Skip to content

Commit

Permalink
refactor: create a set with endorsements values to validate channelId
Browse files Browse the repository at this point in the history
  • Loading branch information
crdev13 committed Jan 14, 2024
1 parent 6fa4051 commit 6058fe2
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ export class EndorsementsValidator {
* some specific channels. That list is the endorsement list, and is validated here against the channelId.
* @returns {boolean} True is the channelId is found in the Endorsement set. False if the channelId is not found.
*/
static validate(channelId: string, endorsements: Set<string>): boolean {
static validate(channelId: string, endorsements: string[]): boolean {
// If the Activity came in and doesn't have a Channel ID then it's making no
// assertions as to who endorses it. This means it should pass.
if (channelId === null || channelId.trim() === '') {
return true;
}

if (!endorsements) {
if (endorsements === null) {
throw new AuthenticationError('endorsements required', StatusCodes.UNAUTHORIZED);
}

Expand All @@ -47,6 +47,6 @@ export class EndorsementsValidator {

// Does the set of endorsements match the channelId that was passed in?

return endorsements.has(channelId);
return new Set(...endorsements).has(channelId);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -156,14 +156,12 @@ export class JwtTokenExtractor {
}

// enforce endorsements in openIdMetadadata if there is any endorsements associated with the key
const endorsements = new Set<string>(metadata.endorsements);
if (endorsements.size !== 0) {
const endorsements = metadata.endorsements;
if (Array.isArray(endorsements) && endorsements.length !== 0) {
const isEndorsed = EndorsementsValidator.validate(channelId, endorsements);
if (!isEndorsed) {
throw new AuthenticationError(
`Could not validate endorsement for key: ${keyId} with endorsements: ${[...endorsements].join(
','
)}`,
`Could not validate endorsement for key: ${keyId} with endorsements: ${endorsements.join(',')}`,
StatusCodes.UNAUTHORIZED
);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,30 @@ const { EndorsementsValidator } = require('../..');

describe('EndorsementsValidator', function () {
it('with null channelId should pass', function () {
assert(EndorsementsValidator.validate(null, new Set([])));
assert(EndorsementsValidator.validate(null, []));
});

it('with null endorsements should throw', function () {
assert.throws(() => EndorsementsValidator.validate('foo', null));
});

it('with unendorsed channelId should fail', function () {
assert(!EndorsementsValidator.validate('channelOne', new Set([])));
assert(!EndorsementsValidator.validate('channelOne', []));
});

it('with mismatched endorsements should fail', function () {
assert(!EndorsementsValidator.validate('right', new Set(['wrong'])));
assert(!EndorsementsValidator.validate('right', ['wrong']));
});

it('with endorsed channelId should pass', function () {
assert(EndorsementsValidator.validate('right', new Set(['right'])));
assert(EndorsementsValidator.validate('right', ['right']));
});

it('with endorsed channelId and many endorsements should pass', function () {
assert(EndorsementsValidator.validate('right', new Set(['wrong', 'right'])));
assert(EndorsementsValidator.validate('right', ['wrong', 'right']));
});

it('with empty channelId should pass', function () {
assert(EndorsementsValidator.validate('', new Set(['wrong', 'right'])));
assert(EndorsementsValidator.validate('', ['wrong', 'right']));
});
});

0 comments on commit 6058fe2

Please sign in to comment.