From b496b8fed5bcef74e79bad7351cab98aae6a7dd7 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <grothoff@gnunet.org>
Date: Sat, 16 Apr 2022 17:51:27 +0200
Subject: add more flexibility to endpoint naming for KYC

---
 src/exchange/taler-exchange-httpd.c           | 36 ++++++++++++++++++++++++---
 src/exchange/taler-exchange-httpd.h           |  8 +++++-
 src/exchange/taler-exchange-httpd_kyc-check.c |  4 +--
 src/exchange/taler-exchange-httpd_kyc-proof.c |  8 +++---
 src/testing/test_exchange_api.c               |  4 +--
 src/testing/test_kyc_api.conf                 |  3 ++-
 6 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index aa3a7c412..fb3129591 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -1413,12 +1413,12 @@ parse_kyc_oauth_cfg (void)
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
                                              "exchange-kyc-oauth2",
-                                             "KYC_OAUTH2_URL",
+                                             "KYC_OAUTH2_AUTH_URL",
                                              &s))
   {
     GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
                                "exchange-kyc-oauth2",
-                               "KYC_OAUTH2_URL");
+                               "KYC_OAUTH2_AUTH_URL");
     return GNUNET_SYSERR;
   }
   if ( (! TALER_url_valid_charset (s)) ||
@@ -1431,12 +1431,40 @@ parse_kyc_oauth_cfg (void)
   {
     GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
                                "exchange-kyc-oauth2",
-                               "KYC_OAUTH2_URL",
+                               "KYC_OAUTH2_AUTH_URL",
                                "not a valid URL");
     GNUNET_free (s);
     return GNUNET_SYSERR;
   }
-  TEH_kyc_config.details.oauth2.url = s;
+  TEH_kyc_config.details.oauth2.auth_url = s;
+
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+                                             "exchange-kyc-oauth2",
+                                             "KYC_OAUTH2_LOGIN_URL",
+                                             &s))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_LOGIN_URL");
+    return GNUNET_SYSERR;
+  }
+  if ( (! TALER_url_valid_charset (s)) ||
+       ( (0 != strncasecmp (s,
+                            "http://",
+                            strlen ("http://"))) &&
+         (0 != strncasecmp (s,
+                            "https://",
+                            strlen ("https://"))) ) )
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_LOGIN_URL",
+                               "not a valid URL");
+    GNUNET_free (s);
+    return GNUNET_SYSERR;
+  }
+  TEH_kyc_config.details.oauth2.login_url = s;
 
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h
index ffbce0e9b..deb5b3e02 100644
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@@ -93,8 +93,14 @@ struct TEH_KycOptions
 
       /**
        * URL of the OAuth2.0 endpoint for KYC checks.
+       * (token/auth)
        */
-      char *url;
+      char *auth_url;
+
+      /**
+       * URL of the OAuth2.0 endpoint for KYC checks.
+       */
+      char *login_url;
 
       /**
        * URL of the user info access endpoint.
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c
index 62ecbaab9..8bc2ac196 100644
--- a/src/exchange/taler-exchange-httpd_kyc-check.c
+++ b/src/exchange/taler-exchange-httpd_kyc-check.c
@@ -395,8 +395,8 @@ TEH_handler_kyc_check (
     redirect_uri_encoded = TALER_urlencode (redirect_uri);
     GNUNET_free (redirect_uri);
     GNUNET_asprintf (&url,
-                     "%s/login?client_id=%s&redirect_uri=%s",
-                     TEH_kyc_config.details.oauth2.url,
+                     "%s?client_id=%s&redirect_uri=%s",
+                     TEH_kyc_config.details.oauth2.login_url,
                      TEH_kyc_config.details.oauth2.client_id,
                      redirect_uri_encoded);
     GNUNET_free (redirect_uri_encoded);
diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.c b/src/exchange/taler-exchange-httpd_kyc-proof.c
index f561a95a8..75ff81e96 100644
--- a/src/exchange/taler-exchange-httpd_kyc-proof.c
+++ b/src/exchange/taler-exchange-httpd_kyc-proof.c
@@ -579,8 +579,8 @@ TEH_handler_kyc_proof (
                                            "curl_easy_init");
       }
       GNUNET_asprintf (&kpc->token_url,
-                       "%stoken",
-                       TEH_kyc_config.details.oauth2.url);
+                       "%s",
+                       TEH_kyc_config.details.oauth2.auth_url);
       GNUNET_assert (CURLE_OK ==
                      curl_easy_setopt (eh,
                                        CURLOPT_URL,
@@ -603,8 +603,8 @@ TEH_handler_kyc_proof (
           char *request_uri;
 
           GNUNET_asprintf (&request_uri,
-                           "%slogin?client_id=%s",
-                           TEH_kyc_config.details.oauth2.url,
+                           "%s?client_id=%s",
+                           TEH_kyc_config.details.oauth2.login_url,
                            TEH_kyc_config.details.oauth2.client_id);
           redirect_uri = curl_easy_escape (eh,
                                            request_uri,
diff --git a/src/testing/test_exchange_api.c b/src/testing/test_exchange_api.c
index 4f1e2a611..da4974f28 100644
--- a/src/testing/test_exchange_api.c
+++ b/src/testing/test_exchange_api.c
@@ -432,7 +432,7 @@ run (void *cls,
     /* Try resolving a deposit's WTID, as we never triggered
      * execution of transactions, the answer should be that
      * the exchange knows about the deposit, but has no WTID yet.
-     *///
+     */
     TALER_TESTING_cmd_track_transaction ("deposit-wtid-found",
                                          "deposit-simple",
                                          0,
@@ -458,7 +458,7 @@ run (void *cls,
      * happen here, as each deposit operation is run with a
      * fresh merchant public key, so the aggregator will treat
      * them as "different" merchants and do the wire transfers
-     * individually. *///
+     * individually. */
     CMD_EXEC_AGGREGATOR ("run-aggregator"),
     /**
      * Check all the transfers took place.
diff --git a/src/testing/test_kyc_api.conf b/src/testing/test_kyc_api.conf
index 2dce408b4..539c59ec1 100644
--- a/src/testing/test_kyc_api.conf
+++ b/src/testing/test_kyc_api.conf
@@ -56,7 +56,8 @@ KYC_WITHDRAW_LIMIT = EUR:8
 
 [exchange-kyc-oauth2]
 
-KYC_OAUTH2_URL = http://localhost:6666/oauth/v2/login
+KYC_OAUTH2_AUTH_URL = http://localhost:6666/oauth/v2/token
+KYC_OAUTH2_LOGIN_URL = http://localhost:6666/oauth/v2/login
 KYC_INFO_URL = http://localhost:6666/api/user/me
 KYC_OAUTH2_CLIENT_ID = taler-exchange
 KYC_OAUTH2_CLIENT_SECRET = exchange-secret
-- 
cgit v1.2.3