diff --git a/agent/Dockerfile b/agent/Dockerfile index 0b22e52..36a473d 100644 --- a/agent/Dockerfile +++ b/agent/Dockerfile @@ -10,14 +10,14 @@ WORKDIR /app FROM base AS prod-deps COPY tsconfig.json /app/tsconfig.json -# COPY patches /app/patches +COPY patches /app/patches # COPY sphereon-did-auth-siop-0.16.0.tgz /app/sphereon-did-auth-siop-0.16.0.tgz RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod FROM base AS build COPY tsconfig.json /app/tsconfig.json -# COPY patches /app/patches +COPY patches /app/patches # COPY sphereon-did-auth-siop-0.16.0.tgz /app/sphereon-did-auth-siop-0.16.0.tgz RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install diff --git a/agent/package.json b/agent/package.json index def53d1..b74f0eb 100644 --- a/agent/package.json +++ b/agent/package.json @@ -25,5 +25,10 @@ "build": "tsc -p tsconfig.json", "start": "node dist/server.js", "dev": "tsx watch -r dotenv/config src/server.ts dotenv_config_path=.env.development" + }, + "pnpm": { + "patchedDependencies": { + "@sphereon/did-auth-siop@0.16.1-fix.173": "patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch" + } } } diff --git a/agent/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch b/agent/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch new file mode 100644 index 0000000..9c7f858 --- /dev/null +++ b/agent/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch @@ -0,0 +1,25 @@ +diff --git a/dist/authorization-response/PresentationExchange.js b/dist/authorization-response/PresentationExchange.js +index 547a02a7b58e26e0cd8d6b4398abc1fbb456af01..8dfca1c2ae5252e97b3742d764a87cda2c845bbd 100644 +--- a/dist/authorization-response/PresentationExchange.js ++++ b/dist/authorization-response/PresentationExchange.js +@@ -272,15 +272,16 @@ class PresentationExchange { + if (verifyPresentationCallback && evaluationResults.value !== undefined) { + // Verify the signature of all VPs + yield Promise.all(presentationsToVerify.map((presentation) => __awaiter(this, void 0, void 0, function* () { ++ let verificationResult + try { +- const verificationResult = yield verifyPresentationCallback(presentation, evaluationResults.value); +- if (!verificationResult.verified) { +- throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + (verificationResult.reason ? `. ${verificationResult.reason}` : '')); +- } ++ verificationResult = yield verifyPresentationCallback(presentation, evaluationResults.value); + } + catch (error) { + throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID); + } ++ if (!verificationResult.verified) { ++ throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + (verificationResult.reason ? `. ${verificationResult.reason}` : '')); ++ } + }))); + } + PresentationExchange.assertValidPresentationSubmission(evaluationResults.value); diff --git a/package.json b/package.json index 2218d72..9877928 100644 --- a/package.json +++ b/package.json @@ -6,5 +6,10 @@ }, "devDependencies": { "@biomejs/biome": "^1.8.3" + }, + "pnpm": { + "patchedDependencies": { + "@sphereon/did-auth-siop@0.16.1-fix.173": "patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch" + } } } diff --git a/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch b/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch new file mode 100644 index 0000000..9c7f858 --- /dev/null +++ b/patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch @@ -0,0 +1,25 @@ +diff --git a/dist/authorization-response/PresentationExchange.js b/dist/authorization-response/PresentationExchange.js +index 547a02a7b58e26e0cd8d6b4398abc1fbb456af01..8dfca1c2ae5252e97b3742d764a87cda2c845bbd 100644 +--- a/dist/authorization-response/PresentationExchange.js ++++ b/dist/authorization-response/PresentationExchange.js +@@ -272,15 +272,16 @@ class PresentationExchange { + if (verifyPresentationCallback && evaluationResults.value !== undefined) { + // Verify the signature of all VPs + yield Promise.all(presentationsToVerify.map((presentation) => __awaiter(this, void 0, void 0, function* () { ++ let verificationResult + try { +- const verificationResult = yield verifyPresentationCallback(presentation, evaluationResults.value); +- if (!verificationResult.verified) { +- throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + (verificationResult.reason ? `. ${verificationResult.reason}` : '')); +- } ++ verificationResult = yield verifyPresentationCallback(presentation, evaluationResults.value); + } + catch (error) { + throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID); + } ++ if (!verificationResult.verified) { ++ throw new Error(types_1.SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + (verificationResult.reason ? `. ${verificationResult.reason}` : '')); ++ } + }))); + } + PresentationExchange.assertValidPresentationSubmission(evaluationResults.value); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1b4214e..99c4c67 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -4,6 +4,11 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +patchedDependencies: + '@sphereon/did-auth-siop@0.16.1-fix.173': + hash: rn5adxouj5bsvhuewuqwjrfnsi + path: patches/@sphereon__did-auth-siop@0.16.1-fix.173.patch + importers: .: @@ -2137,6 +2142,7 @@ packages: '@sphereon/kmp-mdl-mdoc@0.2.0-SNAPSHOT.22': resolution: {integrity: sha512-uAZZExVy+ug9JLircejWa5eLtAZ7bnBP6xb7DO2+86LRsHNLh2k2jMWJYxp+iWtGHTsh6RYsZl14ScQLvjiQ/A==} + bundledDependencies: [] '@sphereon/oid4vc-common@0.16.1-fix.173': resolution: {integrity: sha512-+AAUvEEFs0vzz1mrgjSgvDkcBtr18d2XEVgJex7QlAqxCKVGfjzZlqL2Q2vOLKYVaXsazhD5LnYiY6B5WMTC3Q==} @@ -7951,7 +7957,7 @@ snapshots: '@animo-id/oauth2': 0.1.3(typescript@5.3.3) '@animo-id/oid4vci': 0.1.3(typescript@5.3.3) '@credo-ts/core': 0.6.0-alpha-20241119125554(expo@51.0.38(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0)))(react-native@0.76.0(@babel/core@7.26.0)(@babel/preset-env@7.26.0(@babel/core@7.26.0))(@types/react@18.3.12)(react@18.3.1))(web-streams-polyfill@3.3.3) - '@sphereon/did-auth-siop': 0.16.1-fix.173(typescript@5.3.3) + '@sphereon/did-auth-siop': 0.16.1-fix.173(patch_hash=rn5adxouj5bsvhuewuqwjrfnsi)(typescript@5.3.3) '@sphereon/oid4vc-common': 0.16.1-fix.173 '@sphereon/ssi-types': 0.30.2-next.135 class-transformer: 0.5.1 @@ -9606,7 +9612,7 @@ snapshots: '@sovpro/delimited-stream@1.1.0': {} - '@sphereon/did-auth-siop@0.16.1-fix.173(typescript@5.3.3)': + '@sphereon/did-auth-siop@0.16.1-fix.173(patch_hash=rn5adxouj5bsvhuewuqwjrfnsi)(typescript@5.3.3)': dependencies: '@astronautlabs/jsonpath': 1.1.2 '@sphereon/jarm': 0.16.1-fix.173(typescript@5.3.3)