Skip to content

Commit

Permalink
Auth: create session and validate signatures perform the same checks
Browse files Browse the repository at this point in the history
  • Loading branch information
reinkrul committed Dec 8, 2023
1 parent 961dbc7 commit 1533c5a
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 10 deletions.
1 change: 1 addition & 0 deletions auth/api/auth/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ func (w Wrapper) VerifySignature(_ context.Context, request VerifySignatureReque
vpType := validationResult.VPType()
response.VpType = &vpType
} else {
log.Logger().Warn("Signature verification failed, reason: %s", validationResult.Reason())
response.Validity = false
}
return VerifySignature200JSONResponse(response), nil
Expand Down
19 changes: 9 additions & 10 deletions auth/services/selfsigned/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,20 +227,19 @@ func checkSessionParams(params map[string]interface{}) error {
if !ok {
return fmt.Errorf("employee should be an object")
}
_, ok = employeeMap["identifier"]
if !ok {
return fmt.Errorf("missing employee identifier")
identifier, _ := employeeMap["identifier"].(string)
if len(identifier) == 0 {
return fmt.Errorf("missing/invalid employee identifier")
}
_, ok = employeeMap["initials"]
if !ok {
return fmt.Errorf("missing employee initials")
initials, _ := employeeMap["initials"].(string)
if len(initials) == 0 {
return fmt.Errorf("missing/invalid employee initials")
}
_, ok = employeeMap["familyName"]
if !ok {
return fmt.Errorf("missing employee familyName")
familyName, _ := employeeMap["familyName"].(string)
if len(familyName) == 0 {
return fmt.Errorf("missing/invalid employee familyName")
}
return nil

}

func (v *signer) Routes(router core.EchoRouter) {
Expand Down
46 changes: 46 additions & 0 deletions auth/services/selfsigned/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,52 @@ func TestSessionStore_StartSigningSession(t *testing.T) {

require.Error(t, err)
})

t.Run("empty employee familyName", func(t *testing.T) {
params := map[string]interface{}{
"employer": employer.String(),
"employee": map[string]interface{}{
"identifier": identifier,
"roleName": roleName,
"initials": initials,
"familyName": "",
},
}

ss := NewSigner(nil, "").(*signer)
_, err := ss.StartSigningSession(contract.Contract{RawContractText: testContract}, params)
require.ErrorContains(t, err, "missing/invalid employee familyName")
})
t.Run("empty employee initials", func(t *testing.T) {
params := map[string]interface{}{
"employer": employer.String(),
"employee": map[string]interface{}{
"identifier": identifier,
"roleName": roleName,
"initials": "",
"familyName": familyName,
},
}

ss := NewSigner(nil, "").(*signer)
_, err := ss.StartSigningSession(contract.Contract{RawContractText: testContract}, params)
require.ErrorContains(t, err, "missing/invalid employee initials")
})
t.Run("empty employee identifier", func(t *testing.T) {
params := map[string]interface{}{
"employer": employer.String(),
"employee": map[string]interface{}{
"identifier": "",
"roleName": roleName,
"initials": initials,
"familyName": familyName,
},
}

ss := NewSigner(nil, "").(*signer)
_, err := ss.StartSigningSession(contract.Contract{RawContractText: testContract}, params)
require.ErrorContains(t, err, "missing/invalid employee identifier")
})
}

func TestSessionStore_SigningSessionStatus(t *testing.T) {
Expand Down

0 comments on commit 1533c5a

Please sign in to comment.