[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: clean up status codes, remove o
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: clean up status codes, remove old endpoint from API docs |
|
Date: |
Tue, 12 Apr 2022 21:19:16 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 8abd2bc clean up status codes, remove old endpoint from API docs
8abd2bc is described below
commit 8abd2bc77ab3adfcc95f9cca24e43acc81dc8e19
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Apr 12 21:19:13 2022 +0200
clean up status codes, remove old endpoint from API docs
---
doc/sphinx/rest.rst | 149 ---------------------
.../anastasis_authorization_plugin_email.c | 2 +-
.../anastasis_authorization_plugin_iban.c | 2 +-
.../anastasis_authorization_plugin_post.c | 4 +-
.../anastasis_authorization_plugin_sms.c | 2 +-
.../anastasis_authorization_plugin_totp.c | 4 +-
src/backend/anastasis-httpd_truth-challenge.c | 2 +-
src/restclient/anastasis_api_keyshare_lookup.c | 12 +-
8 files changed, 14 insertions(+), 163 deletions(-)
diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst
index 4a5aad5..835ac6f 100644
--- a/doc/sphinx/rest.rst
+++ b/doc/sphinx/rest.rst
@@ -468,155 +468,6 @@ charge per truth operation using GNU Taler.
}
-.. http:get:: /truth/$UUID
-
- OLD API:
-
- Get the stored encrypted key share.
- Also, the user has to provide the correct *truth_encryption_key* with every
get request (see below).
- The encrypted key share is returned simply as a byte array and not in JSON
format.
-
- :query response=H_RESPONSE: *Optional.* If ``$H_RESPONSE`` is specified by
the client,
- the server checks if ``$H_RESPONSE`` matches the expected response. This
can be the
- hash of the security question (as specified before by the client
- within the `TruthUploadRequest`_ (see ``encrypted_truth``)), or the hash
of the
- PIN code sent via SMS, E-mail or postal communication channels.
- When ``$H_RESPONSE`` is correct, the server responds with the encrypted
key share.
- :query timeout_ms=NUMBER: *Optional.* If specified, the Anastasis server
will
- wait up to ``timeout_ms`` milliseconds for completion of the payment or the
- challenge before sending the HTTP response. A client must never rely on
this
- behavior, as the backend may return a response immediately.
-
- **Response**:
-
- :http:statuscode:`200 OK`:
- `EncryptedKeyShare`_ is returned in body (in binary).
- :http:statuscode:`202 Accepted`:
- The escrow provider will respond out-of-band (i.e. SMS).
- The body may contain human- or machine-readable instructions on next steps.
- In case the response is in JSON, the format is given
- by `ChallengeInstructionMessage`_.
- :http:statuscode:`208 Already Reported`:
- An authentication challenge was recently send, client should
- simply respond to the pending challenge.
- :http:statuscode:`303 See other`:
- The provider redirects for authentication (i.e. video
identification/WebRTC).
- If the client is not a browser, it should launch a browser at the URL
- given in the ``Location`` header and allow the user to re-try the operation
- after successful authorization.
- :http:statuscode:`402 Payment required`:
- The service requires payment for access to truth.
- See the Taler payment protocol specification for how to pay.
- The response body MAY provide alternative means for payment.
- :http:statuscode:`403 Forbidden`:
- The server requires a valid "response" to the challenge associated with
the UUID.
- :http:statuscode:`404 Not found`:
- The server does not know any truth under the given UUID.
- :http:statuscode:`408 Request Timeout`:
- Accessing this truth requires satisfying an external authentication
challenge
- (and not merely passing a response in the request) and this has not
happened
- before the timeout was reached.
- :http:statuscode:`410 Gone`:
- The server has not (recently) issued a challenge under the given UUID,
- but a reply was provided. (This does not apply for secure question.)
- :http:statuscode:`417 Expectation Failed`:
- The decrypted ``truth`` does not match the expectations of the
authentication
- backend, i.e. a phone number for sending an SMS is not a number, or
- an e-mail address for sending an E-mail is not a valid e-mail address.
- :http:statuscode:`429 Too Many Requests`:
- The client exceeded the number of allowed attempts at providing
- a valid response for the given time interval.
- The response format is given by `RateLimitedMessage`_.
- :http:statuscode:`503 Service Unavailable`:
- Server is out of Service.
-
- *Anastasis-Truth-Decryption-Key*: Key used to encrypt the **truth** (see
encrypted_truth within `TruthUploadRequest`_) and which has to provided by the
user. The key is stored with
- the according `EscrowMethod`_. The server needs this key to get the info out
of `TruthUploadRequest`_ needed to verify the ``$RESPONSE``.
-
- **Details:**
-
- .. _EncryptedKeyShare:
- .. ts:def:: EncryptedKeyShare
-
- interface EncryptedKeyShare {
- // Nonce used to compute the decryption (iv,key) pair.
- nonce_i: [32]; //bytearray
-
- // Authentication tag.
- aes_gcm_tag_i: [16]; //bytearray
-
- // Encrypted key-share in base32 encoding.
- // After decryption, this yields a `KeyShare`. Note that
- // the `KeyShare` MUST be encoded as a fixed-size binary
- // block (instead of in JSON encoding).
- //
- // HKDF for the key generation must include the
- // string "eks" as salt.
- // Depending on the method,
- // the HKDF may additionally include
- // bits from the response (i.e. some hash over the
- // answer to the security question).
- encrypted_key_share_i: [32]; //bytearray
-
- }
-
-
- interface KeyShare {
- // Key material to derive the key to decrypt the master key.
- key_share: [32]; //bytearray
- }
-
-
- .. _ChallengeInstructionMessage:
- .. ts:def:: ChallengeInstructionMessage
-
- type ChallengeInstructionMessage =
- | IbanChallengeInstructionMessage;
-
- interface IbanChallengeInstructionMessage {
-
- // What kind of challenge is this?
- method: "iban";
-
- // How much should be wired?
- amount: Amount;
-
- // What is the target IBAN?
- credit_iban: string;
-
- // What is the receiver name?
- business_name: string;
-
- // What is the expected wire transfer subject?
- wire_transfer_subject: number;
-
- // Hint about the origin account that must be used.
- debit_account_hint: string;
-
- }
-
-
- .. _RateLimitedMessage:
- .. ts:def:: RateLimitedMessage
-
- interface RateLimitedMessage {
-
- // Taler error code, TALER_EC_ANASTASIS_TRUTH_RATE_LIMITED.
- code: number;
-
- // How many attempts are allowed per challenge?
- request_limit: number;
-
- // At what frequency are new challenges issued?
- request_frequency: RelativeTime;
-
- // The error message.
- hint: string;
-
- }
-
-
-
.. http:post:: /truth/$UUID/solve
diff --git a/src/authorization/anastasis_authorization_plugin_email.c
b/src/authorization/anastasis_authorization_plugin_email.c
index 1f27922..62b50b8 100644
--- a/src/authorization/anastasis_authorization_plugin_email.c
+++ b/src/authorization/anastasis_authorization_plugin_email.c
@@ -220,7 +220,7 @@ email_validate (void *cls,
{
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_EMAIL_INVALID,
NULL))
return GNUNET_SYSERR;
diff --git a/src/authorization/anastasis_authorization_plugin_iban.c
b/src/authorization/anastasis_authorization_plugin_iban.c
index 8aebbce..3887ecd 100644
--- a/src/authorization/anastasis_authorization_plugin_iban.c
+++ b/src/authorization/anastasis_authorization_plugin_iban.c
@@ -209,7 +209,7 @@ iban_validate (void *cls,
GNUNET_free (iban_number);
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_IBAN_INVALID,
emsg))
{
diff --git a/src/authorization/anastasis_authorization_plugin_post.c
b/src/authorization/anastasis_authorization_plugin_post.c
index a8810ff..1de2eee 100644
--- a/src/authorization/anastasis_authorization_plugin_post.c
+++ b/src/authorization/anastasis_authorization_plugin_post.c
@@ -232,7 +232,7 @@ post_validate (void *cls,
{
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_POST_INVALID,
"JSON malformed"))
return GNUNET_SYSERR;
@@ -248,7 +248,7 @@ post_validate (void *cls,
json_decref (j);
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFICT,
TALER_EC_ANASTASIS_POST_INVALID,
"JSON lacked required address
information"))
return GNUNET_SYSERR;
diff --git a/src/authorization/anastasis_authorization_plugin_sms.c
b/src/authorization/anastasis_authorization_plugin_sms.c
index 797c576..47439eb 100644
--- a/src/authorization/anastasis_authorization_plugin_sms.c
+++ b/src/authorization/anastasis_authorization_plugin_sms.c
@@ -219,7 +219,7 @@ sms_validate (void *cls,
{
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_SMS_PHONE_INVALID,
NULL))
return GNUNET_SYSERR;
diff --git a/src/authorization/anastasis_authorization_plugin_totp.c
b/src/authorization/anastasis_authorization_plugin_totp.c
index 77a5909..e1c104a 100644
--- a/src/authorization/anastasis_authorization_plugin_totp.c
+++ b/src/authorization/anastasis_authorization_plugin_totp.c
@@ -103,7 +103,7 @@ totp_validate (void *cls,
GNUNET_break_op (0);
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_TOTP_KEY_MISSING,
NULL))
return GNUNET_SYSERR;
@@ -114,7 +114,7 @@ totp_validate (void *cls,
GNUNET_break_op (0);
if (MHD_NO ==
TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_TOTP_KEY_INVALID,
NULL))
return GNUNET_SYSERR;
diff --git a/src/backend/anastasis-httpd_truth-challenge.c
b/src/backend/anastasis-httpd_truth-challenge.c
index 98ae524..9d2429d 100644
--- a/src/backend/anastasis-httpd_truth-challenge.c
+++ b/src/backend/anastasis-httpd_truth-challenge.c
@@ -1220,7 +1220,7 @@ AH_handler_truth_challenge (
{
GNUNET_free (truth_mime);
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_EXPECTATION_FAILED,
+ MHD_HTTP_CONFLICT,
TALER_EC_ANASTASIS_TRUTH_DECRYPTION_FAILED,
NULL);
}
diff --git a/src/restclient/anastasis_api_keyshare_lookup.c
b/src/restclient/anastasis_api_keyshare_lookup.c
index f3cbb27..4840a7e 100644
--- a/src/restclient/anastasis_api_keyshare_lookup.c
+++ b/src/restclient/anastasis_api_keyshare_lookup.c
@@ -244,17 +244,17 @@ handle_keyshare_lookup_finished (void *cls,
/* Nothing really to verify */
kdd.status = ANASTASIS_KSD_AUTHENTICATION_TIMEOUT;
break;
- case MHD_HTTP_GONE:
- /* Nothing really to verify */
- kdd.status = ANASTASIS_KSD_TRUTH_UNKNOWN;
- break;
- case MHD_HTTP_EXPECTATION_FAILED:
+ case MHD_HTTP_CONFLICT:
/* Nothing really to verify */
kdd.status = ANASTASIS_KSD_CLIENT_FAILURE;
- kdd.details.server_failure.http_status = MHD_HTTP_EXPECTATION_FAILED;
+ kdd.details.server_failure.http_status = MHD_HTTP_CONFLICT;
kdd.details.server_failure.ec = TALER_JSON_get_error_code2 (data,
data_size);
break;
+ case MHD_HTTP_GONE:
+ /* Nothing really to verify */
+ kdd.status = ANASTASIS_KSD_TRUTH_UNKNOWN;
+ break;
case MHD_HTTP_TOO_MANY_REQUESTS:
kdd.status = ANASTASIS_KSD_RATE_LIMIT_EXCEEDED;
{
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: clean up status codes, remove old endpoint from API docs,
gnunet <=