Skip to content

Commit

Permalink
fix: added ErrorIdentitiesManagerInvalidIdentityId that throws in `…
Browse files Browse the repository at this point in the history
…IdentityManager` when any provided `identityId` is `__proto__`
  • Loading branch information
amydevs committed Oct 25, 2023
1 parent 9e1e869 commit 99a35e4
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 33 deletions.
20 changes: 20 additions & 0 deletions src/identities/IdentitiesManager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,11 @@ class IdentitiesManager {
identityId: IdentityId,
tran?: DBTransaction,
): Promise<ProviderToken | undefined> {
if (identityId === '__proto__') {
throw new identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId(
'"__proto__" is not a valid Identity ID',
);
}
if (tran == null) {
return this.db.withTransactionF((tran) =>
this.getToken(providerId, identityId, tran),
Expand All @@ -200,6 +205,11 @@ class IdentitiesManager {
providerToken: ProviderToken,
tran?: DBTransaction,
): Promise<void> {
if (identityId === '__proto__') {
throw new identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId(
'"__proto__" is not a valid Identity ID',
);
}
if (tran == null) {
return this.db.withTransactionF((tran) =>
this.putToken(providerId, identityId, providerToken, tran),
Expand All @@ -220,6 +230,11 @@ class IdentitiesManager {
identityId: IdentityId,
tran?: DBTransaction,
): Promise<void> {
if (identityId === '__proto__') {
throw new identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId(
'"__proto__" is not a valid Identity ID',
);
}
if (tran == null) {
return this.db.withTransactionF((tran) =>
this.delToken(providerId, identityId, tran),
Expand All @@ -245,6 +260,11 @@ class IdentitiesManager {
providerId: ProviderId,
identityId: IdentityId,
) {
if (identityId === '__proto__') {
throw new identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId(
'"__proto__" is not a valid Identity ID',
);
}
// Check provider is authenticated
const provider = this.getProvider(providerId);
if (provider == null) {
Expand Down
6 changes: 6 additions & 0 deletions src/identities/errors.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ class ErrorIdentitiesManagerDestroyed<T> extends ErrorIdentities<T> {
exitCode = sysexits.USAGE;
}

class ErrorIdentitiesManagerInvalidIdentityId<T> extends ErrorIdentities<T> {
static description = 'IdentitiesManager encountered an invalid Identity ID';
exitCode = sysexits.USAGE;
}

class ErrorProviderDuplicate<T> extends ErrorIdentities<T> {
static description = 'Provider has already been registered';
exitCode = sysexits.USAGE;
Expand Down Expand Up @@ -59,6 +64,7 @@ export {
ErrorIdentitiesManagerRunning,
ErrorIdentitiesManagerNotRunning,
ErrorIdentitiesManagerDestroyed,
ErrorIdentitiesManagerInvalidIdentityId,
ErrorProviderDuplicate,
ErrorProviderCall,
ErrorProviderAuthentication,
Expand Down
82 changes: 49 additions & 33 deletions tests/identities/IdentitiesManager.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -114,19 +114,27 @@ describe('IdentitiesManager', () => {
},
);
const providerId = 'test-provider' as ProviderId;
await identitiesManager.putToken(providerId, identityId, providerToken);
const providerToken_ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken).toStrictEqual(providerToken_);
await identitiesManager.delToken(providerId, identityId);
await identitiesManager.delToken(providerId, identityId);
const providerToken__ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken__).toBeUndefined();
if (identityId === '__proto__') {
await expect(
identitiesManager.putToken(providerId, identityId, providerToken),
).rejects.toBeInstanceOf(
identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId,
);
} else {
await identitiesManager.putToken(providerId, identityId, providerToken);
const providerToken_ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken).toStrictEqual(providerToken_);
await identitiesManager.delToken(providerId, identityId);
await identitiesManager.delToken(providerId, identityId);
const providerToken__ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken__).toBeUndefined();
}
await identitiesManager.stop();
},
);
Expand All @@ -143,27 +151,35 @@ describe('IdentitiesManager', () => {
fresh: true,
});
const providerId = 'test-provider' as ProviderId;
await identitiesManager.putToken(providerId, identityId, providerToken);
const testProvider = new TestProvider();
identitiesManager.registerProvider(testProvider);
await identitiesManager.stop();
if (identityId === '__proto__') {
await expect(
identitiesManager.putToken(providerId, identityId, providerToken),
).rejects.toBeInstanceOf(
identitiesErrors.ErrorIdentitiesManagerInvalidIdentityId,
);
} else {
await identitiesManager.putToken(providerId, identityId, providerToken);
const testProvider = new TestProvider();
identitiesManager.registerProvider(testProvider);
await identitiesManager.stop();

identitiesManager = await IdentitiesManager.createIdentitiesManager({
db,
keyRing: dummyKeyRing,
gestaltGraph: dummyGestaltGraph,
sigchain: dummySigchain,
logger,
});
identitiesManager.registerProvider(testProvider);
const providerToken_ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken).toStrictEqual(providerToken_);
expect(identitiesManager.getProviders()).toStrictEqual({
[testProvider.id]: testProvider,
});
identitiesManager = await IdentitiesManager.createIdentitiesManager({
db,
keyRing: dummyKeyRing,
gestaltGraph: dummyGestaltGraph,
sigchain: dummySigchain,
logger,
});
identitiesManager.registerProvider(testProvider);
const providerToken_ = await identitiesManager.getToken(
providerId,
identityId,
);
expect(providerToken).toStrictEqual(providerToken_);
expect(identitiesManager.getProviders()).toStrictEqual({
[testProvider.id]: testProvider,
});
}
await identitiesManager.stop();
},
);
Expand Down

0 comments on commit 99a35e4

Please sign in to comment.