Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

[#IOPID-148] update LC middleware with multiple encoding verification #38

Merged
merged 2 commits into from
Apr 19, 2023
Merged

[#IOPID-148] update LC middleware with multiple encoding verification #38

merged 2 commits into from
Apr 19, 2023

Conversation

gquadrati
Copy link
Contributor

List of Changes

Updated customVerify with encoding
Updated default check with der encoding, into LC middleware and added fallback check with ieee-p1363 encoding.

Motivation and Context

Fix e2e signature verification + enable signature verification with multiple encoding.

How Has This Been Tested?

Unit tests

Screenshots (if appropriate):

Types of changes

  • Chore (nothing changes by a user perspective)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@gquadrati gquadrati requested a review from a team as a code owner April 17, 2023 15:50
@github-actions
Copy link

Jira Pull Request Link

This Pull Request refers to the following Jira issue IOPID-148

@codecov-commenter
Copy link

Codecov Report

Patch coverage: 94.02% and project coverage change: +0.79 🎉

Comparison is base (a298e95) 86.38% compared to head (f818ec3) 87.17%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #38      +/-   ##
==========================================
+ Coverage   86.38%   87.17%   +0.79%     
==========================================
  Files          23       22       -1     
  Lines         727      725       -2     
  Branches       64       63       -1     
==========================================
+ Hits          628      632       +4     
+ Misses         95       89       -6     
  Partials        4        4
Impacted Files Coverage Δ
utils/errors.ts 85.00% <ø> (-1.67%) ⬇️
ActivatePubKey/handler.ts 84.31% <80.00%> (+2.09%) ⬆️
GenerateLCParams/handler.ts 88.57% <100.00%> (+2.85%) ⬆️
GetAssertion/handler.ts 90.00% <100.00%> (ø)
HandlePubKeyRevoke/handler.ts 97.91% <100.00%> (+0.09%) ⬆️
ReservePubKey/handler.ts 86.04% <100.00%> (+4.96%) ⬆️
utils/httpSignature.verifiers.ts 100.00% <100.00%> (ø)
...ls/middleware/http_message_signature_middleware.ts 89.58% <100.00%> (+0.69%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@shadowsheep1 shadowsheep1 mentioned this pull request Apr 18, 2023
Merged
fabriziopapi
fabriziopapi approved these changes Apr 18, 2023
View reviewed changes
Copy link
Contributor

@fabriziopapi fabriziopapi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM: only a minor suggestion.

utils/middleware/http_message_signature_middleware.ts
Comment on lines +154 to 172
TE.map(
key =>
[
request,
lollipopHeaders["x-pagopa-lollipop-assertion-ref"],
key,
rawBody
] as const
),
TE.chain(params =>
// IO app is currently signing using 'der' algorithm only.
// Anyway, a LC should be ready to verify 'ieee-p1363' algorithm too.
pipe(
validateHttpSignatureWithEconding("der")(...params),
TE.orElse(() =>
validateHttpSignatureWithEconding("ieee-p1363")(...params)
)
)
),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could refactor the validateHttpSignatureWithEconding to use a type as input to avoid the ...params array decostruction.

@gquadrati gquadrati merged commit 345354f into master Apr 19, 2023
sabontech added a commit to pagopa/io-app that referenced this pull request Apr 21, 2023
@shadowsheep1 @sabontech
chore: [IOPID-94] Add Lollipop Playground (#4545)
51b4ec8 
## ⚠️ Depends on
pagopa-archive/io-functions-lollipop#38,
pagopa/io-backend#1006,
pagopa/io-dev-api-server#233 ⚠️ ##

## Short description
This PR add a Lollipop Playground page to call the first LC for
debugging purpose.

## List of changes proposed in this pull request
-
[package.json](https://github.com/pagopa/io-app/pull/4545/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519):
add OpenApi specs and client generation.
-
[ts/features/lollipop/api/backend.ts](https://github.com/pagopa/io-app/pull/4545/files#diff-f74e1d5ec082224b0319d628738f4276acd718325ec8adf1b024edcf831d054a):
Adds the lollipop backend server.
-
[ts/features/lollipop/playgrounds/LollipopPlaygroundContent.tsx](https://github.com/pagopa/io-app/pull/4545/files#diff-d1d3dd0d4f65dbaffcc58b5b41f71abc080812ff110a7195addc8c960392163b):
-
[ts/features/lollipop/playgrounds/LollipopPlayground.tsx](https://github.com/pagopa/io-app/pull/4545/files#diff-7177b8ec63fef44a3ace9d084515adeefd1a8979d89f9cc3030989173797799d):
Adds the lollipop Playground Screen.
-
[ts/navigation/ProfileNavigator.tsx](https://github.com/pagopa/io-app/pull/4545/files#diff-fde597880587bbd6b7df5084df5a2bb4020db9a4d14f00b29967f3faf58ad7a1):
-
[ts/navigation/params/ProfileParamsList.ts](https://github.com/pagopa/io-app/pull/4545/files#diff-f3f50220ac440ed85361a813ef5aff2d66dc324b38c8d47f9de541651342fb41):
-
[ts/navigation/routes.ts](https://github.com/pagopa/io-app/pull/4545/files#diff-950467b6141738ddf5a35aa966af7ea9731f4f70825f4fcf2e3d62f33f7ac547):
-
[ts/screens/profile/ProfileMainScreen.tsx](https://github.com/pagopa/io-app/pull/4545/files#diff-de3c1a64bcc8fdca4c8dbc5d62dba36c8c5ded27255052ecc6526e614b1e8f5b):
Manages the navigation to the lollipop playground from the profile page
in debug mode.

## How to test
Run the app and go to the new lollipop playground screen. Write
something in the text field and tap "Sign". You should see a "success"
alert showing the current server assertion ref. Test it by pointing to
production and also by using the dev server.

---------

Co-authored-by: SabPicariello <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fabriziopapi fabriziopapi fabriziopapi approved these changes

@michaeldisaro michaeldisaro Awaiting requested review from michaeldisaro michaeldisaro was automatically assigned from pagopa/io-backend-contributors

@Garma00 Garma00 Awaiting requested review from Garma00 Garma00 was automatically assigned from pagopa/io-backend-contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gquadrati @codecov-commenter @fabriziopapi