[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 101/151: add some first KYC commands for testing
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 101/151: add some first KYC commands for testing |
|
Date: |
Tue, 30 Jul 2024 23:37:51 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
commit 191f5e9a543ba581e129783313a4a6e8ed598a07
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Jul 19 14:16:49 2024 +0200
add some first KYC commands for testing
---
src/kyclogic/Makefile.am | 2 +
...exchange-helper-converter-oauth2-test-full_name | 49 +++++++++
src/kyclogic/taler-exchange-helper-measure-freeze | 109 +++++++++++++++++++++
.../taler-exchange-helper-measure-test-oauth | 78 +++++++++++++++
src/testing/test_exchange_api.conf | 27 ++---
5 files changed, 254 insertions(+), 11 deletions(-)
diff --git a/src/kyclogic/Makefile.am b/src/kyclogic/Makefile.am
index 9fe1be78e..bf258b278 100644
--- a/src/kyclogic/Makefile.am
+++ b/src/kyclogic/Makefile.am
@@ -15,6 +15,8 @@ pkgcfg_DATA = \
kyclogic-persona.conf
bin_SCRIPTS = \
+ taler-exchange-helper-converter-oauth2-test-full_name \
+ taler-exchange-helper-measure-test-oauth \
taler-exchange-kyc-kycaid-converter.sh \
taler-exchange-kyc-persona-converter.sh \
taler-exchange-kyc-oauth2-test-converter.sh \
diff --git a/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
new file mode 100755
index 000000000..5e9fe31ed
--- /dev/null
+++ b/src/kyclogic/taler-exchange-helper-converter-oauth2-test-full_name
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# This file is part of TALER
+# Copyright (C) 2014-2024 Taler Systems SA
+#
+# TALER is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+#
+# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# TALER; see the file COPYING. If not, If not, see
<http://www.gnu.org/license>
+#
+
+# This is a converter that takes the output of an
+# OAuth2 service which is expected to yield a full_name
+# and a birthdate.
+#
+# The converter doesn't actually do anything, it
+# just restricts the output to exactly these values.
+
+
+# Hard error reporting on.
+set -eu
+
+if [ "${1:-no}" = "--list-outputs" ]
+then
+ # This converter produces a full name and birthdate.
+ echo "full_name"
+ echo "birthdate"
+ exit 0
+fi
+
+# First, check everything we expect is in stdin.
+J=$(jq -r 'def get($k):
+ if has($k)
+ then .[$k]
+ else error("attribute missing")
+ end;
+ {"full_name":get("full_name"),
+ "birthdate":get("birthdate")}')
+
+# Return the restricted values.
+echo "$J"
+
+exit 0
diff --git a/src/kyclogic/taler-exchange-helper-measure-freeze
b/src/kyclogic/taler-exchange-helper-measure-freeze
new file mode 100755
index 000000000..8f6cb84c9
--- /dev/null
+++ b/src/kyclogic/taler-exchange-helper-measure-freeze
@@ -0,0 +1,109 @@
+#!/bin/bash
+#
+# This file is part of TALER
+# Copyright (C) 2014-2024 Taler Systems SA
+#
+# TALER is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+#
+# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# TALER; see the file COPYING. If not, If not, see
<http://www.gnu.org/license>
+#
+
+# Hard error reporting on.
+set -eu
+
+# This is a KYC measure program that freezes
+# the account and flags it for manual investigation.
+# This is the ultimate fallback measure.
+
+if [ "${1:-no}" = "--required-context" ]
+then
+ # No context is required.
+ exit 0
+fi
+
+if [ "${1:-no}" = "--required-attributes" ]
+then
+ # No required attributes.
+ exit 0
+fi
+
+# See
https://docs.taler.net/taler-exchange-manual.html#tsref-type-AmlProgramInput
+# for the full JSON with possible inputs.
+
+# New rules apply for 30 days.
+EXPIRATION=$((3600 * 30 + $(date +%s)))
+
+# Finally, output the new rules.
+# See https://docs.taler.net/taler-exchange-manual.html#tsref-type-AmlOutcome
+# for the required output format.
+
+jq -n \
+ --arg expiration "$EXPIRATION" \
+ '{ "to_investigate": true,
+ "new_rules" : {
+ "expiration_time" : { "t_s": $expiration },
+ "rules" : [
+ {
+ "operation_type": "WITHDRAW",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ },
+ {
+ "operation_type": "DEPOSIT",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ },
+ {
+ "operation_type": "MERGE",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ },
+ {
+ "operation_type": "BALANCE",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ },
+ {
+ "operation_type": "CLOSE",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ },
+ {
+ "operation_type": "AGE-WITHDRAW",
+ "threshold" : "EUR:0",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : false,
+ "is_and_combinator" : true
+ }
+ ]
+ }
+ }' < /dev/null
diff --git a/src/kyclogic/taler-exchange-helper-measure-test-oauth
b/src/kyclogic/taler-exchange-helper-measure-test-oauth
new file mode 100755
index 000000000..e127ae52c
--- /dev/null
+++ b/src/kyclogic/taler-exchange-helper-measure-test-oauth
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# This file is part of TALER
+# Copyright (C) 2014-2024 Taler Systems SA
+#
+# TALER is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+#
+# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR
+# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# TALER; see the file COPYING. If not, If not, see
<http://www.gnu.org/license>
+#
+
+# Hard error reporting on.
+set -eu
+
+# This is a KYC measure program that checks the output
+# of an OAuth2 authentication, and if it passed,
+# increases the reserve CLOSE limit to EUR:1000.
+# (and doesn't impose any other limits)
+
+if [ "${1:-no}" = "--required-context" ]
+then
+ # No context is required.
+ exit 0
+fi
+
+if [ "${1:-no}" = "--required-attributes" ]
+then
+ # This AML program expects as inputs a full_name
+ # and a birthdate.
+ echo "full_name"
+ echo "birthdate"
+ exit 0
+fi
+
+# First, check everything we expect is in stdin.
+J=$(jq -r 'def get($k):
+ if has($k)
+ then .[$k]
+ else error("attribute missing")
+ end;
+ {"full_name":get("attributes.full_name"),
+ "birthdate":get("attributes.birthdate")}')
+
+# Here we could use those values...
+echo "$J" >> /dev/null
+
+# See
https://docs.taler.net/taler-exchange-manual.html#tsref-type-AmlProgramInput
+# for the full JSON with possible inputs.
+
+# New rules apply for 30 days.
+EXPIRATION=$((3600 * 30 + $(date +%s)))
+
+# Finally, output the new rules.
+# See https://docs.taler.net/taler-exchange-manual.html#tsref-type-AmlOutcome
+# for the required output format.
+
+jq -n \
+ --arg expiration "$EXPIRATION" \
+ '{ "to_investigate": false,
+ "new_rules" : {
+ "expiration_time" : { "t_s": $expiration },
+ "rules" : [ {
+ "operation_type": "CLOSE",
+ "threshold" : "EUR:1000",
+ "timeframe" : { "d_us" : 3600000000 },
+ "measures" : [ "verboten" ],
+ "display_priority" : 1,
+ "exposed" : true,
+ "is_and_combinator" : true
+ } ]
+ }
+ }' < /dev/null
diff --git a/src/testing/test_exchange_api.conf
b/src/testing/test_exchange_api.conf
index 7f308b56f..d41a70b1b 100644
--- a/src/testing/test_exchange_api.conf
+++ b/src/testing/test_exchange_api.conf
@@ -98,8 +98,8 @@ WIRE_GATEWAY_URL =
"http://localhost:8082/accounts/2/taler-wire-gateway/";
[kyc-provider-test-oauth2]
LOGIC = oauth2
-USER_TYPE = INDIVIDUAL
-PROVIDED_CHECKS = DUMMY
+CONVERTER = taler-exchange-helper-converter-oauth2-address
+# PROVIDED_CHECKS = DUMMY
KYC_OAUTH2_VALIDITY = forever
KYC_OAUTH2_TOKEN_URL = http://localhost:6666/oauth/v2/token
KYC_OAUTH2_AUTHORIZE_URL = http://localhost:6666/oauth/v2/login
@@ -108,7 +108,6 @@ KYC_OAUTH2_CLIENT_ID = taler-exchange
KYC_OAUTH2_CLIENT_SECRET = exchange-secret
KYC_OAUTH2_POST_URL = http://example.com/
KYC_OAUTH2_CONVERTER_HELPER = taler-exchange-kyc-oauth2-test-converter.sh
-CONVERTER = cat
[kyc-check-oauth-test-id]
VOLUNTARY = NO
@@ -119,7 +118,7 @@ DESCRIPTION_I18N = {}
# No context requirements
REQUIRES =
# Measure to execute if check failed.
-FALLBACK = manual
+FALLBACK = manual-freeze
# This check runs on oauth2
PROVIDER_ID = test-oauth2
@@ -133,31 +132,37 @@ DESCRIPTION = "Your account is frozen pending
investigation"
DESCRIPTION_I18N = {}
# No context requirements
REQUIRES =
-FALLBACK = manual
+# Measure to execute if check failed. Well,
+# this check cannot really fail, but we stay
+# where we are: frozen.
+FALLBACK = manual-freeze
[aml-program-oauth-output-check]
-DESCRIPTION = Validates the output from OAauth2
-COMMAND = cat
+DESCRIPTION = "Validates the output from OAauth2 and then permits the reserve
closing to proceed"
+# Command that runs on the output of the OAuth provider
+# to decide what rules should apply next.
+COMMAND = taler-exchange-helper-measure-test-oauth
# What measure to take if the COMMAND failed.
-FALLBACK = manual
+FALLBACK = manual-freeze
[kyc-measure-run-oauth]
# Get client ID via the OAuth test provider
CHECK_NAME = oauth-test-id
# AML program to run on the output of the OAuth provider
-# to decide what to do next.
-PROGRAM = taler-exchange-helper-measure-test-oauth-output
+# to decide what rules should apply next.
+PROGRAM = oauth-output-check
# Context to provide for check and program; empty.
CONTEXT = {}
# This is a base-measure that is being triggered
# whenever something goes wrong. We freeze the
# account and ask AML staff to investigate.
-[kyc-measure-manual]
+[kyc-measure-manual-freeze]
CHECK_NAME = info-frozen
# AML program that freezes the account and flags
# it for investigation.
PROGRAM = taler-exchange-helper-measure-freeze
+# Context to provide for check and program; empty.
CONTEXT = {}
# This rule requests that the users passes KYC
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 75/151: implement kyc-info client endpoint, (continued)
- [taler-exchange] 75/151: implement kyc-info client endpoint, gnunet, 2024/07/30
- [taler-exchange] 73/151: init kyc-info subsystem, gnunet, 2024/07/30
- [taler-exchange] 32/151: work on taler-exchange-kyc-tester, gnunet, 2024/07/30
- [taler-exchange] 29/151: get aml-decisions-get to build, gnunet, 2024/07/30
- [taler-exchange] 45/151: add KYC auth signature check, gnunet, 2024/07/30
- [taler-exchange] 104/151: new test command for KYC wire transfers, gnunet, 2024/07/30
- [taler-exchange] 72/151: first draft for kyc-upload, gnunet, 2024/07/30
- [taler-exchange] 21/151: work on DD23, gnunet, 2024/07/30
- [taler-exchange] 76/151: start on kyc_start API, gnunet, 2024/07/30
- [taler-exchange] 74/151: enable kyc-info endpoint, gnunet, 2024/07/30
- [taler-exchange] 101/151: add some first KYC commands for testing,
gnunet <=
- [taler-exchange] 30/151: force exchange-httpd to compile, gnunet, 2024/07/30
- [taler-exchange] 23/151: -fix DB ftbfs, gnunet, 2024/07/30
- [taler-exchange] 34/151: store provider_name, instead of provider_section, gnunet, 2024/07/30
- [taler-exchange] 111/151: -fix bugs, gnunet, 2024/07/30
- [taler-exchange] 51/151: fix DB init for v5, gnunet, 2024/07/30
- [taler-exchange] 93/151: return KYCAUTH transfers from fakebank account history API, gnunet, 2024/07/30
- [taler-exchange] 70/151: more work on KYC upload, gnunet, 2024/07/30
- [taler-exchange] 65/151: finish AML measures, gnunet, 2024/07/30
- [taler-exchange] 91/151: implement kycauth_in_insert, gnunet, 2024/07/30
- [taler-exchange] 97/151: fix leak, expand logging, gnunet, 2024/07/30