Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature/jarm_sdk #158

Merged
merged 86 commits into from
Oct 21, 2024
Merged

feature/jarm_sdk #158

merged 86 commits into from
Oct 21, 2024

Conversation

sanderPostma
Copy link
Contributor

Fixes while testing jarm

sksadjad and others added 30 commits September 3, 2024 11:43
# Conflicts:
#	packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts
#	packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts
#	packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts
#	packages/siop-oid4vp/lib/helpers/Revocation.ts
#	packages/siop-oid4vp/package.json
#	pnpm-lock.yaml
# Conflicts:
#	packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts
@sanderPostma sanderPostma changed the base branch from develop to feature/from-funke October 9, 2024 07:28
@sanderPostma sanderPostma changed the base branch from feature/from-funke to develop October 9, 2024 07:29
@sanderPostma sanderPostma changed the base branch from develop to feature/from-funke October 9, 2024 07:30
nklomp added 2 commits October 9, 2024 14:53
# Conflicts:
#	packages/siop-oid4vp/lib/__tests__/TestUtils.ts
#	packages/siop-oid4vp/lib/__tests__/functions/LanguageTagUtils.spec.ts
#	packages/siop-oid4vp/lib/authorization-response/AuthorizationResponse.ts
#	packages/siop-oid4vp/lib/authorization-response/PresentationExchange.ts
#	packages/siop-oid4vp/lib/helpers/Revocation.ts
#	packages/siop-oid4vp/lib/op/OP.ts
#	packages/siop-oid4vp/lib/rp/RPBuilder.ts
#	pnpm-lock.yaml
@nklomp nklomp changed the base branch from feature/from-funke to develop October 9, 2024 13:06
…/jarm_sdk

# Conflicts:
#	packages/siop-oid4vp/lib/op/OP.ts
#	pnpm-lock.yaml
Copy link
Contributor

@nklomp nklomp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see remarks. Mostly small

@@ -172,7 +172,7 @@ describe('RP using test vectors', () => {
).toBeTruthy()
})

it('should decode auth response', async () => {
it.skip('should decode auth response', async () => { // FIXME pex is too lenient ATM
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has this been checked with latest version. This is a pretty core test, that should not just be disabled

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted, should pass now after updating pex to 5.0.0-unstable.18
That was the credential.vp resolution I removed in pex today.

@@ -119,7 +120,10 @@ export class AuthorizationRequest {
let requestObjectPayload: RequestObjectPayload | undefined = undefined

const jwt = await this.requestObjectJwt()
const parsedJwt = jwt ? parseJWT(jwt) : undefined
let parsedJwt = undefined
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh this is almost doing the same thing, except not for null values (which should also be taken into account). But now we have a var instead of a const, so worse

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reverted. No clue why I did this...

@@ -164,7 +168,10 @@ export class AuthorizationRequest {
)
assertValidRPRegistrationMedataPayload(registrationMetadataPayload)
// TODO: We need to do something with the metadata probably
} /*else { this makes test mattr.launchpad.spec.ts fail why was this check added?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this commented?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah that was to have the following discussion:
These test are failing
image
It just creates an AuthorizationRequest for OpenBadge where RequestObject is undefined so there also won't be a parsedJwt / requestObjectPayload. Next mergedPayload is expected to have client_metadata which it won't, failing the test / CI pipeline with "could not fetch registrationMetadataPayload due to missing payload key client_metadata"

So the question is: is that assertion realistic to enforce? Or so we need to expand the test so it actually provides client_metadata?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh, that means the test is wrong or something else is going on. The else is an assertion and should be there. There really needs to be a client_metadata(_uri) (previously called registration).

I don't get why you assume that what is clearly an assertion should all of a sudden not be needed anymore

@@ -256,7 +270,11 @@ export class AuthorizationRequest {
}

public async mergedPayloads(): Promise<RequestObjectPayload> {
return { ...this.payload, ...(this.requestObject && (await this.requestObject.getPayload())) }
const requestObjectPayload = { ...this.payload, ...(this.requestObject && (await this.requestObject.getPayload())) }
if (requestObjectPayload.scope && typeof requestObjectPayload.scope !== 'string') { // test mattr.launchpad.spec.ts does not supply a scope value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check should probably live somewhere else that is calling the mergePayloads

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The situation I found was
image

Not sure why Sadjad placed it precisely there, maybe because mergedPayloads() is called in many nasty/embedded places.
But the field should be there

scope: string // REQUIRED. As specified in Section 3.1.2 of [OpenID.Core].

anyway the mattr.launchpad.spec.ts does not supply a requestObject so we also won't have a scope either.
so again these tests should either be upgraded or disabled imo

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well something must be off with the mattr test or the way we treat request objects then. The test has been there for a very long time and always passed.

The lib should be able to work without a request object (so in plain oauth2 mode)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also the string assertion only applies of there is a scope to begin with. If not then the error will never be thrown

@@ -238,7 +238,7 @@ function assertIssSelfIssuedOrDid(payload: JWTPayload) {
}
}

export function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): string {
export function getSubDidFromPayload(payload: JWTPayload, header?: JWTHeader): string | undefined {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert. The assert method below ensures a string is always present

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see it now. But my tsc does not look inside assertIssSelfIssuedOrDid, so have to return payload.sub! instead

@@ -13,7 +13,7 @@ export class OPBuilder {
expiresIn?: number
issuer?: IIssuerId | ResponseIss
responseMode?: ResponseMode = ResponseMode.DIRECT_POST
responseRegistration?: Partial<ResponseRegistrationOpts> = {}
responseRegistration?: Partial<ResponseRegistrationOpts> //= {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is likely to cause issues in certain situations as the builder properties are assigned to the OP in the build phase. So why was this needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I probably did this when fighting sudden issues with LanguageTagUtils.

    const languageTaggedFields: Map<string, string> = LanguageTagUtils.getLanguageTaggedProperties(
      opts.builder.responseRegistration,
      languageTagEnabledFieldsNames,
    )

when opts.builder.responseRegistration is undefined it's not going to try to translate. When an empty object it's going to throw error because of missing fields.

They also pass in languageTagEnabledFieldsNames which was actually interpreted as languageTagRequiredFieldsNames. But I think I fixed that at a later point, so I will try to revert that.

@@ -55,6 +60,7 @@ export const createVerifyResponseOptsFromBuilderOrExistingOpts = (opts: {
return opts.builder
? {
hasher: opts.builder.hasher ?? defaultHasher,
// correlationId: uuidv4(), We can't set a correlationId here, it will no longer check functions like this.sessionManager.getCorrelationIdByNonce(resNonce, false)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, why would it need that function to begin with if you already have a correlation Id? and internally we work by correlationId

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guess we'll never find out anymore...
image

I left the comment there in case anyone else would decide to "fix" something in the future

@@ -196,13 +198,13 @@ export class RP {
correlationId,
})
correlationId = verifyAuthenticationResponseOpts.correlationId ?? correlationId
void this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_RECEIVED_SUCCESS, {
await this.emitEvent(AuthorizationEvents.ON_AUTH_RESPONSE_RECEIVED_SUCCESS, {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First why is this needed. This makes the events sync. Second. If you change it here, then at least change it everywhere in this file

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reverted all events to be sync. (also not using that one anymore)

@@ -225,6 +227,19 @@ export class RP {
return this._verifyResponseOptions
}

public getResponseRedirectUri(mappings?: Record<string, string>): string | undefined {
if (this._responseRedirectUri === undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you constantly explicitly checking against undefined. That can have undesired side effects if someone explicitly sets something to null for instance (which is a valid value for an optional const/var/param). Simply do !param

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed. I vaguely remember comments in Slack a year or longer ago that we had to be specific about these conditions, write them out and not use truthy / falsy.

if (this._responseRedirectUri === undefined) {
return undefined
}
if(mappings === undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you constantly explicitly checking against undefined. That can have undesired side effects if someone explicitly sets something to null for instance (which is a valid value for an optional const/var/param). Simply do !param

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link

codecov bot commented Oct 9, 2024

Codecov Report

Attention: Patch coverage is 7.69231% with 12 lines in your changes missing coverage. Please review.

Project coverage is 48.81%. Comparing base (56b16a3) to head (0603b43).
Report is 900 commits behind head on develop.

Files with missing lines Patch % Lines
packages/client/lib/OpenID4VCIClientV1_0_13.ts 10.00% 9 Missing ⚠️
packages/did-auth-siop-adapter/lib/did/DidJWT.ts 0.00% 3 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (56b16a3) and HEAD (0603b43). Click for more details.

HEAD has 11 uploads less than BASE
Flag BASE (56b16a3) HEAD (0603b43)
6 0
unittest 6 1
Additional details and impacted files
@@             Coverage Diff              @@
##           develop     #158       +/-   ##
============================================
- Coverage    89.22%   48.81%   -40.42%     
============================================
  Files           17       74       +57     
  Lines          668     5005     +4337     
  Branches       170     1787     +1617     
============================================
+ Hits           596     2443     +1847     
- Misses          69     2560     +2491     
+ Partials         3        2        -1     
Flag Coverage Δ
unittest 48.81% <7.69%> (-40.42%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nklomp nklomp merged commit dcfd0c9 into develop Oct 21, 2024
2 of 4 checks passed
@nklomp nklomp deleted the feature/jarm_sdk branch October 21, 2024 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants