feat(auth): fix httpsig bypass env

packages/auth/src/app.ts

@@ -195,7 +195,9 @@ export class App {
         path: '/',
         method: HttpMethod.POST
       }),
-      grantInitiationHttpsigMiddleware,
+      this.config.bypassSignatureValidation
+        ? (ctx, next) => next()
+        : grantInitiationHttpsigMiddleware,
       grantRoutes.create
     )
 
@@ -206,7 +208,9 @@ export class App {
         path: '/continue/{id}',
         method: HttpMethod.POST
       }),
-      grantContinueHttpsigMiddleware,
+      this.config.bypassSignatureValidation
+        ? (ctx, next) => next()
+        : grantContinueHttpsigMiddleware,
       grantRoutes.continue
     )
 
@@ -217,7 +221,9 @@ export class App {
         path: '/token/{id}',
         method: HttpMethod.POST
       }),
-      tokenHttpsigMiddleware,
+      this.config.bypassSignatureValidation
+        ? (ctx, next) => next()
+        : tokenHttpsigMiddleware,
       accessTokenRoutes.rotate
     )
 
@@ -228,7 +234,9 @@ export class App {
         path: '/token/{id}',
         method: HttpMethod.DELETE
       }),
-      tokenHttpsigMiddleware,
+      this.config.bypassSignatureValidation
+        ? (ctx, next) => next()
+        : tokenHttpsigMiddleware,
       accessTokenRoutes.revoke
     )
 

packages/auth/src/signature/middleware.test.ts

@@ -405,55 +405,6 @@ describe('Signature Service', (): void => {
       scope.isDone()
     })
 
-    test('middleware succeeds if BYPASS_SIGNATURE_VALIDATION is true with bad signature', async (): Promise<void> => {
-      const altDeps = await initIocContainer({
-        ...Config,
-        bypassSignatureValidation: true
-      })
-
-      const altContainer = await createTestApp(altDeps)
-      appContainers.push(altContainer)
-
-      nock(KEY_REGISTRY_ORIGIN)
-        .get(keyPath)
-        .reply(200, {
-          jwk: testClientKey.jwk,
-          client: TEST_CLIENT
-        } as ClientKey)
-
-      const ctx = await createContextWithSigHeaders(
-        {
-          headers: {
-            Accept: 'application/json'
-          },
-          url: '/',
-          method: 'POST'
-        },
-        {},
-        {
-          client: {
-            display: TEST_CLIENT_DISPLAY,
-            key: {
-              proof: 'httpsig',
-              jwk: testClientKey.jwk
-            }
-          }
-        },
-        privateKey,
-        altDeps
-      )
-
-      ctx.headers['signature'] = 'wrong-signature'
-
-      await grantInitiationHttpsigMiddleware(ctx, next)
-
-      expect(ctx.response.status).toEqual(200)
-      expect(next).toHaveBeenCalled()
-
-      // TODO: https://github.com/interledger/rafiki/issues/656
-      // scope.done()
-    })
-
     test('middleware fails if client is invalid', async (): Promise<void> => {
       const ctx = await createContextWithSigHeaders(
         {

packages/auth/src/signature/middleware.ts

@@ -21,12 +21,6 @@ async function verifySigAndChallenge(
   clientKey: JWKWithRequired,
   ctx: HttpSigContext
 ): Promise<boolean> {
-  const config = await ctx.container.use('config')
-  if (config.bypassSignatureValidation) {
-    // bypass
-    return true
-  }
-
   const sig = ctx.headers['signature'] as string
   const sigInput = ctx.headers['signature-input'] as string
   const challenge = sigInputToChallenge(sigInput, ctx)