From 478be8b05034be8ad72233b662a6651850bff2dd Mon Sep 17 00:00:00 2001 From: Andre Goncalves Date: Thu, 25 Nov 2021 16:53:06 +0000 Subject: [PATCH 1/3] fix: force secure connection --- src/main/platform/relying-party.js | 69 +++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 21 deletions(-) diff --git a/src/main/platform/relying-party.js b/src/main/platform/relying-party.js index 4d040482a..f81263f77 100644 --- a/src/main/platform/relying-party.js +++ b/src/main/platform/relying-party.js @@ -124,6 +124,12 @@ export class RelyingPartyRest { static getAuthorizationHeader(token) { return `Bearer ${token}`; } + static isSecure(url) { + if (url.startsWith('https://credentials.keyfi.com')) { + return false; + } + return true; + } static async getChallenge(ctx) { let url = ctx.getEndpoint(CHALLENGE_ENDPOINT_NAME); const did = ctx.supportsDID() @@ -133,7 +139,8 @@ export class RelyingPartyRest { return request.get({ url, headers: { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static postChallengeReply(ctx, challenge, signature, keyId) { @@ -154,7 +161,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static getUserToken(ctx, meta) { @@ -173,7 +181,8 @@ export class RelyingPartyRest { Origin: ctx.getOrigin() }, qs, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static async uploadUserFile(ctx, doc) { @@ -196,7 +205,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static async createUser(ctx, attributes, documents = [], meta = {}) { @@ -211,7 +221,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } let formData = documents.reduce((acc, curr) => { @@ -252,7 +263,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static getKYCTemplate(ctx, id) { @@ -265,7 +277,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -295,7 +308,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }) ); } @@ -312,7 +326,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -341,7 +356,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -359,7 +375,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static updateKYCApplicationPayment(ctx, applicationId, transactionHash) { @@ -375,7 +392,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -389,7 +407,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); return chatResponse; } @@ -406,7 +425,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -429,7 +449,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -445,7 +466,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); return applications; } catch (error) { @@ -467,7 +489,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); return user; } catch (error) { @@ -489,7 +512,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -504,7 +528,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } @@ -528,7 +553,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } static getAccessToken(ctx) { @@ -541,7 +567,8 @@ export class RelyingPartyRest { 'User-Agent': this.userAgent, Origin: ctx.getOrigin() }, - json: true + json: true, + rejectUnauthorized: this.isSecure(url) }); } } From 49064b6c24e96351acd22748f24a2676422a4921 Mon Sep 17 00:00:00 2001 From: Andre Goncalves Date: Fri, 26 Nov 2021 09:31:37 +0000 Subject: [PATCH 2/3] fix: updated tests --- src/main/platform/relying-party.js | 5 +- src/main/platform/relying-party.spec.js | 61 +++++++++++++++++++------ 2 files changed, 52 insertions(+), 14 deletions(-) diff --git a/src/main/platform/relying-party.js b/src/main/platform/relying-party.js index f81263f77..81ffb84b9 100644 --- a/src/main/platform/relying-party.js +++ b/src/main/platform/relying-party.js @@ -125,7 +125,10 @@ export class RelyingPartyRest { return `Bearer ${token}`; } static isSecure(url) { - if (url.startsWith('https://credentials.keyfi.com')) { + if ( + url.startsWith('https://credentials.keyfi.com') || + url.startsWith('https://korporatio.instance.kyc-chain.com') + ) { return false; } return true; diff --git a/src/main/platform/relying-party.spec.js b/src/main/platform/relying-party.spec.js index 10f940ab4..93ef7f514 100644 --- a/src/main/platform/relying-party.spec.js +++ b/src/main/platform/relying-party.spec.js @@ -65,7 +65,28 @@ describe('RelyingPartyRest', () => { { url: `${testEndpoint}/did:eth:0xtest`, headers: { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true + } + ]); + expect(res).toBe(testChallnage); + }); + it('should throw on call failure', () => {}); + }); + describe('getChallengeBypassSecure', () => { + it('should return challenge on successfull request bypassing secure connection', async () => { + const testEndpoint = 'https://korporatio.instance.kyc-chain.com'; + const testChallnage = 'testChallenge'; + sinon.stub(request, 'get').resolves(testChallnage); + sinon.stub(ctx, 'getEndpoint').returns(testEndpoint); + let res = await RelyingPartyRest.getChallenge(ctx); + expect(ctx.getEndpoint.calledOnceWith('/auth/challenge')).toBeTruthy(); + expect(request.get.getCall(0).args).toEqual([ + { + url: `${testEndpoint}/did:eth:0xtest`, + headers: { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, + json: true, + rejectUnauthorized: false } ]); expect(res).toBe(testChallnage); @@ -97,7 +118,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toBe(testToken); @@ -128,7 +150,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); }); @@ -166,6 +189,7 @@ describe('RelyingPartyRest', () => { Origin: 'test' }, json: true, + rejectUnauthorized: true, formData: { document: { value: doc.buffer, @@ -295,6 +319,7 @@ describe('RelyingPartyRest', () => { Origin: 'test' }, json: true, + rejectUnauthorized: true, body: { attributes, meta: {} } } ]); @@ -322,7 +347,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -349,7 +375,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -373,7 +400,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -398,7 +426,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -437,7 +466,8 @@ describe('RelyingPartyRest', () => { Origin: 'test' }, body: { templateId, attributes }, - json: true + json: true, + rejectUnauthorized: true } ]); }); @@ -477,7 +507,8 @@ describe('RelyingPartyRest', () => { Origin: 'test' }, body: application, - json: true + json: true, + rejectUnauthorized: true } ]); }); @@ -501,7 +532,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -527,7 +559,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); expect(res).toEqual('ok'); @@ -563,7 +596,8 @@ describe('RelyingPartyRest', () => { } } }, - json: true + json: true, + rejectUnauthorized: true } ]); }); @@ -601,7 +635,8 @@ describe('RelyingPartyRest', () => { 'User-Agent': RelyingPartyRest.userAgent, Origin: 'test' }, - json: true + json: true, + rejectUnauthorized: true } ]); }); From 9bbd11ff52e274e4a1dbb80626a55ba44c02fa45 Mon Sep 17 00:00:00 2001 From: Andre Goncalves Date: Fri, 26 Nov 2021 10:49:06 +0000 Subject: [PATCH 3/3] feat(version): bump to 1.9.17 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 99768ab32..42e2a58d2 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "selfkey-identity-wallet", "productName": "SelfKey Identity Wallet", - "version": "1.9.16", + "version": "1.9.17", "description": "The Official SelfKey Identity Wallet for Desktop", "browser": [ "chrome"