npm - @velocitycareerlabs/server-careerwallet - Versions diffs - 1.25.0-dev-build.12642c864 - Mend

@velocitycareerlabs/server-careerwallet 1.25.0-dev-build.12642c864

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/test/create_did_key-controller.test.js ADDED Viewed

@@ -0,0 +1,397 @@
+const AWS = require('aws-sdk');
+const { ObjectId } = require('mongodb');
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const { hexFromJwk, generateDocJwt } = require('@velocitycareerlabs/jwt');
+const { errorResponseMatcher } = require('@velocitycareerlabs/tests-helpers');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const accountsFactory = require('./factories/accounts-factory');
+const initKeyPairsRepo = require('../src/entities/key-pairs/repos/key-pairs.repo');
+const initAccountsRepo = require('../src/entities/accounts/repos/accounts.repo');
+describe('create_did_key controller test suite', () => {
+  const aliasName = 'alias/my-key-alias';
+  let validBearer;
+  let withoutScopeBearer;
+  let fastify;
+  let keyPairsRepo;
+  let accountRepo;
+  let testClient;
+  let persistAccounts;
+  let privateKey;
+  let accountId;
+  beforeAll(async () => {
+    testClient = new AWS.KMS({
+      credentials: new AWS.Credentials('tests-kei-id', 'tests-key'),
+      region: 'us-west-1',
+      endpoint: 'http://localhost:4566',
+    });
+    const createKeyResponse = await testClient.createKey().promise();
+    const createAliasParams = {
+      AliasName: aliasName,
+      TargetKeyId: createKeyResponse.KeyMetadata.Arn,
+    };
+    await testClient.createAlias(createAliasParams).promise();
+    const { publicKey, privateKey: pk } = generateKeyPair({ format: 'jwk' });
+    privateKey = pk;
+    fastify = await buildFastify({
+      holderAppServerAccessTokenPublicKey: publicKey,
+      holderAppServerAccessTokenSigningKey: hexFromJwk(privateKey),
+      awsRegion: 'us-west-1',
+      awsEndpoint: 'http://localhost:4566',
+      managedAccountsKeyId: aliasName,
+      oauthVerificationDisabledEndpoints: [], // enabled for all endpoints
+    });
+    await fastify.ready();
+    keyPairsRepo = initKeyPairsRepo(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+    accountRepo = initAccountsRepo(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+    ({ persistAccounts } = accountsFactory(fastify));
+    withoutScopeBearer = await generateDocJwt(
+      { scope: 'test', sub: 'abc' },
+      privateKey
+    );
+  });
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    await mongoDb().collection('keyPairs').deleteMany({});
+    await mongoDb().collection('accounts').deleteMany({});
+    const account = await persistAccounts();
+    accountId = account._id;
+    validBearer = await generateDocJwt(
+      { scope: 'key:create test', sub: account._id },
+      privateKey
+    );
+  });
+  afterAll(async () => {
+    await testClient.deleteAlias({ AliasName: aliasName }).promise();
+    await mongoDb().collection('keyPair').deleteMany({});
+    await mongoDb().collection('accounts').deleteMany({});
+    await fastify.close();
+  });
+  it('should return 401 if no bearer token is provided', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+    });
+    expect(response.statusCode).toEqual(401);
+  });
+  it('should return 401 if the bearer token is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      headers: {
+        Authorization: `Bearer ${validBearer}111`,
+      },
+    });
+    expect(response.statusCode).toEqual(401);
+  });
+  it('should return 401 if no scope', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      headers: {
+        Authorization: `Bearer ${withoutScopeBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(403);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        error: 'Forbidden',
+        message: 'User must have one of the following scopes: ["key:create"]',
+        errorCode: 'missing_error_code',
+        statusCode: 403,
+      })
+    );
+  });
+  it('should return 401 if no sub in the payload of access token', async () => {
+    const bearer = await generateDocJwt(
+      { scope: 'key:create test' },
+      privateKey
+    );
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      headers: {
+        Authorization: `Bearer ${bearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(401);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        message: 'invalid authorization header',
+        errorCode: 'missing_error_code',
+        error: 'Unauthorized',
+        statusCode: 401,
+      })
+    );
+  });
+  it('should return 400 if the request body is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {},
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        errorCode: 'request_validation_failed',
+        message: "body must have required property 'crv'",
+        statusCode: 400,
+        error: 'Bad Request',
+      })
+    );
+  });
+  it('should return 400 if the crv is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {
+        crv: 'abc',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        errorCode: 'request_validation_failed',
+        message: 'body/crv must be equal to one of the allowed values',
+        statusCode: 400,
+        error: 'Bad Request',
+      })
+    );
+  });
+  it('should return 400 if account already has crv', async () => {
+    const account = await persistAccounts({
+      didKeyMetadatum: [
+        {
+          didKeyId: 'abc1',
+          didMethod: 'did:jwk',
+          kid: 'kid1',
+          publicJwk: {
+            crv: 'P-256',
+            kty: 'EC',
+            x: 'x',
+            y: 'y',
+          },
+        },
+      ],
+    });
+    const bearer = await generateDocJwt(
+      { scope: 'key:create test', sub: account._id },
+      privateKey
+    );
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {
+        crv: 'P-256',
+        didMethod: 'did:jwk',
+        didKeyId: 'abc1',
+      },
+      headers: {
+        Authorization: `Bearer ${bearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        errorCode: 'account_did_exist',
+        message: 'DID key with crv already exists',
+        statusCode: 400,
+        error: 'Bad Request',
+      })
+    );
+  });
+  it('should create a new did and didKeyMetadatum keys', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {
+        crv: 'P-256',
+        didMethod: 'did:jwk',
+        didKeyId: 'abc1',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.json).toStrictEqual({
+      keyId: expect.any(String),
+      kid: expect.any(String),
+      did: expect.any(String),
+      publicJwk: {
+        crv: 'P-256',
+        kty: 'EC',
+        x: expect.any(String),
+        y: expect.any(String),
+      },
+    });
+    const keyPair = await keyPairsRepo.findOne({
+      filter: {
+        _id: response.json.keyId,
+      },
+    });
+    expect(keyPair).toEqual({
+      _id: new ObjectId(response.json.keyId),
+      encryptedPrivateKey: expect.anything(),
+      publicKey: expect.anything(),
+      createdAt: expect.anything(),
+      updatedAt: expect.anything(),
+    });
+    const decryptResult = await testClient
+      .decrypt({
+        CiphertextBlob: keyPair.encryptedPrivateKey.buffer,
+      })
+      .promise();
+    expect(decryptResult.Plaintext).toBeDefined();
+    const accounts = await accountRepo.findOne({
+      filter: {
+        _id: accountId,
+      },
+    });
+    expect(accounts).toEqual({
+      _id: new ObjectId(accountId),
+      accountType: expect.any(String),
+      createdAt: expect.any(Date),
+      refreshToken: expect.any(String),
+      scope: ['jwt', 'key:create', 'inbox', 'account'],
+      updatedAt: expect.any(Date),
+      didKeyMetadatum: [
+        {
+          ...response.json,
+          keyId: new ObjectId(response.json.keyId),
+        },
+      ],
+    });
+  });
+  it('should create a new did and didKeyMetadatum keys 2', async () => {
+    const response1 = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {
+        crv: 'secp256k1',
+        didMethod: 'did:jwk',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    const response2 = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_did_key',
+      payload: {
+        crv: 'P-256',
+        didMethod: 'did:jwk',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response1.statusCode).toEqual(200);
+    expect(response1.json).toStrictEqual({
+      keyId: expect.any(String),
+      kid: expect.any(String),
+      did: expect.any(String),
+      publicJwk: {
+        crv: 'secp256k1',
+        kty: 'EC',
+        x: expect.any(String),
+        y: expect.any(String),
+      },
+    });
+    expect(response2.statusCode).toEqual(200);
+    expect(response2.json).toStrictEqual({
+      keyId: expect.any(String),
+      kid: expect.any(String),
+      did: expect.any(String),
+      publicJwk: {
+        crv: 'P-256',
+        kty: 'EC',
+        x: expect.any(String),
+        y: expect.any(String),
+      },
+    });
+    const keyPair1 = await keyPairsRepo.findOne({
+      filter: {
+        _id: response1.json.keyId,
+      },
+    });
+    expect(keyPair1).toEqual({
+      _id: new ObjectId(response1.json.keyId),
+      encryptedPrivateKey: expect.anything(),
+      publicKey: expect.anything(),
+      createdAt: expect.anything(),
+      updatedAt: expect.anything(),
+    });
+    const keyPair2 = await keyPairsRepo.findOne({
+      filter: {
+        _id: response2.json.keyId,
+      },
+    });
+    expect(keyPair2).toEqual({
+      _id: new ObjectId(response2.json.keyId),
+      encryptedPrivateKey: expect.anything(),
+      publicKey: expect.anything(),
+      createdAt: expect.anything(),
+      updatedAt: expect.anything(),
+    });
+    const accounts = await accountRepo.findOne({
+      filter: {
+        _id: accountId,
+      },
+    });
+    expect(accounts).toEqual({
+      _id: new ObjectId(accountId),
+      accountType: expect.any(String),
+      createdAt: expect.any(Date),
+      refreshToken: expect.any(String),
+      scope: ['jwt', 'key:create', 'inbox', 'account'],
+      updatedAt: expect.any(Date),
+      didKeyMetadatum: [
+        {
+          ...response1.json,
+          keyId: new ObjectId(response1.json.keyId),
+        },
+        {
+          ...response2.json,
+          keyId: new ObjectId(response2.json.keyId),
+        },
+      ],
+    });
+  });
+});

package/test/create_jwk-controller.test.js ADDED Viewed

@@ -0,0 +1,188 @@
+const AWS = require('aws-sdk');
+const { ObjectId } = require('mongodb');
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const { hexFromJwk, generateDocJwt } = require('@velocitycareerlabs/jwt');
+const { errorResponseMatcher } = require('@velocitycareerlabs/tests-helpers');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const initKeyPairsRepo = require('../src/entities/key-pairs/repos/key-pairs.repo');
+describe('create_jwk controller test suite', () => {
+  const aliasName = 'alias/my-key-alias';
+  let validBearer;
+  let withoutScopeBearer;
+  let fastify;
+  let jwkRepo;
+  let testClient;
+  beforeAll(async () => {
+    testClient = new AWS.KMS({
+      credentials: new AWS.Credentials('tests-kei-id', 'tests-key'),
+      region: 'us-west-1',
+      endpoint: 'http://localhost:4566',
+    });
+    const createKeyResponse = await testClient.createKey().promise();
+    const createAliasParams = {
+      AliasName: aliasName,
+      TargetKeyId: createKeyResponse.KeyMetadata.Arn,
+    };
+    await testClient.createAlias(createAliasParams).promise();
+    const { publicKey, privateKey } = generateKeyPair({ format: 'jwk' });
+    fastify = await buildFastify({
+      holderAppServerAccessTokenPublicKey: publicKey,
+      holderAppServerAccessTokenSigningKey: hexFromJwk(privateKey),
+      awsRegion: 'us-west-1',
+      awsEndpoint: 'http://localhost:4566',
+      managedAccountsKeyId: aliasName,
+      oauthVerificationDisabledEndpoints: [], // enabled for all endpoints
+    });
+    await fastify.ready();
+    jwkRepo = initKeyPairsRepo(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+    validBearer = await generateDocJwt(
+      { scope: 'key:create test', sub: 'abc' },
+      privateKey
+    );
+    withoutScopeBearer = await generateDocJwt(
+      { scope: 'test', sub: 'abc' },
+      privateKey
+    );
+  });
+  beforeEach(async () => {
+    jest.clearAllMocks();
+    await mongoDb().collection('keyPairs').deleteMany({});
+  });
+  afterAll(async () => {
+    await testClient.deleteAlias({ AliasName: aliasName }).promise();
+    await fastify.close();
+  });
+  it('should return 401 if no bearer token is provided', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+    });
+    expect(response.statusCode).toEqual(401);
+  });
+  it('should return 401 if the bearer token is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+      headers: {
+        Authorization: `Bearer ${validBearer}111`,
+      },
+    });
+    expect(response.statusCode).toEqual(401);
+  });
+  it('should return 401 if no scope', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+      headers: {
+        Authorization: `Bearer ${withoutScopeBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(403);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        error: 'Forbidden',
+        message: 'User must have one of the following scopes: ["key:create"]',
+        errorCode: 'missing_error_code',
+        statusCode: 403,
+      })
+    );
+  });
+  it('should return 400 if the request body is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+      payload: {},
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        errorCode: 'request_validation_failed',
+        message: "body must have required property 'crv'",
+        statusCode: 400,
+        error: 'Bad Request',
+      })
+    );
+  });
+  it('should return 400 if the crv is invalid', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+      payload: {
+        crv: 'abc',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(400);
+    expect(response.json).toStrictEqual(
+      errorResponseMatcher({
+        errorCode: 'request_validation_failed',
+        message: 'body/crv must be equal to one of the allowed values',
+        statusCode: 400,
+        error: 'Bad Request',
+      })
+    );
+  });
+  it('should create a new jwk', async () => {
+    const response = await fastify.injectJson({
+      method: 'POST',
+      url: '/api/v0.6/create_jwk',
+      payload: {
+        crv: 'P-256',
+      },
+      headers: {
+        Authorization: `Bearer ${validBearer}`,
+      },
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.json).toStrictEqual({
+      keyId: expect.any(String),
+      jwk: {
+        crv: 'P-256',
+        kty: 'EC',
+        x: expect.any(String),
+        y: expect.any(String),
+      },
+    });
+    const keyPair = await jwkRepo.findOne({
+      filter: {
+        _id: response.json.keyId,
+      },
+    });
+    expect(keyPair).toEqual({
+      _id: new ObjectId(response.json.keyId),
+      encryptedPrivateKey: expect.anything(),
+      publicKey: response.json.jwk,
+      createdAt: expect.anything(),
+      updatedAt: expect.anything(),
+    });
+    const decryptResult = await testClient
+      .decrypt({
+        CiphertextBlob: keyPair.encryptedPrivateKey.buffer,
+      })
+      .promise();
+    expect(decryptResult.Plaintext).toBeDefined();
+  });
+});

package/test/credential-categories-controller.test.js ADDED Viewed

@@ -0,0 +1,29 @@
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+describe('Credential categories', () => {
+  let fastify;
+  beforeAll(async () => {
+    fastify = buildFastify();
+    await fastify.ready();
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  it('should return credential categories', async () => {
+    const response = await fastify.injectJson({
+      method: 'GET',
+      url: 'api/v0.6/credential-categories',
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.headers).toMatchObject({
+      'content-type': 'application/json; charset=utf-8',
+    });
+    expect(response.json).toEqual(
+      require('../src/assets/credentialCategories.json')
+    );
+  });
+});

package/test/credential-icons-controller.test.js ADDED Viewed

@@ -0,0 +1,36 @@
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+describe('Credential Icons', () => {
+  let fastify;
+  beforeAll(async () => {
+    fastify = buildFastify();
+    await fastify.ready();
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  it('should return 404 if unknown category', async () => {
+    const response = await fastify.inject({
+      method: 'GET',
+      url: 'category-icons/doesnt-exist.png',
+    });
+    expect(response.statusCode).toEqual(404);
+  });
+  it('should return category icons', async () => {
+    const response = await fastify.inject({
+      method: 'GET',
+      url: 'category-icons/employment.png',
+    });
+    expect(response.statusCode).toEqual(200);
+    expect(response.headers).toMatchObject({
+      'content-type': 'image/png',
+    });
+    expect(response.rawPayload).toHaveLength(1194);
+  });
+});