From f7dc35e59e1dca795d51d22e85479eab025644a7 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 17 May 2023 00:28:41 +0200 Subject: implement logic to conditionally trigger AML review based on KYC attributes --- doc/Makefile.am | 1 + doc/prebuilt | 2 +- src/exchange/Makefile.am | 3 + .../taler-exchange-httpd_aml-decision-get.c | 3 - src/exchange/taler-exchange-httpd_common_kyc.c | 44 +++-------- .../taler-exchange-httpd_reserves_attest.c | 3 - .../taler-exchange-httpd_reserves_get_attest.c | 3 - src/exchange/taler-exchange-kyc-aml-pep-trigger.sh | 7 ++ src/exchangedb/0002-reserves.sql | 8 +- src/exchangedb/0004-kyc_attributes.sql | 44 +++++++++++ src/exchangedb/Makefile.am | 1 - src/exchangedb/exchange-0004.sql.in | 3 +- .../exchange_do_insert_kyc_attributes.sql | 92 ++++++++++++++++++++++ src/exchangedb/pg_insert_kyc_attributes.c | 69 +++++++++++----- src/exchangedb/pg_insert_kyc_attributes.h | 21 +++-- src/exchangedb/pg_insert_records_by_table.c | 7 +- src/exchangedb/pg_lookup_records_by_table.c | 6 -- src/exchangedb/pg_select_kyc_attributes.c | 7 -- src/exchangedb/pg_select_similar_kyc_attributes.c | 7 -- src/exchangedb/pg_update_kyc_attributes.c | 68 ---------------- src/exchangedb/pg_update_kyc_attributes.h | 57 -------------- src/exchangedb/plugin_exchangedb_postgres.c | 3 - src/exchangedb/procedures.sql.in | 1 + src/include/taler_exchangedb_plugin.h | 52 ++++-------- 24 files changed, 249 insertions(+), 263 deletions(-) create mode 100755 src/exchange/taler-exchange-kyc-aml-pep-trigger.sh create mode 100644 src/exchangedb/0004-kyc_attributes.sql create mode 100644 src/exchangedb/exchange_do_insert_kyc_attributes.sql delete mode 100644 src/exchangedb/pg_update_kyc_attributes.c delete mode 100644 src/exchangedb/pg_update_kyc_attributes.h diff --git a/doc/Makefile.am b/doc/Makefile.am index 0b8cd63dc..6475ea415 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -24,6 +24,7 @@ man_MANS = \ prebuilt/man/taler-exchange-drain.1 \ prebuilt/man/taler-exchange-expire.1 \ prebuilt/man/taler-exchange-httpd.1 \ + prebuilt/man/taler-exchange-kyc-aml-pep-trigger.1 \ prebuilt/man/taler-exchange-kyc-tester.1 \ prebuilt/man/taler-exchange-offline.1 \ prebuilt/man/taler-exchange-router.1\ diff --git a/doc/prebuilt b/doc/prebuilt index 8452f991d..5b8e06dc0 160000 --- a/doc/prebuilt +++ b/doc/prebuilt @@ -1 +1 @@ -Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff +Subproject commit 5b8e06dc0a9d17b5b2646fdb1286a3b797ed019e diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am index c04bca0f2..ba74a10f5 100644 --- a/src/exchange/Makefile.am +++ b/src/exchange/Makefile.am @@ -15,6 +15,8 @@ pkgcfg_DATA = \ exchange.conf # Programs +bin_SCRIPTS = \ + taler-exchange-kyc-aml-pep-trigger.sh bin_PROGRAMS = \ taler-exchange-aggregator \ @@ -228,4 +230,5 @@ EXTRA_DIST = \ test_taler_exchange_httpd.get \ test_taler_exchange_httpd.post \ exchange.conf \ + $(bin_SCRIPTS) \ $(check_SCRIPTS) diff --git a/src/exchange/taler-exchange-httpd_aml-decision-get.c b/src/exchange/taler-exchange-httpd_aml-decision-get.c index 6b36fe27f..b4f337db1 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision-get.c +++ b/src/exchange/taler-exchange-httpd_aml-decision-get.c @@ -43,8 +43,6 @@ * @param[in,out] cls closure with a `json_t *` array to update * @param h_payto account for which the attribute data is stored * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes @@ -55,7 +53,6 @@ kyc_attribute_cb ( void *cls, const struct TALER_PaytoHashP *h_payto, const char *provider_section, - const char *birthdate, struct GNUNET_TIME_Timestamp collection_time, struct GNUNET_TIME_Timestamp expiration_time, size_t enc_attributes_size, diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c b/src/exchange/taler-exchange-httpd_common_kyc.c index 62e6fe526..6d879b7ac 100644 --- a/src/exchange/taler-exchange-httpd_common_kyc.c +++ b/src/exchange/taler-exchange-httpd_common_kyc.c @@ -114,6 +114,7 @@ kyc_aml_finished (void *cls, size_t eas; void *ea; const char *birthdate; + unsigned int birthday; struct GNUNET_ShortHashCode kyc_prox; struct GNUNET_AsyncScopeSave old_scope; @@ -124,21 +125,27 @@ kyc_aml_finished (void *cls, &kyc_prox); birthdate = json_string_value (json_object_get (kat->attributes, TALER_ATTRIBUTE_BIRTHDATE)); + birthday = 0; (void) birthdate; // FIXME-Oec: calculate birthday here... + // Convert 'birthdate' to time after 1970, then compute days. + // Then compare against max age-restriction, and if before, set to 0. TALER_CRYPTO_kyc_attributes_encrypt (&TEH_attribute_key, kat->attributes, &ea, &eas); - // FIXME: begin transaction (or move everything into one stored procedure?) qs = TEH_plugin->insert_kyc_attributes ( TEH_plugin->cls, + kat->process_row, &kat->account_id, &kyc_prox, kat->provider_section, - birthdate, + birthday, GNUNET_TIME_timestamp_get (), - GNUNET_TIME_absolute_to_timestamp (kat->expiration), + kat->provider_user_id, + kat->provider_legitimization_id, + kat->expiration, eas, - ea); + ea, + 0 != code); GNUNET_free (ea); if (GNUNET_DB_STATUS_HARD_ERROR == qs) { @@ -147,36 +154,9 @@ kyc_aml_finished (void *cls, MHD_destroy_response (kat->response); kat->http_status = MHD_HTTP_INTERNAL_SERVER_ERROR; kat->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED, - "insert_kyc_attributes"); - goto finish; + "do_insert_kyc_attributes"); } - qs = TEH_plugin->update_kyc_process_by_row (TEH_plugin->cls, - kat->process_row, - kat->provider_section, - &kat->account_id, - kat->provider_user_id, - kat->provider_legitimization_id, - kat->expiration); - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - { - GNUNET_break (0); - if (NULL != kat->response) - MHD_destroy_response (kat->response); - kat->http_status = MHD_HTTP_INTERNAL_SERVER_ERROR; - kat->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED, - "update_kyc_process_by_row"); - goto finish; - } - // FIXME: do DB work, possibly updating kat! - if (0 != code) - { - // FIXME: trigger AML! - GNUNET_break (0); // FIXME: not implemented - } - // FIXME: end transaction - /* Finally, return result to main handler */ -finish: kat->cb (kat->cb_cls, kat->http_status, kat->response); diff --git a/src/exchange/taler-exchange-httpd_reserves_attest.c b/src/exchange/taler-exchange-httpd_reserves_attest.c index 297d8ceec..d0f3614e6 100644 --- a/src/exchange/taler-exchange-httpd_reserves_attest.c +++ b/src/exchange/taler-exchange-httpd_reserves_attest.c @@ -158,8 +158,6 @@ reply_reserve_attest_success (struct MHD_Connection *connection, * @param cls our `struct ReserveAttestContext *` * @param h_payto account for which the attribute data is stored * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes @@ -169,7 +167,6 @@ static void kyc_process_cb (void *cls, const struct TALER_PaytoHashP *h_payto, const char *provider_section, - const char *birthdate, struct GNUNET_TIME_Timestamp collection_time, struct GNUNET_TIME_Timestamp expiration_time, size_t enc_attributes_size, diff --git a/src/exchange/taler-exchange-httpd_reserves_get_attest.c b/src/exchange/taler-exchange-httpd_reserves_get_attest.c index b53a8641a..ae983682a 100644 --- a/src/exchange/taler-exchange-httpd_reserves_get_attest.c +++ b/src/exchange/taler-exchange-httpd_reserves_get_attest.c @@ -64,8 +64,6 @@ struct ReserveAttestContext * @param cls our `struct ReserveAttestContext *` * @param h_payto account for which the attribute data is stored * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes @@ -75,7 +73,6 @@ static void kyc_process_cb (void *cls, const struct TALER_PaytoHashP *h_payto, const char *provider_section, - const char *birthdate, struct GNUNET_TIME_Timestamp collection_time, struct GNUNET_TIME_Timestamp expiration_time, size_t enc_attributes_size, diff --git a/src/exchange/taler-exchange-kyc-aml-pep-trigger.sh b/src/exchange/taler-exchange-kyc-aml-pep-trigger.sh new file mode 100755 index 000000000..9baa32baf --- /dev/null +++ b/src/exchange/taler-exchange-kyc-aml-pep-trigger.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# This file is in the public domain. +# This is an example of how to trigger AML if the +# KYC attributes include '{"pep":true}' +# +# To be used as a script for the KYC_AML_TRIGGER. +test "false" = $(jq .pep -) diff --git a/src/exchangedb/0002-reserves.sql b/src/exchangedb/0002-reserves.sql index 03d17aee2..df5b6c3db 100644 --- a/src/exchangedb/0002-reserves.sql +++ b/src/exchangedb/0002-reserves.sql @@ -31,7 +31,7 @@ BEGIN ',current_balance_frac INT4 NOT NULL DEFAULT(0)' ',purses_active INT8 NOT NULL DEFAULT(0)' ',purses_allowed INT8 NOT NULL DEFAULT(0)' - ',max_age INT4 NOT NULL DEFAULT(120)' + ',max_age INT4 NOT NULL DEFAULT(0)' ',expiration_date INT8 NOT NULL' ',gc_date INT8 NOT NULL' ') %s ;' @@ -80,6 +80,12 @@ BEGIN ,table_name ,partition_suffix ); + PERFORM comment_partitioned_column( + 'Birthday of the user in days after 1970, or 0 if user is an adult and is not subject to age restrictions' + ,'max_age' + ,table_name + ,partition_suffix + ); END $$; diff --git a/src/exchangedb/0004-kyc_attributes.sql b/src/exchangedb/0004-kyc_attributes.sql new file mode 100644 index 000000000..c13f47d9a --- /dev/null +++ b/src/exchangedb/0004-kyc_attributes.sql @@ -0,0 +1,44 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2023 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see +-- + +CREATE OR REPLACE FUNCTION master_table_kyc_attributes_V2() +RETURNS VOID +LANGUAGE plpgsql +AS $$ +DECLARE + table_name VARCHAR DEFAULT 'kyc_attributes'; +BEGIN + EXECUTE FORMAT ( + 'ALTER TABLE ' || table_name || + ' DROP COLUMN birthdate;' + ); +END $$; + +COMMENT ON FUNCTION master_table_kyc_attributes_V2 + IS 'Removes birthdate colum from the kyc_attributes table'; + +INSERT INTO exchange_tables + (name + ,version + ,action + ,partitioned + ,by_range) + VALUES + ('kyc_attributes_V2' + ,'exchange-0004' + ,'master' + ,TRUE + ,FALSE); diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am index ee78b87f7..4df9cb406 100644 --- a/src/exchangedb/Makefile.am +++ b/src/exchangedb/Makefile.am @@ -144,7 +144,6 @@ libtaler_plugin_exchangedb_postgres_la_SOURCES = \ pg_aggregate.h pg_aggregate.c \ pg_create_aggregation_transient.h pg_create_aggregation_transient.c \ pg_insert_kyc_attributes.h pg_insert_kyc_attributes.c \ - pg_update_kyc_attributes.h pg_update_kyc_attributes.c \ pg_select_similar_kyc_attributes.h pg_select_similar_kyc_attributes.c \ pg_select_kyc_attributes.h pg_select_kyc_attributes.c \ pg_insert_aml_officer.h pg_insert_aml_officer.c \ diff --git a/src/exchangedb/exchange-0004.sql.in b/src/exchangedb/exchange-0004.sql.in index 00979e193..02bdf017a 100644 --- a/src/exchangedb/exchange-0004.sql.in +++ b/src/exchangedb/exchange-0004.sql.in @@ -1,6 +1,6 @@ -- -- This file is part of TALER --- Copyright (C) 2014--2023 Taler Systems SA +-- Copyright (C) 2023 Taler Systems SA -- -- TALER is free software; you can redistribute it and/or modify it under the -- terms of the GNU General Public License as published by the Free Software @@ -19,6 +19,7 @@ BEGIN; SELECT _v.register_patch('exchange-0004', NULL, NULL); SET search_path TO exchange; +#include "0004-kyc_attributes.sql" #include "0004-wire_accounts.sql" COMMIT; diff --git a/src/exchangedb/exchange_do_insert_kyc_attributes.sql b/src/exchangedb/exchange_do_insert_kyc_attributes.sql new file mode 100644 index 000000000..f1959a66e --- /dev/null +++ b/src/exchangedb/exchange_do_insert_kyc_attributes.sql @@ -0,0 +1,92 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2023 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see +-- + +CREATE OR REPLACE FUNCTION exchange_do_insert_kyc_attributes( + IN in_process_row INT8, + IN in_h_payto BYTEA, + IN in_kyc_prox BYTEA, + IN in_provider_section VARCHAR, + IN in_birthday INT4, + IN in_provider_account_id VARCHAR, + IN in_provider_legitimization_id VARCHAR, + IN in_collection_time_ts INT8, + IN in_expiration_time INT8, + IN in_expiration_time_ts INT8, + IN in_enc_attributes BYTEA, + IN in_require_aml BOOLEAN, + IN in_kyc_completed_notify_s VARCHAR, + OUT out_ok BOOLEAN) +LANGUAGE plpgsql +AS $$ +BEGIN + +INSERT INTO exchange.kyc_attributes + (h_payto + ,kyc_prox + ,provider + ,collection_time + ,expiration_time + ,encrypted_attributes + ) VALUES + (in_h_payto + ,in_kyc_prox + ,in_provider_section + ,in_collection_time_ts + ,in_expiration_time_ts + ,in_enc_attributes); + +-- FIXME-Oec: modify to 'return' the reserve_pub here +-- (requires of course to modify other code to store +-- the reserve pub in the right table in the first place) +UPDATE exchange.legitimization_processes + SET provider_user_id=in_provider_account_id + ,provider_legitimization_id=in_provider_legitimization_id + ,expiration_time=GREATEST(expiration_time,in_expiration_time) + WHERE h_payto=in_h_payto + AND legitimization_process_serial_id=in_process_row + AND provider_section=in_provider_section; +out_ok = FOUND; + +-- FIXME-Oec: update exchange reserve table to store in_birthday here! +-- UPDATE exchange.reserves SET max_age=in_birthday WHERE reserve_pub=X; + +IF in_require_aml +THEN + INSERT INTO exchange.aml_status + (h_payto + ,status) + VALUES + (in_h_payto + ,1) + ON CONFLICT (h_payto) DO + UPDATE SET status=EXCLUDED.status | 1; +END IF; + +-- Wake up everyone who might care... +PERFORM pg_notify (in_kyc_completed_notify_s, NULL); + +INSERT INTO kyc_alerts + (h_payto + ,trigger_type) + VALUES + (in_h_payto,1); + + +END $$; + + +COMMENT ON FUNCTION exchange_do_insert_kyc_attributes(INT8, BYTEA, BYTEA, VARCHAR, INT4, VARCHAR, VARCHAR, INT8, INT8, INT8, BYTEA, BOOL, VARCHAR) + IS 'Inserts new KYC attributes and updates the status of the legitimization process and the AML status for the account'; diff --git a/src/exchangedb/pg_insert_kyc_attributes.c b/src/exchangedb/pg_insert_kyc_attributes.c index fd90950fd..361f491e8 100644 --- a/src/exchangedb/pg_insert_kyc_attributes.c +++ b/src/exchangedb/pg_insert_kyc_attributes.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2022 Taler Systems SA + Copyright (C) 2022, 2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -29,43 +29,72 @@ enum GNUNET_DB_QueryStatus TEH_PG_insert_kyc_attributes ( void *cls, + uint64_t process_row, const struct TALER_PaytoHashP *h_payto, const struct GNUNET_ShortHashCode *kyc_prox, const char *provider_section, - const char *birthdate, + uint32_t birthday, struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, + const char *provider_account_id, + const char *provider_legitimization_id, + struct GNUNET_TIME_Absolute expiration_time, size_t enc_attributes_size, - const void *enc_attributes) + const void *enc_attributes, + bool require_aml) { struct PostgresClosure *pg = cls; + struct GNUNET_TIME_Timestamp expiration + = GNUNET_TIME_absolute_to_timestamp (expiration_time); + struct TALER_KycCompletedEventP rep = { + .header.size = htons (sizeof (rep)), + .header.type = htons (TALER_DBEVENT_EXCHANGE_KYC_COMPLETED), + .h_payto = *h_payto + }; + char *kyc_completed_notify_s + = GNUNET_PG_get_event_notify_channel (&rep.header); struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_uint64 (&process_row), GNUNET_PQ_query_param_auto_from_type (h_payto), GNUNET_PQ_query_param_auto_from_type (kyc_prox), GNUNET_PQ_query_param_string (provider_section), - (NULL == birthdate) + GNUNET_PQ_query_param_uint32 (&birthday), + (NULL == provider_account_id) + ? GNUNET_PQ_query_param_null () + : GNUNET_PQ_query_param_string (provider_account_id), + (NULL == provider_legitimization_id) ? GNUNET_PQ_query_param_null () - : GNUNET_PQ_query_param_string (birthdate), + : GNUNET_PQ_query_param_string (provider_legitimization_id), GNUNET_PQ_query_param_timestamp (&collection_time), - GNUNET_PQ_query_param_timestamp (&expiration_time), + GNUNET_PQ_query_param_absolute_time (&expiration_time), + GNUNET_PQ_query_param_timestamp (&expiration), GNUNET_PQ_query_param_fixed_size (enc_attributes, enc_attributes_size), + GNUNET_PQ_query_param_bool (require_aml), + GNUNET_PQ_query_param_string (kyc_completed_notify_s), GNUNET_PQ_query_param_end }; + bool ok; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("out_ok", + &ok), + GNUNET_PQ_result_spec_end + }; + enum GNUNET_DB_QueryStatus qs; PREPARE (pg, "insert_kyc_attributes", - "INSERT INTO kyc_attributes " - "(h_payto" - ",kyc_prox" - ",provider" - ",birthdate" - ",collection_time" - ",expiration_time" - ",encrypted_attributes" - ") VALUES " - "($1, $2, $3, $4, $5, $6, $7);"); - return GNUNET_PQ_eval_prepared_non_select (pg->conn, - "insert_kyc_attributes", - params); + "SELECT " + " out_ok" + " FROM exchange_do_insert_kyc_attributes " + "($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13);"); + qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "insert_kyc_attributes", + params, + rs); + GNUNET_free (kyc_completed_notify_s); + if (qs < 0) + return qs; + if (! ok) + return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; + return qs; } diff --git a/src/exchangedb/pg_insert_kyc_attributes.h b/src/exchangedb/pg_insert_kyc_attributes.h index 8ee307d7d..c1aad0eb5 100644 --- a/src/exchangedb/pg_insert_kyc_attributes.h +++ b/src/exchangedb/pg_insert_kyc_attributes.h @@ -27,30 +27,39 @@ /** - * Store KYC attribute data. + * Store KYC attribute data, update KYC process status and + * AML status for the given account. * * @param cls closure + * @param process_row KYC process row to update * @param h_payto account for which the attribute data is stored * @param kyc_prox key for similarity search * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown + * @param provider_account_id provider account ID + * @param provider_legitimization_id provider legitimization ID + * @param birthday birthdate of user, in days after 1990, or 0 if unknown or definitively adult * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes * @param enc_attributes encrypted attribute data + * @param require_aml true to trigger AML * @return database transaction status */ enum GNUNET_DB_QueryStatus TEH_PG_insert_kyc_attributes ( void *cls, + uint64_t process_row, const struct TALER_PaytoHashP *h_payto, const struct GNUNET_ShortHashCode *kyc_prox, const char *provider_section, - const char *birthdate, + uint32_t birthday, struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, + const char *provider_account_id, + const char *provider_legitimization_id, + struct GNUNET_TIME_Absolute expiration_time, size_t enc_attributes_size, - const void *enc_attributes); + const void *enc_attributes, + bool require_aml); + #endif diff --git a/src/exchangedb/pg_insert_records_by_table.c b/src/exchangedb/pg_insert_records_by_table.c index e16a4b74f..9baaf3b1a 100644 --- a/src/exchangedb/pg_insert_records_by_table.c +++ b/src/exchangedb/pg_insert_records_by_table.c @@ -1995,10 +1995,6 @@ irbt_cb_table_kyc_attributes (struct PostgresClosure *pg, &td->details.kyc_attributes.kyc_prox), GNUNET_PQ_query_param_string ( td->details.kyc_attributes.provider), - (NULL == td->details.kyc_attributes.birthdate) - ? GNUNET_PQ_query_param_null () - : GNUNET_PQ_query_param_string ( - td->details.kyc_attributes.birthdate), GNUNET_PQ_query_param_timestamp ( &td->details.kyc_attributes.collection_time), GNUNET_PQ_query_param_timestamp ( @@ -2016,12 +2012,11 @@ irbt_cb_table_kyc_attributes (struct PostgresClosure *pg, ",h_payto" ",kyc_prox" ",provider" - ",birthdate" ",collection_time" ",expiration_time" ",encrypted_attributes" ") VALUES " - "($1, $2, $3, $4, $5, $6, $7, $8);"); + "($1, $2, $3, $4, $5, $6, $7);"); return GNUNET_PQ_eval_prepared_non_select (pg->conn, "insert_into_table_kyc_attributes", params); diff --git a/src/exchangedb/pg_lookup_records_by_table.c b/src/exchangedb/pg_lookup_records_by_table.c index 534e9a1d2..3fcad58c0 100644 --- a/src/exchangedb/pg_lookup_records_by_table.c +++ b/src/exchangedb/pg_lookup_records_by_table.c @@ -2684,11 +2684,6 @@ lrbt_cb_table_kyc_attributes (void *cls, GNUNET_PQ_result_spec_string ( "provider", &td.details.kyc_attributes.provider), - GNUNET_PQ_result_spec_allow_null ( - GNUNET_PQ_result_spec_string ( - "birthdate", - &td.details.kyc_attributes.birthdate), - NULL), GNUNET_PQ_result_spec_timestamp ( "collection_time", &td.details.kyc_attributes.collection_time), @@ -3577,7 +3572,6 @@ TEH_PG_lookup_records_by_table (void *cls, ",h_payto" ",kyc_prox" ",provider" - ",birthdate" ",collection_time" ",expiration_time" ",encrypted_attributes" diff --git a/src/exchangedb/pg_select_kyc_attributes.c b/src/exchangedb/pg_select_kyc_attributes.c index c9b992da2..99ac43b3e 100644 --- a/src/exchangedb/pg_select_kyc_attributes.c +++ b/src/exchangedb/pg_select_kyc_attributes.c @@ -80,14 +80,9 @@ get_attributes_cb (void *cls, size_t enc_attributes_size; void *enc_attributes; char *provider; - char *birthdate = NULL; struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_string ("provider", &provider), - GNUNET_PQ_result_spec_allow_null ( - GNUNET_PQ_result_spec_string ("birthdate", - &birthdate), - NULL), GNUNET_PQ_result_spec_timestamp ("collection_time", &collection_time), GNUNET_PQ_result_spec_timestamp ("expiration_time", @@ -110,7 +105,6 @@ get_attributes_cb (void *cls, ctx->cb (ctx->cb_cls, ctx->h_payto, provider, - birthdate, collection_time, expiration_time, enc_attributes_size, @@ -145,7 +139,6 @@ TEH_PG_select_kyc_attributes ( "select_kyc_attributes", "SELECT " " provider" - ",birthdate" ",collection_time" ",expiration_time" ",encrypted_attributes" diff --git a/src/exchangedb/pg_select_similar_kyc_attributes.c b/src/exchangedb/pg_select_similar_kyc_attributes.c index a07f2a147..342f9ef33 100644 --- a/src/exchangedb/pg_select_similar_kyc_attributes.c +++ b/src/exchangedb/pg_select_similar_kyc_attributes.c @@ -76,16 +76,11 @@ get_attributes_cb (void *cls, size_t enc_attributes_size; void *enc_attributes; char *provider; - char *birthdate = NULL; struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_auto_from_type ("h_payto", &h_payto), GNUNET_PQ_result_spec_string ("provider", &provider), - GNUNET_PQ_result_spec_allow_null ( - GNUNET_PQ_result_spec_string ("birthdate", - &birthdate), - NULL), GNUNET_PQ_result_spec_timestamp ("collection_time", &collection_time), GNUNET_PQ_result_spec_timestamp ("expiration_time", @@ -108,7 +103,6 @@ get_attributes_cb (void *cls, ctx->cb (ctx->cb_cls, &h_payto, provider, - birthdate, collection_time, expiration_time, enc_attributes_size, @@ -143,7 +137,6 @@ TEH_PG_select_similar_kyc_attributes ( "SELECT " " h_payto" ",provider" - ",birthdate" ",collection_time" ",expiration_time" ",encrypted_attributes" diff --git a/src/exchangedb/pg_update_kyc_attributes.c b/src/exchangedb/pg_update_kyc_attributes.c deleted file mode 100644 index f77eb2bfc..000000000 --- a/src/exchangedb/pg_update_kyc_attributes.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2022 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see - */ -/** - * @file exchangedb/pg_update_kyc_attributes.c - * @brief Implementation of the update_kyc_attributes function for Postgres - * @author Christian Grothoff - */ -#include "platform.h" -#include "taler_error_codes.h" -#include "taler_dbevents.h" -#include "taler_pq_lib.h" -#include "pg_update_kyc_attributes.h" -#include "pg_helper.h" - - -enum GNUNET_DB_QueryStatus -TEH_PG_update_kyc_attributes ( - void *cls, - const struct TALER_PaytoHashP *h_payto, - const struct GNUNET_ShortHashCode *kyc_prox, - const char *provider_section, - const char *birthdate, - struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, - size_t enc_attributes_size, - const void *enc_attributes) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (h_payto), - GNUNET_PQ_query_param_auto_from_type (kyc_prox), - GNUNET_PQ_query_param_string (provider_section), - (NULL == birthdate) - ? GNUNET_PQ_query_param_null () - : GNUNET_PQ_query_param_string (birthdate), - GNUNET_PQ_query_param_timestamp (&collection_time), - GNUNET_PQ_query_param_timestamp (&expiration_time), - GNUNET_PQ_query_param_fixed_size (enc_attributes, - enc_attributes_size), - GNUNET_PQ_query_param_end - }; - - PREPARE (pg, - "update_kyc_attributes", - "UPDATE kyc_attributes SET " - " kyc_prox=$2" - ",birthdate=$4" - ",collection_time=$5" - ",expiration_time=$6" - ",encrypted_attributes=$7" - " WHERE h_payto=$1 AND provider_section=$3;"); - return GNUNET_PQ_eval_prepared_non_select (pg->conn, - "update_kyc_attributes", - params); -} diff --git a/src/exchangedb/pg_update_kyc_attributes.h b/src/exchangedb/pg_update_kyc_attributes.h deleted file mode 100644 index 5d17eb7fa..000000000 --- a/src/exchangedb/pg_update_kyc_attributes.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2022 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see - */ -/** - * @file exchangedb/pg_update_kyc_attributes.h - * @brief implementation of the update_kyc_attributes function for Postgres - * @author Christian Grothoff - */ -#ifndef PG_UPDATE_KYC_ATTRIBUTES_H -#define PG_UPDATE_KYC_ATTRIBUTES_H - -#include "taler_util.h" -#include "taler_json_lib.h" -#include "taler_exchangedb_plugin.h" - - -/** - * Update KYC attribute data. - * - * @param cls closure - * @param h_payto account for which the attribute data is stored - * @param kyc_prox key for similarity search - * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown - * @param collection_time when was the data collected - * @param expiration_time when does the data expire - * @param enc_attributes_size number of bytes in @a enc_attributes - * @param enc_attributes encrypted attribute data - * @return database transaction status - */ -enum GNUNET_DB_QueryStatus -TEH_PG_update_kyc_attributes ( - void *cls, - const struct TALER_PaytoHashP *h_payto, - const struct GNUNET_ShortHashCode *kyc_prox, - const char *provider_section, - const char *birthdate, - struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, - size_t enc_attributes_size, - const void *enc_attributes); - - -#endif diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index b3ebc7547..006484198 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -207,7 +207,6 @@ #include "pg_setup_wire_target.h" #include "pg_compute_shard.h" #include "pg_insert_kyc_attributes.h" -#include "pg_update_kyc_attributes.h" #include "pg_select_similar_kyc_attributes.h" #include "pg_select_kyc_attributes.h" #include "pg_insert_aml_officer.h" @@ -754,8 +753,6 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) = &TEH_PG_set_purse_balance; plugin->insert_kyc_attributes = &TEH_PG_insert_kyc_attributes; - plugin->update_kyc_attributes - = &TEH_PG_update_kyc_attributes; plugin->select_similar_kyc_attributes = &TEH_PG_select_similar_kyc_attributes; plugin->select_kyc_attributes diff --git a/src/exchangedb/procedures.sql.in b/src/exchangedb/procedures.sql.in index 12ec3656f..c9277ea60 100644 --- a/src/exchangedb/procedures.sql.in +++ b/src/exchangedb/procedures.sql.in @@ -39,6 +39,7 @@ SET search_path TO exchange; #include "exchange_do_insert_or_update_policy_details.sql" #include "exchange_do_insert_aml_decision.sql" #include "exchange_do_insert_aml_officer.sql" +#include "exchange_do_insert_kyc_attributes.sql" #include "exchange_do_reserves_in_insert.sql" #include "exchange_do_batch_reserves_update.sql" #include "exchange_do_refund_by_coin.sql" diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 3a6ba6514..92fb36fb2 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -756,7 +756,6 @@ struct TALER_EXCHANGEDB_TableData struct TALER_PaytoHashP h_payto; struct GNUNET_ShortHashCode kyc_prox; char *provider; - char *birthdate; /* NULL allowed! */ struct GNUNET_TIME_Timestamp collection_time; struct GNUNET_TIME_Timestamp expiration_time; void *encrypted_attributes; @@ -2429,8 +2428,6 @@ typedef void * @param cls closure * @param h_payto account for which the attribute data is stored * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes @@ -2441,7 +2438,6 @@ typedef void void *cls, const struct TALER_PaytoHashP *h_payto, const char *provider_section, - const char *birthdate, struct GNUNET_TIME_Timestamp collection_time, struct GNUNET_TIME_Timestamp expiration_time, size_t enc_attributes_size, @@ -6765,59 +6761,39 @@ struct TALER_EXCHANGEDB_Plugin /** - * Store KYC attribute data. + * Store KYC attribute data, update KYC process status and + * AML status for the given account. * * @param cls closure + * @param process_row KYC process row to update * @param h_payto account for which the attribute data is stored * @param kyc_prox key for similarity search * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown + * @param provider_account_id provider account ID + * @param provider_legitimization_id provider legitimization ID + * @param birthday birthdate of user, in days after 1990, or 0 if unknown or definitively adult * @param collection_time when was the data collected * @param expiration_time when does the data expire * @param enc_attributes_size number of bytes in @a enc_attributes * @param enc_attributes encrypted attribute data + * @param require_aml true to trigger AML * @return database transaction status */ enum GNUNET_DB_QueryStatus (*insert_kyc_attributes)( void *cls, + uint64_t process_row, const struct TALER_PaytoHashP *h_payto, const struct GNUNET_ShortHashCode *kyc_prox, const char *provider_section, - const char *birthdate, - struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, - size_t enc_attributes_size, - const void *enc_attributes); - - - /** - * Update KYC attribute data. - * - * @param cls closure - * @param h_payto account for which the attribute data is stored - * @param kyc_prox key for similarity search - * @param provider_section provider that must be checked - * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL; - * digits can be 0 if exact day, month or year are unknown - * @param collection_time when was the data collected - * @param expiration_time when does the data expire - * @param enc_attributes_size number of bytes in @a enc_attributes - * @param enc_attributes encrypted attribute data - * @return database transaction status - */ - enum GNUNET_DB_QueryStatus - (*update_kyc_attributes)( - void *cls, - const struct TALER_PaytoHashP *h_payto, - const struct GNUNET_ShortHashCode *kyc_prox, - const char *provider_section, - const char *birthdate, + uint32_t birthday, struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, + const char *provider_account_id, + const char *provider_legitimization_id, + struct GNUNET_TIME_Absolute expiration_time, size_t enc_attributes_size, - const void *enc_attributes); + const void *enc_attributes, + bool require_aml); /** -- cgit v1.2.3