From e5baf6aa0b07e873a74c5b327cbc33c839c3f09d Mon Sep 17 00:00:00 2001
From: volodymyr-basiuk <31999965+volodymyr-basiuk@users.noreply.github.com>
Date: Mon, 11 Mar 2024 11:29:07 +0200
Subject: [PATCH] Fix null scope auth req (#195)

* fix error with null in auth request scope
---
 package-lock.json                          |  4 ++--
 package.json                               |  2 +-
 src/iden3comm/handlers/auth.ts             |  8 +++++---
 src/iden3comm/handlers/contract-request.ts |  1 +
 tests/handlers/auth.test.ts                | 12 ++++++++++++
 5 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0339fc70..8a51a94f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@0xpolygonid/js-sdk",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@0xpolygonid/js-sdk",
-      "version": "1.8.2",
+      "version": "1.8.3",
       "license": "AGPL-3.0",
       "dependencies": {
         "ajv": "8.12.0",
diff --git a/package.json b/package.json
index 4d436368..ec491d15 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@0xpolygonid/js-sdk",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "description": "SDK to work with Polygon ID",
   "main": "dist/node/cjs/index.js",
   "module": "dist/node/esm/index.js",
diff --git a/src/iden3comm/handlers/auth.ts b/src/iden3comm/handlers/auth.ts
index 896f507f..53f535b8 100644
--- a/src/iden3comm/handlers/auth.ts
+++ b/src/iden3comm/handlers/auth.ts
@@ -176,6 +176,7 @@ export class AuthHandler implements IAuthHandler {
     if (message.type !== PROTOCOL_MESSAGE_TYPE.AUTHORIZATION_REQUEST_MESSAGE_TYPE) {
       throw new Error('Invalid media type');
     }
+    authRequest.body.scope = authRequest.body.scope || [];
     return authRequest;
   }
 
@@ -346,7 +347,8 @@ export class AuthHandler implements IAuthHandler {
     }
 
     this.verifyAuthRequest(request);
-    const requestScope = request.body.scope;
+    const requestScope = request.body.scope || [];
+    const responseScope = response.body.scope || [];
 
     if (!response.from) {
       throw new Error(`proof response doesn't contain from field`);
@@ -357,7 +359,7 @@ export class AuthHandler implements IAuthHandler {
     for (const proofRequest of requestScope) {
       const groupId = proofRequest.query.groupId as number;
 
-      const proofResp = response.body.scope.find((resp) => resp.id === proofRequest.id);
+      const proofResp = responseScope.find((resp) => resp.id === proofRequest.id);
       if (!proofResp) {
         throw new Error(`proof is not given for requestId ${proofRequest.id}`);
       }
@@ -406,7 +408,7 @@ export class AuthHandler implements IAuthHandler {
 
   private verifyAuthRequest(request: AuthorizationRequestMessage) {
     const groupIdValidationMap: { [k: string]: ZeroKnowledgeProofRequest[] } = {};
-    const requestScope = request.body.scope;
+    const requestScope = request.body.scope || [];
     for (const proofRequest of requestScope) {
       const groupId = proofRequest.query.groupId as number;
       if (groupId) {
diff --git a/src/iden3comm/handlers/contract-request.ts b/src/iden3comm/handlers/contract-request.ts
index 09f728f8..ff5eff5d 100644
--- a/src/iden3comm/handlers/contract-request.ts
+++ b/src/iden3comm/handlers/contract-request.ts
@@ -89,6 +89,7 @@ export class ContractRequestHandler implements IContractRequestHandler {
     if (message.type !== PROTOCOL_MESSAGE_TYPE.CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE) {
       throw new Error('Invalid media type');
     }
+    ciRequest.body.scope = ciRequest.body.scope || [];
     return ciRequest;
   }
 
diff --git a/tests/handlers/auth.test.ts b/tests/handlers/auth.test.ts
index 984f1dca..352600f7 100644
--- a/tests/handlers/auth.test.ts
+++ b/tests/handlers/auth.test.ts
@@ -1138,4 +1138,16 @@ describe('auth', () => {
     ) as AuthorizationResponseMessage;
     await authHandler.handleAuthorizationResponse(response, authRequest, testOpts);
   });
+
+  it('null scope auth requst', async () => {
+    const msgBytes = byteEncoder.encode(
+      '{"id":"f3688b54-248d-4a75-b743-39f99a49adb8","typ":"application/iden3comm-plain-json","type":"https://iden3-communication.io/authorization/1.0/request","thid":"f3688b54-248d-4a75-b743-39f99a49adb8","body":{"callbackUrl":"https://issuer-admin.polygonid.me/v1/credentials/links/callback?sessionID=1bd6b1cb-cfc1-4817-8b77-3bc150435e29\u0026linkID=880face8-43b7-428b-80b1-adb6da0632ac","reason":"authentication","scope":null},"from":"did:polygonid:polygon:mumbai:2qMLpQ5py1YzBTTuLEeX2yr6pDGQ7gyXAfygaPakzq"}'
+    );
+    const authRes = await authHandler.handleAuthorizationRequest(userDID, msgBytes);
+
+    const tokenStr = authRes.token;
+    expect(tokenStr).to.be.a('string');
+    const token = await Token.parse(tokenStr);
+    expect(token).to.be.a('object');
+  });
 });