@dxos/client-services 0.6.13-main.ed424a1 → 0.6.13

package/src/packlets/identity/{authenticator.node.test.ts → authenticator.test.ts}

@@ -2,13 +2,14 @@
 // Copyright 2022 DXOS.org
 //
 
-import { describe, expect, test } from 'vitest';
+import expect from 'expect';
 
 import { Event } from '@dxos/async';
 import { createCredentialSignerWithKey } from '@dxos/credentials';
 import { invariant } from '@dxos/invariant';
 import { Keyring } from '@dxos/keyring';
 import { PublicKey } from '@dxos/keys';
+import { describe, test } from '@dxos/test';
 import { ComplexSet } from '@dxos/util';
 
 import { createAuthProvider, TrustedKeySetAuthVerifier } from './authenticator';
@@ -29,5 +30,5 @@ describe('identity/authenticator', () => {
     const credential = await authProvider(nonce);
     invariant(credential);
     expect(await authVerifier.verifier(nonce, credential)).toBeTruthy();
-  });
+  }).onlyEnvironments('nodejs');
 });

package/src/packlets/identity/authenticator.ts

@@ -67,7 +67,7 @@ export class TrustedKeySetAuthVerifier {
       }
 
       if (this._isTrustedKey(credential.issuer)) {
-        log('key is trusted -- auth success', { key: credential.issuer });
+        log('key is not currently in trusted set, waiting...', { key: credential.issuer });
         return true;
       }
 
@@ -81,10 +81,7 @@ export class TrustedKeySetAuthVerifier {
           log('auth success', { key: credential.issuer });
           trigger.wake(true);
         } else {
-          log('key is not currently in trusted set, waiting...', {
-            key: credential.issuer,
-            trusted: [...this._params.trustedKeysProvider()],
-          });
+          log('key is not currently in trusted set, waiting...', { key: credential.issuer });
         }
       });
 

package/src/packlets/identity/contacts-service.ts

@@ -5,7 +5,7 @@
 import { EventSubscriptions, scheduleTask, UpdateScheduler } from '@dxos/async';
 import { Stream } from '@dxos/codec-protobuf';
 import { type MemberInfo } from '@dxos/credentials';
-import { type SpaceManager } from '@dxos/echo-pipeline';
+import type { SpaceManager } from '@dxos/echo-pipeline';
 import { PublicKey } from '@dxos/keys';
 import { type Contact, type ContactBook, type ContactsService } from '@dxos/protocols/proto/dxos/client/services';
 import { ComplexMap, ComplexSet } from '@dxos/util';

package/src/packlets/identity/identity-manager.test.ts

@@ -2,7 +2,7 @@
 // Copyright 2022 DXOS.org
 //
 
-import { describe, expect, test, onTestFinished } from 'vitest';
+import { expect } from 'chai';
 
 import { Context } from '@dxos/context';
 import { valueEncoding, MetadataStore, SpaceManager, AuthStatus } from '@dxos/echo-pipeline';
@@ -13,6 +13,7 @@ import { MemoryTransportFactory, SwarmNetworkManager } from '@dxos/network-manag
 import type { FeedMessage } from '@dxos/protocols/proto/dxos/echo/feed';
 import { createStorage, type Storage, StorageType } from '@dxos/random-access-storage';
 import { BlobStore } from '@dxos/teleport-extension-object-sync';
+import { describe, test, afterTest } from '@dxos/test';
 
 import { IdentityManager } from './identity-manager';
 
@@ -38,7 +39,7 @@ describe('identity/identity-manager', () => {
       }),
     });
 
-    onTestFinished(() => feedStore.close());
+    afterTest(() => feedStore.close());
 
     const networkManager = new SwarmNetworkManager({
       signalManager: new MemorySignalManager(signalContext),
@@ -50,10 +51,9 @@ describe('identity/identity-manager', () => {
       blobStore,
       metadataStore,
     });
-    const identityManager = new IdentityManager({ metadataStore, keyring, feedStore, spaceManager });
+    const identityManager = new IdentityManager(metadataStore, keyring, feedStore, spaceManager);
 
     return {
-      networkManager,
       metadataStore,
       identityManager,
       feedStore,
@@ -64,7 +64,7 @@ describe('identity/identity-manager', () => {
   test('creates identity', async () => {
     const { identityManager } = await setupPeer();
     await identityManager.open(new Context());
-    onTestFinished(() => identityManager.close());
+    afterTest(() => identityManager.close());
 
     const identity = await identityManager.createIdentity();
     expect(identity).to.exist;
@@ -95,7 +95,7 @@ describe('identity/identity-manager', () => {
   test('update profile', async () => {
     const { identityManager } = await setupPeer();
     await identityManager.open(new Context());
-    onTestFinished(() => identityManager.close());
+    afterTest(() => identityManager.close());
 
     const identity = await identityManager.createIdentity();
     expect(identity.profileDocument?.displayName).to.be.undefined;
@@ -108,11 +108,6 @@ describe('identity/identity-manager', () => {
 
     const peer1 = await setupPeer({ signalContext });
     const identity1 = await peer1.identityManager.createIdentity();
-    peer1.networkManager.setPeerInfo({
-      peerKey: identity1.deviceKey.toHex(),
-      identityKey: identity1.identityKey.toHex(),
-    });
-    await identity1.joinNetwork();
 
     const peer2 = await setupPeer({ signalContext });
 
@@ -120,38 +115,28 @@ describe('identity/identity-manager', () => {
     const controlFeedKey = await peer2.keyring.createKey();
     const dataFeedKey = await peer2.keyring.createKey();
 
-    const credential = await identity1.getIdentityCredentialSigner().createCredential({
-      subject: deviceKey,
-      assertion: {
-        '@type': 'dxos.halo.credentials.AuthorizedDevice',
-        identityKey: identity1.identityKey,
-        deviceKey,
-      },
-    });
-
     await identity1.controlPipeline.writer.write({
       credential: {
-        credential,
+        credential: await identity1.getIdentityCredentialSigner().createCredential({
+          subject: deviceKey,
+          assertion: {
+            '@type': 'dxos.halo.credentials.AuthorizedDevice',
+            identityKey: identity1.identityKey,
+            deviceKey,
+          },
+        }),
       },
     });
 
-    const { identity: identity2, identityRecord } = await peer2.identityManager.prepareIdentity({
+    // Identity2 is not yet ready at this point. Peer1 needs to admit peer2 device key and feed keys.
+    const identity2 = await peer2.identityManager.acceptIdentity({
       identityKey: identity1.identityKey,
       deviceKey,
       haloSpaceKey: identity1.haloSpaceKey,
       haloGenesisFeedKey: identity1.haloGenesisFeedKey,
       controlFeedKey,
       dataFeedKey,
-      authorizedDeviceCredential: credential,
-    });
-    peer2.networkManager.setPeerInfo({
-      peerKey: identity2.deviceKey.toHex(),
-      identityKey: identity2.identityKey.toHex(),
     });
-    await identity2.joinNetwork();
-
-    // Identity2 is not yet ready at this point. Peer1 needs to admit peer2 device key and feed keys.
-    await peer2.identityManager.acceptIdentity(identity2, identityRecord);
 
     // TODO(dmaretskyi): We'd also need to admit device2's feeds otherwise messages from them won't be processed by the pipeline.
     // This would mean that peer2 has replicated it's device credential chain from peer1 and is ready to issue credentials.

package/src/packlets/identity/identity-manager.ts

@@ -7,7 +7,6 @@ import { Event } from '@dxos/async';
 import { Context } from '@dxos/context';
 import { createCredentialSignerWithKey, CredentialGenerator } from '@dxos/credentials';
 import { type MetadataStore, type SpaceManager, type SwarmIdentity } from '@dxos/echo-pipeline';
-import { type EdgeConnection } from '@dxos/edge-client';
 import { type FeedStore } from '@dxos/feed-store';
 import { invariant } from '@dxos/invariant';
 import { type Keyring } from '@dxos/keyring';
@@ -15,7 +14,6 @@ import { PublicKey } from '@dxos/keys';
 import { log } from '@dxos/log';
 import { trace } from '@dxos/protocols';
 import { Device, DeviceKind } from '@dxos/protocols/proto/dxos/client/services';
-import { type Runtime } from '@dxos/protocols/proto/dxos/config';
 import { type FeedMessage } from '@dxos/protocols/proto/dxos/echo/feed';
 import { type IdentityRecord, type SpaceMetadata } from '@dxos/protocols/proto/dxos/echo/metadata';
 import {
@@ -23,7 +21,6 @@ import {
   type DeviceProfileDocument,
   DeviceType,
   type ProfileDocument,
-  type Credential,
 } from '@dxos/protocols/proto/dxos/halo/credentials';
 import { Gossip, Presence } from '@dxos/teleport-extension-gossip';
 import { Timeframe } from '@dxos/timeframe';
@@ -50,7 +47,6 @@ export type JoinIdentityParams = {
   haloGenesisFeedKey: PublicKey;
   controlFeedKey: PublicKey;
   dataFeedKey: PublicKey;
-  authorizedDeviceCredential: Credential;
 
   /**
    * Latest known timeframe for the control pipeline.
@@ -67,13 +63,7 @@ export type CreateIdentityOptions = {
   deviceProfile?: DeviceProfileDocument;
 };
 
-export type IdentityManagerParams = {
-  metadataStore: MetadataStore;
-  keyring: Keyring;
-  feedStore: FeedStore<FeedMessage>;
-  spaceManager: SpaceManager;
-  edgeConnection?: EdgeConnection;
-  edgeFeatures?: Runtime.Client.EdgeFeatures;
+export type IdentityManagerRuntimeParams = {
   devicePresenceAnnounceInterval?: number;
   devicePresenceOfflineTimeout?: number;
 };
@@ -83,27 +73,28 @@ export type IdentityManagerParams = {
 export class IdentityManager {
   readonly stateUpdate = new Event();
 
-  private readonly _metadataStore: MetadataStore;
-  private readonly _keyring: Keyring;
-  private readonly _feedStore: FeedStore<FeedMessage>;
-  private readonly _spaceManager: SpaceManager;
+  private _identity?: Identity;
   private readonly _devicePresenceAnnounceInterval: number;
   private readonly _devicePresenceOfflineTimeout: number;
-  private readonly _edgeConnection: EdgeConnection | undefined;
-  private readonly _edgeFeatures: Runtime.Client.EdgeFeatures | undefined;
-
-  private _identity?: Identity;
 
+  // TODO(burdon): IdentityManagerParams.
   // TODO(dmaretskyi): Perhaps this should take/generate the peerKey outside of an initialized identity.
-  constructor(params: IdentityManagerParams) {
-    this._metadataStore = params.metadataStore;
-    this._keyring = params.keyring;
-    this._feedStore = params.feedStore;
-    this._spaceManager = params.spaceManager;
-    this._edgeConnection = params.edgeConnection;
-    this._edgeFeatures = params.edgeFeatures;
-    this._devicePresenceAnnounceInterval = params.devicePresenceAnnounceInterval ?? DEVICE_PRESENCE_ANNOUNCE_INTERVAL;
-    this._devicePresenceOfflineTimeout = params.devicePresenceOfflineTimeout ?? DEVICE_PRESENCE_OFFLINE_TIMEOUT;
+  constructor(
+    private readonly _metadataStore: MetadataStore,
+    private readonly _keyring: Keyring,
+    private readonly _feedStore: FeedStore<FeedMessage>,
+    private readonly _spaceManager: SpaceManager,
+    params?: IdentityManagerRuntimeParams,
+    private readonly _callbacks?: {
+      onIdentityConstruction?: (identity: Identity) => void;
+    },
+  ) {
+    const {
+      devicePresenceAnnounceInterval = DEVICE_PRESENCE_ANNOUNCE_INTERVAL,
+      devicePresenceOfflineTimeout = DEVICE_PRESENCE_OFFLINE_TIMEOUT,
+    } = params ?? {};
+    this._devicePresenceAnnounceInterval = devicePresenceAnnounceInterval;
+    this._devicePresenceOfflineTimeout = devicePresenceOfflineTimeout;
   }
 
   get identity() {
@@ -193,6 +184,10 @@ export class IdentityManager {
       }
     }
 
+    // TODO(burdon): ???
+    // await this._keyring.deleteKey(identityRecord.identity_key);
+    // await this._keyring.deleteKey(identityRecord.halo_space.space_key);
+
     await this._metadataStore.setIdentityRecord(identityRecord);
     this._identity = identity;
     await this._identity.ready();
@@ -207,7 +202,6 @@ export class IdentityManager {
       deviceKey: identity.deviceKey,
       profile: identity.profileDocument,
     });
-
     return identity;
   }
 
@@ -238,9 +232,9 @@ export class IdentityManager {
   }
 
   /**
-   * Prepare an identity object as the first step of acceptIdentity flow.
+   * Accept an existing identity. Expects its device key to be authorized (now or later).
    */
-  async prepareIdentity(params: JoinIdentityParams) {
+  async acceptIdentity(params: JoinIdentityParams) {
     log('accepting identity', { params });
     invariant(!this._identity, 'Identity already exists.');
 
@@ -255,33 +249,24 @@ export class IdentityManager {
         controlTimeframe: params.controlTimeframe,
       },
     };
+
     const identity = await this._constructIdentity(identityRecord);
     await identity.open(new Context());
-    return { identity, identityRecord };
-  }
-
-  /**
-   * Accept an existing identity. Expects its device key to be authorized (now or later).
-   */
-  public async acceptIdentity(identity: Identity, identityRecord: IdentityRecord, profile?: DeviceProfileDocument) {
     this._identity = identity;
-
-    // Identity becomes ready after device chain is replicated. Wait for it before storing the record.
-    await this._identity.ready();
     await this._metadataStore.setIdentityRecord(identityRecord);
-
+    await this._identity.ready();
     log.trace('dxos.halo.identity', {
-      identityKey: this._identity!.identityKey,
+      identityKey: identityRecord.identityKey,
       displayName: this._identity.profileDocument?.displayName,
     });
 
     await this.updateDeviceProfile({
       ...this.createDefaultDeviceProfile(),
-      ...profile,
+      ...params.deviceProfile,
     });
     this.stateUpdate.emit();
-
     log('accepted identity', { identityKey: identity.identityKey, deviceKey: identity.deviceKey });
+    return identity;
   }
 
   /**
@@ -375,10 +360,9 @@ export class IdentityManager {
       signer: this._keyring,
       identityKey: identityRecord.identityKey,
       deviceKey: identityRecord.deviceKey,
-      edgeConnection: this._edgeConnection,
-      edgeFeatures: this._edgeFeatures,
     });
     log('done', { identityKey: identityRecord.identityKey });
+    this._callbacks?.onIdentityConstruction?.(identity);
 
     // TODO(mykola): Set new timeframe on a write to a feed.
     if (identityRecord.haloSpace.controlTimeframe) {

package/src/packlets/identity/identity-service.test.ts

@@ -2,17 +2,21 @@
 // Copyright 2023 DXOS.org
 //
 
-import { afterEach, onTestFinished, beforeEach, describe, expect, test } from 'vitest';
+import chai, { expect } from 'chai';
+import chaiAsPromised from 'chai-as-promised';
 
 import { Trigger } from '@dxos/async';
 import { Context } from '@dxos/context';
 import { PublicKey } from '@dxos/keys';
 import { type Identity, type IdentityService } from '@dxos/protocols/proto/dxos/client/services';
+import { afterEach, afterTest, beforeEach, describe, test } from '@dxos/test';
 
 import { IdentityServiceImpl } from './identity-service';
 import { type ServiceContext } from '../services';
 import { createServiceContext } from '../testing';
 
+chai.use(chaiAsPromised);
+
 describe('IdentityService', () => {
   let serviceContext: ServiceContext;
   let identityService: IdentityService;
@@ -45,7 +49,7 @@ describe('IdentityService', () => {
 
     test('fails to create identity if one already exists', async () => {
       await identityService.createIdentity({});
-      await expect(identityService.createIdentity({})).rejects.toThrowError('Identity already exists');
+      await expect(identityService.createIdentity({})).to.be.rejectedWith('Identity already exists');
     });
   });
 
@@ -68,7 +72,7 @@ describe('IdentityService', () => {
       query.subscribe(({ identity }) => {
         result.wake(identity);
       });
-      onTestFinished(() => query.close());
+      afterTest(() => query.close());
       expect(await result.wait()).to.be.undefined;
     });
 
@@ -78,7 +82,7 @@ describe('IdentityService', () => {
       query.subscribe(({ identity }) => {
         result.wake(identity);
       });
-      onTestFinished(() => query.close());
+      afterTest(() => query.close());
       expect(await result.wait()).to.be.undefined;
 
       result = new Trigger<Identity | undefined>();