Skip to content

Commit

Permalink
fix(auth): add clientKeyId to context (#769)
Browse files Browse the repository at this point in the history
  • Loading branch information
wilsonianb authored Nov 22, 2022
1 parent 1e2b524 commit 632bdfb
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
3 changes: 3 additions & 0 deletions packages/auth/src/signature/middleware.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@ describe('Signature Service', (): void => {
await grantInitiationHttpsigMiddleware(ctx, next)

expect(ctx.response.status).toEqual(200)
expect(ctx.clientKeyId).toEqual(testClientKey.kid)
expect(next).toHaveBeenCalled()

scope.done()
Expand Down Expand Up @@ -279,6 +280,7 @@ describe('Signature Service', (): void => {

await grantContinueHttpsigMiddleware(ctx, next)
expect(ctx.response.status).toEqual(200)
expect(ctx.clientKeyId).toEqual(testClientKey.kid)
expect(next).toHaveBeenCalled()

scope.done()
Expand Down Expand Up @@ -314,6 +316,7 @@ describe('Signature Service', (): void => {

expect(next).toHaveBeenCalled()
expect(ctx.response.status).toEqual(200)
expect(ctx.clientKeyId).toEqual(testClientKey.kid)

scope.done()
})
Expand Down
15 changes: 7 additions & 8 deletions packages/auth/src/signature/middleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,12 @@ export async function verifySigAndChallenge(

async function verifySigFromClient(
client: string,
keyId: string,
ctx: HttpSigContext
): Promise<boolean> {
const clientService = await ctx.container.use('clientService')
const clientKey = await clientService.getKey({
client,
keyId
keyId: ctx.clientKeyId
})

if (!clientKey) {
Expand All @@ -65,12 +64,12 @@ async function verifySigFromBoundKey(
ctx: HttpSigContext
): Promise<boolean> {
const sigInput = ctx.headers['signature-input'] as string
const keyId = getSigInputKeyId(sigInput)
if (keyId !== grant.clientKeyId) {
ctx.clientKeyId = getSigInputKeyId(sigInput)
if (ctx.clientKeyId !== grant.clientKeyId) {
ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
}

return verifySigFromClient(grant.client, keyId, ctx)
return verifySigFromClient(grant.client, ctx)
}

// TODO: Replace with public httpsig library
Expand Down Expand Up @@ -238,12 +237,12 @@ export async function grantInitiationHttpsigMiddleware(
const { body } = ctx.request

const sigInput = ctx.headers['signature-input'] as string
const keyId = getSigInputKeyId(sigInput)
if (!keyId) {
ctx.clientKeyId = getSigInputKeyId(sigInput)
if (!ctx.clientKeyId) {
ctx.throw(401, 'invalid signature input', { error: 'invalid_request' })
}

await verifySigFromClient(body.client, keyId, ctx)
await verifySigFromClient(body.client, ctx)
await next()
}

Expand Down

0 comments on commit 632bdfb

Please sign in to comment.