View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010044 | Taler | exchange | public | 2025-05-28 14:37 | 2025-06-04 22:52 |
| Reporter | Florian Dold | Assigned To | Christian Grothoff | ||
| Priority | high | Severity | feature | Reproducibility | always |
| Status | resolved | Resolution | reopened | ||
| Target Version | 1.0 stretch goals | Fixed in Version | 1.0 stretch goals | ||
| Summary | 0010044: exchange should honor Account-Owner-Pub signature when checking Account-Owner-Signature | ||||
| Description | The wallets now send the additional Account-Owner-Pub header. Instead of just verifying the signature with the target_pub (from the latest KYC auth transfer) and the latest reserve pub, the exchange should check if the Account-Owner-Pub matches any of the past reserve pubs. The header should be treated as optional for backwards compatibility. | ||||
| Tags | No tags attached. | ||||
|
|
Which endpoint is this? GET /kyc-check/? Did you update the spec? |
|
|
Spec expanded in 2358790a..d74c7cc0 |
|
|
Fix committed to master branch. |
|
|
I believe a14ef50b7..ed93a77ce should address this, but didn't test -> feedback. |
|
|
commit cca3196ed9c61d3e3d92dcd18bea7a97d4526948 (HEAD -> master, origin/master, origin/HEAD) Author: Florian Dold <florian@dold.me> Date: Tue Jun 3 20:29:55 2025 +0200 harness: add test for exchange kyc auth Issue: https://bugs.taler.net/n/10044 |
|
|
According to my tests, only the last known reserve_pub for a given payto URI is accepted by the exchange as Account-Owner-Pub. Corresponding test: $ taler-harness run-integrationtests exchange-kyc-auth The test does quite a few /kyc-check requests, with and without Account-Owner-Pub. One request fails (we get 403 instead of 202), despite the client specifying an "Account-Owner-Pub" that has an incoming wire transfer. I've checked that the corresponding wire transfer is in reserves_in, so wirewatch ingested those transactions. |
|
|
ae9b97a43..6c9a0ce92 removes a bad memset() to zero of the account_pub and cleans up the SQL. However, the test still fails, but MUCH later, I think its the test... |
|
|
Eh, looks like the test is simply failing *earlier*, where the test is checking the implicit KYC auth via the last reserve_in (where the client does *not* explicitly specify the Account-Owner-Pub). |
|
exchange: master ed93a77c 2025-05-28 21:49 Details Diff |
fix 0010044 |
Affected Issues 0010044 |
|
| mod - src/exchange/taler-exchange-httpd_kyc-check.c | Diff File | ||
| mod - src/exchangedb/exchange_do_lookup_kyc_requirement_by_row.sql | Diff File | ||
| mod - src/exchangedb/pg_lookup_kyc_requirement_by_row.c | Diff File | ||
| mod - src/exchangedb/pg_lookup_kyc_requirement_by_row.h | Diff File | ||
| mod - src/include/taler_crypto_lib.h | Diff File | ||
| mod - src/include/taler_exchangedb_plugin.h | Diff File | ||
| mod - src/include/taler_mhd_lib.h | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-05-28 14:37 | Florian Dold | New Issue | |
| 2025-05-28 14:37 | Florian Dold | Status | new => assigned |
| 2025-05-28 14:37 | Florian Dold | Assigned To | => Christian Grothoff |
| 2025-05-28 18:46 | Christian Grothoff | Note Added: 0025037 | |
| 2025-05-28 19:55 | Christian Grothoff | Note Added: 0025039 | |
| 2025-05-28 19:59 | Christian Grothoff | Changeset attached | => exchange master ed93a77c |
| 2025-05-28 19:59 | Christian Grothoff | Note Added: 0025040 | |
| 2025-05-28 19:59 | Christian Grothoff | Status | assigned => resolved |
| 2025-05-28 19:59 | Christian Grothoff | Resolution | open => fixed |
| 2025-05-28 19:59 | Christian Grothoff | Note Added: 0025041 | |
| 2025-05-28 19:59 | Christian Grothoff | Assigned To | Christian Grothoff => Florian Dold |
| 2025-05-28 19:59 | Christian Grothoff | Status | resolved => feedback |
| 2025-05-28 19:59 | Christian Grothoff | Resolution | fixed => reopened |
| 2025-06-03 20:30 | Florian Dold | Note Added: 0025111 | |
| 2025-06-03 20:37 | Florian Dold | Note Added: 0025113 | |
| 2025-06-03 20:37 | Florian Dold | Assigned To | Florian Dold => Christian Grothoff |
| 2025-06-03 20:37 | Florian Dold | Status | feedback => assigned |
| 2025-06-03 23:06 | Christian Grothoff | Note Added: 0025121 | |
| 2025-06-03 23:06 | Christian Grothoff | Assigned To | Christian Grothoff => Florian Dold |
| 2025-06-04 22:21 | Florian Dold | Note Added: 0025135 | |
| 2025-06-04 22:21 | Florian Dold | Assigned To | Florian Dold => Christian Grothoff |
| 2025-06-04 22:52 | Christian Grothoff | Status | assigned => resolved |
| 2025-06-04 22:52 | Christian Grothoff | Fixed in Version | => 1.0 stretch goals |
