stellar · reecexlm · Apr 12, 2024 · Apr 16, 2024 · Apr 16, 2024 · Apr 16, 2024
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -131,6 +131,7 @@ func (s *ServerService) SetupConsumers(ctx context.Context, o SetupConsumersOpti
 			MaxInvitationSMSResendAttempts: int64(o.ServeOpts.MaxInvitationSMSResendAttempts),
 			Sep10SigningPrivateKey:         o.ServeOpts.Sep10SigningPrivateKey,
 			CrashTrackerClient:             o.ServeOpts.CrashTrackerClient.Clone(),
+			UseExternalID:                  o.ServeOpts.UseExternalID,
 		}),
 	)
 	if err != nil {
@@ -323,6 +324,14 @@ func (c *ServeCommand) Command(serverService ServerServiceInterface, monitorServ
 			FlagDefault: 3,
 			Required:    true,
 		},
+		{
+			Name:        "use-external-id",
+			Usage:       "Enable or disable the use of external ID in wallet deep links",
+			OptType:     types.Bool,
+			ConfigKey:   &serveOpts.UseExternalID, // Ensure ServeOptions has a UseExternalID field of type bool
+			FlagDefault: false,                    // Default value set to false. Do Not embed external_id in wallet deep links
-			FlagDefault: false,                    // Default value set to false. Do Not embed external_id in wallet deep links
+			FlagDefault: true,                    // Default value set to true so the feature is enabled in the PR preview.  // TODO: default to false if merging it in the actual code.
-			FlagDefault: false,                    // Default value set to false. Do Not embed external_id in wallet deep links
+			FlagDefault: true,                    // Default value set to true so the feature is enabled in the PR preview.  // TODO: default to false if merging it in the actual code.
+			Required:    false,
+		},
 		{
 			Name:        "single-tenant-mode",
 			Usage:       "This option enables the Single Tenant Mode feature. In the case where multi-tenancy is not required, this options bypasses the tenant resolution by always resolving to the default tenant configured in the database.",

diff --git a/internal/data/assets.go b/internal/data/assets.go
@@ -286,6 +286,7 @@ func (a *AssetModel) GetAssetsPerReceiverWallet(ctx context.Context, receiverWal
 			r.id AS "receiver_wallet.receiver.id",
 			r.phone_number AS "receiver_wallet.receiver.phone_number",
 			r.email AS "receiver_wallet.receiver.email",
+			r.external_id AS "receiver_wallet.receiver.external_id",
 			a.id AS "asset.id",
 			a.code AS "asset.code",
 			a.issuer AS "asset.issuer",

diff --git a/internal/data/assets_test.go b/internal/data/assets_test.go
@@ -7,11 +7,12 @@ import (
 	"time"
 
 	"github.com/stellar/go/protocols/horizon/base"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"github.com/stellar/stellar-disbursement-platform-backend/db"
 	"github.com/stellar/stellar-disbursement-platform-backend/db/dbtest"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/message"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func Test_Asset_IsNative(t *testing.T) {
@@ -639,6 +640,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverX.ID,
 					Email:       receiverX.Email,
 					PhoneNumber: receiverX.PhoneNumber,
+					ExternalID:  receiverX.ExternalID,
 				},
 				ReceiverWalletStats: ReceiverWalletStats{
 					TotalInvitationSMSResentAttempts: 2,
@@ -656,6 +658,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverX.ID,
 					Email:       receiverX.Email,
 					PhoneNumber: receiverX.PhoneNumber,
+					ExternalID:  receiverX.ExternalID,
 				},
 				InvitationSentAt: &invitationSentAt,
 			},
@@ -670,6 +673,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverX.ID,
 					Email:       receiverX.Email,
 					PhoneNumber: receiverX.PhoneNumber,
+					ExternalID:  receiverX.ExternalID,
 				},
 			},
 			WalletID:                walletB.ID,
@@ -683,6 +687,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverX.ID,
 					Email:       receiverX.Email,
 					PhoneNumber: receiverX.PhoneNumber,
+					ExternalID:  receiverX.ExternalID,
 				},
 			},
 			WalletID:                walletB.ID,
@@ -696,6 +701,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverY.ID,
 					Email:       receiverY.Email,
 					PhoneNumber: receiverY.PhoneNumber,
+					ExternalID:  receiverY.ExternalID,
 				},
 			},
 			WalletID:                walletA.ID,
@@ -709,6 +715,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverY.ID,
 					Email:       receiverY.Email,
 					PhoneNumber: receiverY.PhoneNumber,
+					ExternalID:  receiverY.ExternalID,
 				},
 			},
 			WalletID:                walletA.ID,
@@ -722,6 +729,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverY.ID,
 					Email:       receiverY.Email,
 					PhoneNumber: receiverY.PhoneNumber,
+					ExternalID:  receiverY.ExternalID,
 				},
 			},
 			WalletID:                walletB.ID,
@@ -735,6 +743,7 @@ func Test_GetAssetsPerReceiverWallet(t *testing.T) {
 					ID:          receiverY.ID,
 					Email:       receiverY.Email,
 					PhoneNumber: receiverY.PhoneNumber,
+					ExternalID:  receiverY.ExternalID,
 				},
 			},
 			WalletID:                walletB.ID,

diff --git a/internal/data/receivers.go b/internal/data/receivers.go
@@ -31,6 +31,9 @@
 	VerificationValue string            `json:"verification"`
 	VerificationType  VerificationField `json:"verification_type"`
 	ReCAPTCHAToken    string            `json:"recaptcha_token"`
+	ExternalID        string            `json:"external_id"`
+	CustomerID        string            `json:"customer_id"`   //customer identifier
-	ExternalID        string            `json:"external_id"`
-	CustomerID        string            `json:"customer_id"`   //customer identifier
+	// CustomerID is the SEP-24 field that we store in our database's `receivers.external_id`.
+	CustomerID        string            `json:"customer_id"`   //customer identifier
-	ExternalID        string            `json:"external_id"`
-	CustomerID        string            `json:"customer_id"`   //customer identifier
+	// CustomerID is the SEP-24 field that we store in our database's `receivers.external_id`.
+	CustomerID        string            `json:"customer_id"`   //customer identifier
+	MobileNumberHash  string            `json:"mobile_number"` //hashed mobile number
 }
 
 type ReceiverStats struct {
@@ -442,3 +445,25 @@
 		return nil
 	})
 }
+
+// GetByExternalID retrieves a receiver's phone number based on the external_id.
+func (r *ReceiverModel) GetByExternalID(ctx context.Context, sqlExec db.SQLExecuter, externalID string) (*Receiver, error) {
+	receiver := Receiver{}
+
+	query := `
+		SELECT id, phone_number
+		FROM receivers
+		WHERE external_id = $1
+		LIMIT 1
+	`
+
+	err := sqlExec.GetContext(ctx, &receiver, query, externalID)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, fmt.Errorf("no receiver found with external_id %s: %w", externalID, err)
+		}
+		// Handle other potential errors
+		return nil, fmt.Errorf("error fetching receiver by external ID: %w", err)
+	}
+	return &receiver, nil
+}
diff --git a/internal/data/receivers_wallet.go b/internal/data/receivers_wallet.go
@@ -10,9 +10,9 @@ import (
 	"time"
 
 	"github.com/lib/pq"
-
 	"github.com/stellar/go/network"
 	"github.com/stellar/go/support/log"
+
 	"github.com/stellar/stellar-disbursement-platform-backend/db"
 )
 
@@ -231,6 +231,7 @@ const getPendingRegistrationReceiverWalletsBaseQuery = `
 		r.id AS "receiver.id",
 		r.phone_number AS "receiver.phone_number",
 		r.email AS "receiver.email",
+		r.external_id AS "receiver.external_id",
 		w.id AS "wallet.id",
 		w.name AS "wallet.name"
 	FROM

diff --git a/internal/data/receivers_wallet_test.go b/internal/data/receivers_wallet_test.go
@@ -7,12 +7,13 @@ import (
 	"time"
 
 	"github.com/stellar/go/network"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"github.com/stellar/stellar-disbursement-platform-backend/db"
 	"github.com/stellar/stellar-disbursement-platform-backend/db/dbtest"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/message"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/utils"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func Test_ReceiversWalletModelGetWithReceiverId(t *testing.T) {
@@ -892,6 +893,7 @@ func Test_ReceiverWallet_GetAllPendingRegistration(t *testing.T) {
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet3.ID,
@@ -904,6 +906,7 @@ func Test_ReceiverWallet_GetAllPendingRegistration(t *testing.T) {
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet4.ID,
@@ -1013,6 +1016,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByReceiverWalletIDs(t *testing
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet3.ID,
@@ -1025,6 +1029,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByReceiverWalletIDs(t *testing
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet4.ID,
@@ -1096,6 +1101,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByReceiverWalletIDs(t *testing
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet1.ID,
@@ -1108,6 +1114,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByReceiverWalletIDs(t *testing
 					ID:          receiver.ID,
 					PhoneNumber: receiver.PhoneNumber,
 					Email:       receiver.Email,
+					ExternalID:  receiver.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet2.ID,
@@ -1198,6 +1205,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByDisbursementID(t *testing.T)
 					ID:          receiver3.ID,
 					PhoneNumber: receiver3.PhoneNumber,
 					Email:       receiver3.Email,
+					ExternalID:  receiver3.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet.ID,
@@ -1210,6 +1218,7 @@ func Test_ReceiverWallet_GetAllPendingRegistrationByDisbursementID(t *testing.T)
 					ID:          receiver4.ID,
 					PhoneNumber: receiver4.PhoneNumber,
 					Email:       receiver4.Email,
+					ExternalID:  receiver4.ExternalID,
 				},
 				Wallet: Wallet{
 					ID:   wallet.ID,

diff --git a/internal/events/eventhandlers/send_receiver_wallets_sms_invitation_event_handler.go b/internal/events/eventhandlers/send_receiver_wallets_sms_invitation_event_handler.go
@@ -25,6 +25,7 @@ type SendReceiverWalletsSMSInvitationEventHandlerOptions struct {
 	MaxInvitationSMSResendAttempts int64
 	Sep10SigningPrivateKey         string
 	CrashTrackerClient             crashtracker.CrashTrackerClient
+	UseExternalID                  bool
 }
 
 type SendReceiverWalletsSMSInvitationEventHandler struct {
@@ -50,6 +51,7 @@ func NewSendReceiverWalletsSMSInvitationEventHandler(options SendReceiverWallets
 		options.Sep10SigningPrivateKey,
 		options.MaxInvitationSMSResendAttempts,
 		options.CrashTrackerClient,
+		options.UseExternalID,
 	)
 	if err != nil {
 		log.Fatalf("error instantiating service: %s", err.Error())

diff --git a/internal/scheduler/jobs/send_receiver_wallets_sms_invitation_job.go b/internal/scheduler/jobs/send_receiver_wallets_sms_invitation_job.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/stellar/go/support/log"
+
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/crashtracker"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/data"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/message"
@@ -22,6 +23,7 @@ type SendReceiverWalletsSMSInvitationJobOptions struct {
 	MaxInvitationSMSResendAttempts int64
 	Sep10SigningPrivateKey         string
 	CrashTrackerClient             crashtracker.CrashTrackerClient
+	UseExternalID                  bool
 	JobIntervalSeconds             int
 }
 
@@ -62,6 +64,7 @@ func NewSendReceiverWalletsSMSInvitationJob(options SendReceiverWalletsSMSInvita
 		options.Sep10SigningPrivateKey,
 		options.MaxInvitationSMSResendAttempts,
 		options.CrashTrackerClient,
+		options.UseExternalID,
 	)
 	if err != nil {
 		log.Fatalf("error instantiating service: %s", err.Error())

diff --git a/internal/scheduler/jobs/send_receiver_wallets_sms_invitation_job_test.go b/internal/scheduler/jobs/send_receiver_wallets_sms_invitation_job_test.go
@@ -10,17 +10,16 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/stellar/stellar-disbursement-platform-backend/stellar-multitenant/pkg/tenant"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/stellar/stellar-disbursement-platform-backend/db"
 	"github.com/stellar/stellar-disbursement-platform-backend/db/dbtest"
-
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/crashtracker"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/data"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/message"
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/services"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
+	"github.com/stellar/stellar-disbursement-platform-backend/stellar-multitenant/pkg/tenant"
 )
 
 func Test_NewSendReceiverWalletsSMSInvitationJob(t *testing.T) {
@@ -143,6 +142,7 @@ func Test_SendReceiverWalletsSMSInvitationJob_Execute(t *testing.T) {
 			stellarSecretKey,
 			maxInvitationSMSResendAttempts,
 			crashTrackerClientMock,
+			true,
 		)
 		require.NoError(t, err)
 
@@ -206,6 +206,7 @@ func Test_SendReceiverWalletsSMSInvitationJob_Execute(t *testing.T) {
 			OrganizationName: "MyCustomAid",
 			AssetCode:        asset1.Code,
 			AssetIssuer:      asset1.Issuer,
+			ExternalID:       receiver1.ExternalID,
 		}
 		deepLink1, err := walletDeepLink1.GetSignedRegistrationLink(stellarSecretKey)
 		require.NoError(t, err)
@@ -217,6 +218,7 @@ func Test_SendReceiverWalletsSMSInvitationJob_Execute(t *testing.T) {
 			OrganizationName: "MyCustomAid",
 			AssetCode:        asset2.Code,
 			AssetIssuer:      asset2.Issuer,
+			ExternalID:       receiver2.ExternalID,
 		}
 		deepLink2, err := walletDeepLink2.GetSignedRegistrationLink(stellarSecretKey)
 		require.NoError(t, err)

diff --git a/internal/serve/httphandler/verifiy_receiver_registration_handler.go b/internal/serve/httphandler/verifiy_receiver_registration_handler.go
@@ -112,6 +112,25 @@ func (v VerifyReceiverRegistrationHandler) processReceiverVerificationPII(
 	now := time.Now()
 	truncatedPhoneNumber := utils.TruncateString(receiver.PhoneNumber, 3)
 
+	// STEP 0: if customer-id exists in sep24 claims, use it to look up reciever, hash Phone Number  in db, compare against hashed mobile_number in sep24 claims
+	if receiverRegistrationRequest.CustomerID != "" {
+		receiverByExternalID, err := v.Models.Receiver.GetByExternalID(ctx, dbTx, receiver.ExternalID)
+		if err != nil {
+			log.Ctx(ctx).Errorf("Error retrieving receiver by external ID: %v", err)
+			return &ErrorInformationNotFound{cause: err}
+		}
+		fmt.Println(receiverByExternalID.PhoneNumber)
+
+		if data.CompareVerificationValue(receiverRegistrationRequest.MobileNumberHash, receiverByExternalID.PhoneNumber) {
+			// Compare the hashed phone number with the hashed mobile number from the SEP-24 claims
+			//if hashedPhoneNumber != receiverRegistrationRequest.MobileNumberHash {
+			//err := fmt.Errorf("hashed phone number does not match the hashed mobile number from SEP-24 claims")
+			//	return &ErrorInformationNotFound{cause: err}
+			//}
+			return nil
+		}
-		if data.CompareVerificationValue(receiverRegistrationRequest.MobileNumberHash, receiverByExternalID.PhoneNumber) {
-			// Compare the hashed phone number with the hashed mobile number from the SEP-24 claims
-			//if hashedPhoneNumber != receiverRegistrationRequest.MobileNumberHash {
-			//err := fmt.Errorf("hashed phone number does not match the hashed mobile number from SEP-24 claims")
-			//	return &ErrorInformationNotFound{cause: err}
-			//}
-			return nil
-		}
+		if !data.CompareVerificationValue(receiverRegistrationRequest.MobileNumberHash, receiverByExternalID.PhoneNumber) {
+			err := fmt.Errorf("hashed phone number does not match the hashed mobile number from SEP-24 claims")
+			return &ErrorInformationNotFound{cause: err}
+		}
-		if data.CompareVerificationValue(receiverRegistrationRequest.MobileNumberHash, receiverByExternalID.PhoneNumber) {
-			// Compare the hashed phone number with the hashed mobile number from the SEP-24 claims
-			//if hashedPhoneNumber != receiverRegistrationRequest.MobileNumberHash {
-			//err := fmt.Errorf("hashed phone number does not match the hashed mobile number from SEP-24 claims")
-			//	return &ErrorInformationNotFound{cause: err}
-			//}
-			return nil
-		}
+		if !data.CompareVerificationValue(receiverRegistrationRequest.MobileNumberHash, receiverByExternalID.PhoneNumber) {
+			err := fmt.Errorf("hashed phone number does not match the hashed mobile number from SEP-24 claims")
+			return &ErrorInformationNotFound{cause: err}
+		}
+	}
+
 	// STEP 1: find the receiverVerification entry that matches the pair [receiverID, verificationType]
 	receiverVerifications, err := v.Models.ReceiverVerification.GetByReceiverIDsAndVerificationField(ctx, dbTx, []string{receiver.ID}, receiverRegistrationRequest.VerificationType)
 	if err != nil {
@@ -141,7 +160,7 @@ func (v VerifyReceiverRegistrationHandler) processReceiverVerificationPII(
 		receiverVerification.FailedAt = &now
 		receiverVerification.ConfirmedAt = nil
 
-		// this update is done using the DBConnectionPool and not dbTx because we don't want to roolback these changes after returning the error
+		// this update is done using the DBConnectionPool and not dbTx because we don't want to rollback these changes after returning the error
 		updateErr := v.Models.ReceiverVerification.UpdateReceiverVerification(ctx, *receiverVerification, v.Models.DBConnectionPool)
 		if updateErr != nil {
 			err = fmt.Errorf("%s: %w", baseErrMsg, updateErr)