diff --git a/vclogin/__tests__/unit/pages/api/clientMetadata.test.ts b/vclogin/__tests__/unit/pages/api/clientMetadata.test.ts index 9244a9d..98be5db 100644 --- a/vclogin/__tests__/unit/pages/api/clientMetadata.test.ts +++ b/vclogin/__tests__/unit/pages/api/clientMetadata.test.ts @@ -8,7 +8,7 @@ import { createMocks } from "node-mocks-http"; import handler from "@/api/clientMetadata"; import type { NextApiRequest, NextApiResponse } from "next"; -describe("/api/clientMetadata", () => { +describe("test /api/clientMetadata", () => { const mockRequest = () => { const { req, res } = createMocks({ method: "GET", diff --git a/vclogin/__tests__/unit/pages/api/presentCredential.test.ts b/vclogin/__tests__/unit/pages/api/presentCredential.test.ts index 8353e4b..ce1f9b2 100644 --- a/vclogin/__tests__/unit/pages/api/presentCredential.test.ts +++ b/vclogin/__tests__/unit/pages/api/presentCredential.test.ts @@ -3,14 +3,16 @@ * SPDX-License-Identifier: MIT */ -import { describe, it, expect } from "vitest"; +import { describe, it, expect, vi } from "vitest"; import { RequestMethod, createMocks } from "node-mocks-http"; import handler from "@/api/presentCredential"; import type { NextApiRequest, NextApiResponse } from "next"; import * as jose from "jose"; import { keyToDID, keyToVerificationMethod } from "@spruceid/didkit-wasm-node"; +import { Checked, IPresentationDefinition, PEX } from "@sphereon/pex"; +import { reloadConfiguredLoginPolicy } from "@/config/loginPolicy"; -describe("api/test/presentCredential", () => { +describe("test api/presentCredential", () => { const mockRequest = (method: RequestMethod) => { const { req, res } = createMocks({ method: method, @@ -30,7 +32,13 @@ describe("api/test/presentCredential", () => { expect(res.statusCode).toBe(200); }); - it("returns valid JWT", async () => { + it("returns valid JWT on GET", async () => { + vi.stubEnv( + "LOGIN_POLICY", + "./__tests__/testdata/policies/acceptEmailFromAltmeConstr.json", + ); + reloadConfiguredLoginPolicy(); + const { req, res } = mockRequest("GET"); await handler(req, res); @@ -71,6 +79,17 @@ describe("api/test/presentCredential", () => { typ: "oauth-authz-req+jwt", }); - // check that the payload contains a presentation_definition member + // check that the payload contains a valid presentation_definition + const def = payload.presentation_definition; + const checkArray = PEX.validateDefinition( + def as IPresentationDefinition, + ) as Array; + const problemCount = checkArray.filter( + (check) => check.status !== "info", + ).length; + expect(problemCount).toBe(0); + + vi.unstubAllEnvs(); + reloadConfiguredLoginPolicy(); }); }); diff --git a/vclogin/middleware.ts b/vclogin/middleware.ts index b387cc1..f718116 100644 --- a/vclogin/middleware.ts +++ b/vclogin/middleware.ts @@ -13,8 +13,11 @@ export function middleware(req: NextRequest) { return new Response("Internal Server Error", { status: 500 }); } const authHeader = req.headers.get("Authorization"); + if (!authHeader) { + return new Response("Unauthorized", { status: 401 }); + } const apiKey = authHeader?.split(" ")[1]; - if (!authHeader || apiKey !== process.env.INCR_AUTH_API_SECRET) { + if (apiKey !== process.env.INCR_AUTH_API_SECRET) { return new Response("Unauthorized", { status: 401 }); } }