From fa9dbcd2dba6180392bb3bfe84cea298bc7cedad Mon Sep 17 00:00:00 2001 From: orhoj Date: Mon, 28 Aug 2023 15:06:39 +0200 Subject: [PATCH 1/4] Prevent adding a credential with attributes not listed in schema --- packages/browser-wallet/CHANGELOG.md | 2 ++ .../pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx | 10 +++++++++- .../src/popup/pages/AddWeb3IdCredential/i18n/en.ts | 6 +++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/packages/browser-wallet/CHANGELOG.md b/packages/browser-wallet/CHANGELOG.md index 3e55c07d..855710c7 100644 --- a/packages/browser-wallet/CHANGELOG.md +++ b/packages/browser-wallet/CHANGELOG.md @@ -11,6 +11,8 @@ - An issue where the import window would fail to open. - Updated the JSON schema for the verifiable credential schema validation, so that invalid schemas are rejected. - An issue where a verifiable with the `NotActivated` status would show as `Pending`. +- An issue that allowed empty credential statements to be accepted by the wallet-api. +- An issue where the wallet allowed for requests adding credentials with more attributes than listed in the schema. ## 1.1.2 diff --git a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx index 0247e382..e9882f55 100644 --- a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx +++ b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx @@ -121,7 +121,15 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { } if (missingRequiredAttributeKeys.length > 0) { - setError(t('error.attribute', { attributeKeys: missingRequiredAttributeKeys })); + setError(t('error.attribute.required', { attributeKeys: missingRequiredAttributeKeys })); + } + + // Ensure that a credential with more attributes than listed by the schema cannot be added. + const schemaAttributes = Object.keys(schema.properties.credentialSubject.properties.attributes.properties); + for (const credentialAttribute of Object.keys(credential.credentialSubject.attributes)) { + if (!schemaAttributes.includes(credentialAttribute)) { + setError(t('error.attribute.additional', { credentialAttribute, schemaAttributes })); + } } } }, [schema?.properties.credentialSubject.properties.attributes.required]); diff --git a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts index 16569fe9..b7d74fed 100644 --- a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts +++ b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts @@ -7,7 +7,11 @@ const t = { 'We are unable to add the web3Id credential to the wallet due to the following issue, please report this to the issuer:', metadata: 'We are unable to load the metadata for the credential.', schema: 'We are unable to load the schema specification for the credential.', - attribute: 'The received credential is missing one or more required attributes ({{ attributeKeys }})', + attribute: { + required: 'The received credential is missing one or more required attributes ({{ attributeKeys }})', + additional: + 'The attribute with key [{{ credentialAttribute }}] is not available in the list of schema attributes: [{{ schemaAttributes }} ]', + }, localization: 'Failed to get localization', }, }; From da271f1fe1167610bd43cb152e727b445d48a9f0 Mon Sep 17 00:00:00 2001 From: orhoj Date: Mon, 28 Aug 2023 15:31:25 +0200 Subject: [PATCH 2/4] Remove space --- .../src/popup/pages/AddWeb3IdCredential/i18n/en.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts index b7d74fed..c1dbe60f 100644 --- a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts +++ b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/i18n/en.ts @@ -10,7 +10,7 @@ const t = { attribute: { required: 'The received credential is missing one or more required attributes ({{ attributeKeys }})', additional: - 'The attribute with key [{{ credentialAttribute }}] is not available in the list of schema attributes: [{{ schemaAttributes }} ]', + 'The attribute with key [{{ credentialAttribute }}] is not available in the list of schema attributes: [{{ schemaAttributes }}]', }, localization: 'Failed to get localization', }, From 6f19d7d3b09c269730d19670e473bf7e1208dde3 Mon Sep 17 00:00:00 2001 From: orhoj Date: Mon, 28 Aug 2023 16:22:46 +0200 Subject: [PATCH 3/4] Stop rendering before validation --- .../pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx index e9882f55..7029b0df 100644 --- a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx +++ b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx @@ -63,6 +63,7 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { const network = useAtomValue(networkConfigurationAtom); const [error, setError] = useState(); + const [validationComplete, setValidationComplete] = useState(); const { credential: rawCredential, url, metadataUrl } = state.payload; const credential: APIVerifiableCredential = parse(rawCredential); @@ -122,6 +123,8 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { if (missingRequiredAttributeKeys.length > 0) { setError(t('error.attribute.required', { attributeKeys: missingRequiredAttributeKeys })); + setValidationComplete(true); + return; } // Ensure that a credential with more attributes than listed by the schema cannot be added. @@ -129,10 +132,12 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { for (const credentialAttribute of Object.keys(credential.credentialSubject.attributes)) { if (!schemaAttributes.includes(credentialAttribute)) { setError(t('error.attribute.additional', { credentialAttribute, schemaAttributes })); + setValidationComplete(true); + return; } } } - }, [schema?.properties.credentialSubject.properties.attributes.required]); + }, [Boolean(schema)]); useEffect(() => () => controller.abort(), []); @@ -201,7 +206,7 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { return credentialSubjectId; } - if (web3IdCredentials.loading || storedWeb3IdCredentials.loading) { + if (web3IdCredentials.loading || storedWeb3IdCredentials.loading || !validationComplete) { return null; } From 63b5209be649106bf55b1b828dd9fd8e42ac96a1 Mon Sep 17 00:00:00 2001 From: orhoj Date: Mon, 28 Aug 2023 16:26:34 +0200 Subject: [PATCH 4/4] Fix validation --- .../popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx index 7029b0df..cfa6a46a 100644 --- a/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx +++ b/packages/browser-wallet/src/popup/pages/AddWeb3IdCredential/AddWeb3IdCredential.tsx @@ -63,7 +63,7 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { const network = useAtomValue(networkConfigurationAtom); const [error, setError] = useState(); - const [validationComplete, setValidationComplete] = useState(); + const [validationComplete, setValidationComplete] = useState(false); const { credential: rawCredential, url, metadataUrl } = state.payload; const credential: APIVerifiableCredential = parse(rawCredential); @@ -136,6 +136,8 @@ export default function AddWeb3IdCredential({ onAllow, onReject }: Props) { return; } } + + setValidationComplete(true); } }, [Boolean(schema)]);