gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-exchange] branch master updated: add logic to check that merchant


From: gnunet
Subject: [taler-exchange] branch master updated: add logic to check that merchant_pub matches on deposit if KYC AUTH is in use/required
Date: Mon, 02 Sep 2024 16:37:11 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new b4c28743d add logic to check that merchant_pub matches on deposit if 
KYC AUTH is in use/required
b4c28743d is described below

commit b4c28743d751f00b8d0c5f5e3b1fd2cba2d4426e
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Sep 2 16:37:07 2024 +0200

    add logic to check that merchant_pub matches on deposit if KYC AUTH is in 
use/required
---
 src/exchange/taler-exchange-httpd_common_kyc.c     | 36 +++++++++++++++-------
 src/exchange/taler-exchange-httpd_spa.c            |  4 +++
 .../exchange_do_trigger_kyc_rule_for_account.sql   |  4 +--
 src/exchangedb/pg_get_kyc_rules.c                  | 23 ++++++++------
 4 files changed, 45 insertions(+), 22 deletions(-)

diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c 
b/src/exchange/taler-exchange-httpd_common_kyc.c
index 45e217523..5a4be4594 100644
--- a/src/exchange/taler-exchange-httpd_common_kyc.c
+++ b/src/exchange/taler-exchange-httpd_common_kyc.c
@@ -1580,11 +1580,16 @@ amount_iterator_wrapper_cb (
 {
   struct TEH_LegitimizationCheckHandle *lch = cls;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "KYC: Checking amounts until %s\n",
+              GNUNET_TIME_absolute2s (limit));
   if (lch->bad_kyc_auth)
   {
     /* We *do* have applicable KYC rules *and* the
        target_pub does not match the merchant_pub,
        so we indeed have a problem! */
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "KYC: Mismatch between merchant_pub and target_pub is 
relevant!\n");
     lch->lcr.bad_kyc_auth = true;
   }
   return lch->ai (lch->ai_cls,
@@ -1628,7 +1633,6 @@ legitimization_check_run (
   {
     json_t *jrules;
 
-
     qs = TEH_plugin->get_kyc_rules (TEH_plugin->cls,
                                     &lch->h_payto,
                                     &lch->lcr.kyc.account_pub,
@@ -1644,16 +1648,25 @@ legitimization_check_run (
       GNUNET_async_scope_restore (&old_scope);
       return;
     case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
-      if (lch->have_merchant_pub)
-      {
-        // FIXME: not quite correct: the absence of custom *jrules* does NOT
-        // imply that we had no target_pub!
-        lch->lcr.bad_kyc_auth = true;
-      }
-      break;
     case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
-      lch->lcr.kyc.have_account_pub
-        = ! GNUNET_is_zero (&lch->lcr.kyc.account_pub);
+      break;
+    }
+    lch->lcr.kyc.have_account_pub
+      = ! GNUNET_is_zero (&lch->lcr.kyc.account_pub);
+    if ( (NULL == jrules) &&
+         (lch->have_merchant_pub) &&
+         (0 != GNUNET_memcmp (&lch->merchant_pub,
+                              &lch->lcr.kyc.account_pub.merchant_pub)) )
+    {
+      /* We do not have custom rules, defer enforcing merchant_pub
+         match until we actually have deposit constraints */
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                  "KYC: merchant_pub given but no target_pub known!\n");
+      lch->bad_kyc_auth = true;
+    }
+    if (NULL != jrules)
+    {
+      /* We have custom KYC rules */
       if ( (lch->have_merchant_pub) &&
            (0 != GNUNET_memcmp (&lch->merchant_pub,
                                 &lch->lcr.kyc.account_pub.merchant_pub)) )
@@ -1661,6 +1674,8 @@ legitimization_check_run (
         /* We have custom rules, but the target_pub for
            those custom rules does not match the
            merchant_pub. Fail the KYC process! */
+        GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                    "KYC: merchant_pub does not match target_pub of custom 
rules!\n");
         fail_kyc_auth (lch);
         return;
       }
@@ -1668,7 +1683,6 @@ legitimization_check_run (
       GNUNET_break (NULL != lrs);
       /* Fall back to default rules on parse error! */
       json_decref (jrules);
-      break;
     }
   }
 
diff --git a/src/exchange/taler-exchange-httpd_spa.c 
b/src/exchange/taler-exchange-httpd_spa.c
index 4794b2d35..6a4defb22 100644
--- a/src/exchange/taler-exchange-httpd_spa.c
+++ b/src/exchange/taler-exchange-httpd_spa.c
@@ -103,6 +103,10 @@ TEH_spa_init ()
 }
 
 
+/* Suppresses warning */
+void __attribute__ ((destructor))
+get_spa_fini (void);
+
 /**
  * Nicely shut down.
  */
diff --git a/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql 
b/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
index c1fc169fe..d63e1d2b8 100644
--- a/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
+++ b/src/exchangedb/exchange_do_trigger_kyc_rule_for_account.sql
@@ -38,7 +38,7 @@ BEGIN
 
 SELECT
    access_token
-  ,account_pub
+  ,target_pub
 INTO
   my_rec
 FROM wire_targets
@@ -48,7 +48,7 @@ IF FOUND
 THEN
   -- Extract details, determine if KYC auth matches.
   my_access_token = my_rec.access_token;
-  my_account_pub = my_rec.account_pub;
+  my_account_pub = my_rec.target_pub;
   IF in_merchant_pub IS NULL
   THEN
     out_bad_kyc_auth = FALSE;
diff --git a/src/exchangedb/pg_get_kyc_rules.c 
b/src/exchangedb/pg_get_kyc_rules.c
index 67bebe9e7..7b5aa4865 100644
--- a/src/exchangedb/pg_get_kyc_rules.c
+++ b/src/exchangedb/pg_get_kyc_rules.c
@@ -42,13 +42,18 @@ TEH_PG_get_kyc_rules (
     GNUNET_PQ_query_param_end
   };
   struct GNUNET_PQ_ResultSpec rs[] = {
-    GNUNET_PQ_result_spec_auto_from_type ("target_pub",
-                                          account_pub),
-    TALER_PQ_result_spec_json ("jnew_rules",
-                               jrules),
+    GNUNET_PQ_result_spec_allow_null (
+      GNUNET_PQ_result_spec_auto_from_type ("target_pub",
+                                            account_pub),
+      NULL),
+    GNUNET_PQ_result_spec_allow_null (
+      TALER_PQ_result_spec_json ("jnew_rules",
+                                 jrules),
+      NULL),
     GNUNET_PQ_result_spec_end
   };
 
+  *jrules = NULL;
   memset (account_pub,
           0,
           sizeof (*account_pub));
@@ -57,12 +62,12 @@ TEH_PG_get_kyc_rules (
            "SELECT"
            "  wt.target_pub"
            " ,lo.jnew_rules"
-           "  FROM legitimization_outcomes lo"
-           "  JOIN wire_targets wt"
+           "  FROM wire_targets wt"
+           "  LEFT JOIN legitimization_outcomes lo"
            "    ON (lo.h_payto = wt.wire_target_h_payto)"
-           " WHERE h_payto=$1"
-           "   AND expiration_time >= $2"
-           "   AND is_active;");
+           " WHERE wt.wire_target_h_payto=$1"
+           "   AND lo.expiration_time >= $2"
+           "   AND lo.is_active;");
   return GNUNET_PQ_eval_prepared_singleton_select (
     pg->conn,
     "get_kyc_rules",

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]