fix: avoid having two request queries with same id

0xPolygonID · Jan 24, 2024 · 4e0d777 · 4e0d777
1 parent 1e1f82d
commit 4e0d777
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 7 deletions.
diff --git a/internal/api/server.go b/internal/api/server.go
@@ -120,12 +120,20 @@ func (s *Server) Callback(ctx context.Context, request CallbackRequestObject) (C
 			"err":       err,
 		}).Error("failed to verify")
 		s.cache.Set(sessionID.String(), err, cache.DefaultExpiration)
-		return nil, err
+		return Callback500JSONResponse{
+			N500JSONResponse: N500JSONResponse{
+				Message: err.Error(),
+			},
+		}, nil
 	}
 
 	scopes, err := getVerificationResponseScopes(authRespMsg.Body.Scope)
 	if err != nil {
-		return nil, err
+		return Callback500JSONResponse{
+			N500JSONResponse: N500JSONResponse{
+				Message: err.Error(),
+			},
+		}, nil
 	}
 
 	s.cache.Set(sessionID.String(), models.VerificationResponse{Jwz: *request.Body, UserDID: authRespMsg.From, Scopes: scopes}, cache.DefaultExpiration)
@@ -412,7 +420,13 @@ func validateOffChainRequest(request SignInRequestObject) error {
 }
 
 func validateRequestQuery(offChainRequest bool, scope []ScopeRequest) error {
+	reqIds := make(map[uint32]bool, 0)
 	for _, scope := range scope {
+		if reqIds[scope.Id] {
+			return fmt.Errorf("field scope id must be unique, got %d multiple times", scope.Id)
+		}
+		reqIds[scope.Id] = true
+
 		if scope.Id <= 0 {
 			return errors.New("field scope id is empty")
 		}
@@ -583,8 +597,8 @@ func getVerificationResponseScopes(scopes []protocol.ZeroKnowledgeProofResponse)
 	}
 
 	resp := make([]models.VerificationResponseScope, 0, len(scopes))
-	ps := circuits.AtomicQueryV3PubSignals{}
 	for _, scope := range scopes {
+		ps := circuits.AtomicQueryV3PubSignals{}
 		if scope.CircuitID != "credentialAtomicQueryV3-beta.0" {
 			return []models.VerificationResponseScope{}, nil
 		}

diff --git a/internal/api/server_test.go b/internal/api/server_test.go
@@ -307,7 +307,7 @@ func TestSignIn(t *testing.T) {
 			},
 		},
 		{
-			name: "valid request for credentialAtomicQueryV3-beta.0 and TestInteger01 circuits",
+			name: "invalid request duplicated query id",
 			body: SignInRequestObject{
 				Body: &SignInJSONRequestBody{
 					ChainID: common.ToPointer("80001"),
@@ -345,6 +345,54 @@ func TestSignIn(t *testing.T) {
 					},
 				},
 			},
+			expected: expected{
+				httpCode: http.StatusBadRequest,
+				SignInResponseObject: SignIn400JSONResponse{
+					N400JSONResponse{
+						Message: "field scope id must be unique, got 1 multiple times",
+					},
+				},
+			},
+		},
+		{
+			name: "valid request for credentialAtomicQueryV3-beta.0 and TestInteger01 circuits",
+			body: SignInRequestObject{
+				Body: &SignInJSONRequestBody{
+					ChainID: common.ToPointer("80001"),
+					Scope: []ScopeRequest{
+						{
+							Id:        1,
+							CircuitId: "credentialAtomicQueryV3-beta.0",
+							Query: jsonToMap(t, `{
+							"context": "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v3.json-ld",
+							"allowedIssuers": ["*"],
+							"type": "KYCAgeCredential",
+							"credentialSubject": {
+								"birthday": {
+									"$eq": 19960424
+								}
+							},
+							"proofType": "BJJSignature2021"
+						  }`),
+						},
+						{
+							CircuitId: "credentialAtomicQueryV3-beta.0",
+							Id:        2,
+							Query: jsonToMap(t, `{
+							"context": "ipfs://QmaBJzpoYT2CViDx5ShJiuYLKXizrPEfXo8JqzrXCvG6oc",
+							"allowedIssuers": ["*"],
+							"type": "TestInteger01",
+							"credentialSubject": {
+								"position": {
+									"$eq": 1
+								}
+							},
+							"proofType": "BJJSignature2021"
+						  }`),
+						},
+					},
+				},
+			},
 			expected: expected{
 				httpCode: http.StatusOK,
 				SignInResponseObject: SignIn200JSONResponse{
@@ -368,7 +416,7 @@ func TestSignIn(t *testing.T) {
 								},
 								{
 									CircuitId: "credentialAtomicQueryV3-beta.0",
-									Id:        1,
+									Id:        2,
 									Query: map[string]interface{}{
 										"allowedIssuers": []interface{}{"*"},
 										"context":        "ipfs://QmaBJzpoYT2CViDx5ShJiuYLKXizrPEfXo8JqzrXCvG6oc",
@@ -414,7 +462,7 @@ func TestSignIn(t *testing.T) {
 						},
 						{
 							CircuitId: "credentialAtomicQuerySigV2OnChain",
-							Id:        1,
+							Id:        2,
 							Query: jsonToMap(t, `{
 							"context": "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v3.json-ld",
 							"allowedIssuers": ["*"],
@@ -462,7 +510,7 @@ func TestSignIn(t *testing.T) {
 						},
 						{
 							CircuitId: "credentialAtomicQueryV3-beta.0",
-							Id:        1,
+							Id:        2,
 							Query: jsonToMap(t, `{
 							"context": "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v3.json-ld",
 							"allowedIssuers": ["*"],