aboutsummaryrefslogtreecommitdiff
path: root/src/kyclogic
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2024-07-25 15:25:39 +0200
committerChristian Grothoff <christian@grothoff.org>2024-07-29 12:18:48 +0200
commitccb799456e4010c0258929605512449fd0beaf87 (patch)
tree3bfa7afda3d49556f361739153205483666122e6 /src/kyclogic
parent1060d677ba1002486940fc814fad16dc1452894b (diff)
-misc bugfixes
Diffstat (limited to 'src/kyclogic')
-rw-r--r--src/kyclogic/kyclogic_api.c154
-rwxr-xr-xsrc/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name2
-rwxr-xr-xsrc/kyclogic/taler-exchange-helper-measure-freeze2
-rwxr-xr-xsrc/kyclogic/taler-exchange-helper-measure-test-oauth13
-rwxr-xr-xsrc/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh1
5 files changed, 108 insertions, 64 deletions
diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
index adfc870fe..60dd3018d 100644
--- a/src/kyclogic/kyclogic_api.c
+++ b/src/kyclogic/kyclogic_api.c
@@ -417,13 +417,27 @@ TALER_KYCLOGIC_rules_parse (const json_t *jlrs)
GNUNET_JSON_spec_end ()
};
struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs;
+ const char *err;
+ unsigned int line;
+ if (NULL == jlrs)
+ {
+ GNUNET_break_op (0);
+ return NULL;
+ }
if (GNUNET_OK !=
- GNUNET_JSON_parse (jrules,
+ GNUNET_JSON_parse (jlrs,
spec,
- NULL, NULL))
+ &err,
+ &line))
{
GNUNET_break_op (0);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Legitimization rules have incorrect input field `%s'\n",
+ err);
+ json_dumpf (jlrs,
+ stderr,
+ JSON_INDENT (2));
return NULL;
}
lrs = GNUNET_new (struct TALER_KYCLOGIC_LegitimizationRuleSet);
@@ -506,16 +520,16 @@ TALER_KYCLOGIC_rules_parse (const json_t *jlrs)
goto cleanup;
}
rule->lrs = lrs;
+ rule->next_measures
+ = GNUNET_new_array (rule->num_measures,
+ char *);
rule->num_measures = json_array_size (jmeasures);
if (((size_t) rule->num_measures) !=
- json_object_size (jmeasures))
+ json_array_size (jmeasures))
{
GNUNET_break (0);
goto cleanup;
}
- rule->next_measures
- = GNUNET_new_array (rule->num_measures,
- char *);
{
size_t j;
json_t *jmeasure;
@@ -604,7 +618,7 @@ TALER_KYCLOGIC_rules_free (struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs)
struct TALER_KYCLOGIC_KycRule *rule
= &lrs->kyc_rules[i];
- for (unsigned int j = 0; i<rule->num_measures; j++)
+ for (unsigned int j = 0; j<rule->num_measures; j++)
GNUNET_free (rule->next_measures[j]);
GNUNET_free (rule->next_measures);
GNUNET_free (rule->rule_name);
@@ -2891,10 +2905,11 @@ struct TALER_KYCLOGIC_AmlProgramRunnerHandle
* @param result some JSON result, NULL if we failed to get an JSON output
*/
static void
-handle_aml_output (void *cls,
- enum GNUNET_OS_ProcessStatusType status_type,
- unsigned long code,
- const json_t *result)
+handle_aml_output (
+ void *cls,
+ enum GNUNET_OS_ProcessStatusType status_type,
+ unsigned long code,
+ const json_t *result)
{
struct TALER_KYCLOGIC_AmlProgramRunnerHandle *aprh = cls;
const char *fallback_measure = aprh->program->fallback;
@@ -2902,10 +2917,16 @@ handle_aml_output (void *cls,
const char **evs = NULL;
aprh->proc = NULL;
- memset (&apr,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "AML program output is:\n");
+ json_dumpf (result,
+ stderr,
+ JSON_INDENT (2));
+ memset (apr,
0,
- sizeof (apr));
- if (0 != code)
+ sizeof (*apr));
+ if ( (GNUNET_OS_PROCESS_EXITED != status_type) ||
+ (0 != code) )
{
apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
apr->details.failure.fallback_measure
@@ -2949,6 +2970,12 @@ handle_aml_output (void *cls,
&err,
&line))
{
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "AML program output is malformed at `%s'\n",
+ err);
+ json_dumpf (result,
+ stderr,
+ JSON_INDENT (2));
apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
apr->details.failure.fallback_measure
= fallback_measure;
@@ -2958,57 +2985,58 @@ handle_aml_output (void *cls,
= TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT;
goto ready;
}
- else
+ apr->details.success.num_events
+ = json_array_size (jevents);
+
+ GNUNET_assert (((size_t) apr->details.success.num_events) ==
+ json_array_size (jevents));
+ evs = GNUNET_new_array (
+ apr->details.success.num_events,
+ const char *);
+ for (unsigned int i = 0; i<apr->details.success.num_events; i++)
{
- apr->details.success.num_events
- = json_array_size (jevents);
-
- GNUNET_assert (((size_t) apr->details.success.num_events) ==
- json_array_size (jevents));
- evs = GNUNET_new_array (
- apr->details.success.num_events,
- const char *);
- for (unsigned int i = 0; i<apr->details.success.num_events; i++)
+ evs[i] = json_string_value (
+ json_array_get (jevents,
+ i));
+ if (NULL == evs[i])
{
- evs[i] = json_string_value (
- json_array_get (jevents,
- i));
- if (NULL == evs[i])
- {
- apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
- apr->details.failure.fallback_measure
- = fallback_measure;
- apr->details.failure.error_message
- = "events";
- apr->details.failure.ec
- = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT;
- goto ready;
- }
+ apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
+ apr->details.failure.fallback_measure
+ = fallback_measure;
+ apr->details.failure.error_message
+ = "events";
+ apr->details.failure.ec
+ = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT;
+ goto ready;
}
- apr->status = TALER_KYCLOGIC_AMLR_SUCCESS;
- apr->details.success.events = evs;
- {
- /* check new_rules */
- struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs;
-
- lrs = TALER_KYCLOGIC_rules_parse (
- apr->details.success.new_rules);
- if (NULL == lrs)
- {
- apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
- apr->details.failure.fallback_measure
- = fallback_measure;
- apr->details.failure.error_message
- = "new_rules";
- apr->details.failure.ec
- = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT;
- goto ready;
- }
- // FIXME: check 'lrs' is well-formed
- // (check against configured checks + programs)!
+ }
+ apr->status = TALER_KYCLOGIC_AMLR_SUCCESS;
+ apr->details.success.events = evs;
+ {
+ /* check new_rules */
+ struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs;
- TALER_KYCLOGIC_rules_free (lrs);
+ lrs = TALER_KYCLOGIC_rules_parse (
+ apr->details.success.new_rules);
+ if (NULL == lrs)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "AML program output is malformed at `%s'\n",
+ "new_rules");
+
+ apr->status = TALER_KYCLOGIC_AMLR_FAILURE;
+ apr->details.failure.fallback_measure
+ = fallback_measure;
+ apr->details.failure.error_message
+ = "new_rules";
+ apr->details.failure.ec
+ = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT;
+ goto ready;
}
+ // FIXME: check 'lrs' is well-formed
+ // (check against configured checks + programs)!
+
+ TALER_KYCLOGIC_rules_free (lrs);
}
}
ready:
@@ -3089,6 +3117,9 @@ TALER_KYCLOGIC_run_aml_program (
"KYC attributes lack required attribute `%s' for AML program %s\n",
rattr,
prog->program_name);
+ json_dumpf (attributes,
+ stderr,
+ JSON_INDENT (2));
aprh->apr.status = TALER_KYCLOGIC_AMLR_FAILURE;
aprh->apr.details.failure.fallback_measure
= prog->fallback;
@@ -3113,6 +3144,9 @@ TALER_KYCLOGIC_run_aml_program (
"Context lacks required field `%s' for AML program %s\n",
rctx,
prog->program_name);
+ json_dumpf (context,
+ stderr,
+ JSON_INDENT (2));
aprh->apr.status = TALER_KYCLOGIC_AMLR_FAILURE;
aprh->apr.details.failure.fallback_measure
= prog->fallback;
diff --git a/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
index 5e9fe31ed..495778009 100755
--- a/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
+++ b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
@@ -26,6 +26,8 @@
# Hard error reporting on.
set -eu
+echo "Running $0" 1>&2
+
if [ "${1:-no}" = "--list-outputs" ]
then
# This converter produces a full name and birthdate.
diff --git a/src/kyclogic/taler-exchange-helper-measure-freeze b/src/kyclogic/taler-exchange-helper-measure-freeze
index 1a8a43b55..02f8b423d 100755
--- a/src/kyclogic/taler-exchange-helper-measure-freeze
+++ b/src/kyclogic/taler-exchange-helper-measure-freeze
@@ -18,6 +18,8 @@
# Hard error reporting on.
set -eu
+echo "Running $0" 1>&2
+
# This is a KYC measure program that freezes
# the account and flags it for manual investigation.
# This is the ultimate fallback measure.
diff --git a/src/kyclogic/taler-exchange-helper-measure-test-oauth b/src/kyclogic/taler-exchange-helper-measure-test-oauth
index 1f5e1530d..1249e4959 100755
--- a/src/kyclogic/taler-exchange-helper-measure-test-oauth
+++ b/src/kyclogic/taler-exchange-helper-measure-test-oauth
@@ -18,6 +18,8 @@
# Hard error reporting on.
set -eu
+echo "Running $0" 1>&2
+
# This is a KYC measure program that checks the output
# of an OAuth2 authentication, and if it passed,
# increases the reserve CLOSE limit to EUR:1000.
@@ -39,13 +41,14 @@ then
fi
# First, check everything we expect is in stdin.
-J=$(jq -r 'def get($k):
+A=$(jq -r .attributes)
+J=$(echo $A | jq -r 'def get($k):
if has($k)
then .[$k]
else error("attribute missing")
end;
- {"full_name":get("attributes.full_name"),
- "birthdate":get("attributes.birthdate")}')
+ {"full_name":get("full_name"),
+ "birthdate":get("birthdate")}')
# Here we could use those values...
echo "$J" >> /dev/null
@@ -61,7 +64,7 @@ EXPIRATION=$((3600 * 30 + $(date +%s)))
# for the required output format.
jq -n \
- --arg expiration "$EXPIRATION" \
+ --argjson expiration "$EXPIRATION" \
'{ "to_investigate": false,
"new_rules" : {
"new_check" : "info-oauth-test-passed",
@@ -77,3 +80,5 @@ jq -n \
} ]
}
}' < /dev/null
+
+exit 0
diff --git a/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh b/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh
index 76f9f16c4..00a6fce07 100755
--- a/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh
+++ b/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh
@@ -9,6 +9,7 @@
# Die if anything goes wrong.
set -eu
+echo "Running $0" 1>&2
# First, extract everything from stdin.
J=$(jq '{"id":.data.id,"first":.data.first_name,"last":.data.last_name,"birthdate":.data.birthdate,"status":.status}')
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-20 02:54:50 +0000