[taler-anastasis] branch master updated: revise recovery logic to possib

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: revise recovery logic to possib

From:	gnunet
Subject:	[taler-anastasis] branch master updated: revise recovery logic to possibly work with payment and redirect challenges'
Date:	Wed, 10 Feb 2021 18:31:26 +0100
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new 0db1569  revise recovery logic to possibly work with payment and 
redirect challenges'
0db1569 is described below

commit 0db1569525350095bfb2c4d9e3492d712d469294
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Feb 10 18:31:23 2021 +0100

    revise recovery logic to possibly work with payment and redirect challenges'
---
 src/include/anastasis.h         |  66 +++++++++++------
 src/include/anastasis_service.h |   1 +
 src/lib/anastasis_recovery.c    | 160 ++++++++++++++++++++++++++--------------
 3 files changed, 149 insertions(+), 78 deletions(-)

diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index 93a6921..19470c8 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -68,12 +68,6 @@ struct ANASTASIS_ChallengeInformation
    */
   const char *instructions;
 
-  /**
-   * Defines the url or mail address used for the challenge. Can be NULL.
-   * // FIXME: is this really available? Where does this come from? is it an 
URL!?
-   */
-  // const char *url;
-
   /**
    * true if challenged was already solved, else false.
    */
@@ -110,6 +104,13 @@ enum ANASTASIS_ChallengeStatus
    */
   ANASTASIS_CHALLENGE_STATUS_INSTRUCTIONS,
 
+  /**
+   * A redirection URL needed to solve the challenge is provided.  Also
+   * used if the answer we provided was wrong (or if no answer was
+   * provided, but one is needed).
+   */
+  ANASTASIS_CHALLENGE_STATUS_REDIRECT_FOR_AUTHENTICATION,
+
   /**
    * Payment is required before the challenge can be answered.
    */
@@ -120,6 +121,11 @@ enum ANASTASIS_ChallengeStatus
    */
   ANASTASIS_CHALLENGE_STATUS_SERVER_FAILURE,
 
+  /**
+   * The server does not know this truth.
+   */
+  ANASTASIS_CHALLENGE_STATUS_TRUTH_UNKNOWN
+
 };
 
 
@@ -138,13 +144,38 @@ struct ANASTASIS_ChallengeStartResponse
    */
   const struct ANASTASIS_Challenge *challenge;
 
+  /**
+   * Details depending on @e cs
+   */
   union
   {
+
     /**
-     * Response with server-side instructions for the user, if
+     * Challenge details provided if
      * @e cs is #ANASTASIS_CHALLENGE_STATUS_INSTRUCTIONS.
      */
-    const char *instructions;
+    struct
+    {
+
+      /**
+       * HTTP status returned by the server.  #MHD_HTTP_ALREADY_REPORTED
+       * if the server did already send the challenge to the user,
+       * #MHD_HTTP_FORBIDDEN if the answer was wrong (or missing).
+       */
+      unsigned int http_status;
+
+      /**
+       * Response with server-side instructions for the user.
+       */
+      const char *instructions;
+    } open_challenge;
+
+
+    /**
+     * Response with URL to redirect the user to, if
+     * @e cs is #ANASTASIS_CHALLENGE_STATUS_REDIRECT_FOR_AUTHENTICATION.
+     */
+    const char *redirect_url;
 
     /**
      * Response with instructions for how to pay, if
@@ -154,14 +185,14 @@ struct ANASTASIS_ChallengeStartResponse
     {
 
       /**
-       * "taler://pay" URL with details how to pay for the challenge.
+       * "taler://pay" URI with details how to pay for the challenge.
        */
-      const char *taler_pay_url;
+      const char *taler_pay_uri;
 
       /**
-       * Anastasis backend base URL requesting the payment.
+       * Payment secret from @e taler_pay_uri.
        */
-      const char *server_url;
+      struct ANASTASIS_PaymentSecretP payment_secret;
 
     } payment_required;
 
@@ -173,11 +204,6 @@ struct ANASTASIS_ChallengeStartResponse
     struct
     {
 
-      /**
-       * Error message (or NULL).
-       */
-      const char *message;
-
       /**
        * HTTP status returned by the server.
        */
@@ -296,15 +322,13 @@ struct ANASTASIS_DecryptionPolicy
 
   /**
    * Encrypted masterkey (encrypted with the policy key).
-   * FIXME: why exposed to the client?
    */
-  // struct ANASTASIS_CRYPTO_EncryptedMasterKeyP emk;
+  struct ANASTASIS_CRYPTO_EncryptedMasterKeyP emk;
 
   /**
    * Salt used to decrypt master key.
-   * FIXME: why exposed to the client?
    */
-  // struct ANASTASIS_CRYPTO_SaltP salt;
+  struct ANASTASIS_CRYPTO_SaltP salt;
 };
 
 
diff --git a/src/include/anastasis_service.h b/src/include/anastasis_service.h
index 173eb1f..f2fca0d 100644
--- a/src/include/anastasis_service.h
+++ b/src/include/anastasis_service.h
@@ -438,6 +438,7 @@ struct ANASTASIS_KeyShareDownloadDetails
     struct
     {
 
+
       /**
        * HTTP status returned by the server.  #MHD_HTTP_ALREADY_REPORTED
        * if the server did already send the challenge to the user,
diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c
index 7699a05..60087f2 100644
--- a/src/lib/anastasis_recovery.c
+++ b/src/lib/anastasis_recovery.c
@@ -142,6 +142,22 @@ struct ANASTASIS_Challenge
    */
   void *af_cls;
 
+  /**
+   * Defines the base URL of the Anastasis provider used for the challenge.
+   */
+  char *url;
+
+  /**
+   * Which method is this challenge (E-Mail, Security Question, SMS...)
+   */
+  char *method;
+
+  /**
+   * Instructions for solving the challenge (generic, set client-side
+   * when challenge was established).
+   */
+  char *instructions;
+
   /**
    * Reference to the recovery process which is ongoing
    */
@@ -163,17 +179,6 @@ struct ANASTASIS_Challenge
    */
   struct ANASTASIS_KeyShareLookupOperation *cro;
 
-  /**
-   * Callback which gives back the instructions and a status code of
-   * the request to the user when solving a challenge is initiated.
-   */
-  ANASTASIS_ChallengeStartCallback csc;
-
-  /**
-   * Closure for the Challenge Start
-   */
-  void *csc_cls;
-
 };
 
 
@@ -186,7 +191,6 @@ struct ANASTASIS_Challenge
  */
 static void
 keyshare_lookup_cb (void *cls,
-                    unsigned int http_status,
                     const struct ANASTASIS_KeyShareDownloadDetails *dd)
 {
   struct ANASTASIS_Challenge *c = cls;
@@ -195,61 +199,98 @@ keyshare_lookup_cb (void *cls,
   struct ANASTASIS_DecryptionPolicy *rdps;
 
   c->kslo = NULL;
-  switch (http_status)
+  switch (dd->status)
   {
-  case MHD_HTTP_OK:
-    c->ci.solved = true;
-    c->af (c->af_cls,
-           http_status,
-           TALER_EC_NONE);
+  case ANASTASIS_KSD_SUCCESS:
+    {
+      struct ANASTASIS_ChallengeStartResponse csr = {
+        .cs = ANASTASIS_CHALLENGE_STATUS_SOLVED,
+        .challenge = c
+      };
+
+      c->ci.solved = true;
+      c->af (c->af_cls,
+             &csr);
+    }
     break;
-  case MHD_HTTP_PAYMENT_REQUIRED:
+  case ANASTASIS_KSD_PAYMENT_REQUIRED:
     {
       struct ANASTASIS_ChallengeStartResponse csr = {
         .cs = ANASTASIS_CHALLENGE_STATUS_PAYMENT_REQUIRED,
-        .details.payment_required.server_url = c->ci.url,
-        .details.payment_required.taler_pay_url = response_string
+        .challenge = c,
+        .details.payment_required.taler_pay_uri
+          = dd->details.payment_required.taler_pay_uri,
+        .details.payment_required.payment_secret
+          = dd->details.payment_required.payment_secret
       };
 
-      c->csc (c->csc_cls,
-              &csr);
-      break;
+      c->af (c->af_cls,
+             &csr);
+      return;
     }
-  case MHD_HTTP_OK:
+  case ANASTASIS_KSD_INVALID_ANSWER:
     {
       struct ANASTASIS_ChallengeStartResponse csr = {
         .cs = ANASTASIS_CHALLENGE_STATUS_INSTRUCTIONS,
-        .details.instructions = response_string
+        .challenge = c,
+        .details.open_challenge.instructions
+          = dd->details.open_challenge.instructions,
+        .details.open_challenge.http_status
+          = dd->details.open_challenge.http_status
       };
 
-      c->csc (c->csc_cls,
-              &csr);
-      break;
+      c->af (c->af_cls,
+             &csr);
+      return;
+    }
+  case ANASTASIS_KSD_REDIRECT_FOR_AUTHENTICATION:
+    {
+      struct ANASTASIS_ChallengeStartResponse csr = {
+        .cs = ANASTASIS_CHALLENGE_STATUS_REDIRECT_FOR_AUTHENTICATION,
+        .challenge = c,
+        .details.redirect_url
+          = dd->details.redirect_url
+      };
+
+      c->af (c->af_cls,
+             &csr);
+      return;
     }
+  case ANASTASIS_KSD_TRUTH_UNKNOWN:
+    {
+      struct ANASTASIS_ChallengeStartResponse csr = {
+        .cs = ANASTASIS_CHALLENGE_STATUS_TRUTH_UNKNOWN,
+        .challenge = c
+      };
+
+      c->af (c->af_cls,
+             &csr);
+      return;
+    }
+  case ANASTASIS_KSD_SERVER_ERROR:
+  case ANASTASIS_KSD_CLIENT_FAILURE:
   default:
     {
       struct ANASTASIS_ChallengeStartResponse csr = {
         .cs = ANASTASIS_CHALLENGE_STATUS_SERVER_FAILURE,
-        .details.server_failure.message = response_string,
-        .details.server_failure.http_status = http_status
+        .challenge = c,
+        .details.server_failure.ec
+          = dd->details.server_failure.ec,
+        .details.server_failure.http_status
+          = dd->details.server_failure.http_status
       };
 
-      c->csc (c->csc_cls,
-              &csr);
-      break;
+      c->af (c->af_cls,
+             &csr);
+      return;
     }
-  default:
-    c->af (c->af_cls,
-           http_status,
-           -1 /* FIXME: use proper status! */);
-    return;
   }
 
   GNUNET_assert (NULL != dd);
   ANASTASIS_CRYPTO_user_identifier_derive (recovery->id_data,
                                            &c->truth_salt,
                                            &id);
-  ANASTASIS_CRYPTO_keyshare_decrypt (dd->encrypted_key_share,
+  ANASTASIS_CRYPTO_keyshare_decrypt (&dd->details.eks,
                                      &id,
                                      &c->key_share);
   c->recovery->solved_challenges[c->recovery->solved_challenge_pos++] = *c;
@@ -341,10 +382,15 @@ ANASTASIS_challenge_start (struct ANASTASIS_Challenge *c,
     GNUNET_break (0);
     return GNUNET_NO; /* already solved */
   }
+  if (NULL != c->kslo)
+  {
+    GNUNET_break (0);
+    return GNUNET_NO; /* already solving */
+  }
   c->af = af;
   c->af_cls = af_cls;
   c->kslo = ANASTASIS_keyshare_lookup (c->recovery->ctx,
-                                       c->ci.url,
+                                       c->url,
                                        &c->uuid,
                                        &c->truth_key,
                                        psp,
@@ -394,11 +440,11 @@ ANASTASIS_challenge_answer2 (struct ANASTASIS_Challenge 
*c,
                    sizeof (answer_s),
                    "%llu",
                    (unsigned long long) answer);
-  return ANASTASIS_challenge_answer2 (c,
-                                      psp,
-                                      answer_s,
-                                      af,
-                                      af_cls);
+  return ANASTASIS_challenge_answer (c,
+                                     psp,
+                                     answer_s,
+                                     af,
+                                     af_cls);
 }
 
 
@@ -410,15 +456,15 @@ ANASTASIS_challenge_answer2 (struct ANASTASIS_Challenge 
*c,
 void
 ANASTASIS_challenge_abort (struct ANASTASIS_Challenge *c)
 {
-  if (NULL == c->cro)
+  if (NULL == c->kslo)
   {
     GNUNET_break (0);
     return;
   }
   ANASTASIS_keyshare_lookup_cancel (c->kslo);
   c->kslo = NULL;
-  c->csc = NULL;
-  c->csc_cls = NULL;
+  c->af = NULL;
+  c->af_cls = NULL;
 }
 
 
@@ -623,9 +669,11 @@ policy_lookup_cb (void *cls,
       ANASTASIS_recovery_abort (r);
       return;
     }
-    cs->ci.url = GNUNET_strdup (url);
-    cs->ci.method = GNUNET_strdup (escrow_method);
-    cs->ci.instructions = GNUNET_strdup (instructions);
+    cs->url = GNUNET_strdup (url);
+    cs->method = GNUNET_strdup (escrow_method);
+    cs->ci.method = cs->method;
+    cs->instructions = GNUNET_strdup (instructions);
+    cs->ci.instructions = cs->instructions;
   }
   json_decref (esc_methods);
 
@@ -751,8 +799,6 @@ ANASTASIS_recovery_begin (struct GNUNET_CURL_Context *ctx,
 }
 
 
-]
-
 void
 ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r)
 {
@@ -767,9 +813,9 @@ ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r)
   {
     struct ANASTASIS_Challenge *cs = r->ri.cs[i];
 
-    GNUNET_free (cs->ci.url);
-    GNUNET_free (cs->ci.method);
-    GNUNET_free (cs->ci.instructions);
+    GNUNET_free (cs->url);
+    GNUNET_free (cs->method);
+    GNUNET_free (cs->instructions);
     GNUNET_free (cs);
   }
   GNUNET_free (r->ri.cs);

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread]
Current Thread
[Next in Thread]
[taler-anastasis] branch master updated: revise recovery logic to possibly work with payment and redirect challenges', gnunet <=
Prev by Date: [taler-anastasis] branch master updated: enable payment for truth upload, misc fixes
Next by Date: [taler-www] 01/03: Translated using Weblate (Portuguese)
Previous by thread: [taler-anastasis] branch master updated: enable payment for truth upload, misc fixes
Next by thread: [taler-www] branch master updated (0944258 -> 9ca9f8e)
Index(es):
- Date
- Thread