UNPKG

blockstack

Version:

The Blockstack Javascript library for identity and authentication.

blockstack.org

blockstack/blockstack.js

199 lines (147 loc) 8.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
'use strict'; // import test from 'tape' Object.defineProperty(exports, "__esModule", { value: true }); exports.runAuthTests = runAuthTests; var _tape = require('tape-promise/tape'); var _tape2 = _interopRequireDefault(_tape); var _jsontokens = require('jsontokens'); var _fetchMock = require('fetch-mock'); var _fetchMock2 = _interopRequireDefault(_fetchMock); var _lib = require('../../../lib'); var _lib2 = _interopRequireDefault(_lib); var _sampleData = require('./sampleData'); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function runAuthTests() { var privateKey = 'a5c61c6ca7b3e7e55edee68566aeab22e4da26baa285c7bd10e8d2218aa3b229'; var publicKey = '027d28f9951ce46538951e3697c62588a87f1f1f295de4a14fdd4c780fc52cfe69'; var nameLookupURL = 'https://explorer-api.appartisan.com/get_name_blockchain_record/'; (0, _tape2.default)('makeAuthRequest && verifyAuthRequest', function (t) { t.plan(15); global.window = { location: { origin: 'http://localhost:3000', hostname: 'localhost', host: 'localhost:3000', href: 'http://localhost:3000/signin' } }; var authRequest = (0, _lib.makeAuthRequest)(privateKey); t.ok(authRequest, 'auth request should have been created'); console.log(authRequest); var decodedToken = (0, _jsontokens.decodeToken)(authRequest); t.ok(decodedToken, 'auth request token should have been decoded'); console.log(JSON.stringify(decodedToken, null, 2)); var address = (0, _lib.publicKeyToAddress)(publicKey); var referenceDID = (0, _lib.makeDIDFromAddress)(address); var origin = 'http://localhost:3000'; t.equal(decodedToken.payload.iss, referenceDID, 'auth request issuer should include the public key'); t.equal(decodedToken.payload.domain_name, origin, 'auth request domain_name should be origin'); t.equal(decodedToken.payload.redirect_uri, 'http://localhost:3000/', 'auth request redirects to correct uri'); t.equal(decodedToken.payload.manifest_uri, 'http://localhost:3000/manifest.json', 'auth request manifest is correct uri'); t.equal(JSON.stringify(decodedToken.payload.scopes), '["store_write"]', 'auth request scopes should be store_write'); (0, _lib.verifyAuthRequest)(authRequest).then(function (verified) { t.true(verified, 'auth request should be verified'); }); t.true((0, _lib.isExpirationDateValid)(authRequest), 'Expiration date should be valid'); t.true((0, _lib.isIssuanceDateValid)(authRequest), 'Issuance date should be valid'); t.true((0, _lib.doSignaturesMatchPublicKeys)(authRequest), 'Signatures should match the public keys'); t.true((0, _lib.doPublicKeysMatchIssuer)(authRequest), 'Public keys should match the issuer'); t.true((0, _lib.isManifestUriValid)(authRequest), 'Manifest URI should be on the app origin'); t.true((0, _lib.isRedirectUriValid)(authRequest), 'Redirect URL should be to app origin'); var manifiestUrl = 'http://localhost:3000/manifest.json'; var manifest = { "name": "App", "start_url": "http://localhost:3000/", "description": "A simple todo app build on blockstack", "icons": [{ "src": "http://localhost:3000/logo.png", "sizes": "400x400", "type": "image/png" }] }; var manifestString = JSON.stringify(manifest); _fetchMock2.default.get(manifiestUrl, manifestString); (0, _lib.verifyAuthRequestAndLoadManifest)(authRequest).then(function (appManifest) { console.log(appManifest); t.equal(appManifest.name, 'App', 'should fetch manifest for valid auth request'); }); }); (0, _tape2.default)('invalid auth request - signature not verified', function (t) { t.plan(3); var authRequest = (0, _lib.makeAuthRequest)(privateKey, 'http://localhost:3000'); var invalidAuthRequest = authRequest.substring(0, authRequest.length - 1); t.equal((0, _lib.doSignaturesMatchPublicKeys)(invalidAuthRequest), false, 'Signatures should not match the public keys'); (0, _lib.verifyAuthRequest)(invalidAuthRequest).then(function (verified) { t.equal(verified, false, 'auth request should be unverified'); }); (0, _lib.verifyAuthRequestAndLoadManifest)(invalidAuthRequest).then(function () { // no op }, function () { t.pass('invalid auth request rejected'); }); }); (0, _tape2.default)('invalid auth request - invalid redirect uri', function (t) { t.plan(3); var invalidAuthRequest = (0, _lib.makeAuthRequest)(privateKey, 'https://example.com'); t.equal((0, _lib.isRedirectUriValid)(invalidAuthRequest), false, 'Redirect URI should be invalid since it does not match origin'); (0, _lib.verifyAuthRequest)(invalidAuthRequest).then(function (verified) { t.equal(verified, false, 'auth request should be unverified'); }); (0, _lib.verifyAuthRequestAndLoadManifest)(invalidAuthRequest).then(function () { // no op }, function () { t.pass('invalid auth request rejected'); }); }); (0, _tape2.default)('invalid auth request - invalid manifest uri', function (t) { t.plan(2); var invalidAuthRequest = (0, _lib.makeAuthRequest)(privateKey, 'http://localhost:3000', 'https://example.com/manifest.json'); t.equal((0, _lib.isManifestUriValid)(invalidAuthRequest), false, 'Manifest URI should be invalid since it does not match origin'); (0, _lib.verifyAuthRequest)(invalidAuthRequest).then(function (verified) { t.equal(verified, false, 'auth request should be unverified'); }); }); (0, _tape2.default)('makeAuthResponse && verifyAuthResponse', function (t) { t.plan(11); var authResponse = (0, _lib.makeAuthResponse)(privateKey, _sampleData.sampleProfiles.ryan); t.ok(authResponse, 'auth response should have been created'); var decodedToken = (0, _jsontokens.decodeToken)(authResponse); t.ok(decodedToken, 'auth response should have been decoded'); // console.log(JSON.stringify(decodedToken, null, 2)) var address = (0, _lib.publicKeyToAddress)(publicKey); var referenceDID = (0, _lib.makeDIDFromAddress)(address); t.equal(decodedToken.payload.iss, referenceDID, 'auth response issuer should include the public key'); t.equal(JSON.stringify(decodedToken.payload.profile), JSON.stringify(_sampleData.sampleProfiles.ryan), 'auth response profile should equal the reference value'); t.equal(decodedToken.payload.username, null, 'auth response username should be null'); // const verified = verifyAuthResponse(authResponse) // t.equal(verified, true, 'auth response should be verified') (0, _lib.verifyAuthResponse)(authResponse, nameLookupURL).then(function (verifiedResult) { t.true(verifiedResult, 'auth response should be verified'); }); t.true((0, _lib.isExpirationDateValid)(authResponse), 'Expiration date should be valid'); t.true((0, _lib.isIssuanceDateValid)(authResponse), 'Issuance date should be valid'); t.true((0, _lib.doSignaturesMatchPublicKeys)(authResponse), 'Signatures should match the public keys'); t.true((0, _lib.doPublicKeysMatchIssuer)(authResponse), 'Public keys should match the issuer'); (0, _lib.doPublicKeysMatchUsername)(authResponse, nameLookupURL).then(function (verifiedResult) { t.true(verifiedResult, 'Public keys should match the username'); }); }); (0, _tape2.default)('auth response with username', function (t) { t.plan(2); var url = nameLookupURL + 'ryan.id'; // console.log(`URL: ${url}`) _fetchMock2.default.get(url, _sampleData.sampleNameRecords.ryan); var authResponse = (0, _lib.makeAuthResponse)(privateKey, _sampleData.sampleProfiles.ryan, 'ryan.id'); // console.log(decodeToken(authResponse)) (0, _lib.doPublicKeysMatchUsername)(authResponse, nameLookupURL).then(function (verified) { t.true(verified, 'Public keys should match the username'); }); (0, _lib.verifyAuthResponse)(authResponse, nameLookupURL).then(function (verifiedResult) { t.true(verifiedResult, 'auth response should be verified'); }); }); } // const sampleToken = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3N1ZWRBdCI6IjE0NDA3MTM0MTQuMTkiLCJjaGFsbGVuZ2UiOiIxZDc4NTBkNy01YmNmLTQ3ZDAtYTgxYy1jMDA4NTc5NzY1NDQiLCJwZXJtaXNzaW9ucyI6WyJibG9ja2NoYWluaWQiXSwiaXNzdWVyIjp7InB1YmxpY0tleSI6IjAzODI3YjZhMzRjZWJlZTZkYjEwZDEzNzg3ODQ2ZGVlYWMxMDIzYWNiODNhN2I4NjZlMTkyZmEzNmI5MTkwNjNlNCIsImRvbWFpbiI6Im9uZW5hbWUuY29tIn19.96Q_O_4DX8uPy1enosEwS2sIcyVelWhxvfj2F8rOvHldhqt9YRYilauepb95DVnmpqpCXxJb7jurT8auNCbptw' // const sampleTokenPayload = {"issuedAt": "1440713414.19", "challenge": "1d7850d7-5bcf-47d0-a81c-c00857976544", "permissions": ["blockchainid"], "issuer": {"publicKey": "03827b6a34cebee6db10d13787846deeac1023acb83a7b866e192fa36b919063e4", "domain": "onename.com"}}