@velocitycareerlabs/server-webwallet 1.25.0-dev-build.12642c864

package/test/accounts-controller.test.js

@@ -0,0 +1,618 @@
+const usersDid = 'did:example:123';
+const mockGenerateDidJwk = jest.fn().mockResolvedValue(
+  new Promise((resolve) => {
+    resolve({
+      did: usersDid,
+      publicJwk: {},
+      kid: '',
+      keyId: '',
+    });
+  })
+);
+
+jest.mock('@velocitycareerlabs/vnf-nodejs-wallet-sdk', () => {
+  const originalModule = jest.requireActual(
+    '@velocitycareerlabs/vnf-nodejs-wallet-sdk'
+  );
+  return {
+    ...originalModule,
+    VCLProvider: {
+      getInstance: jest.fn().mockReturnValue({
+        initialize: jest.fn().mockResolvedValue(null),
+        generateDidJwk: mockGenerateDidJwk,
+      }),
+    },
+  };
+});
+
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const nock = require('nock');
+const { merge } = require('lodash/fp');
+const { errorResponseMatcher } = require('@velocitycareerlabs/tests-helpers');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const { generateDocJwt } = require('@velocitycareerlabs/jwt/src/docs');
+const { ObjectId } = require('mongodb');
+const buildFastify = require('./helpers/webwallet-build-fastify');
+const { WebWalletServerError } = require('../src/errors/error-codes');
+const { nockTestPersonas } = require('./helpers/nock-test-personas');
+
+const idToken =
+  // eslint-disable-next-line max-len
+  'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IktFWSJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0LyIsImF1ZCI6ImZvbyIsInNjb3BlIjoicmVhZDp1c2VycyJ9.VwIIUqx9T-AxqbfL_FyNRAeOxTwiC2JpcwtrqnEWN3DdF07ijUkF1WYy8Ahfr_p4R3KnoPbiefZnIbVANCt-lt0ej32rfil2yHhQEsvFxSOjcrx6ARmPp0YAfWlN-5Sotzkxy29jaOZMEDkmRFZg3jkdC7wosPW_S6M-olC4g3HHfylpZI8O3Jdd87Qr9wD_QtUzANwnPbl2Q-9NEyxVjAZIWg_HWK9JAAaf_2IY5VwHBvyp0oeQSEHKi4hogcM59EOc4FxdR5WH45B_PenVa6W4mHFBkH8sAXxt2Zs9s2efujkfWYfyXvgL_lN7vT-TEADlAPP2L6CpWpDISOMsQWUSgGHcN_KwRh_E7qJwahR6mv4QHY6ReEoyjkmSS3swrD1l74jNs7QLAdsMywvzCMDsHabs7DYcEMGQBdP14PJ_ucLFnkivZeBDAc6sS445ocbyrpyO40XMaMorD5khRd9ej89SxR7d_v0W6Ne2Nn4XgW3pAZzu5Rdc4JvqfzLFxkp95jxy1MTAddjWISPmNOYYyXHM9SSqSpqVECOFS0f4z2zycHRqXUcOytWrvED6VGo9x7-IVCgu8vFzj0zToIWQmsDs3UoH9RnV12z0PMwGXQzca1lT_zGwJxBF3e4zJjmcJ05OMF2JgZ2_G48O3M4Dtb0jlgWbKLd0kWlIFzQ';
+
+const auth0Token =
+  // eslint-disable-next-line max-len
+  'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IktFWSJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0LyIsImF1ZCI6ImZvbyIsInNjb3BlIjoicmVhZDp1c2VycyJ9.VwIIUqx9T-AxqbfL_FyNRAeOxTwiC2JpcwtrqnEWN3DdF07ijUkF1WYy8Ahfr_p4R3KnoPbiefZnIbVANCt-lt0ej32rfil2yHhQEsvFxSOjcrx6ARmPp0YAfWlN-5Sotzkxy29jaOZMEDkmRFZg3jkdC7wosPW_S6M-olC4g3HHfylpZI8O3Jdd87Qr9wD_QtUzANwnPbl2Q-9NEyxVjAZIWg_HWK9JAAaf_2IY5VwHBvyp0oeQSEHKi4hogcM59EOc4FxdR5WH45B_PenVa6W4mHFBkH8sAXxt2Zs9s2efujkfWYfyXvgL_lN7vT-TEADlAPP2L6CpWpDISOMsQWUSgGHcN_KwRh_E7qJwahR6mv4QHY6ReEoyjkmSS3swrD1l74jNs7QLAdsMywvzCMDsHabs7DYcEMGQBdP14PJ_ucLFnkivZeBDAc6sS445ocbyrpyO40XMaMorD5khRd9ej89SxR7d_v0W6Ne2Nn4XgW3pAZzu5Rdc4JvqfzLFxkp95jxy1MTAddjWISPmNOYYyXHM9SSqSpqVECOFS0f4z2zycHRqXUcOytWrvED6VGo9x7-IVCgu8vFzj0zToIWQmsDs3UoH9RnV12z0PMwGXQzca1lT_zGwJxBF3e4zJjmcJ05OMF2JgZ2_G48O3M4Dtb0jlgWbKLd0kWlIFzQ;';
+
+const auth0userId = '1234567890';
+describe('Test accounts controller', () => {
+  let fastify;
+
+  beforeAll(async () => {
+    fastify = buildFastify();
+    nock('https://localhost/').get('/.well-known/jwks.json').reply(200, jwks);
+    await fastify.ready();
+  });
+
+  beforeEach(async () => {
+    await mongoDb().collection('accounts').deleteMany({});
+    await mongoDb().collection('credentials').deleteMany({});
+    jest.clearAllMocks();
+  });
+
+  afterEach(async () => {
+    nock.cleanAll();
+  });
+
+  afterAll(async () => {
+    nock.restore();
+    await fastify.close();
+  });
+
+  describe('POST /accounts - create or retrieve account', () => {
+    it('should create an account', async () => {
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify);
+
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+        },
+      });
+
+      expect(response.statusCode).toBe(200);
+
+      expect(response.json).toEqual({
+        account: {
+          accountType: 'temp',
+          careerWalletAccountId: 'careerwallet-account-id',
+          createdAt: expect.any(String),
+          did: usersDid,
+          id: expect.any(String),
+          updatedAt: expect.any(String),
+          userId: auth0userId,
+          verificationInfo: {
+            createAccountMessageDisplayed: false,
+          },
+        },
+      });
+      expect(accountsNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([
+        [
+          {
+            signatureAlgorithm: 'P-256',
+            remoteCryptoServicesToken: 'fooAccessToken',
+          },
+        ],
+      ]);
+      const dbCredentials = await mongoDb()
+        .collection('credentials')
+        .find()
+        .toArray();
+      expect(dbCredentials).toEqual([]);
+    });
+
+    it('should return an existing account and call generateDidJwk if did key is missing', async () => {
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify);
+
+      const firstResponse = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+        },
+      });
+
+      const secondResponse = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+        },
+      });
+
+      expect(firstResponse.json).toEqual(secondResponse.json);
+
+      expect(accountsNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([
+        [
+          {
+            signatureAlgorithm: 'P-256',
+            remoteCryptoServicesToken: 'fooAccessToken',
+          },
+        ],
+      ]);
+    });
+
+    it('should return an existing account and not call generateDidJwk if did key exists', async () => {
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify);
+
+      const firstResponse = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+        },
+      });
+
+      const secondResponse = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+        },
+      });
+
+      expect(firstResponse.json).toEqual(secondResponse.json);
+
+      expect(accountsNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([
+        [
+          {
+            signatureAlgorithm: 'P-256',
+            remoteCryptoServicesToken: 'fooAccessToken',
+          },
+        ],
+      ]);
+    });
+
+    it("should 502 fail to create account if personaEmail is specified and personas can't be loaded", async () => {
+      const personasNock = nock(fastify.config.careerWalletUrl)
+        .get('/reference/personas')
+        .once()
+        .reply(404);
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify);
+
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+          personaEmail: 'foo',
+        },
+      });
+
+      expect(response.statusCode).toBe(502);
+
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          statusCode: 502,
+          error: 'Bad Gateway',
+          message: 'failed to get personas',
+        })
+      );
+      expect(accountsNock.isDone()).toBe(false);
+      expect(personasNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([]);
+
+      const dbCredentials = await mongoDb()
+        .collection('credentials')
+        .find()
+        .toArray();
+      expect(dbCredentials).toEqual([]);
+    });
+
+    it("should 400 if personaEmail doesn't match an existing persona", async () => {
+      const email = 'adam.smith@example.com';
+      const keyPair = generateKeyPair();
+      const doc = { vc: { credentialSubject: { email } } };
+      const jwt = await generateDocJwt(doc, keyPair.privateKey, {});
+      const personasNock = nock(fastify.config.careerWalletUrl)
+        .get('/reference/personas')
+        .once()
+        .reply(200, [
+          {
+            name: 'Adam Smith',
+            email: 'adam.smith@example.com',
+            vcs: [{ jwt_vc: jwt }],
+          },
+        ]);
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify);
+
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+          personaEmail: 'foo',
+        },
+      });
+
+      expect(response.statusCode).toBe(400);
+
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          statusCode: 400,
+          error: 'Bad Request',
+          message: 'unrecognized persona',
+        })
+      );
+      expect(accountsNock.isDone()).toBe(false);
+      expect(personasNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([]);
+
+      const dbCredentials = await mongoDb()
+        .collection('credentials')
+        .find()
+        .toArray();
+      expect(dbCredentials).toEqual([]);
+    });
+
+    it('should create a persona account and initialize with id credentials', async () => {
+      const email = 'adam.smith@example.com';
+      const keyPair = generateKeyPair();
+      const doc = { vc: { credentialSubject: { email } } };
+      const jwt = await generateDocJwt(doc, keyPair.privateKey, {});
+      const personasNock = nock(fastify.config.careerWalletUrl)
+        .get('/reference/personas')
+        .once()
+        .reply(200, [
+          {
+            name: 'Adam Smith',
+            email: 'adam.smith@example.com',
+            vcs: [{ jwt_vc: jwt }],
+          },
+        ]);
+      const { accountsNock } = nockOnceSuccessfulAccountCreation(fastify, {
+        account: { didKeyMetadatum: [{ did: usersDid }] },
+      });
+
+      const response = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: idToken,
+          },
+          personaEmail: 'adam.smith@example.com',
+        },
+      });
+
+      expect(response.statusCode).toBe(200);
+
+      expect(response.json).toEqual({
+        account: {
+          accountType: 'temp',
+          careerWalletAccountId: 'careerwallet-account-id',
+          createdAt: expect.any(String),
+          did: usersDid,
+          id: expect.any(String),
+          updatedAt: expect.any(String),
+          userId: auth0userId,
+          verificationInfo: {
+            createAccountMessageDisplayed: false,
+          },
+        },
+      });
+      expect(accountsNock.isDone()).toBe(true);
+      expect(personasNock.isDone()).toBe(true);
+      expect(mockGenerateDidJwk.mock.calls).toEqual([]);
+
+      const [credential] = await mongoDb()
+        .collection('credentials')
+        .find()
+        .toArray();
+      expect(credential).toEqual({
+        _id: expect.any(ObjectId),
+        auth0UserId: auth0userId,
+        userDid: usersDid,
+        credentialSubject: { email },
+        encodedCredential: jwt,
+        createdAt: expect.any(Date),
+        updatedAt: expect.any(Date),
+      });
+    });
+  });
+
+  describe('PATCH /accounts - update account endpoint', () => {
+    it('should update allowed properties only', async () => {
+      nockOnceSuccessfulAccountCreation(fastify);
+
+      const {
+        json: {
+          account: { id },
+        },
+      } = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: auth0Token,
+          },
+        },
+      });
+
+      const updateResponse = await fastify.injectJson({
+        method: 'PATCH',
+        url: '/accounts',
+        headers: {
+          authorization: `Bearer ${auth0Token}`,
+        },
+        payload: {
+          account: {
+            profileName: 'New Profile Name',
+            logo: 'https://example.com/new-logo.png',
+            'verificationInfo.createAccountMessageDisplayed': true,
+            'verificationInfo.phone.status': 'skipped',
+          },
+        },
+      });
+
+      expect(updateResponse.statusCode).toBe(200);
+
+      expect(updateResponse.json).toEqual({
+        account: {
+          id,
+          accountType: 'temp',
+          careerWalletAccountId: 'careerwallet-account-id',
+          createdAt: expect.any(String),
+          did: usersDid,
+          profileName: 'New Profile Name',
+          logo: 'https://example.com/new-logo.png',
+          verificationInfo: {
+            createAccountMessageDisplayed: true,
+            phone: {
+              status: 'skipped',
+            },
+          },
+          updatedAt: expect.any(String),
+          userId: auth0userId,
+        },
+      });
+    });
+
+    it('should return 401 if there is no token', async () => {
+      const response = await fastify.injectJson({
+        method: 'PATCH',
+        url: '/accounts',
+        payload: {
+          account: {
+            profileName: 'New Profile Name',
+          },
+        },
+      });
+
+      expect(response.statusCode).toBe(401);
+
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Unauthorized',
+          message: 'No authorization token provided',
+          statusCode: 401,
+        })
+      );
+    });
+
+    it('should return 400 if unallowed properties are sent', async () => {
+      const response = await fastify.injectJson({
+        method: 'PATCH',
+        url: '/accounts',
+        headers: {
+          authorization: `Bearer ${auth0Token}`,
+        },
+        payload: {
+          account: {
+            profileName: 'New Profile Name',
+            'verificationInfo.createAccountMessageDisplayed': true,
+            'verificationInfo.phone.status': 'verified',
+          },
+        },
+      });
+
+      expect(response.statusCode).toBe(400);
+
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: 'request_validation_failed',
+          message:
+            'body/account/verificationInfo.phone.status must be equal to one of the allowed values',
+          statusCode: 400,
+        })
+      );
+    });
+
+    it('should accept logo image < 100KB', async () => {
+      const buffer = Buffer.alloc(1024 * 100);
+      const base64Image = buffer.toString('base64');
+
+      nockOnceSuccessfulAccountCreation(fastify);
+
+      const {
+        json: {
+          account: { id },
+        },
+      } = await fastify.injectJson({
+        method: 'POST',
+        url: '/accounts',
+        payload: {
+          account: {
+            accountType: 'temp',
+            id_token: auth0Token,
+          },
+        },
+      });
+
+      const response = await fastify.injectJson({
+        method: 'PATCH',
+        url: '/accounts',
+        headers: {
+          authorization: `Bearer ${auth0Token}`,
+        },
+        payload: {
+          account: {
+            logo: base64Image,
+          },
+        },
+      });
+
+      expect(response.statusCode).toBe(200);
+
+      expect(response.json).toEqual({
+        account: {
+          id,
+          accountType: 'temp',
+          careerWalletAccountId: 'careerwallet-account-id',
+          createdAt: expect.any(String),
+          did: usersDid,
+          logo: base64Image,
+          updatedAt: expect.any(String),
+          userId: auth0userId,
+          verificationInfo: {
+            createAccountMessageDisplayed: false,
+          },
+        },
+      });
+    });
+
+    it('should not accept logo image > 100KB', async () => {
+      const buffer = Buffer.alloc(1024 * 101);
+      const base64Image = buffer.toString('base64');
+
+      const response = await fastify.injectJson({
+        method: 'PATCH',
+        url: '/accounts',
+        headers: {
+          authorization: `Bearer ${auth0Token}`,
+        },
+        payload: {
+          account: {
+            logo: base64Image,
+          },
+        },
+      });
+
+      expect(response.statusCode).toBe(400);
+
+      expect(response.json).toEqual(
+        errorResponseMatcher({
+          error: 'Bad Request',
+          errorCode: WebWalletServerError,
+          message: 'Logo size is too large. Maximum size is 100 KB.',
+          statusCode: 400,
+        })
+      );
+    });
+  });
+
+  describe('GET /accounts/test-personas', () => {
+    it('should return personas', async () => {
+      const nockInstance = nock(fastify.config.careerWalletUrl);
+      nockTestPersonas(nockInstance);
+      const response = await fastify.inject({
+        method: 'GET',
+        url: '/accounts/test-personas',
+      });
+
+      expect(response.statusCode).toBe(200);
+      expect(response.json()).toEqual(expect.any(Array));
+    });
+  });
+});
+
+const nockOnceSuccessfulAccountCreation = (fastify, replyOverrides) => {
+  const reply = merge(replyOverrides, {
+    account: {
+      id: 'careerwallet-account-id',
+      accountType: 'temp',
+      id_token_iss: 'http://localhost/',
+      id_token_sub: auth0userId,
+      createdAt: '2023-09-13T10:35:38.522Z',
+      updatedAt: '2023-09-13T10:35:38.522Z',
+    },
+    access_token: 'fooAccessToken',
+  });
+  const accountsNock = nock(fastify.config.careerWalletUrl)
+    .post('/api/v0.6/accounts')
+    .once()
+    .reply(200, reply);
+
+  return { accountsNock };
+};
+
+const jwks = {
+  keys: [
+    {
+      alg: 'RS512',
+      kid: 'KEY',
+      x5c: ['UNUSED'],
+    },
+    {
+      alg: 'RS256',
+      kid: 'KEY',
+      x5c: [
+        `
+    MIIEnjCCAoYCCQDmnGII6qzGlTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZ1
+    bnVzZWQwHhcNMjEwOTE5MDcxODQ2WhcNMjExMDE5MDcxODQ2WjARMQ8wDQYDVQQD
+    DAZ1bnVzZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDY2acJ8JAH
+    XjK8j3sAXOokSWwvaEg65UJS0C7KdnfbLTeaeYFHBRY0v9Jkk/PJSXv9hMWw1aD3
+    n7NrhVwXeRXi/7VZuW/S4ek+hK+IMDvpKqzn+XeCpaMoRpAgloADeNY0qhYKxpr2
+    L0SmRQDwVy1r/g31ECewD2WpEiRSmXsQ2Q2uYT3V60BmbhUw31KGEr4SLXL9pzmb
+    arOH/5Rhqg+YFMywNY6i01S3UdOlUtAyWT/mVRAkVTsUEou9tBw61zputPdMrl7p
+    d4InmlfCmXNTPFh9EDczPQiAVPq8MDyEdRGP134+HM9+YgQUZjy+WsxmGEvplJIf
+    KrYtlWe11//oAXC3690LUYtvg49lNY4+H0/nngjnCDXkZo6f+PEvnBZfYl596VTV
+    Fx4FGNOqLwg4bAyE5j5jXtEGW1oKo1pxBg7Oe3MteQUDwMrONB3CbxdxDiN3YH94
+    2nWGW9Le+CeA1QUhfjQqSoZRJURGYGoztVuIXOElnkrgwcJreX4b8y+Uo5kpp2By
+    6UUaD/mMj9XQ+Ygp/J8DlJlqDXOIp6JUJ75aSK5ZIjRtWq/Go5RUjW9IW0ldEehh
+    /4j0ZWC0vR1/le2UmAE6tXhkH4sdx9JM84V+qRzjiGqQx3Wn00uwMiHHhte17t41
+    vk+b75wuHbfiq9R8irL6wqWeeuzvCC37NwIDAQABMA0GCSqGSIb3DQEBCwUAA4IC
+    AQCZOT6S5HLUp0gBtWK6Fxyzb9lWPE+AJipjJ80lS3OnaOIyVtyJexJ2BjTKWldJ
+    48zkzLNIRsTEGEipNS6NkrkElfmoaNBpdbDch2WBkME3UYlFIR9GgbXPMlACQlwJ
+    f4qT3iIZ9zjpVMP8F63TzRRr7KEYW2PGHEtVQktMPprGEfU4Sz0OIa9RRV+BLsfh
+    x8he2pimJEzoEaWPgyJXV1S+tLUif8A/CEkZVRZ2vADA7WMGl2ZTdbmsTjXh4bf2
+    A4l4Zec+jwOjUPiEk5lLJwv1KeYos9wuUczAk7ku8wRzyZbrjwgRam9VQA5qmRzJ
+    PegEQwJaKMRu8PPK0L4KFN4v3ma7Ux6D719nko8mZ0kA2oUs6phsFmoWQfsbRbsD
+    CdUGnM2fPp6V285r9w9Y6+1nVdtJpbAPFJR3SxIpfYVfx3tI6C3BR9bIMr8uCf81
+    G+Ebvo4qTuY6Cg/mTpPLZ4cKpwSvB6cE+xeSHvKIRYm6QUYEReRxQ3b4aUKBSNwl
+    FEQufVGhGzeblNC3fjP+mMtqbyC8c1zkHc6tjJYO5yesKf8bjO71by2jgSced7nN
+    5JvJawfEcabgHJ1aAFLj0tlPMrViFzu6y8/A5aZLc5UMISXAZXfB4wIEdyUUXJh4
+    rJKE/ZCb2+W8g29N5cv2P6nhahT3mYatMiQ0U/gfaIrA0A==
+            `.trim(),
+      ],
+    },
+  ],
+};