View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009725 | Taler | challenger | public | 2025-04-10 22:00 | 2025-04-11 20:39 |
| Reporter | sebasjm | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 1.0 | Fixed in Version | 1.0 | ||
| Summary | 0009725: is not possible to use challeger with read_only mode | ||||
| Description | When a challenge has been setup with a payload it should work as read only (the user can only trigger the challenge and confirm the pin but not change the address) For this: * last_address must be filled with the request payload * fix_address must be true * changes_left must be 0 Current behavior: $ curl 'http://challenger.taler.test:1180/setup/1' -X 'POST' -H 'Accept: application/json' -H 'Authorization: Bearer secret-token:xxx' -d '{"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"xxx"} { "nonce": "SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G" } $ curl 'http://challenger.taler.test:1180/authorize/SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G?response_type=code&client_id=1&redirect_uri=http%3A%2F%2Fexchange.taler.test%2Fkyc-proof%2Fxxx&state=DE6RQX6MN58T7MRNCD2QGD39KTS0A0WF28HJHFTTE87W1YE1FS00' -X 'POST' { "fix_address": false, "solved": false, "pin_transmissions_left": 0, "auth_attempts_left": 0, "retransmission_time": { "t_s": 5 }, "changes_left": 3 } Expected behavior: $ curl 'http://challenger.taler.test:1180/setup/1' -X 'POST' -H 'Accept: application/json' -H 'Authorization: Bearer secret-token:xxx' -d '{"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"xxx"}' { "nonce": "SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G" } $ curl 'http://challenger.taler.test:1180/authorize/SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G?response_type=code&client_id=1&redirect_uri=http%3A%2F%2Fexchange.taler.test%2Fkyc-proof%2Fxxx&state=DE6RQX6MN58T7MRNCD2QGD39KTS0A0WF28HJHFTTE87W1YE1FS00' -X 'POST' { "fix_address": true, "last_address": {"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"xxx"}, "solved": false, "pin_transmissions_left": 0, "auth_attempts_left": 0, "retransmission_time": { "t_s": 5 }, "changes_left": 0 } | ||||
| Tags | No tags attached. | ||||
|
|
Well, the idea (now clarified in the challenger API) was actually that you would do: $ curl 'http://challenger.taler.test:1180/setup/1' -X 'POST' -H 'Accept: application/json' -H 'Authorization: Bearer secret-token:xxx' -d '{"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"xxx","read_only":true} { "nonce": "SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G" } to make an address read-only, because not all addresses given as part of /setup are inherently read-only. Then, you would get: curl 'http://challenger.taler.test:1180/authorize/SZYJ57RKM08AW8GZXEJ5C6ZC5BQE1J38RZBK8YGTWGXF1R2HTQ4G?response_type=code&client_id=1&redirect_uri=http%3A%2F%2Fexchange.taler.test%2Fkyc-proof%2Fxxx&state=DE6RQX6MN58T7MRNCD2QGD39KTS0A0WF28HJHFTTE87W1YE1FS00' -X 'POST' { "fix_address": SEEBELOW, "last_address": {"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"xxx","read_only":true}, "solved": false, "pin_transmissions_left": 0, "auth_attempts_left": 0, "retransmission_time": { "t_s": 5 }, and act on the 'read_only' field in address. But you are right that "fix_address":true ALSO makes sense in this case, so the latest challenger will set that now as well. |
|
|
Looks like the payload is ignored. $ NONCE=$(curl 'http://challenger.taler.test:1180/setup/2' -X 'POST' -H "Content-type: application/json" -H 'Authorization: Bearer secret-token:chal-secret' -d '{"CONTACT_NAME":"xxx","ADDRESS_LINES":"xxx","ADDRESS_COUNTRY":"yyy","read_only":true}' -s | jq -r .nonce); $ curl "http://challenger.taler.test:1180/authorize/$NONCE?response_type=code&client_id=2&redirect_uri=http%3A%2F%2Fexchange.taler.test%3A1180%2Fkyc-proof%2Fwallet&state=ddd" { "fix_address": false, "solved": false, "pin_transmissions_left": 0, "auth_attempts_left": 0, "retransmission_time": { "t_s": 5 }, "changes_left": 3 } |
|
|
Ok, that was a stupid bug. Fixed 0716368..0afed3f |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-04-10 22:00 | sebasjm | New Issue | |
| 2025-04-10 22:00 | sebasjm | Status | new => assigned |
| 2025-04-10 22:00 | sebasjm | Assigned To | => Christian Grothoff |
| 2025-04-11 14:59 | Christian Grothoff | Note Added: 0024512 | |
| 2025-04-11 14:59 | Christian Grothoff | Status | assigned => resolved |
| 2025-04-11 14:59 | Christian Grothoff | Resolution | open => fixed |
| 2025-04-11 14:59 | Christian Grothoff | Fixed in Version | => 1.0 |
| 2025-04-11 14:59 | Christian Grothoff | Product Version | 1.0 => git (master) |
| 2025-04-11 20:04 | sebasjm | Status | resolved => feedback |
| 2025-04-11 20:04 | sebasjm | Resolution | fixed => reopened |
| 2025-04-11 20:04 | sebasjm | Note Added: 0024515 | |
| 2025-04-11 20:05 | sebasjm | Note Edited: 0024515 | |
| 2025-04-11 20:39 | Christian Grothoff | Note Added: 0024516 | |
| 2025-04-11 20:39 | Christian Grothoff | Status | feedback => resolved |
| 2025-04-11 20:39 | Christian Grothoff | Resolution | reopened => fixed |
