feat: unit test for invalid expiration of response token

affinidi · Aug 29, 2023 · 917f034 · 917f034
1 parent 8ea36e2
commit 917f034
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 16 deletions.
diff --git a/common-libs/did-auth-lib/src/DidAuthService/DidAuthClientService.ts b/common-libs/did-auth-lib/src/DidAuthService/DidAuthClientService.ts
@@ -11,7 +11,6 @@ export default class DidAuthClientService {
   async createDidAuthResponseToken(
     didAuthRequestTokenStr: string,
     options?: CreateResponseTokenOptions,
-    exp?: number,
   ): Promise<string> {
     const didAuthRequestToken = DidAuthRequestToken.fromString(didAuthRequestTokenStr)
     const maxTokenValidityPeriod = options?.maxTokenValidInMs ?? DEFAULT_MAX_TOKEN_VALID_IN_MS
@@ -26,7 +25,7 @@ export default class DidAuthClientService {
       )
     }
 
-    const jwtObject = await buildResponseJwtObject(didAuthRequestTokenStr, exp)
+    const jwtObject = await buildResponseJwtObject(didAuthRequestTokenStr, options.exp)
 
     await this._signer.fillSignature(jwtObject)
 

diff --git a/common-libs/did-auth-lib/src/DidAuthService/DidAuthService.ts b/common-libs/did-auth-lib/src/DidAuthService/DidAuthService.ts
@@ -106,10 +106,9 @@ export default class AffinidiDidAuthService {
   async createDidAuthResponseToken(
     didAuthRequestTokenStr: string,
     options?: CreateResponseTokenOptions,
-    exp?: number,
   ): Promise<string> {
     const clientService = new DidAuthClientService(this.createSigner())
-    return clientService.createDidAuthResponseToken(didAuthRequestTokenStr, options, exp)
+    return clientService.createDidAuthResponseToken(didAuthRequestTokenStr, options)
   }
 
   async createDidAuthResponseTokenThroughCloudWallet(

diff --git a/common-libs/did-auth-lib/src/shared/types.ts b/common-libs/did-auth-lib/src/shared/types.ts
@@ -7,4 +7,5 @@ export interface VerifierOptions {
 
 export type CreateResponseTokenOptions = {
   maxTokenValidInMs?: number
+  exp?: number
 }
diff --git a/common-libs/did-auth-lib/test/unit/DidAuthService/DidAuthService.test.ts b/common-libs/did-auth-lib/test/unit/DidAuthService/DidAuthService.test.ts
@@ -152,13 +152,11 @@ describe('AffinidiDidAuthService', () => {
 
     const didAuthRequestToken = await verifierDidAuthService.createDidAuthRequestToken(holderDid)
 
-    let options: CreateResponseTokenOptions = undefined
-
-    const NOW = Date.now()
-
-    const exp = NOW + DEFAULT_REQUEST_TOKEN_VALID_IN_MS
+    const options: CreateResponseTokenOptions = {
+      exp: Date.now() + DEFAULT_REQUEST_TOKEN_VALID_IN_MS
+    }
 
-    const didAuthResponseToken = await holderDidAuthService.createDidAuthResponseToken(didAuthRequestToken, options, exp)
+    const didAuthResponseToken = await holderDidAuthService.createDidAuthResponseToken(didAuthRequestToken, options)
 
     const result = await verifierDidAuthService.verifyDidAuthResponseToken(didAuthResponseToken, verifierOptions)
 
@@ -182,13 +180,11 @@ describe('AffinidiDidAuthService', () => {
 
     const didAuthRequestToken = await serverService.createDidAuthRequestToken(holderDid)
 
-    let options: CreateResponseTokenOptions = undefined
-
-    const NOW = Date.now()
-
-    const exp = NOW + DEFAULT_REQUEST_TOKEN_VALID_IN_MS
+    const options: CreateResponseTokenOptions = {
+      exp: Date.now() + DEFAULT_REQUEST_TOKEN_VALID_IN_MS
+    }
 
-    const didAuthResponseToken = await clientService.createDidAuthResponseToken(didAuthRequestToken, options, exp)
+    const didAuthResponseToken = await clientService.createDidAuthResponseToken(didAuthRequestToken, options)
 
     const result = await serverService.verifyDidAuthResponseToken(didAuthResponseToken)
 
@@ -281,4 +277,36 @@ describe('AffinidiDidAuthService', () => {
 
     expect(() => holderDidAuthService.isTokenExpired(token)).to.throw()
   })
+
+  it('#verifyDidAuthResponse -> invalid expiration for didAuthResponseToken ', async () => {
+    const { environment, accessApiKey } = env
+
+    nock(`https://affinity-registry.apse1.${environment}.affinidi.io`)
+      .post('/api/v1/did/resolve-did', /elem/gi)
+      .reply(200, mockVerifierElemDidDocument)
+
+    nock(`https://affinity-registry.apse1.${environment}.affinidi.io`)
+      .post('/api/v1/did/resolve-did', /elem/gi)
+      .reply(200, mockHolderElemDidDocument)
+
+    const clientService = createClientService()
+    const serverService = createServerService(environment, accessApiKey)
+
+    const didAuthRequestToken = await serverService.createDidAuthRequestToken(holderDid)
+
+    const options: CreateResponseTokenOptions = undefined
+
+    const didAuthResponseToken = await clientService.createDidAuthResponseToken(didAuthRequestToken, options)
+
+    let invalidExpirationError
+    try {
+      await serverService.verifyDidAuthResponseToken(didAuthResponseToken)
+    } catch (error) {
+      invalidExpirationError = error
+    }
+
+    expect(invalidExpirationError).to.be.not.undefined
+    expect(invalidExpirationError.message).to.be.equal('Token expired or invalid expiration')
+    nock.cleanAll()
+  })
 })