diff options
| -rw-r--r-- | src/exchange/taler-exchange-httpd_common_kyc.c | 2 | ||||
| -rw-r--r-- | src/exchangedb/exchange_do_insert_kyc_attributes.sql | 11 | ||||
| -rw-r--r-- | src/kyclogic/kyclogic_api.c | 154 | ||||
| -rwxr-xr-x | src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name | 2 | ||||
| -rwxr-xr-x | src/kyclogic/taler-exchange-helper-measure-freeze | 2 | ||||
| -rwxr-xr-x | src/kyclogic/taler-exchange-helper-measure-test-oauth | 13 | ||||
| -rwxr-xr-x | src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh | 1 | ||||
| -rw-r--r-- | src/testing/test_exchange_p2p.c | 5 |
8 files changed, 122 insertions, 68 deletions
diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c b/src/exchange/taler-exchange-httpd_common_kyc.c index 815ddf64c..ae593467e 100644 --- a/src/exchange/taler-exchange-httpd_common_kyc.c +++ b/src/exchange/taler-exchange-httpd_common_kyc.c @@ -201,7 +201,7 @@ kyc_aml_finished (void *cls, "Stored encrypted KYC process #%llu attributes: %d\n", (unsigned long long) kat->process_row, qs); - if (GNUNET_DB_STATUS_HARD_ERROR == qs) + if (qs <= 0) { GNUNET_break (0); if (NULL != kat->response) diff --git a/src/exchangedb/exchange_do_insert_kyc_attributes.sql b/src/exchangedb/exchange_do_insert_kyc_attributes.sql index 0ff25e917..3a50b1824 100644 --- a/src/exchangedb/exchange_do_insert_kyc_attributes.sql +++ b/src/exchangedb/exchange_do_insert_kyc_attributes.sql @@ -38,6 +38,7 @@ DECLARE orig_reserve_pub BYTEA; orig_reserve_found BOOLEAN; my_trigger_outcome_serial INT8; + my_lmsi INT8; my_i INT4; ini_event TEXT; BEGIN @@ -83,9 +84,17 @@ UPDATE legitimization_processes ,finished=TRUE WHERE h_payto=in_h_payto AND legitimization_process_serial_id=in_process_row - AND provider_name=in_provider_name; + AND provider_name=in_provider_name + RETURNING legitimization_measure_serial_id + INTO my_lmsi; out_ok = FOUND; +IF out_ok +THEN + UPDATE legitimization_measures + SET is_finished=TRUE + WHERE legitimization_measure_serial_id=my_lmsi; +END IF; -- If the h_payto refers to a reserve in the original requirements -- update the originating reserve's birthday. diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c index adfc870fe..60dd3018d 100644 --- a/src/kyclogic/kyclogic_api.c +++ b/src/kyclogic/kyclogic_api.c @@ -417,13 +417,27 @@ TALER_KYCLOGIC_rules_parse (const json_t *jlrs) GNUNET_JSON_spec_end () }; struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs; + const char *err; + unsigned int line; + if (NULL == jlrs) + { + GNUNET_break_op (0); + return NULL; + } if (GNUNET_OK != - GNUNET_JSON_parse (jrules, + GNUNET_JSON_parse (jlrs, spec, - NULL, NULL)) + &err, + &line)) { GNUNET_break_op (0); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Legitimization rules have incorrect input field `%s'\n", + err); + json_dumpf (jlrs, + stderr, + JSON_INDENT (2)); return NULL; } lrs = GNUNET_new (struct TALER_KYCLOGIC_LegitimizationRuleSet); @@ -506,16 +520,16 @@ TALER_KYCLOGIC_rules_parse (const json_t *jlrs) goto cleanup; } rule->lrs = lrs; + rule->next_measures + = GNUNET_new_array (rule->num_measures, + char *); rule->num_measures = json_array_size (jmeasures); if (((size_t) rule->num_measures) != - json_object_size (jmeasures)) + json_array_size (jmeasures)) { GNUNET_break (0); goto cleanup; } - rule->next_measures - = GNUNET_new_array (rule->num_measures, - char *); { size_t j; json_t *jmeasure; @@ -604,7 +618,7 @@ TALER_KYCLOGIC_rules_free (struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs) struct TALER_KYCLOGIC_KycRule *rule = &lrs->kyc_rules[i]; - for (unsigned int j = 0; i<rule->num_measures; j++) + for (unsigned int j = 0; j<rule->num_measures; j++) GNUNET_free (rule->next_measures[j]); GNUNET_free (rule->next_measures); GNUNET_free (rule->rule_name); @@ -2891,10 +2905,11 @@ struct TALER_KYCLOGIC_AmlProgramRunnerHandle * @param result some JSON result, NULL if we failed to get an JSON output */ static void -handle_aml_output (void *cls, - enum GNUNET_OS_ProcessStatusType status_type, - unsigned long code, - const json_t *result) +handle_aml_output ( + void *cls, + enum GNUNET_OS_ProcessStatusType status_type, + unsigned long code, + const json_t *result) { struct TALER_KYCLOGIC_AmlProgramRunnerHandle *aprh = cls; const char *fallback_measure = aprh->program->fallback; @@ -2902,10 +2917,16 @@ handle_aml_output (void *cls, const char **evs = NULL; aprh->proc = NULL; - memset (&apr, + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "AML program output is:\n"); + json_dumpf (result, + stderr, + JSON_INDENT (2)); + memset (apr, 0, - sizeof (apr)); - if (0 != code) + sizeof (*apr)); + if ( (GNUNET_OS_PROCESS_EXITED != status_type) || + (0 != code) ) { apr->status = TALER_KYCLOGIC_AMLR_FAILURE; apr->details.failure.fallback_measure @@ -2949,6 +2970,12 @@ handle_aml_output (void *cls, &err, &line)) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "AML program output is malformed at `%s'\n", + err); + json_dumpf (result, + stderr, + JSON_INDENT (2)); apr->status = TALER_KYCLOGIC_AMLR_FAILURE; apr->details.failure.fallback_measure = fallback_measure; @@ -2958,57 +2985,58 @@ handle_aml_output (void *cls, = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT; goto ready; } - else + apr->details.success.num_events + = json_array_size (jevents); + + GNUNET_assert (((size_t) apr->details.success.num_events) == + json_array_size (jevents)); + evs = GNUNET_new_array ( + apr->details.success.num_events, + const char *); + for (unsigned int i = 0; i<apr->details.success.num_events; i++) { - apr->details.success.num_events - = json_array_size (jevents); - - GNUNET_assert (((size_t) apr->details.success.num_events) == - json_array_size (jevents)); - evs = GNUNET_new_array ( - apr->details.success.num_events, - const char *); - for (unsigned int i = 0; i<apr->details.success.num_events; i++) + evs[i] = json_string_value ( + json_array_get (jevents, + i)); + if (NULL == evs[i]) { - evs[i] = json_string_value ( - json_array_get (jevents, - i)); - if (NULL == evs[i]) - { - apr->status = TALER_KYCLOGIC_AMLR_FAILURE; - apr->details.failure.fallback_measure - = fallback_measure; - apr->details.failure.error_message - = "events"; - apr->details.failure.ec - = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT; - goto ready; - } + apr->status = TALER_KYCLOGIC_AMLR_FAILURE; + apr->details.failure.fallback_measure + = fallback_measure; + apr->details.failure.error_message + = "events"; + apr->details.failure.ec + = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT; + goto ready; } - apr->status = TALER_KYCLOGIC_AMLR_SUCCESS; - apr->details.success.events = evs; - { - /* check new_rules */ - struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs; - - lrs = TALER_KYCLOGIC_rules_parse ( - apr->details.success.new_rules); - if (NULL == lrs) - { - apr->status = TALER_KYCLOGIC_AMLR_FAILURE; - apr->details.failure.fallback_measure - = fallback_measure; - apr->details.failure.error_message - = "new_rules"; - apr->details.failure.ec - = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT; - goto ready; - } - // FIXME: check 'lrs' is well-formed - // (check against configured checks + programs)! + } + apr->status = TALER_KYCLOGIC_AMLR_SUCCESS; + apr->details.success.events = evs; + { + /* check new_rules */ + struct TALER_KYCLOGIC_LegitimizationRuleSet *lrs; - TALER_KYCLOGIC_rules_free (lrs); + lrs = TALER_KYCLOGIC_rules_parse ( + apr->details.success.new_rules); + if (NULL == lrs) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "AML program output is malformed at `%s'\n", + "new_rules"); + + apr->status = TALER_KYCLOGIC_AMLR_FAILURE; + apr->details.failure.fallback_measure + = fallback_measure; + apr->details.failure.error_message + = "new_rules"; + apr->details.failure.ec + = TALER_EC_EXCHANGE_KYC_AML_PROGRAM_MALFORMED_RESULT; + goto ready; } + // FIXME: check 'lrs' is well-formed + // (check against configured checks + programs)! + + TALER_KYCLOGIC_rules_free (lrs); } } ready: @@ -3089,6 +3117,9 @@ TALER_KYCLOGIC_run_aml_program ( "KYC attributes lack required attribute `%s' for AML program %s\n", rattr, prog->program_name); + json_dumpf (attributes, + stderr, + JSON_INDENT (2)); aprh->apr.status = TALER_KYCLOGIC_AMLR_FAILURE; aprh->apr.details.failure.fallback_measure = prog->fallback; @@ -3113,6 +3144,9 @@ TALER_KYCLOGIC_run_aml_program ( "Context lacks required field `%s' for AML program %s\n", rctx, prog->program_name); + json_dumpf (context, + stderr, + JSON_INDENT (2)); aprh->apr.status = TALER_KYCLOGIC_AMLR_FAILURE; aprh->apr.details.failure.fallback_measure = prog->fallback; diff --git a/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name index 5e9fe31ed..495778009 100755 --- a/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name +++ b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name @@ -26,6 +26,8 @@ # Hard error reporting on. set -eu +echo "Running $0" 1>&2 + if [ "${1:-no}" = "--list-outputs" ] then # This converter produces a full name and birthdate. diff --git a/src/kyclogic/taler-exchange-helper-measure-freeze b/src/kyclogic/taler-exchange-helper-measure-freeze index 1a8a43b55..02f8b423d 100755 --- a/src/kyclogic/taler-exchange-helper-measure-freeze +++ b/src/kyclogic/taler-exchange-helper-measure-freeze @@ -18,6 +18,8 @@ # Hard error reporting on. set -eu +echo "Running $0" 1>&2 + # This is a KYC measure program that freezes # the account and flags it for manual investigation. # This is the ultimate fallback measure. diff --git a/src/kyclogic/taler-exchange-helper-measure-test-oauth b/src/kyclogic/taler-exchange-helper-measure-test-oauth index 1f5e1530d..1249e4959 100755 --- a/src/kyclogic/taler-exchange-helper-measure-test-oauth +++ b/src/kyclogic/taler-exchange-helper-measure-test-oauth @@ -18,6 +18,8 @@ # Hard error reporting on. set -eu +echo "Running $0" 1>&2 + # This is a KYC measure program that checks the output # of an OAuth2 authentication, and if it passed, # increases the reserve CLOSE limit to EUR:1000. @@ -39,13 +41,14 @@ then fi # First, check everything we expect is in stdin. -J=$(jq -r 'def get($k): +A=$(jq -r .attributes) +J=$(echo $A | jq -r 'def get($k): if has($k) then .[$k] else error("attribute missing") end; - {"full_name":get("attributes.full_name"), - "birthdate":get("attributes.birthdate")}') + {"full_name":get("full_name"), + "birthdate":get("birthdate")}') # Here we could use those values... echo "$J" >> /dev/null @@ -61,7 +64,7 @@ EXPIRATION=$((3600 * 30 + $(date +%s))) # for the required output format. jq -n \ - --arg expiration "$EXPIRATION" \ + --argjson expiration "$EXPIRATION" \ '{ "to_investigate": false, "new_rules" : { "new_check" : "info-oauth-test-passed", @@ -77,3 +80,5 @@ jq -n \ } ] } }' < /dev/null + +exit 0 diff --git a/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh b/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh index 76f9f16c4..00a6fce07 100755 --- a/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh +++ b/src/kyclogic/taler-exchange-kyc-oauth2-test-converter.sh @@ -9,6 +9,7 @@ # Die if anything goes wrong. set -eu +echo "Running $0" 1>&2 # First, extract everything from stdin. J=$(jq '{"id":.data.id,"first":.data.first_name,"last":.data.last_name,"birthdate":.data.birthdate,"status":.status}') diff --git a/src/testing/test_exchange_p2p.c b/src/testing/test_exchange_p2p.c index 7ac5e260c..8fae0864e 100644 --- a/src/testing/test_exchange_p2p.c +++ b/src/testing/test_exchange_p2p.c @@ -477,8 +477,9 @@ run (void *cls, MHD_HTTP_NOT_FOUND, "nx-attribute-name", NULL), - TALER_TESTING_cmd_oauth ( + TALER_TESTING_cmd_oauth_with_birthdate ( "start-oauth-service", + "2015-00-00", 6666), TALER_TESTING_cmd_reserve_close ( "reserve-101-close-kyc", @@ -518,7 +519,7 @@ run (void *cls, "check-kyc-close-ok", "reserve-101-close-kyc", "setup-account-key", - MHD_HTTP_NO_CONTENT), + MHD_HTTP_OK), /* Now it should pass */ TALER_TESTING_cmd_reserve_close ( "reserve-101-close", |