Skip to content

Commit

Permalink
fix: iss string and add more tests (#836)
Browse files Browse the repository at this point in the history
  • Loading branch information
joyqvq authored Sep 13, 2024
1 parent ff4c32a commit 3366c26
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 16 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
run: cargo build --benches --features experimental,copy_key,unsecure_schemes
- name: cargo test
# TODO: `cargo nextest run` doesn't work on windows, so we use `cargo test` instead
run: cargo test --features experimental,copy_key,unsecure_schemes
run: cargo test --all-features
- name: Doctests
run: |
cargo test --doc --features experimental,copy_key,unsecure_schemes
Expand Down
15 changes: 12 additions & 3 deletions fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,17 @@ async fn test_end_to_end_all_providers() {
std::fs::File::open("src/bn254/zklogin_test_vectors.json").expect("Unable to open file");
let test_datum: Vec<TestData> = serde_json::from_reader(file).unwrap();
for test_data in test_datum {
println!("Testing provider: {:?}", test_data.provider);
// Make a map of jwk ids to jwks just for Apple.
let (_, _, iss) = parse_and_validate_jwt(&test_data.jwt).unwrap();
let provider = OIDCProvider::from_iss(&iss).unwrap();
assert_eq!(
provider,
OIDCProvider::from_iss(&provider.get_config().iss).unwrap()
);
println!(
"Testing provider: {:?} test case: {:?}",
provider, test_data.provider
);
let (max_epoch, eph_pubkey, zk_login_inputs) = get_test_inputs(&test_data.jwt).await;
let mut map = ImHashMap::new();
map.insert(
Expand Down Expand Up @@ -260,7 +269,7 @@ async fn get_test_inputs(parsed_token: &str) -> (u64, Vec<u8>, ZkLoginInputs) {
)
.await
.unwrap();
let (sub, aud) = parse_and_validate_jwt(parsed_token).unwrap();
let (sub, aud, _) = parse_and_validate_jwt(parsed_token).unwrap();
// Get the address seed.
let address_seed = gen_address_seed(user_salt, "sub", &sub, &aud).unwrap();
let zk_login_inputs = ZkLoginInputs::from_reader(reader, &address_seed).unwrap();
Expand Down Expand Up @@ -331,7 +340,7 @@ async fn test_end_to_end_test_issuer(test_input: TestInputStruct) {
)
.await
.unwrap();
let (sub, aud) = parse_and_validate_jwt(&parsed_token).unwrap();
let (sub, aud, _) = parse_and_validate_jwt(&parsed_token).unwrap();
// Get the address seed.
let address_seed = gen_address_seed(&user_salt, "sub", &sub, &aud).unwrap();
let zk_login_inputs =
Expand Down
10 changes: 8 additions & 2 deletions fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -468,15 +468,21 @@ fn test_get_nonce() {
#[test]
fn test_get_provider_to_from_iss_to_from_str() {
for p in [
OIDCProvider::Facebook,
OIDCProvider::Google,
OIDCProvider::Twitch,
OIDCProvider::Facebook,
OIDCProvider::Slack,
OIDCProvider::Kakao,
OIDCProvider::Apple,
OIDCProvider::Microsoft,
OIDCProvider::AwsTenant(("us-east-1".to_string(), "us-east-1_LPSLCkC3A".to_string())),
OIDCProvider::TestIssuer,
OIDCProvider::AwsTenant(("us-east-1".to_string(), "us-east-1_qPsZxYqd8".to_string())),
OIDCProvider::KarrierOne,
OIDCProvider::Credenza3,
OIDCProvider::Playtron,
OIDCProvider::Threedos,
OIDCProvider::Onefc,
OIDCProvider::FanTV,
] {
// to/from iss
assert_eq!(p, OIDCProvider::from_iss(&p.get_config().iss).unwrap());
Expand Down
10 changes: 3 additions & 7 deletions fastcrypto-zkp/src/bn254/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,9 @@ pub fn get_oidc_url(
OIDCProvider::Credenza3 => format!("https://accounts.credenza3.com/oauth2/authorize?client_id={}&response_type=token&scope=openid+profile+email+phone&redirect_uri={}&nonce={}&state=state", client_id, redirect_url, nonce),
OIDCProvider::Onefc => format!("https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/b2c_1a_prod_signupsignin_onesuizklogin/oauth2/v2.0/authorize?client_id={}&scope=openid&response_type=id_token&redirect_uri={}&nonce={}", client_id, redirect_url, nonce),
OIDCProvider::AwsTenant((region, tenant_id)) => format!("https://{}.auth.{}.amazoncognito.com/login?response_type=token&client_id={}&redirect_uri={}&nonce={}", tenant_id, region, client_id, redirect_url, nonce),
OIDCProvider::TestIssuer => return Err(FastCryptoError::InvalidInput), // Test issuer does not issue JWTs interactively, this is not valid to call.
OIDCProvider::Playtron => return Err(FastCryptoError::InvalidInput), // Playtron does not issue JWTs interactively, this is not valid to call.
OIDCProvider::Threedos => return Err(FastCryptoError::InvalidInput), // Threedos does not issue JWTs interactively yet, this is not valid to call.
// FanTV case can call the following url to get the Token:
// https://fantv-apis.fantiger.com/v1/oauth2/auth?clientId={}&redirectUri={}&responseType=authorization_code&scope=openid&userId={}&nonce={}
OIDCProvider::FanTV => return Err(FastCryptoError::InvalidInput), // FanTV does not issue JWTs interactively yet, this is not valid to call.
})
// this URL is only useful if CLI testing from Sui is needed, can ignore if a frontend test plan is in place
_ => return Err(FastCryptoError::InvalidInput)
})
}

/// Return the token exchange URL for the given auth code.
Expand Down
2 changes: 1 addition & 1 deletion fastcrypto-zkp/src/bn254/zk_login.rs
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ impl OIDCProvider {
"https://login.onepassport.onefc.com/de3ee5c1-5644-4113-922d-e8336569a462/v2.0/" => {
Ok(Self::Onefc)
}
"https://accounts.fantv.world/" => Ok(Self::FanTV),
"https://accounts.fantv.world" => Ok(Self::FanTV),
iss if match_micrsoft_iss_substring(iss) => Ok(Self::Microsoft),
_ => match parse_aws_iss_substring(iss) {
Ok((region, tenant_id)) => {
Expand Down
4 changes: 2 additions & 2 deletions fastcrypto/src/jwt_utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ impl Claims {
}

// Parse and validate a JWT token, returns sub and aud.
pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String), FastCryptoError> {
pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String, String), FastCryptoError> {
// Check if the token contains 3 parts.
let parts: Vec<&str> = token.split('.').collect();
if parts.len() != 3 {
Expand All @@ -48,7 +48,7 @@ pub fn parse_and_validate_jwt(token: &str) -> Result<(String, String), FastCrypt

// Check if payload is well formed.
let payload = Claims::from_encoded(parts[1])?;
Ok((payload.sub, payload.aud))
Ok((payload.sub, payload.aud, payload.iss))
}

/// Struct that represents a standard JWT header according to
Expand Down

0 comments on commit 3366c26

Please sign in to comment.