload"), "data"), "relationships"), - "inquiry_template"), + "inquiry-template"), "data"), "id")); if (NULL == wh->template_id) @@ -2124,7 +2123,6 @@ persona_webhook (void *cls, return wh; } - persona_inquiry_id = json_string_value ( json_object_get ( diff --git a/src/kyclogic/taler-exchange-kyc-tester.c b/src/kyclogic/taler-exchange-kyc-tester.c index bb9c61d5b..84324f839 100644 --- a/src/kyclogic/taler-exchange-kyc-tester.c +++ b/src/kyclogic/taler-exchange-kyc-tester.c @@ -459,7 +459,6 @@ webhook_finished_cb ( (void) expiration; (void) provider_section; kwh->wh = NULL; - GNUNET_break (NULL != attributes); GNUNET_break (0 == GNUNET_memcmp (account_id, &cmd_line_h_payto)); GNUNET_break (0 == strcmp (provider_user_id, @@ -474,6 +473,12 @@ webhook_finished_cb ( "KYC successful for user `%s' (legi: %s)\n", provider_user_id, provider_legitimization_id); + GNUNET_break (NULL != attributes); + fprintf (stderr, + "Extracted attributes:\n"); + json_dumpf (attributes, + stderr, + JSON_INDENT (2)); break; default: GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -563,6 +568,9 @@ handler_kyc_webhook_generic ( { struct KycWebhookContext *kwh = rc->rh_ctx; + json_dumpf (root, + stderr, + JSON_INDENT (2)); if (NULL == kwh) { /* first time */ kwh = GNUNET_new (struct KycWebhookContext); @@ -570,11 +578,12 @@ handler_kyc_webhook_generic ( rc->rh_ctx = kwh; rc->rh_cleaner = &clean_kwh; - if (GNUNET_OK != - TALER_KYCLOGIC_lookup_logic (args[0], - &kwh->plugin, - &kwh->pd, - &kwh->section_name)) + if ( (NULL == args[0]) || + (GNUNET_OK != + TALER_KYCLOGIC_lookup_logic (args[0], + &kwh->plugin, + &kwh->pd, + &kwh->section_name)) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "KYC logic `%s' unknown (check KYC provider configuration)\n", @@ -584,14 +593,6 @@ handler_kyc_webhook_generic ( TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_UNKNOWN, args[0]); } - if (0 != strcmp (args[0], - kwh->section_name)) - { - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "$PROVIDER_SECTION"); - } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calling KYC provider specific webhook\n"); kwh->wh = kwh->plugin->webhook (kwh->plugin->cls, @@ -652,6 +653,8 @@ handler_kyc_webhook_get ( struct TEKT_RequestContext *rc, const char *const args[]) { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Webhook GET triggered\n"); return handler_kyc_webhook_generic (rc, MHD_HTTP_METHOD_GET, NULL, @@ -673,6 +676,8 @@ handler_kyc_webhook_post ( const json_t *root, const char *const args[]) { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Webhook POST triggered\n"); return handler_kyc_webhook_generic (rc, MHD_HTTP_METHOD_POST, root, @@ -715,17 +720,26 @@ proof_cb ( status, http_status, provider_user_id); - if (NULL != attributes) + if (TALER_KYCLOGIC_STATUS_SUCCESS == status) + { + GNUNET_break (NULL != attributes); + fprintf (stderr, + "Extracted attributes:\n"); json_dumpf (attributes, stderr, JSON_INDENT (2)); - MHD_resume_connection (rs->rc->connection); - TALER_MHD_daemon_trigger (); + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Returning response %p with status %u\n", + response, + http_status); rs->rc->response = response; rs->rc->http_status = http_status; GNUNET_CONTAINER_DLL_remove (rs_head, rs_tail, rs); + MHD_resume_connection (rs->rc->connection); + TALER_MHD_daemon_trigger (); GNUNET_free (rs); } @@ -750,6 +764,8 @@ handler_kyc_proof_get ( const char *section_name; const char *h_paytos; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "GET /kyc-proof triggered\n"); if (NULL == args[0]) { GNUNET_break_op (0); @@ -1162,14 +1178,14 @@ handle_mhd_request (void *cls, } /* cache to avoid the loop next time */ rc->rh = rh; - /* run handler */ - return proceed_with_handler (rc, - url + tok_size + 1, - upload_data, - upload_data_size); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Handler found for %s '%s'\n", + method, + url); + return MHD_YES; } - if (found) /* FIXME: this can never be true right now */ + if (found) { /* we found a matching address, but the method is wrong */ struct MHD_Response *reply; @@ -1348,7 +1364,7 @@ initiate_cb ( return; } fprintf (stdout, - "Visit `%s' to begin KYC process (-u: '%s', -U: '%s')\n", + "Visit `%s' to begin KYC process.\nAlso use: taler-exchange-kyc-tester -w -u '%s' -U '%s'\n", redirect_url, provider_user_id, provider_legitimization_id); |