feat: add check for malformed auth payload

opengovsg · Jun 8, 2020 · 554afa3 · 554afa3
1 parent 85062c9
commit 554afa3
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/spec/verification/verification.spec.ts b/spec/verification/verification.spec.ts
@@ -1,6 +1,6 @@
 import { VERIFICATION_KEYS } from '../../src/resource/verification-keys'
 import Verification from '../../src/verification'
-import { MissingSecretKeyError } from '../../src/errors'
+import { MissingSecretKeyError, MissingPublicKeyError } from '../../src/errors'
 
 const publicKey = VERIFICATION_KEYS.test.publicKey
 const secretKey = VERIFICATION_KEYS.test.secretKey
@@ -15,6 +15,7 @@ const TEST_PARAMS = {
 const TIME = 1588658696255
 const VALID_SIGNATURE = `f=formId,v=transactionId,t=${TIME},s=XLF1V4RDu8dEJLq1yK3UN92TwiekVoif7PX4V8cXr5ERfIQXlOcO+ZOFAawawKWhFSqScg5z1Ro+Y+bMeNmRAg==`
 const INVALID_SIGNATURE = `f=formId,v=transactionId,t=${TIME},s=InvalidSignatureyK3UN92TwiekVoif7PX4V8cXr5ERfIQXlOcO+ZOFAawawKWhFSqScg5z1Ro+Y+bMeNmRAg==`
+const DEFORMED_SIGNATURE = `abcdefg`
 
 const VALID_AUTH_PAYLOAD = {
   signatureString: VALID_SIGNATURE,
@@ -38,6 +39,18 @@ describe('Verification', () => {
       )
     })
 
+    it('should not authenticate if public key is not provided', () => {
+      const verification = new Verification({
+        // No public key provided.
+        transactionExpiry: TEST_TRANSACTION_EXPIRY,
+        verificationSecretKey: secretKey,
+      })
+
+      expect(() => verification.authenticate(VALID_AUTH_PAYLOAD)).toThrow(
+        MissingPublicKeyError
+      )
+    })
+
     it('should not authenticate if transaction expiry is not provided', () => {
       const verification = new Verification({
         // No transaction expiry provided.
@@ -97,5 +110,15 @@ describe('Verification', () => {
       }
       expect(verification.authenticate(payload)).toBe(false)
     })
+
+    it('should fail to authenticate a deformed signature', () => {
+      const payload = {
+        signatureString: DEFORMED_SIGNATURE,
+        submissionCreatedAt: TIME + 1,
+        fieldId: TEST_PARAMS.fieldId,
+        answer: TEST_PARAMS.answer,
+      }
+      expect(verification.authenticate(payload)).toBe(false)
+    })
   })
 })
diff --git a/src/verification/index.ts b/src/verification/index.ts
@@ -67,6 +67,10 @@ export default class Verification {
         s: signature,
       } = parseVerificationSignature(signatureString)
 
+      if (!time) {
+        throw new Error('Malformed signature string was passed into function')
+      }
+
       if (
         isSignatureTimeValid(time, submissionCreatedAt, this.transactionExpiry)
       ) {