From e7a50a5ca4ef7861d63184930be2fcac76b6c089 Mon Sep 17 00:00:00 2001 From: whitneypurdum Date: Mon, 25 Jul 2022 21:08:01 -0400 Subject: [PATCH] feat(verifyExp): add documentation; address PR comments --- .../classes/modules_claims.ClaimsService.md | 22 +++++++---- e2e/claims.service.e2e.ts | 24 ++++++------ src/errors/error-messages.ts | 2 +- src/modules/claims/claims.service.ts | 37 ++++++++++++------- 4 files changed, 52 insertions(+), 33 deletions(-) diff --git a/docs/api/classes/modules_claims.ClaimsService.md b/docs/api/classes/modules_claims.ClaimsService.md index 5d96881e..40d79615 100644 --- a/docs/api/classes/modules_claims.ClaimsService.md +++ b/docs/api/classes/modules_claims.ClaimsService.md @@ -74,16 +74,20 @@ claimsService.getClaimById(claim.id); ▸ **claimIsExpired**(`date`): `boolean` +Verifies if a date is expired (occurs before given date) + #### Parameters -| Name | Type | -| :------ | :------ | -| `date` | `number` | +| Name | Type | Description | +| :------ | :------ | :------ | +| `date` | `number` | to be verified | #### Returns `boolean` +Boolean indicating if a date is expired + ___ ### claimRevocationDetails @@ -263,17 +267,21 @@ ___ ▸ **fetchCredential**(`subjectDID`, `roleNamespace`): `Promise`<`undefined` \| `VerifiableCredential`<`RoleCredentialSubject`\> \| `RoleEIP191JWT`\> +Fetch a credential from storage + #### Parameters -| Name | Type | -| :------ | :------ | -| `subjectDID` | `string` | -| `roleNamespace` | `string` | +| Name | Type | Description | +| :------ | :------ | :------ | +| `subjectDID` | `string` | The DID to try to resolve a credential for | +| `roleNamespace` | `string` | - | #### Returns `Promise`<`undefined` \| `VerifiableCredential`<`RoleCredentialSubject`\> \| `RoleEIP191JWT`\> +Resolved Credetiantial of type VerifiableCredential || RoleEIP191JWT or undefined + ___ ### getClaimById diff --git a/e2e/claims.service.e2e.ts b/e2e/claims.service.e2e.ts index 41084933..b3e2fa8b 100644 --- a/e2e/claims.service.e2e.ts +++ b/e2e/claims.service.e2e.ts @@ -62,8 +62,8 @@ const verifyVcRole = 'verifyVcRole'; const verifyVcRole2 = 'verifyVcRole2'; const verifyOffChainClaimRole = 'verifyOnChain'; const resolveVC = 'resolvevc'; -const verifyVcExpired = 'vcExpired'; -const eipExpired = 'eipExpired'; +const verifyResolvedVcExpired = 'vcResolvedExpired'; +const eip191JwtExpired = 'eip191JwtExpired'; const vcExpired = 'vcExpired'; const namespace = root; const version = 1; @@ -119,9 +119,9 @@ const roles: Record = { roleName: verifyOffChainClaimRole, issuer: { issuerType: 'DID', did: [staticIssuerDID] }, }, - [`${verifyVcExpired}.${root}`]: { + [`${verifyResolvedVcExpired}.${root}`]: { ...baseRoleDef, - roleName: verifyVcExpired, + roleName: verifyResolvedVcExpired, issuer: { issuerType: 'DID', did: [staticIssuerDID] }, }, [`${vcExpired}.${root}`]: { @@ -129,9 +129,9 @@ const roles: Record = { roleName: vcExpired, issuer: { issuerType: 'DID', did: [staticIssuerDID] }, }, - [`${eipExpired}.${root}`]: { + [`${eip191JwtExpired}.${root}`]: { ...baseRoleDef, - roleName: eipExpired, + roleName: eip191JwtExpired, issuer: { issuerType: 'DID', did: [staticIssuerDID] }, }, }; @@ -275,9 +275,9 @@ describe('Сlaim tests', () => { returnSteps: false, }); await domainsService.createRole({ - roleName: verifyVcExpired, + roleName: verifyResolvedVcExpired, namespace, - data: roles[`${verifyVcExpired}.${root}`], + data: roles[`${verifyResolvedVcExpired}.${root}`], returnSteps: false, }); await domainsService.createRole({ @@ -287,9 +287,9 @@ describe('Сlaim tests', () => { returnSteps: false, }); await domainsService.createRole({ - roleName: eipExpired, + roleName: eip191JwtExpired, namespace, - data: roles[`${eipExpired}.${root}`], + data: roles[`${eip191JwtExpired}.${root}`], returnSteps: false, }); ({ didRegistry, claimsService } = await connectToDidRegistry()); @@ -938,7 +938,7 @@ describe('Сlaim tests', () => { }); test('resolveCredentialAndVerify should return an expiration error if the credential is expired', async () => { - const roleName = `${verifyVcExpired}.${root}`; + const roleName = `${verifyResolvedVcExpired}.${root}`; const { issuedToken } = await enrolAndIssue(rootOwner, staticIssuer, { subjectDID: rootOwnerDID, claimType: roleName, @@ -1002,7 +1002,7 @@ describe('Сlaim tests', () => { expect(result.isVerified).toBe(false); }); test('verifyEIP should return an expiration error if the credential is expired', async () => { - const roleName = `${eipExpired}.${root}`; + const roleName = `${eip191JwtExpired}.${root}`; const { issuedToken } = await enrolAndIssue(rootOwner, staticIssuer, { subjectDID: rootOwnerDID, claimType: roleName, diff --git a/src/errors/error-messages.ts b/src/errors/error-messages.ts index 72814d94..0e04e792 100644 --- a/src/errors/error-messages.ts +++ b/src/errors/error-messages.ts @@ -35,5 +35,5 @@ export enum ERROR_MESSAGES { PROOF_NOT_VERIFIED = 'Proof not verified', OFFCHAIN_ISSUER_NOT_AUTHORIZED = 'Issuer of OffChain Claim is not authorized', NO_CLAIM_RESOLVED = 'No claim found for given DID and role', - CLAIM_EXPIRED = 'Credential Expired', + CREDENTIAL_EXPIRED = 'Credential Expired', } diff --git a/src/modules/claims/claims.service.ts b/src/modules/claims/claims.service.ts index b1616123..2e5e8b81 100644 --- a/src/modules/claims/claims.service.ts +++ b/src/modules/claims/claims.service.ts @@ -1422,6 +1422,13 @@ export class ClaimsService { await this._signerService.signMessage(arrayify(proofHash)) ); } + + /** + * Verifies if a date is expired (occurs before given date) + * @param {Number} date to be verified + * @return Boolean indicating if a date is expired + * + */ claimIsExpired(date: number): boolean { return !!date && date < Date.now(); } @@ -1489,13 +1496,12 @@ export class ClaimsService { const { payload, eip191Jwt } = roleEIP191JWT; const errors: string[] = []; const issuerDID = this._signerService.did; - let issuerVerified = true; - const { status, error } = await this._issuerVerification.verifyIssuer( - issuerDID, - payload?.claimData?.claimType - ); - if (!status && error) { - issuerVerified = false; + const { status: issuerVerified, error } = + await this._issuerVerification.verifyIssuer( + issuerDID, + payload?.claimData?.claimType + ); + if (!issuerVerified && error) { errors.push(error); } const proofVerified = await this._didRegistry.verifyPublicClaim( @@ -1505,11 +1511,10 @@ export class ClaimsService { if (!proofVerified) { errors.push(ERROR_MESSAGES.PROOF_NOT_VERIFIED); } - let isExpired = false; + const isExpired = payload?.exp && this.claimIsExpired(payload.exp); if (payload?.exp) { - if (this.claimIsExpired(payload.exp)) { - isExpired = true; - errors.push(ERROR_MESSAGES.CLAIM_EXPIRED); + if (isExpired) { + errors.push(ERROR_MESSAGES.CREDENTIAL_EXPIRED); } } return { @@ -1518,17 +1523,23 @@ export class ClaimsService { }; } + /** + * Fetch a credential from storage + * + * @param subjectDID The DID to try to resolve a credential for + * @param roleNamesapce The role to try to get a credential for. Should be a full role namespace (for example, "myrole.roles.myorg.auth.ewc") + * @return Resolved Credetiantial of type VerifiableCredential || RoleEIP191JWT or undefined + */ async fetchCredential( subjectDID: string, roleNamespace: string ): Promise< VerifiableCredential | RoleEIP191JWT | undefined > { - const resolvedCredential = await this._credentialResolver.getCredential( + return await this._credentialResolver.getCredential( subjectDID, roleNamespace ); - return resolvedCredential; } /**