Skip to content

Commit

Permalink
check allowed credential status type values
Browse files Browse the repository at this point in the history
  • Loading branch information
@volodymyr-basiuk
volodymyr-basiuk committed Jul 22, 2024
1 parent 649b5f2 commit 39dc81a
Show file tree
Hide file tree
Showing 8 changed files with 146 additions and 73 deletions.
2 changes: 2 additions & 0 deletions api/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -734,6 +734,7 @@ components:
type: string
x-omitempty: true
example: "Iden3ReverseSparseMerkleTreeProof"
enum: [Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof, Iden3OnchainSparseMerkleTreeProof2023]

CreateIdentityResponse:
type: object
Expand Down Expand Up @@ -899,6 +900,7 @@ components:
type: string
x-omitempty: true
example: "Iden3ReverseSparseMerkleTreeProof"
enum: [Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof, Iden3OnchainSparseMerkleTreeProof2023]
example:
credentialSchema: "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json"
type: "KYCAgeCredential"
Expand Down
2 changes: 2 additions & 0 deletions api_ui/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1580,6 +1580,7 @@ components:
type: string
x-omitempty: true
example: "Iden3ReverseSparseMerkleTreeProof"
enum: [Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof, Iden3OnchainSparseMerkleTreeProof2023]
Schema:
type: object
required:
Expand Down Expand Up @@ -1847,6 +1848,7 @@ components:
credential status type, e.g: Iden3ReverseSparseMerkleTreeProof
schema:
type: string
enum: [Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof, Iden3OnchainSparseMerkleTreeProof2023]

pathNonce:
name: nonce
Expand Down
58 changes: 39 additions & 19 deletions internal/api/api.gen.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 11 additions & 1 deletion internal/api/credentials.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"slices"
"strings"
"time"

Expand Down Expand Up @@ -77,6 +78,15 @@ func (s *Server) CreateClaim(ctx context.Context, request CreateClaimRequestObje
if request.Body.CredentialStatusType == nil || *request.Body.CredentialStatusType == "" {
credentialStatusType = verifiable.Iden3commRevocationStatusV1
} else {
allowedCredentialStatuses := []string{string(verifiable.Iden3commRevocationStatusV1), string(verifiable.Iden3ReverseSparseMerkleTreeProof), string(verifiable.Iden3OnchainSparseMerkleTreeProof2023)}
if !slices.Contains(allowedCredentialStatuses, string(*request.Body.CredentialStatusType)) {
log.Warn(ctx, "invalid credential status type", "req", request)
return CreateClaim400JSONResponse{
N400JSONResponse{
Message: fmt.Sprintf("Invalid Credential Status Type '%s'. Allowed Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof or Iden3OnchainSparseMerkleTreeProof2023.", *request.Body.CredentialStatusType),
},
}, nil
}
credentialStatusType = (verifiable.CredentialStatusType)(*request.Body.CredentialStatusType)
}

Expand All @@ -92,7 +102,7 @@ func (s *Server) CreateClaim(ctx context.Context, request CreateClaimRequestObje

if !s.networkResolver.IsCredentialStatusTypeSupported(rhsSettings, credentialStatusType) {
log.Warn(ctx, "unsupported credential status type", "req", request)
return CreateClaim400JSONResponse{N400JSONResponse{Message: fmt.Sprintf("Credential Status '%s' is not supported by the issuer", credentialStatusType)}}, nil
return CreateClaim400JSONResponse{N400JSONResponse{Message: fmt.Sprintf("Credential Status Type '%s' is not supported by the issuer", credentialStatusType)}}, nil
}

req := ports.NewCreateClaimRequest(did, request.Body.ClaimID, request.Body.CredentialSchema, request.Body.CredentialSubject, expiration, request.Body.Type, request.Body.Version, request.Body.SubjectPosition, request.Body.MerklizedRootPosition, claimRequestProofs, nil, false, credentialStatusType, toVerifiableRefreshService(request.Body.RefreshService), request.Body.RevNonce,
Expand Down
12 changes: 11 additions & 1 deletion internal/api/identity.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"slices"

core "github.com/iden3/go-iden3-core/v2"
"github.com/iden3/go-iden3-core/v2/w3c"
Expand Down Expand Up @@ -35,6 +36,15 @@ func (s *Server) CreateIdentity(ctx context.Context, request CreateIdentityReque

var authBJJCredentialStatus verifiable.CredentialStatusType
if authBJJCredentialStatusString != nil && *authBJJCredentialStatusString != "" {
allowedCredentialStatuses := []string{string(verifiable.Iden3commRevocationStatusV1), string(verifiable.Iden3ReverseSparseMerkleTreeProof), string(verifiable.Iden3OnchainSparseMerkleTreeProof2023)}
if !slices.Contains(allowedCredentialStatuses, string(*authBJJCredentialStatusString)) {
log.Warn(ctx, "invalid credential status type", "req", request)
return CreateIdentity400JSONResponse{
N400JSONResponse{
Message: fmt.Sprintf("Invalid Credential Status Type '%s'. Allowed Iden3commRevocationStatusV1.0, Iden3ReverseSparseMerkleTreeProof or Iden3OnchainSparseMerkleTreeProof2023.", *authBJJCredentialStatusString),
},
}, nil
}
authBJJCredentialStatus = (verifiable.CredentialStatusType)(*authBJJCredentialStatusString)
} else {
authBJJCredentialStatus = verifiable.Iden3commRevocationStatusV1
Expand All @@ -47,7 +57,7 @@ func (s *Server) CreateIdentity(ctx context.Context, request CreateIdentityReque

if !s.networkResolver.IsCredentialStatusTypeSupported(rhsSettings, authBJJCredentialStatus) {
log.Warn(ctx, "unsupported credential status type", "req", request)
return CreateIdentity400JSONResponse{N400JSONResponse{Message: fmt.Sprintf("Credential Status '%s' is not supported by the issuer", authBJJCredentialStatus)}}, nil
return CreateIdentity400JSONResponse{N400JSONResponse{Message: fmt.Sprintf("Credential Status Type '%s' is not supported by the issuer", authBJJCredentialStatus)}}, nil
}

identity, err := s.identityService.Create(ctx, s.cfg.ServerUrl, &ports.DIDCreationOptions{
Expand Down
Loading

0 comments on commit 39dc81a

Please sign in to comment.