fixes + replaced manual cookie handling with

express-session
wwWallet · Sep 29, 2023 · 4e1e688 · 4e1e688
1 parent cc3a3ca
commit 4e1e688
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 12 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -20,6 +20,8 @@ import { CONSENT_ENTRYPOINT } from './authorization/constants';
 import { AuthorizationServerState } from './entities/AuthorizationServerState.entity';
 import { CredentialIssuersConfiguration } from './services/interfaces';
 import { TYPES } from './services/types';
+import session from 'express-session';
+
 
 initDataSource();
 
@@ -38,6 +40,7 @@ app.use(cors({ credentials: true, origin: true }));
 app.use(express.static(path.join(__dirname, '../../public')));
 
 app.use(cookieParser());
+app.use(session({ secret: config.appSecret, cookie: { maxAge: 60000 }}))
 
 
 app.use(bodyParser.urlencoded({ extended: true })); // support url encoded bodies
@@ -89,6 +92,8 @@ app.get('/init', async (_req, res) => {
 
 
 app.get('/', async (req: Request, res: Response) => {
+
+	req.session.authenticationChain = {};
 	return res.render('index', {
 		title: "Index",
 		lang: req.lang,

diff --git a/src/authorization/consentPage.ts b/src/authorization/consentPage.ts
@@ -6,7 +6,6 @@ import { AuthorizationDetailsSchemaType, CredentialSupported, GrantType } from "
 import axios from "axios";
 import { AuthorizationServerState } from "../entities/AuthorizationServerState.entity";
 import { CredentialView } from "./types";
-import config from "../../config";
 import locale from "../configuration/locale";
 import { SKIP_CONSENT } from "../configuration/consent/consent.config";
 import * as qrcode from 'qrcode';
@@ -110,21 +109,18 @@ async function getAllCredentialViews(authorizationServerState: AuthorizationServ
 	if (!authorizationServerState.authorization_details) {
 		return [];
 	}
-	return (await Promise.all(authorizationServerState.authorization_details.map(async (ad) => {
-		let credentialIssuerURL = config.url; // default issuer
-		if (ad.locations && ad.locations.length > 0) {
-			credentialIssuerURL = ad?.locations[0];
-		}
 
+	console.log("Credential issuer id = ", authorizationServerState.credential_issuer_identifier)
+	return (await Promise.all(authorizationServerState.authorization_details.map(async (ad) => {
 		try {
-			const credentialSupported = (await axios.get(credentialIssuerURL + "/.well-known/openid-credential-issuer"))
+			const credentialSupported = (await axios.get(authorizationServerState.credential_issuer_identifier + "/.well-known/openid-credential-issuer"))
 			.data
 			.credentials_supported
 			.filter((cs: any) => 
 				ad.format == cs.format && _.isEqual(ad.types, cs.types)
 			)[0] as CredentialSupported;
 
-			const { data: { credential_view } } = await axios.post(credentialIssuerURL + "/profile", {
+			const { data: { credential_view } } = await axios.post(authorizationServerState.credential_issuer_identifier + "/profile", {
 				authorization_server_state: AuthorizationServerState.serialize(authorizationServerState),
 				types: credentialSupported.types
 			});

diff --git a/src/lib/CredentialIssuerConfig/CredentialIssuer.ts b/src/lib/CredentialIssuerConfig/CredentialIssuer.ts
@@ -176,6 +176,11 @@ export class CredentialIssuer {
 	 */
 	private async returnSingleCredential(userSession: AuthorizationServerState, _access_token: string, credentialRequest: CredentialRequestBody): Promise<{ acceptance_token?: string, credential?: any, format?: string }> {
 		console.log("Credential request = ", credentialRequest)
+		// incorrect credential issuer
+		if (userSession.credential_issuer_identifier !== this.credentialIssuerIdentifier) {
+			throw new Error('Invalid credential issuer');
+		}
+
 		let body: CredentialRequestBody;
 		try {
 			body = credentialRequestBodySchema.parse(credentialRequest);
@@ -248,6 +253,10 @@ export class CredentialIssuer {
 	async getProfile(req: Request, res: Response) {
 
 		const authorization_server_state = AuthorizationServerState.deserialize(req.body.authorization_server_state);
+		// incorrect credential issuer
+		if (authorization_server_state.credential_issuer_identifier !== this.credentialIssuerIdentifier) {
+			return res.send({});
+		}
 		const types = req.body.types;
 		const authorizationDetails = authorization_server_state.authorization_details;
 		console.log("Authorization details = ", authorization_server_state.authorization_details)

diff --git a/src/services/OpenidForPresentationReceivingService.ts b/src/services/OpenidForPresentationReceivingService.ts
@@ -153,7 +153,12 @@ export class OpenidForPresentationsReceivingService implements OpenidForPresenta
 	async responseHandler(req: Request, res: Response): Promise<{ verifierStateId: string, bindedUserSessionId?: number }> {
 		console.log("Body = ", req.body)
 		const { id_token, vp_token, state, presentation_submission } = req.body;
-		console.log("Body = ")
+		console.log("Id token = ", id_token)
+		let presentationSubmissionObject: PresentationSubmission | null = null;
+		if (presentation_submission) {
+			presentationSubmissionObject = JSON.parse(presentation_submission) as PresentationSubmission;
+		}
+
 		let verifierStateId = null;
 		let verifierState = null;
 		if (state) {
@@ -166,7 +171,6 @@ export class OpenidForPresentationsReceivingService implements OpenidForPresenta
 			const jwk = await this.didKeyResolverService.getPublicKeyJwk(header.kid.split('#')[0]);
 			const pubKey = await importJWK(jwk, header.alg as string);
 
-			console.log("ID token = ", id_token)
 			try {
 				const { payload } = await jwtVerify(id_token, pubKey, {
 					// audience: this.configurationService.getConfiguration().baseUrl,
@@ -303,7 +307,7 @@ export class OpenidForPresentationsReceivingService implements OpenidForPresenta
 				if (state) {
 					msg = { ...msg, state } as any;
 				}
-				const { error, error_description } = await this.validateVpToken(vp_token, presentation_submission);
+				const { error, error_description } = await this.validateVpToken(vp_token, presentationSubmissionObject as PresentationSubmission);
 				if (error && error_description) {
 					msg = { ...msg, error: error.message, error_description: error_description?.message };
 					console.error(msg);
@@ -318,7 +322,7 @@ export class OpenidForPresentationsReceivingService implements OpenidForPresenta
 				newVerifiablePresentation.presentation_definition_id = presentation_submission.definition_id;
 				newVerifiablePresentation.status = true;
 				newVerifiablePresentation.raw_presentation = vp_token;
-				newVerifiablePresentation.presentation_submission = presentation_submission;
+				newVerifiablePresentation.presentation_submission = presentationSubmissionObject;
 				newVerifiablePresentation.date = new Date();
 
 				this.verifiablePresentationRepository.save(newVerifiablePresentation);

diff --git a/src/types/index.d.ts b/src/types/index.d.ts
@@ -8,6 +8,26 @@ declare global {
     export interface Request {
       lang: Language;
 			authorizationServerState: AuthorizationServerState;
+
     }
+
+  }
+}
+
+
+declare module 'express-session' {
+  interface Session {
+    authenticationChain: {
+			localAuthenticationComponent?: {
+				username?: string;
+			},
+			issuerSelectionComponent?: {
+				institutionId?: string;
+			},
+			inspectPersonalInfoComponent?: {
+				proceed?: boolean;
+			}
+		};
+    // Add any other custom properties or methods here
   }
 }