Fix null scope auth req (#195)

* fix error with null in auth request scope
0xPolygonID · Mar 11, 2024 · e5baf6a · e5baf6a
1 parent e23287c
commit e5baf6a
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 6 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@0xpolygonid/js-sdk",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "description": "SDK to work with Polygon ID",
   "main": "dist/node/cjs/index.js",
   "module": "dist/node/esm/index.js",

diff --git a/src/iden3comm/handlers/auth.ts b/src/iden3comm/handlers/auth.ts
@@ -176,6 +176,7 @@ export class AuthHandler implements IAuthHandler {
     if (message.type !== PROTOCOL_MESSAGE_TYPE.AUTHORIZATION_REQUEST_MESSAGE_TYPE) {
       throw new Error('Invalid media type');
     }
+    authRequest.body.scope = authRequest.body.scope || [];
     return authRequest;
   }
 
@@ -346,7 +347,8 @@ export class AuthHandler implements IAuthHandler {
     }
 
     this.verifyAuthRequest(request);
-    const requestScope = request.body.scope;
+    const requestScope = request.body.scope || [];
+    const responseScope = response.body.scope || [];
 
     if (!response.from) {
       throw new Error(`proof response doesn't contain from field`);
@@ -357,7 +359,7 @@ export class AuthHandler implements IAuthHandler {
     for (const proofRequest of requestScope) {
       const groupId = proofRequest.query.groupId as number;
 
-      const proofResp = response.body.scope.find((resp) => resp.id === proofRequest.id);
+      const proofResp = responseScope.find((resp) => resp.id === proofRequest.id);
       if (!proofResp) {
         throw new Error(`proof is not given for requestId ${proofRequest.id}`);
       }
@@ -406,7 +408,7 @@ export class AuthHandler implements IAuthHandler {
 
   private verifyAuthRequest(request: AuthorizationRequestMessage) {
     const groupIdValidationMap: { [k: string]: ZeroKnowledgeProofRequest[] } = {};
-    const requestScope = request.body.scope;
+    const requestScope = request.body.scope || [];
     for (const proofRequest of requestScope) {
       const groupId = proofRequest.query.groupId as number;
       if (groupId) {

diff --git a/src/iden3comm/handlers/contract-request.ts b/src/iden3comm/handlers/contract-request.ts
@@ -89,6 +89,7 @@ export class ContractRequestHandler implements IContractRequestHandler {
     if (message.type !== PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE) {
       throw new Error('Invalid media type');
     }
+    ciRequest.body.scope = ciRequest.body.scope || [];
     return ciRequest;
   }
 

diff --git a/tests/handlers/auth.test.ts b/tests/handlers/auth.test.ts
@@ -1138,4 +1138,16 @@ describe('auth', () => {
     ) as AuthorizationResponseMessage;
     await authHandler.handleAuthorizationResponse(response, authRequest, testOpts);
   });
+
+  it('null scope auth requst', async () => {
+    const msgBytes = byteEncoder.encode(
+      '{"id":"f3688b54-248d-4a75-b743-39f99a49adb8","typ":"application/iden3comm-plain-json","type":"https://iden3-communication.io/authorization/1.0/request","thid":"f3688b54-248d-4a75-b743-39f99a49adb8","body":{"callbackUrl":"https://issuer-admin.polygonid.me/v1/credentials/links/callback?sessionID=1bd6b1cb-cfc1-4817-8b77-3bc150435e29\u0026linkID=880face8-43b7-428b-80b1-adb6da0632ac","reason":"authentication","scope":null},"from":"did:polygonid:polygon:mumbai:2qMLpQ5py1YzBTTuLEeX2yr6pDGQ7gyXAfygaPakzq"}'
+    );
+    const authRes = await authHandler.handleAuthorizationRequest(userDID, msgBytes);
+
+    const tokenStr = authRes.token;
+    expect(tokenStr).to.be.a('string');
+    const token = await Token.parse(tokenStr);
+    expect(token).to.be.a('object');
+  });
 });