npm - @abtnode/blocklet-services - Versions diffs - 1.16.32-beta-4d47ae7f → 1.16.32-beta-17be26d7 - Mend

@abtnode/blocklet-services 1.16.32-beta-4d47ae7f → 1.16.32-beta-17be26d7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/api/index.js CHANGED Viewed

@@ -10,12 +10,7 @@ const httpProxy = require('@arcblock/http-proxy');
 const { minimatch } = require('minimatch');
 const { joinURL } = require('ufo');
-const {
-  WELLKNOWN_SERVICE_PATH_PREFIX,
-  NODE_SERVICES_PREFIX,
-  EVENTS,
-  MAX_UPLOAD_FILE_SIZE,
-} = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX, EVENTS, MAX_UPLOAD_FILE_SIZE } = require('@abtnode/constant');
 const {
   BlockletEvents,
   BlockletInternalEvents,
@@ -39,6 +34,7 @@ const { isProduction, isE2E, isFeDev } = require('./libs/env');
 const states = require('./state/index');
 const { init: initNotification } = require('./services/notification');
+const { init: initKyc } = require('./services/kyc');
 const { init: initRelay } = require('./services/relay');
 const BlockletEventsNotifier = require('./services/notification/blocklet-events-notifier');
 const { init: initAuth } = require('./services/auth');
@@ -93,6 +89,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   const { middlewares: authMiddlewares, routes: authRoutes, ensureWsUser } = initAuth({ node, options });
   const notificationService = initNotification({ node });
+  const kycService = initKyc({ node });
   const relayService = initRelay({ node });
   const imageService = initImageService({ node });
   const dashboardService = initDashboard({ node, ensureWsUser });
@@ -286,6 +283,9 @@ module.exports = function createServer(node, serverOptions = {}) {
   // Analytics
   AnalyticService.init({ app: server, node });
+  // API: KYC
+  kycService.attach(server);
   // openapi & opencomponent
   createOpenAPIRoutes.init(server, node, options);
   createOpenComponentRoutes.init(server, node, options);
@@ -339,7 +339,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   });
   // API: dns resolver
-  createDnsResolver.init(server, node, options);
+  createDnsResolver.init(server);
   // API: invitation
   createInvite.init(server, node, {
@@ -367,11 +367,12 @@ module.exports = function createServer(node, serverOptions = {}) {
   server.use(checkRunning);
   // Middleware: check auth
+  server.use(authMiddlewares.checkKyc);
   server.use(authMiddlewares.checkAuth);
   // Block invalid path in reserved prefix
   server.use((req, res, next) => {
-    if ([NODE_SERVICES_PREFIX.AUTH_SERVICE, WELLKNOWN_SERVICE_PATH_PREFIX].some((x) => req.path.startsWith(x))) {
+    if (req.path.startsWith(WELLKNOWN_SERVICE_PATH_PREFIX)) {
       res.status(400).send('Bad request');
       return;
     }

package/api/libs/auth/index.js CHANGED Viewed

@@ -20,11 +20,13 @@ const { verifyIdToken } = require('../../services/oauth');
 /**
  * @typedef {Object} UserProfile
+ * @property {string} provider - The provider of the user profile.
  * @property {string} sub - The subject of the user profile.
  * @property {string} name - The name of the user.
  * @property {string} picture - The picture URL of the user.
  * @property {string} email - The email of the user.
  * @property {boolean} [email_verified] - Indicates if the user's email is verified.
+ * @property {boolean} [is_private_email] - Indicates if the user's email is private relay.
  */
 /**

package/api/libs/auth/utils.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const { getPassportStatusEndpoint, getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const { createPassportVC, upsertToPassports, createUserPassport } = require('@abtnode/auth/lib/passport');
-const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS } = require('@abtnode/constant');
+const { VC_TYPE_NODE_PASSPORT, VC_TYPE_GENERAL_PASSPORT, PASSPORT_STATUS } = require('@abtnode/constant');
 const { getAvatarByEmail, getAvatarByUrl, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const { getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const pick = require('lodash/pick');
@@ -10,6 +10,8 @@ const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { sendToUser } = require('../notification');
+const PASSPORT_VC_TYPES = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
 async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo, revokePassport = false }) {
   if (!fromUser || !toUser) {
     return;
@@ -139,4 +141,5 @@ module.exports = {
   getAvatarByUrl,
   getAvatarByEmail,
   transferPassport,
+  PASSPORT_VC_TYPES,
 };

package/api/libs/connect/session.js CHANGED Viewed

@@ -1,11 +1,12 @@
 // Holds shared logic for session-manager v1 and v2
 const get = require('lodash/get');
+const merge = require('lodash/merge');
+const pick = require('lodash/pick');
 const { joinURL } = require('ufo');
 const formatContext = require('@abtnode/util/lib/format-context');
 const { extractUserAvatar, getAppAvatarUrl } = require('@abtnode/util/lib/user');
 const {
   messages,
-  getVCFromClaims,
   validatePassportStatus,
   getPassportStatusEndpoint,
   getApplicationInfo,
@@ -15,8 +16,6 @@ const {
   NODE_SERVICES,
   ROLES,
   WELLKNOWN_SERVICE_PATH_PREFIX,
-  VC_TYPE_GENERAL_PASSPORT,
-  VC_TYPE_NODE_PASSPORT,
   WHO_CAN_ACCESS,
   WHO_CAN_ACCESS_PREFIX_ROLES,
   MAIN_CHAIN_ENDPOINT,
@@ -33,10 +32,8 @@ const {
   getPassportClaimUrl,
 } = require('@abtnode/auth/lib/passport');
 const { getKeyPairClaim, getAuthPrincipalForMigrateAppToV2 } = require('@abtnode/auth/lib/server');
-const merge = require('lodash/merge');
 const { fromAppDid } = require('@arcblock/did-ext');
 const { LOGIN_PROVIDER, BLOCKLET_APP_SPACE_REQUIREMENT, DID_SPACES } = require('@blocklet/constant');
-const pick = require('lodash/pick');
 const createTranslator = require('@abtnode/util/lib/translate');
 const {
   getRolesFromAuthConfig,
@@ -50,12 +47,11 @@ const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/lo
 const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abtnode/auth/lib/util/spaces');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
-const uniq = require('lodash/uniq');
-const semver = require('semver');
 const logger = require('../logger')('connect');
 const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../../util');
-const { transferPassport } = require('../auth/utils');
+const { transferPassport, PASSPORT_VC_TYPES } = require('../auth/utils');
 const { migrateAccount, declareAccount } = require('../../services/oauth');
+const { getKycClaims, verifyKycClaims, getPassportVc, isProfileUrlSupported, getProfileItems } = require('../kyc');
 const { getTrustedIssuers, getFederatedTrustedIssuers } = require('../../util/blocklet-utils');
 const {
   getUserAvatarUrl,
@@ -66,21 +62,6 @@ const {
 } = require('../../util/federated');
 const { Profile } = require('../../state/profile');
-const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
-const getPassportVc = async ({ blocklet, claims, challenge, locale, sourceAppPid }) => {
-  const trustedIssuers = await getTrustedIssuers(blocklet, { sourceAppPid });
-  const { vc } = await getVCFromClaims({
-    claims,
-    challenge,
-    trustedIssuers,
-    vcTypes,
-    locale,
-  });
-  return vc;
-};
 const getRoleFromVC = async ({ vc, node, locale, blocklet, teamDid, sourceAppPid }) => {
   let role = ROLES.GUEST;
   if (vc) {
@@ -174,40 +155,6 @@ const isDidSpaceRequiredOnConnect = (blocklet, request) => {
   return !!flag;
 };
-/**
- * @description 兼容老的 DID Wallet 版本，不是所有的 DID Wallet 都可以出示 profile url
- * @param {import('../../../types').DidWallet} didWallet
- * @return {boolean}
- */
-function canUseProfileUrl(didWallet) {
-  if (!didWallet) {
-    return false;
-  }
-  const { os, version } = didWallet;
-  const webCanUse = os === 'web' && semver.satisfies(version, '>= 4.13.0');
-  const iosCanUse = os === 'ios' && semver.satisfies(version, '>= 5.6.0');
-  const androidCanUse = os === 'android' && semver.satisfies(version, '>= 5.6.0');
-  return webCanUse || iosCanUse || androidCanUse;
-}
-/**
- * @description
- * @param {string[]} defaultProfileItems
- * @param {import('../../../types').DidWallet} didWallet
- * @return {string[]}
- */
-function getProfileItems(defaultProfileItems, didWallet) {
-  const profileItems = defaultProfileItems.concat(['fullName', 'avatar', 'email']);
-  if (canUseProfileUrl(didWallet)) {
-    profileItems.push('url');
-  }
-  return uniq(profileItems);
-}
 module.exports = {
   login: {
     /**
@@ -226,9 +173,7 @@ module.exports = {
       const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
       const sourceAppPid = getSourceAppPid(request);
-      /** @type {string[]} */
-      const profileItems = getProfileItems(get(config, 'profileFields', []), request.context.didwallet);
+      const profileItems = getProfileItems(blocklet.settings?.session, request.context.didwallet);
       const claims = {
         profile: {
           type: 'profile',
@@ -236,21 +181,37 @@ module.exports = {
           items: profileItems,
         },
       };
-      if (action === 'login') {
-        const [invitedUserOnly] = config ? await isInvitedUserOnly(config, node, teamDid) : [false];
+      const user = await node.getUser({
+        teamDid: blocklet.meta.did,
+        user: {
+          did: userDid,
+        },
+        options: {
+          enableConnectedAccount: true,
+          blockletSk: blockletWallet.secretKey,
+        },
+      });
+      if (action === 'login') {
         const trustedIssuers = await getTrustedIssuers(blocklet, { sourceAppPid });
-        claims.verifiableCredential = {
+        const kycClaims = getKycClaims(blocklet, user, locale, baseUrl, trustedIssuers);
+        Object.assign(claims, kycClaims);
+        // passport claim
+        const [invitedUserOnly] = config ? await isInvitedUserOnly(config, node, teamDid) : [false];
+        const passportClaim = {
           type: 'verifiableCredential',
           description: messages.requestPassport[locale],
-          item: vcTypes,
+          item: PASSPORT_VC_TYPES,
           trustedIssuers,
           optional: !invitedUserOnly,
           claimUrl: getPassportClaimUrl(baseUrl),
         };
         if (passportId) {
-          claims.verifiableCredential.target = passportId;
+          passportClaim.target = passportId;
         }
+        claims.passport = ['verifiableCredential', passportClaim];
         // attach assetOrVC claim when space is required for user
         if (isDidSpaceRequiredOnConnect(blocklet, request)) {
@@ -295,19 +256,9 @@ module.exports = {
         };
       }
-      const user = await node.getUser({
-        teamDid: blocklet.meta.did,
-        user: {
-          did: userDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-          blockletSk: blockletWallet.secretKey,
-        },
-      });
       if (user) {
         // profile url 存在或者 不可以使用 profile，那么就不需要出示 profile 了
-        if (user.url || !canUseProfileUrl(request.context.didwallet)) {
+        if (user.url || !isProfileUrlSupported(request.context.didwallet)) {
           delete claims.profile;
         }
@@ -375,6 +326,9 @@ module.exports = {
       const provider = getLoginProvider(request);
       const masterSite = getFederatedMaster(blocklet);
+      // updates for kyc
+      let kycUpdates = {};
       // Get passport vc
       if (action === 'login') {
         vc = await getPassportVc({
@@ -386,8 +340,19 @@ module.exports = {
         });
         [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(authConfig, node, teamDid);
         if (invitedUserOnly && !vc) {
-          throw new Error(messages.missingCredentialClaim[locale]);
+          throw new Error(messages.missingPassport[locale]);
         }
+        kycUpdates = await verifyKycClaims({
+          node,
+          blocklet,
+          teamDid,
+          claims,
+          challenge,
+          locale,
+          sourceAppPid,
+          user: currentUser,
+        });
       } else if (action === 'exchangePassport') {
         const claim = claims.find((x) => x.type === 'asset');
         const isConnected = await node.isConnectedAccount({ teamDid, did: claim.asset });
@@ -501,6 +466,7 @@ module.exports = {
             lastLoginIp: getRequestIP(request),
             connectedAccount: [connectAccount, connectedNft],
             ...profile,
+            ...kycUpdates,
             avatar: await extractUserAvatar(get(profile, 'avatar'), {
               dataDir: blocklet.env.dataDir,
             }),
@@ -534,6 +500,7 @@ module.exports = {
             lastLoginIp: getRequestIP(request),
             connectedAccount: [connectAccount, connectedNft],
             inviter,
+            ...kycUpdates,
           },
         });
         await node.createAuditLog(
@@ -592,6 +559,8 @@ module.exports = {
                   sourceAppPid: sourceAppPid || masterSite.appPid,
                   inviter: updatedUser.inviter,
                   generation: updatedUser.generation,
+                  emailVerified: updatedUser.emailVerified,
+                  phoneVerified: updatedUser.phoneVerified,
                 },
               ],
             },
@@ -628,6 +597,8 @@ module.exports = {
           // NOTE: token 中存储当前的 login provider
           provider,
           walletOS,
+          emailVerified: updatedUser.emailVerified,
+          phoneVerified: updatedUser.phoneVerified,
         },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(request) }
       );
@@ -737,7 +708,7 @@ module.exports = {
   },
   switchProfile: {
-    onConnect: async ({ node, request, locale, userDid, previousUserDid }) => {
+    onConnect: async ({ node, request, locale, userDid, baseUrl, previousUserDid }) => {
       if (userDid && previousUserDid && userDid !== previousUserDid) {
         throw new Error(messages.userMismatch[locale]);
       }
@@ -747,9 +718,9 @@ module.exports = {
         throw new Error(messages.actionForbidden[locale]);
       }
-      const { did: teamDid } = await request.getBlockletInfo();
+      const blocklet = await request.getBlocklet();
       const user = await node.getUser({
-        teamDid,
+        teamDid: blocklet.appDid,
         user: {
           did: userDid,
         },
@@ -765,19 +736,26 @@ module.exports = {
         throw new Error(messages.notAuthorized[locale]);
       }
-      const profileItems = getProfileItems(get(config, 'profileFields', []), request.context.didwallet);
-      return {
+      const profileItems = getProfileItems(blocklet.settings?.session, request.context.didwallet);
+      const claims = {
         profile: {
           type: 'profile',
           description: messages.description[locale],
           items: profileItems,
         },
       };
+      const sourceAppPid = getSourceAppPid(request);
+      const trustedIssuers = await getTrustedIssuers(blocklet, { sourceAppPid });
+      const kycClaims = getKycClaims(blocklet, user, locale, baseUrl, trustedIssuers);
+      Object.assign(claims, kycClaims);
+      return claims;
     },
-    onApprove: async ({ node, request, locale, profile, userDid }) => {
+    onApprove: async ({ node, request, locale, profile, userDid, challenge, claims }) => {
       const blocklet = await request.getBlocklet();
       const { did: teamDid } = await request.getBlockletInfo();
+      const sourceAppPid = getSourceAppPid(request);
       // check user approved
       const user = await node.getUser({
@@ -801,17 +779,27 @@ module.exports = {
         profile.url = profile.url || '';
       }
+      const kycUpdates = await verifyKycClaims({
+        node,
+        blocklet,
+        teamDid,
+        claims,
+        challenge,
+        locale,
+        sourceAppPid,
+        user,
+      });
       // Update user
       const doc = await node.updateUser({
         teamDid,
         user: {
           ...user,
           ...profile,
+          ...kycUpdates,
           avatar: await extractUserAvatar(get(profile, 'avatar'), {
             dataDir: blocklet.env.dataDir,
           }),
-          // 切换通行证不再更新 locale
-          // locale,
         },
       });
@@ -835,11 +823,12 @@ module.exports = {
         'url',
         'inviter',
         'generation',
+        'emailVerified',
+        'phoneVerified',
       ]);
       if (syncUserData.avatar) {
         syncUserData.avatar = getUserAvatarUrl(syncUserData.avatar, blocklet);
       }
-      const sourceAppPid = getSourceAppPid(request);
       const masterSite = getFederatedMaster(blocklet);
       // NOTICE: 采用异步来更新，不阻塞接口的正常响应
       if (shouldSyncFederated(sourceAppPid, blocklet)) {
@@ -907,7 +896,7 @@ module.exports = {
         verifiableCredential: {
           type: 'verifiableCredential',
           description: messages.requestPassport[locale],
-          item: vcTypes,
+          item: PASSPORT_VC_TYPES,
           trustedIssuers,
           optional: !invitedUserOnly,
           claimUrl: getPassportClaimUrl(baseUrl),
@@ -965,7 +954,7 @@ module.exports = {
         [invitedUserOnly] = await isInvitedUserOnly(authConfig, node, teamDid);
       }
       if (invitedUserOnly && !vc) {
-        throw new Error(messages.missingCredentialClaim[locale]);
+        throw new Error(messages.missingPassport[locale]);
       }
       // Get user passport from vc
@@ -1020,6 +1009,8 @@ module.exports = {
           provider,
           // request.context.store.connectedWallet
           walletOS: request.context.didwallet.os,
+          emailVerified: user.emailVerified,
+          phoneVerified: user.phoneVerified,
         },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(request) }
       );
@@ -1039,7 +1030,7 @@ module.exports = {
         supervised: true,
       };
     },
-    onConnect: async ({ node, request, userDid, locale, componentId, previousUserDid }) => {
+    onConnect: async ({ node, request, userDid, locale, previousUserDid }) => {
       const translations = {
         en: {
           notFound: "Couldn't find account information.",
@@ -1063,7 +1054,6 @@ module.exports = {
         throw new Error(t('alreadyMainAccount', locale, { did: userDid }));
       }
-      const config = await request.getServiceConfig(NODE_SERVICES.AUTH, { componentId });
       const oauthUser = await node.getUser({
         teamDid,
         user: {
@@ -1101,12 +1091,11 @@ module.exports = {
         }
       }
-      const profileFields = get(config, 'profileFields');
       const claims = {
         profile: {
           type: 'profile',
           description: messages.description[locale],
-          items: profileFields || ['fullName', 'avatar'],
+          items: ['fullName', 'avatar'],
         },
       };
@@ -1163,6 +1152,8 @@ module.exports = {
         avatar: bindUser?.avatar,
         inviter: bindUser?.inviter,
         generation: bindUser?.generation,
+        emailVerified: bindUser?.emailVerified,
+        phoneVerified: bindUser?.phoneVerified,
       });
       const currentTime = new Date().toISOString();
@@ -1283,7 +1274,7 @@ module.exports = {
           return {
             type: 'verifiableCredential',
             description: messages.requestPassport[locale],
-            item: vcTypes,
+            item: PASSPORT_VC_TYPES,
             trustedIssuers,
             optional: false,
             claimUrl: getPassportClaimUrl(baseUrl),
@@ -1301,7 +1292,7 @@ module.exports = {
       // Get passport vc
       const vc = await getPassportVc({ blocklet, appId, claims, challenge, locale });
       if (!vc) {
-        throw new Error(messages.missingCredentialClaim[locale]);
+        throw new Error(messages.missingPassport[locale]);
       }
       const role = await getRoleFromVC({ vc, appId, node, locale, blocklet, teamDid });
@@ -1327,6 +1318,4 @@ module.exports = {
   utils: {
     checkAppOwner,
   },
-  canUseProfileUrl,
-  getProfileItems,
 };

package/api/libs/connect/v1.js CHANGED Viewed

@@ -7,7 +7,7 @@ const getBlockletInfo = require('@blocklet/meta/lib/info');
 const WalletHandlers = require('@blocklet/sdk/lib/wallet-handler');
 const { getDelegation } = require('@blocklet/sdk/lib/connect/shared');
 const { sendToUser, sendToRelay } = require('@blocklet/sdk/lib/util/send-notification');
-const { WELLKNOWN_SERVICE_PATH_PREFIX, NODE_SERVICES_PREFIX } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const DynamicStorage = require('@abtnode/connect-storage');
 const { fromPublicKey } = require('@ocap/wallet');
 const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
@@ -118,14 +118,6 @@ module.exports = (node, opts) => {
     },
   };
-  // backward compatible
-  const oldHandler = new WalletHandlers({
-    ...handlerOpts,
-    options: {
-      prefix: `${NODE_SERVICES_PREFIX.AUTH_SERVICE}/api/did`,
-    },
-  });
   const handler = new WalletHandlers({
     ...handlerOpts,
     options: {
@@ -135,6 +127,6 @@ module.exports = (node, opts) => {
   return {
     authenticator,
-    handlers: [handler, oldHandler],
+    handlers: [handler],
   };
 };

package/api/libs/email.js CHANGED Viewed

@@ -12,7 +12,7 @@ const schemaEmail = Joi.string().email().required();
 const validateEmail = schemaEmail.validateAsync.bind(schemaEmail);
-async function sendEmail(receiver, notification, { teamDid, node, locale, unsubscribeToken, userInfo = {} }) {
+async function sendEmail(receiver, notification, { teamDid, node, locale, unsubscribeToken = '', userInfo = {} }) {
   if (!receiver) {
     throw new Error('receiver is required');
   }

package/api/libs/jwt.js CHANGED Viewed

@@ -2,6 +2,7 @@
 const jwt = require('jsonwebtoken');
 const { createAuthToken, messages } = require('@abtnode/auth/lib/auth');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { decodeKycStatus, encodeKycStatus } = require('@blocklet/sdk/lib/util/login');
 const getUser = async (node, teamDid, userDid) => {
   const user = await node.getUserByDid({ teamDid, userDid });
@@ -18,7 +19,18 @@ const initJwt = (node, options) => {
   const createSessionToken = (
     did,
-    { role, secret, passport, expiresIn, tokenType, fullName, provider = LOGIN_PROVIDER.WALLET, walletOS }
+    {
+      role,
+      secret,
+      passport,
+      expiresIn,
+      tokenType,
+      fullName,
+      provider = LOGIN_PROVIDER.WALLET,
+      walletOS,
+      emailVerified = false,
+      phoneVerified = false,
+    }
   ) =>
     createAuthToken({
       did,
@@ -30,6 +42,7 @@ const initJwt = (node, options) => {
       fullName,
       provider,
       walletOS,
+      kyc: encodeKycStatus(emailVerified, phoneVerified),
     });
   const verifySessionToken = (token, secret, { checkFromDb, teamDid, checkToken } = {}) =>
@@ -48,7 +61,7 @@ const initJwt = (node, options) => {
           }
         }
-        const { did, role, passport, fullName, provider = LOGIN_PROVIDER.WALLET, walletOS } = decoded;
+        const { did, role, passport, fullName, provider = LOGIN_PROVIDER.WALLET, walletOS, kyc = 0 } = decoded;
         let user;
         if (!did) {
           return reject(new Error('Invalid jwt token: invalid did'));
@@ -81,8 +94,9 @@ const initJwt = (node, options) => {
           user.passport = passport;
           user.provider = provider;
           user.walletOS = walletOS;
+          user.kyc = encodeKycStatus(user.emailVerified, user.phoneVerified);
         } else {
-          user = { did, role, passport, fullName, provider, walletOS };
+          user = Object.assign({ did, role, passport, fullName, provider, walletOS, kyc }, decodeKycStatus(kyc));
         }
         return resolve(user);