npm - @raytio/core - Versions diffs - 9.0.1 → 9.0.2 - Mend

@raytio/core 9.0.1 → 9.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -25,6 +25,7 @@ If you wish to use `@raytio/core` directly, an example of configuring polyfills
 - [calcSafeHarbourScore](#calcsafeharbourscore)
 - [calculateScore](#calculatescore)
+- [checkJsonSignature](#checkjsonsignature)
 - [cleanInstance](#cleaninstance)
 - [convertInstanceToRuleInput](#convertinstancetoruleinput)
 - [createAA](#createaa)
@@ -112,6 +113,27 @@ Might throw an error.
 ___
+### checkJsonSignature
+▸ `Const` **checkJsonSignature**(`data`, `signature`): `Promise`<`boolean`\>
+checks that a json object was signed by the provided signature. Unless you're
+dealing with bundled verifications, you should use `getOwnRealVerifications`
+or `getSomeoneElsesRealVerifications` instead.
+#### Parameters
+| Name | Type |
+| :------ | :------ |
+| `data` | `unknown` |
+| `signature` | `string` |
+#### Returns
+`Promise`<`boolean`\>
+___
 ### cleanInstance
 ▸ **cleanInstance**(`instance`): `Instance`

package/dist/rules/convertInstanceToRuleInput.js CHANGED Viewed

@@ -72,10 +72,9 @@ const convertInstanceToRuleInput = async (instance, realVers, getSchema) => {
                 memberFieldNames.includes(x.fieldName) &&
                 x.provider.verifierNId)) === null || _a === void 0 ? void 0 : _a.map(v => v.provider.verifierNId).filter((val) => !!val));
             const values = Object.fromEntries(members);
-            // TODO: better system
-            const dayFieldName = memberFieldNames.find(f => f.includes("day"));
-            const monthFieldName = memberFieldNames.find(f => f.includes("month"));
-            const yearFieldName = memberFieldNames.find(f => f.includes("year"));
+            const dayFieldName = memberFieldNames.find(f => { var _a; return (_a = schema.properties[f].tags) === null || _a === void 0 ? void 0 : _a.includes("date_component:day"); });
+            const monthFieldName = memberFieldNames.find(f => { var _a; return (_a = schema.properties[f].tags) === null || _a === void 0 ? void 0 : _a.includes("date_component:month"); });
+            const yearFieldName = memberFieldNames.find(f => { var _a; return (_a = schema.properties[f].tags) === null || _a === void 0 ? void 0 : _a.includes("date_component:year"); });
             if (!dayFieldName || !monthFieldName || !yearFieldName) {
                 throw new Error("Failed to infer date component field");
             }

package/dist/verifications/index.js CHANGED Viewed

@@ -10,7 +10,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-// not exporting checkVerifications; it's not a public API
 __exportStar(require("./cleanInstance"), exports);
 __exportStar(require("./getPOVerification"), exports);
 __exportStar(require("./verifyCheck"), exports);

package/dist/verifications/verifyCheck/getSomeoneElsesRealVerifications.d.ts CHANGED Viewed

@@ -5,13 +5,6 @@ declare type Props = {
     verifications: Verification[];
     profileObjects: ProfileObject[];
     controller?: AbortController;
-    /**
-     * do NOT use this option. If the value of a field
-     * equals the value of this prop, that field will be treated
-     * as verified, even if the API says it's not verified. See
-     * #614 for context. @deprecated
-     */
-    UNSAFE_treatNoValueAsVerified?: string;
 };
 /**
  * Given a list of verifications and decrypted profile objects, this function calls
@@ -22,5 +15,5 @@ declare type Props = {
  *
  * @returns a list of fileNames/values that are verified.
  */
-export declare const getSomeoneElsesRealVerifications: ({ aId, apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }: Props) => Promise<RealVer[]>;
+export declare const getSomeoneElsesRealVerifications: ({ aId, apiUrl, verifications, profileObjects, controller, }: Props) => Promise<RealVer[]>;
 export {};

package/dist/verifications/verifyCheck/getSomeoneElsesRealVerifications.js CHANGED Viewed

@@ -17,7 +17,7 @@ POs.map(x => { var _a; return (_a = x.properties) === null || _a === void 0 ? vo
  *
  * @returns a list of fileNames/values that are verified.
  */
-const getSomeoneElsesRealVerifications = async ({ aId, apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }) => {
+const getSomeoneElsesRealVerifications = async ({ aId, apiUrl, verifications, profileObjects, controller, }) => {
     // for each verification (including passed: false), create a list of every possible that
     // value that that verification might have been for. Flatten the list
     // and send the whole thing to the API.
@@ -46,12 +46,7 @@ const getSomeoneElsesRealVerifications = async ({ aId, apiUrl, verifications, pr
     // do NOT expose the `verified` prop from the /verify_check API to avoid semantic confusion,
     // since verified: true does not mean that the verification is verified!
     const realVers = apiResponse
-        .filter(x => x.verified ||
-        // if UNSAFE_treatNoValueAsVerified is enabled, and we don't know the value of this field,
-        // treat is as verified if the `passed` property is true (this is NOT a safe check).
-        (!!UNSAFE_treatNoValueAsVerified &&
-            x.data.value === UNSAFE_treatNoValueAsVerified &&
-            x.data.passed))
+        .filter(x => x.verified)
         .map(({ signature, data, n_id: nID, valid_until }) => ({
         fieldName: data.field,
         value: data.value,

package/dist/verifications/verifyCheck/index.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from "./getOwnRealVerifications";
 export * from "./getSomeoneElsesRealVerifications";
+export { checkJsonSignature } from "./operations";

package/dist/verifications/verifyCheck/index.js CHANGED Viewed

@@ -10,5 +10,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkJsonSignature = void 0;
 __exportStar(require("./getOwnRealVerifications"), exports);
 __exportStar(require("./getSomeoneElsesRealVerifications"), exports);
+var operations_1 = require("./operations");
+Object.defineProperty(exports, "checkJsonSignature", { enumerable: true, get: function () { return operations_1.checkJsonSignature; } });

package/dist/verifications/verifyCheck/operations/checkOwnVerification.d.ts CHANGED Viewed

@@ -5,5 +5,11 @@ declare type SingleVerToCheck = {
     userId: UId;
     value: unknown;
 };
+/**
+ * checks that a json object was signed by the provided signature. Unless you're
+ * dealing with bundled verifications, you should use `getOwnRealVerifications`
+ * or `getSomeoneElsesRealVerifications` instead.
+ */
+export declare const checkJsonSignature: (data: unknown, signature: string) => Promise<boolean>;
 export declare const checkOwnVerification: ({ verObject, signature, userId, value, }: SingleVerToCheck) => Promise<boolean>;
 export {};

package/dist/verifications/verifyCheck/operations/checkOwnVerification.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkOwnVerification = exports.checkSignature = void 0;
+exports.checkOwnVerification = exports.checkJsonSignature = exports.checkSignature = void 0;
 const util_1 = require("../../../util");
 let cache; // eslint-disable-line fp/no-let
 const base64ToArrayBuffer = (str) => Uint8Array.from(atob(str), c => c.charCodeAt(0));
@@ -19,13 +19,21 @@ async function checkSignature(publicCryptoKey, signature, data) {
     return isVerified;
 }
 exports.checkSignature = checkSignature;
-const checkOwnVerification = async ({ verObject, signature, userId, value, }) => {
+/**
+ * checks that a json object was signed by the provided signature. Unless you're
+ * dealing with bundled verifications, you should use `getOwnRealVerifications`
+ * or `getSomeoneElsesRealVerifications` instead.
+ */
+const checkJsonSignature = async (data, signature) => {
     const jwk = await getJwk();
-    if (!userId)
-        throw new Error("No userId supplied");
-    const exapandedObject = Object.assign(Object.assign({}, verObject), { sub: userId, value });
-    const stringified = (0, util_1.canonicalJsonify)(exapandedObject);
+    const stringified = (0, util_1.canonicalJsonify)(data);
     const result = await checkSignature(jwk, signature, stringified);
     return result;
 };
+exports.checkJsonSignature = checkJsonSignature;
+const checkOwnVerification = async ({ verObject, signature, userId, value, }) => {
+    if (!userId)
+        throw new Error("No userId supplied");
+    return (0, exports.checkJsonSignature)(Object.assign(Object.assign({}, verObject), { sub: userId, value }), signature);
+};
 exports.checkOwnVerification = checkOwnVerification;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@raytio/core",
-  "version": "9.0.1",
+  "version": "9.0.2",
   "license": "MIT",
   "main": "index",
   "types": "index",
@@ -21,7 +21,7 @@
   },
   "devDependencies": {
     "@types/ramda": "0.27.64",
-    "jest": "27.4.7",
+    "jest": "27.5.1",
     "localstorage-polyfill": "1.0.1",
     "ts-jest": "27.1.3"
   },