feat: Validate and check Waci profile creation that each scope has ou…

…tput descriptors configured. closes #581 Signed-off-by: talwinder50 <[email protected]>
trustbloc · Jan 27, 2022 · 73027df · 73027df
1 parent 9ff8c67
commit 73027df
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 1 deletion.
diff --git a/pkg/restapi/issuer/operation/models.go b/pkg/restapi/issuer/operation/models.go
@@ -16,6 +16,8 @@ import (
 )
 
 // ProfileDataRequest req for profile creation.
+// Issuer ID identifies who is the issuer of the credential manifests being issued.
+// CMStyle represents an entity styles object as defined in credential manifest spec.
 type ProfileDataRequest struct {
 	ID                          string            `json:"id,omitempty"`
 	Name                        string            `json:"name"`
@@ -26,7 +28,7 @@ type ProfileDataRequest struct {
 	SupportsWACI                bool              `json:"supportsWACI"`
 	OIDCProviderURL             string            `json:"oidcProvider"`
 	OIDCClientParams            *OIDCClientParams `json:"oidcParams,omitempty"`
-	CredentialScopes            []string          `json:"scopes,omitempty"`
+	CredentialScopes            []string          `json:"credScopes,omitempty"`
 	LinkedWalletURL             string            `json:"linkedWallet,omitempty"`
 	IssuerID                    string            `json:"issuerID,omitempty"`
 	CMStyle                     cm.Styles         `json:"styles,omitempty"`

diff --git a/pkg/restapi/issuer/operation/operations.go b/pkg/restapi/issuer/operation/operations.go
@@ -292,6 +292,7 @@ func New(config *Config) (*Operation, error) { // nolint:funlen,gocyclo,cyclop
 		refreshTokenStore:  refreshStore,
 		didDomain:          config.DidDomain,
 		jsonldDocLoader:    config.JSONLDDocumentLoader,
+		cmOutputDescriptor: config.CmOutputDescriptor,
 	}
 
 	op.createOIDCClientFunc = op.getOrCreateOIDCClient
@@ -392,6 +393,18 @@ func (o *Operation) createIssuerProfileHandler(rw http.ResponseWriter, req *http
 		return
 	}
 
+	if profileData.SupportsWACI {
+		for _, pCredScope := range profileData.CredentialScopes {
+			if _, ok := o.cmOutputDescriptor[pCredScope]; !ok {
+				commhttp.WriteErrorResponseWithLog(rw, http.StatusInternalServerError,
+					fmt.Sprintf("failed to get output descriptors configured for waci "+
+						"profile(s)"), profileEndpoint, logger)
+
+				return
+			}
+		}
+	}
+
 	if profileData.OIDCProviderURL != "" {
 		_, err = o.createOIDCClientFunc(profileData)
 		if err != nil {

diff --git a/pkg/restapi/issuer/operation/operations_test.go b/pkg/restapi/issuer/operation/operations_test.go
@@ -551,6 +551,50 @@ func TestCreateProfile(t *testing.T) {
 		require.Equal(t, vReq.SupportsAssuranceCredential, profileRes.SupportsAssuranceCredential)
 	})
 
+	t.Run("create waci profile with cm output descriptors - success", func(t *testing.T) {
+		t.Parallel()
+
+		vReq := createProfileData(uuid.New().String())
+		vReq.SupportsWACI = true
+		vReq.CredentialScopes = []string{mockCredScope}
+		vReq.OIDCClientParams = &issuer.OIDCClientParams{
+			ClientID:     "client id",
+			ClientSecret: "client secret",
+			SecretExpiry: 0,
+		}
+
+		vReqBytes, err := json.Marshal(vReq)
+		require.NoError(t, err)
+
+		op, err := New(config(t))
+		require.NoError(t, err)
+
+		op.cmOutputDescriptor = map[string][]*cm.OutputDescriptor{
+			mockCredScope: {
+				&cm.OutputDescriptor{
+					ID:     uuid.New().String(),
+					Schema: "https://www.w3.org/2018/credentials/examples/v1",
+				},
+			},
+		}
+
+		h := getHandler(t, op, endpoint)
+		rr := serveHTTP(t, h.Handle(), http.MethodPost, endpoint, vReqBytes)
+
+		require.Equal(t, http.StatusCreated, rr.Code)
+
+		profileRes := &issuer.ProfileData{}
+		err = json.Unmarshal(rr.Body.Bytes(), &profileRes)
+		require.NoError(t, err)
+		require.Equal(t, vReq.ID, profileRes.ID)
+		require.Equal(t, vReq.Name, profileRes.Name)
+		require.Equal(t, vReq.URL, profileRes.URL)
+		require.Equal(t, vReq.SupportsAssuranceCredential, profileRes.SupportsAssuranceCredential)
+		require.Equal(t, vReq.CredentialScopes, profileRes.CredentialScopes)
+		require.Equal(t, vReq.IssuerID, profileRes.IssuerID)
+		require.Equal(t, vReq.SupportsWACI, profileRes.SupportsWACI)
+	})
+
 	t.Run("create profile - failed to issue governance vc", func(t *testing.T) {
 		t.Parallel()
 
@@ -680,6 +724,31 @@ func TestCreateProfile(t *testing.T) {
 
 		require.Contains(t, resErr.ErrMessage, "create oidc client")
 	})
+	t.Run("create profile - failed to output descriptors configured for waci profiles", func(t *testing.T) {
+		t.Parallel()
+
+		ops, err := New(config(t))
+		require.NoError(t, err)
+
+		vReq := createProfileData(uuid.New().String())
+		vReq.SupportsWACI = true
+		vReq.CredentialScopes = []string{mockCredScope}
+
+		vReqBytes, err := json.Marshal(vReq)
+		require.NoError(t, err)
+
+		rr := serveHTTP(t, getHandler(t, ops, endpoint).Handle(), http.MethodPost, endpoint, vReqBytes)
+
+		require.Equal(t, http.StatusInternalServerError, rr.Code)
+
+		resErr := struct {
+			ErrMessage string `json:"errMessage"`
+		}{}
+		err = json.Unmarshal(rr.Body.Bytes(), &resErr)
+		require.NoError(t, err)
+
+		require.Contains(t, resErr.ErrMessage, "failed to get output descriptors configured for waci profile")
+	})
 }
 
 func TestGetProfile(t *testing.T) {