Revert "fix: accepts alternative iss for Google (#693)" (#701)

This reverts commit 22003f9.
MystenLabs · Nov 22, 2023 · a63b699 · a63b699
1 parent 83f7ce0
commit a63b699
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 38 deletions.
diff --git a/fastcrypto-zkp/benches/zklogin.rs b/fastcrypto-zkp/benches/zklogin.rs
@@ -109,7 +109,6 @@ mod zklogin_benches {
                     &eph_pubkey,
                     &map,
                     &ZkLoginEnv::Prod,
-                    true,
                 )
             })
         });

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs
@@ -43,7 +43,6 @@ async fn test_end_to_end_twitch() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -54,7 +53,6 @@ async fn test_end_to_end_twitch() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -88,7 +86,6 @@ async fn test_end_to_end_kakao() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -99,7 +96,6 @@ async fn test_end_to_end_kakao() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -132,7 +128,6 @@ async fn test_end_to_end_apple() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -143,7 +138,6 @@ async fn test_end_to_end_apple() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -176,7 +170,6 @@ async fn test_end_to_end_slack() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -187,7 +180,6 @@ async fn test_end_to_end_slack() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
@@ -5,8 +5,7 @@ use std::str::FromStr;
 
 use crate::bn254::poseidon::hash;
 use crate::bn254::utils::{
-    big_int_str_to_bytes, gen_address_seed, gen_address_seed_with_salt_hash, get_nonce,
-    get_zk_login_address,
+    gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_zk_login_address, big_int_str_to_bytes,
 };
 use crate::bn254::zk_login::{
     convert_base, decode_base64_url, hash_ascii_str_to_field, hash_to_field, parse_jwks, to_field,
@@ -142,14 +141,7 @@ async fn test_verify_zk_login_google() {
         ),
         content,
     );
-    let res = verify_zk_login(
-        &zk_login_inputs,
-        10,
-        &eph_pubkey,
-        &map,
-        &ZkLoginEnv::Prod,
-        true,
-    );
+    let res = verify_zk_login(&zk_login_inputs, 10, &eph_pubkey, &map, &ZkLoginEnv::Prod);
     assert!(res.is_ok());
 }
 
@@ -611,7 +603,6 @@ fn test_alternative_iss_for_google() {
         &eph_pubkey_bytes,
         &all_jwk,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -621,7 +612,6 @@ fn test_alternative_iss_for_google() {
         &eph_pubkey_bytes,
         &all_jwk,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(invalid_res.is_err());
 }
diff --git a/fastcrypto-zkp/src/bn254/zk_login.rs b/fastcrypto-zkp/src/bn254/zk_login.rs
@@ -151,7 +151,7 @@ impl OIDCProvider {
     /// Returns the OIDCProvider for the given iss string.
     pub fn from_iss(iss: &str) -> Result<Self, FastCryptoError> {
         match iss {
-            "https://accounts.google.com" | "accounts.google.com" => Ok(Self::Google),
+            "https://accounts.google.com" => Ok(Self::Google),
             "https://id.twitch.tv/oauth2" => Ok(Self::Twitch),
             "https://www.facebook.com" => Ok(Self::Facebook),
             "https://kauth.kakao.com" => Ok(Self::Kakao),
@@ -349,14 +349,6 @@ impl ZkLoginInputs {
         &self.jwt_details.iss
     }
 
-    /// Get the sanitized iss string to use standard iss string.
-    pub fn get_sanitized_iss(&self) -> &str {
-        if &self.jwt_details.iss == "accounts.google.com" {
-            "https://accounts.google.com"
-        } else {
-            &self.jwt_details.iss
-        }
-    }
     /// Get the zk login proof.
     pub fn get_proof(&self) -> &ZkLoginProof {
         &self.proof_points

diff --git a/fastcrypto-zkp/src/bn254/zk_login_api.rs b/fastcrypto-zkp/src/bn254/zk_login_api.rs
@@ -227,16 +227,9 @@ pub fn verify_zk_login(
     eph_pubkey_bytes: &[u8],
     all_jwk: &ImHashMap<JwkId, JWK>,
     env: &ZkLoginEnv,
-    should_sanitize_iss: bool,
 ) -> Result<(), FastCryptoError> {
     // Load the expected JWK based on (iss, kid).
-    let (iss, kid) = match should_sanitize_iss {
-        true => (
-            input.get_sanitized_iss().to_string(),
-            input.get_kid().to_string(),
-        ),
-        false => (input.get_iss().to_string(), input.get_kid().to_string()),
-    };
+    let (iss, kid) = (input.get_iss().to_string(), input.get_kid().to_string());
     let jwk = all_jwk
         .get(&JwkId::new(iss.clone(), kid.clone()))
         .ok_or_else(|| {
-Original file line number
+Diff line change
@@ Expand Up / @@ -109,7 +109,6 @@ mod zklogin_benches { @@
                         &eph_pubkey,
                         &map,
                         &ZkLoginEnv::Prod,
-                        true,
                     )
                 })
             });
@@ Expand Down @@