From be3728916dd32d64128a57897d6b405b53f7f457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Thu, 13 Feb 2025 13:12:36 +0100 Subject: [PATCH 1/6] Use config related origins --- .../src/utils/findWebAuthnFlows.test.ts | 7 +++-- .../src/utils/findWebAuthnRpId.test.ts | 14 ++++++++-- src/frontend/src/utils/findWebAuthnRpId.ts | 28 ------------------- src/frontend/src/utils/iiConnection.ts | 4 +-- 4 files changed, 19 insertions(+), 34 deletions(-) diff --git a/src/frontend/src/utils/findWebAuthnFlows.test.ts b/src/frontend/src/utils/findWebAuthnFlows.test.ts index a110b4a111..c8c799130a 100644 --- a/src/frontend/src/utils/findWebAuthnFlows.test.ts +++ b/src/frontend/src/utils/findWebAuthnFlows.test.ts @@ -1,7 +1,6 @@ import { LEGACY_II_URL } from "$src/config"; import { CredentialData } from "./credential-devices"; import { findWebAuthnFlows } from "./findWebAuthnFlows"; -import { PROD_DOMAINS } from "./findWebAuthnRpId"; describe("findWebAuthnFlows", () => { const currentOrigin = "https://identity.internetcomputer.org"; @@ -9,7 +8,11 @@ describe("findWebAuthnFlows", () => { const nonCurrentOrigin1RpId = new URL(nonCurrentOrigin1).hostname; const nonCurrentOrigin2 = "https://identity.icp0.io"; const nonCurrentOrigin2RpId = new URL(nonCurrentOrigin2).hostname; - const relatedOrigins = PROD_DOMAINS; + const relatedOrigins = [ + "https://identity.ic0.app", + "https://identity.internetcomputer.org", + "https://identity.icp0.io", + ]; const createMockCredential = ( origin: string | undefined diff --git a/src/frontend/src/utils/findWebAuthnRpId.test.ts b/src/frontend/src/utils/findWebAuthnRpId.test.ts index c435e366bb..a2a5a44704 100644 --- a/src/frontend/src/utils/findWebAuthnRpId.test.ts +++ b/src/frontend/src/utils/findWebAuthnRpId.test.ts @@ -1,11 +1,21 @@ import { CredentialData } from "./credential-devices"; import { - BETA_DOMAINS, - PROD_DOMAINS, excludeCredentialsFromOrigins, findWebAuthnRpId, } from "./findWebAuthnRpId"; +const BETA_DOMAINS = [ + "https://beta.identity.ic0.app", + "https://beta.identity.internetcomputer.org", + "https://fgte5-ciaaa-aaaad-aaatq-cai.ic0.app", +]; + +const PROD_DOMAINS = [ + "https://identity.ic0.app", + "https://identity.internetcomputer.org", + "https://identity.icp0.io", +]; + describe("findWebAuthnRpId", () => { const mockDeviceData = (origin?: string): CredentialData => ({ origin, diff --git a/src/frontend/src/utils/findWebAuthnRpId.ts b/src/frontend/src/utils/findWebAuthnRpId.ts index 385af7aa52..583f97291d 100644 --- a/src/frontend/src/utils/findWebAuthnRpId.ts +++ b/src/frontend/src/utils/findWebAuthnRpId.ts @@ -1,34 +1,6 @@ import { II_LEGACY_ORIGIN } from "$src/constants"; import { CredentialData } from "./credential-devices"; -export const PROD_DOMAINS = [ - "https://identity.ic0.app", - "https://identity.internetcomputer.org", - "https://identity.icp0.io", -]; -export const BETA_DOMAINS = [ - "https://beta.identity.ic0.app", - "https://beta.identity.internetcomputer.org", - "https://fgte5-ciaaa-aaaad-aaatq-cai.ic0.app", -]; - -/** - * Returns the related domains ordered by preference. - * - * It reads the current URL and returns the set related to the current url. - */ -export const relatedDomains = (): string[] => { - const currentUrl = new URL(window.location.origin); - if (PROD_DOMAINS.includes(currentUrl.origin)) { - return PROD_DOMAINS; - } - if (BETA_DOMAINS.includes(currentUrl.origin)) { - return BETA_DOMAINS; - } - // Only beta and prod have related domains. - return []; -}; - export const hasCredentialsFromMultipleOrigins = ( credentials: CredentialData[] ): boolean => diff --git a/src/frontend/src/utils/iiConnection.ts b/src/frontend/src/utils/iiConnection.ts index dabca9d39a..8f6802657e 100644 --- a/src/frontend/src/utils/iiConnection.ts +++ b/src/frontend/src/utils/iiConnection.ts @@ -63,7 +63,6 @@ import { CredentialData, } from "./credential-devices"; import { findWebAuthnFlows, WebAuthnFlow } from "./findWebAuthnFlows"; -import { relatedDomains } from "./findWebAuthnRpId"; import { MultiWebAuthnIdentity } from "./multiWebAuthnIdentity"; import { isRecoveryDevice, RecoveryDevice } from "./recoveryDevice"; import { supportsWebauthRoR } from "./userAgent"; @@ -432,7 +431,8 @@ export class Connection { supportsRor: supportsWebauthRoR(window.navigator.userAgent), devices: credentials, currentOrigin: window.location.origin, - relatedOrigins: relatedDomains(), + // Empty array is the same as no related origins. + relatedOrigins: this.canisterConfig.related_origins[0] ?? [], }); this.webAuthFlows = { flows, From 69cec0e6fee6f7b5370b7e9092959c73bcd7b47f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Thu, 13 Feb 2025 15:26:22 +0100 Subject: [PATCH 2/6] Revert to test e2e test --- src/frontend/src/utils/findWebAuthnRpId.ts | 28 ++++++++++++++++++++++ src/frontend/src/utils/iiConnection.ts | 4 +++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/frontend/src/utils/findWebAuthnRpId.ts b/src/frontend/src/utils/findWebAuthnRpId.ts index 583f97291d..385af7aa52 100644 --- a/src/frontend/src/utils/findWebAuthnRpId.ts +++ b/src/frontend/src/utils/findWebAuthnRpId.ts @@ -1,6 +1,34 @@ import { II_LEGACY_ORIGIN } from "$src/constants"; import { CredentialData } from "./credential-devices"; +export const PROD_DOMAINS = [ + "https://identity.ic0.app", + "https://identity.internetcomputer.org", + "https://identity.icp0.io", +]; +export const BETA_DOMAINS = [ + "https://beta.identity.ic0.app", + "https://beta.identity.internetcomputer.org", + "https://fgte5-ciaaa-aaaad-aaatq-cai.ic0.app", +]; + +/** + * Returns the related domains ordered by preference. + * + * It reads the current URL and returns the set related to the current url. + */ +export const relatedDomains = (): string[] => { + const currentUrl = new URL(window.location.origin); + if (PROD_DOMAINS.includes(currentUrl.origin)) { + return PROD_DOMAINS; + } + if (BETA_DOMAINS.includes(currentUrl.origin)) { + return BETA_DOMAINS; + } + // Only beta and prod have related domains. + return []; +}; + export const hasCredentialsFromMultipleOrigins = ( credentials: CredentialData[] ): boolean => diff --git a/src/frontend/src/utils/iiConnection.ts b/src/frontend/src/utils/iiConnection.ts index 8f6802657e..a55d751013 100644 --- a/src/frontend/src/utils/iiConnection.ts +++ b/src/frontend/src/utils/iiConnection.ts @@ -63,6 +63,7 @@ import { CredentialData, } from "./credential-devices"; import { findWebAuthnFlows, WebAuthnFlow } from "./findWebAuthnFlows"; +import { relatedDomains } from "./findWebAuthnRpId"; import { MultiWebAuthnIdentity } from "./multiWebAuthnIdentity"; import { isRecoveryDevice, RecoveryDevice } from "./recoveryDevice"; import { supportsWebauthRoR } from "./userAgent"; @@ -432,7 +433,8 @@ export class Connection { devices: credentials, currentOrigin: window.location.origin, // Empty array is the same as no related origins. - relatedOrigins: this.canisterConfig.related_origins[0] ?? [], + // relatedOrigins: this.canisterConfig.related_origins[0] ?? [], + relatedOrigins: relatedDomains(), }); this.webAuthFlows = { flows, From ec824d632179abdbd6ac8b24dac10e12593ede52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Thu, 13 Feb 2025 15:34:18 +0100 Subject: [PATCH 3/6] use config --- src/frontend/src/utils/iiConnection.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/frontend/src/utils/iiConnection.ts b/src/frontend/src/utils/iiConnection.ts index a55d751013..0cbe15787a 100644 --- a/src/frontend/src/utils/iiConnection.ts +++ b/src/frontend/src/utils/iiConnection.ts @@ -63,7 +63,6 @@ import { CredentialData, } from "./credential-devices"; import { findWebAuthnFlows, WebAuthnFlow } from "./findWebAuthnFlows"; -import { relatedDomains } from "./findWebAuthnRpId"; import { MultiWebAuthnIdentity } from "./multiWebAuthnIdentity"; import { isRecoveryDevice, RecoveryDevice } from "./recoveryDevice"; import { supportsWebauthRoR } from "./userAgent"; @@ -433,8 +432,8 @@ export class Connection { devices: credentials, currentOrigin: window.location.origin, // Empty array is the same as no related origins. - // relatedOrigins: this.canisterConfig.related_origins[0] ?? [], - relatedOrigins: relatedDomains(), + relatedOrigins: this.canisterConfig.related_origins[0] ?? [], + // relatedOrigins: relatedDomains(), }); this.webAuthFlows = { flows, From 66f9bf0338d22c9ff945c4ad98f21815127390f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Thu, 13 Feb 2025 16:46:03 +0100 Subject: [PATCH 4/6] Add test iiConnection no related origins --- src/frontend/src/utils/iiConnection.test.ts | 37 +++++++++++++++++---- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/src/frontend/src/utils/iiConnection.test.ts b/src/frontend/src/utils/iiConnection.test.ts index c688157b3d..76e74460f1 100644 --- a/src/frontend/src/utils/iiConnection.test.ts +++ b/src/frontend/src/utils/iiConnection.test.ts @@ -63,7 +63,13 @@ const DEFAULT_INIT: InternetIdentityInit = { captcha_config: [], openid_google: [], register_rate_limit: [], - related_origins: [], + related_origins: [ + [ + "https://identity.ic0.app", + "https://identity.internetcomputer.org", + "https://identity.icp0.io", + ], + ], }; const mockActor = { @@ -119,6 +125,7 @@ test("commits changes on identity metadata", async () => { mockActor ); + expect(infoResponse).toBeUndefined(); await vi.waitFor(() => expect(infoResponse).toEqual(mockRawMetadata)); expect(await connection.getIdentityMetadata()).toEqual(mockIdentityMetadata); @@ -212,6 +219,28 @@ describe("Connection.login", () => { } }); + it("login returns undefined RP ID if no related origins are in the config", async () => { + const config: InternetIdentityInit = { + ...DEFAULT_INIT, + related_origins: [], + }; + const connection = new Connection("aaaaa-aa", config, mockActor); + + const loginResult = await connection.login(BigInt(12345)); + + expect(loginResult.kind).toBe("loginSuccess"); + if (loginResult.kind === "loginSuccess") { + expect(loginResult.connection).toBeInstanceOf(AuthenticatedConnection); + expect(loginResult.showAddCurrentDevice).toBe(false); + expect(MultiWebAuthnIdentity.fromCredentials).toHaveBeenCalledTimes(1); + expect(MultiWebAuthnIdentity.fromCredentials).toHaveBeenCalledWith( + [convertToValidCredentialData(mockDevice)], + "identity.ic0.app", + true + ); + } + }); + it("connection excludes rpId when user cancels", async () => { // This one would fail because it's not the device the user is using at the moment. const currentOriginDevice: DeviceData = createMockDevice(currentOrigin); @@ -566,12 +595,6 @@ describe("Connection.login", () => { credential_id: [Uint8Array.from([0, 0, 0, 0, 0])], }; const mockActor = { - identity_info: vi.fn().mockImplementation(async () => { - // The `await` is necessary to make sure that the `getterResponse` is set before the test continues. - infoResponse = await mockRawMetadata; - return { Ok: { metadata: mockRawMetadata } }; - }), - identity_metadata_replace: vi.fn().mockResolvedValue({ Ok: null }), lookup: vi.fn().mockResolvedValue([pinDevice]), } as unknown as ActorSubclass<_SERVICE>; From e6b7fce27ca5a8e830c2bd03bcad0ebd85928f96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Mon, 17 Feb 2025 13:57:02 +0100 Subject: [PATCH 5/6] Remove unnecessary commented line --- src/frontend/src/utils/iiConnection.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/frontend/src/utils/iiConnection.ts b/src/frontend/src/utils/iiConnection.ts index 0cbe15787a..8f6802657e 100644 --- a/src/frontend/src/utils/iiConnection.ts +++ b/src/frontend/src/utils/iiConnection.ts @@ -433,7 +433,6 @@ export class Connection { currentOrigin: window.location.origin, // Empty array is the same as no related origins. relatedOrigins: this.canisterConfig.related_origins[0] ?? [], - // relatedOrigins: relatedDomains(), }); this.webAuthFlows = { flows, From 5265fea75b53bd8fcc3b84ab174f438eb82064a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lloren=C3=A7?= Date: Mon, 17 Feb 2025 14:09:54 +0100 Subject: [PATCH 6/6] Fix test --- src/frontend/src/utils/iiConnection.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/frontend/src/utils/iiConnection.test.ts b/src/frontend/src/utils/iiConnection.test.ts index 76e74460f1..9bbd89b956 100644 --- a/src/frontend/src/utils/iiConnection.test.ts +++ b/src/frontend/src/utils/iiConnection.test.ts @@ -235,8 +235,8 @@ describe("Connection.login", () => { expect(MultiWebAuthnIdentity.fromCredentials).toHaveBeenCalledTimes(1); expect(MultiWebAuthnIdentity.fromCredentials).toHaveBeenCalledWith( [convertToValidCredentialData(mockDevice)], - "identity.ic0.app", - true + undefined, + false ); } });