add status tests

digitalcredentials · Sep 9, 2024 · fb58bab · fb58bab
1 parent 7ed3bda
commit fb58bab
Show file tree

Hide file tree

Showing 5 changed files with 176 additions and 5 deletions.
diff --git a/src/app.js b/src/app.js
@@ -197,7 +197,7 @@ export async function build(opts = {}) {
     // the body will look like:  {credentialId: '23kdr', credentialStatus: [{type: 'BitstringStatusListCredential', status: 'revoked'}]}
     app.post('/instance/:tenantName/credentials/status',
         async (req, res, next) => {
-            if (!enableStatusService) return res.status(405).send('The status service has not been enabled.')
+            if (!getConfig().enableStatusService) return res.status(405).send('The status service has not been enabled.')
             try {
                 await verifyAuthHeader(req.headers.authorization, req.params.tenantName)
                 const statusUpdate = req.body
@@ -215,7 +215,7 @@ export async function build(opts = {}) {
         })
 
         app.get('/status/:statusCredentialId', async function (req, res, next) {
-            if (!enableStatusService) next({ code: 405, message: 'The status service has not been enabled.' })
+            if (!getConfig().enableStatusService) next({ code: 405, message: 'The status service has not been enabled.' })
             const statusCredentialId = req.params.statusCredentialId
             try {
               const { data: statusCredential } = await axios.get(`http://${statusService}/${statusCredentialId}`)
@@ -229,7 +229,7 @@ export async function build(opts = {}) {
             }
             return res.status(500).send({ message: 'Server error.' })
           })
-          
+
 
     app.get('/seedgen', async (req, res, next) => {
         const response = await axios.get(`http://${signingService}/seedgen`)

diff --git a/src/app.test.js b/src/app.test.js
@@ -8,10 +8,13 @@ import unprotectedWalletQueryNock from './test-fixtures/nocks/unprotectedWalletQ
 import protectedWalletQueryNock from './test-fixtures/nocks/protectedWalletQuery.js';
 import unProtectedRandomWalletQuery from './test-fixtures/nocks/unProtectedRandomWalletQuery.js';
 import vprTestNocks from './test-fixtures/nocks/vprTest.js'
+import unknownStatusListNock from './test-fixtures/nocks/unknown_status_list_nock.js'
+import statusListNock from './test-fixtures/nocks/status_list_nock.js'
 
 import { getSignedDIDAuth } from './didAuth.js';
 
 import { build } from './app.js';
+import { resetConfig } from './config.js'
 
 const exchangeSetupPath = '/exchange/setup'
 const unprotectedTenantName = "UN_PROTECTED_TEST"
@@ -34,6 +37,9 @@ const checkForUnexpectedCalls = () => {
   nock.emitter.on('no match', noMatchHandler);
 }
 
+//nock.recorder.rec()
+
+
 describe('api', () => {
 
   before(async () => {
@@ -43,6 +49,7 @@ describe('api', () => {
     statusUpdateBody = { "credentialId": "urn:uuid:951b475e-b795-43bc-ba8f-a2d01efd2eb1", "credentialStatus": [{ "type": "BitstringStatusListCredential", "status": "revoked" }] }
   });
 
+
   after(() => {
 
   })
@@ -324,4 +331,127 @@ describe('api', () => {
 
     })
   })
-})
+
+
+  describe('POST /instance/:instanceId/credentials/status', () => {
+    before(async () => {
+      resetConfig()
+      process.env.ENABLE_STATUS_SERVICE = true
+
+    });
+
+    after(async () => {
+      resetConfig()
+      process.env.ENABLE_STATUS_SERVICE = false
+    });
+
+    it('returns 400 if no body', done => {
+      request(app)
+        .post(`/instance/${unprotectedTenantName}/credentials/status`)
+        .expect('Content-Type', /json/)
+        .expect(400, done)
+    })
+
+    it('returns 401 if tenant token is missing from auth header', done => {
+      request(app)
+        .post(`/instance/${protectedTenantName}/credentials/status`)
+        .send(statusUpdateBody)
+        .expect('Content-Type', /json/)
+        .expect(401, done)
+    })
+
+
+
+    it('returns 403 if token is not valid', done => {
+      request(app)
+        .post(`/instance/${protectedTenantName}/credentials/status`)
+        .set('Authorization', 'Bearer ThisIsABadToken')
+        .send(statusUpdateBody)
+        .expect('Content-Type', /json/)
+        .expect(403, done)
+    })
+
+    it('returns 401 if token is not marked as Bearer', done => {
+      request(app)
+        .post(`/instance/${protectedTenantName}/credentials/status`)
+        .set('Authorization', `${protectedTenantToken}`)
+        .send(statusUpdateBody)
+        .expect('Content-Type', /json/)
+        .expect(401, done)
+    })
+
+    it('returns 404 if no seed for tenant name', done => {
+      request(app)
+        .post('/instance/wrongTenantName/credentials/status')
+        .set('Authorization', `${protectedTenantToken}`)
+        .send(statusUpdateBody)
+        .expect(404, done)
+        .expect('Content-Type', /json/)
+    })
+
+  /*  it('returns 403 when trying to use token for a different tenant', done => {
+      request(app)
+        .post(`/instance/${protectedTenantName}/credentials/status`)
+        .set('Authorization', `Bearer ${testTenantToken2}`)
+        .send(statusUpdateBody)
+        .expect('Content-Type', /json/)
+        .expect(403, done)
+    }) */
+  //still AVE TO TRY these:
+/* 
+    it('update unprotected status when token not set for tenant in config', done => {
+      unprotectedStatusUpdateNock()
+      request(app)
+        .post(`/instance/${unprotectedTenantName}/credentials/status`)
+        .send(statusUpdateBody)
+        .expect('Content-Type', /json/)
+        .expect(200, done)
+    })
+
+    it('returns 404 for unknown cred id', async () => {
+      unknownStatusIdNock()
+      const statusUpdateBodyWithUnknownId = JSON.parse(JSON.stringify(statusUpdateBody))
+      statusUpdateBodyWithUnknownId.credentialId = 'kj09ij'
+      const response = await request(app)
+        .post('/instance/protected_test/credentials/status')
+        .set('Authorization', `Bearer ${testTenantToken}`)
+        .send(statusUpdateBodyWithUnknownId)
+
+      expect(response.header['content-type']).to.have.string('json')
+      expect(response.status).to.equal(404)
+    })*/
+  }) 
+
+  describe('GET /status/:statusCredentialId', () => {
+    before(async () => {
+      resetConfig()
+      process.env.ENABLE_STATUS_SERVICE = true
+
+    });
+
+    after(async () => {
+      resetConfig()
+      process.env.ENABLE_STATUS_SERVICE = false
+    });
+
+    it('returns 404 for unknown status credential id', async () => {
+      unknownStatusListNock()
+      const response = await request(app)
+        .get('/status/9898u')
+      expect(response.header['content-type']).to.have.string('json')
+      expect(response.status).to.equal(404)
+    })
+
+
+    it('returns credential status list from status service', async () => {
+      statusListNock()
+      const response = await request(app)
+        .get('/status/slAwJe6GGR6mBojlGW5U')
+      expect(response.header['content-type']).to.have.string('json')
+      expect(response.status).to.equal(200)
+      const returnedList = JSON.parse(JSON.stringify(response.body))
+      // this proof value comes from the nock:
+      expect(returnedList.proof.proofValue).to.equal('z4y3GawinQg1aCqbYqZM8dmDpbmtFa3kE6tFefdXvLi5iby25dvmVwLNZrfcFPyhpshrhCWB76pdSZchVve3K1Znr')
+    })
+  })
+})
diff --git a/src/test-fixtures/.env.testing b/src/test-fixtures/.env.testing
@@ -8,7 +8,7 @@
 # default is false
 # ENABLE_ACCESS_LOGGING=true
 # default is false      
-# ENABLE_STATUS_SERVICE=true      
+ ENABLE_STATUS_SERVICE=false      
 
 # set the service endpoints
 # defaults are as follows

diff --git a/src/test-fixtures/nocks/status_list_nock.js b/src/test-fixtures/nocks/status_list_nock.js
@@ -0,0 +1,34 @@
+import nock from 'nock'
+
+const theList = `{
+    "@context": [
+        "https://www.w3.org/ns/credentials/v2",
+        "https://w3id.org/security/suites/ed25519-2020/v1"
+    ],
+    "id": "https://sincere-bonefish-currently.ngrok-free.app/slAwJe6GGR6mBojlGW5U",
+    "type": [
+        "VerifiableCredential",
+        "BitstringStatusListCredential"
+    ],
+    "credentialSubject": {
+        "id": "https://sincere-bonefish-currently.ngrok-free.app/slAwJe6GGR6mBojlGW5U#list",
+        "type": "BitstringStatusList",
+        "encodedList": "uH4sIAAAAAAAAA-3BIQEAAAACICf4f60vTEADAAAAAAAAAAAAAADwN_wEBkHUMAAA",
+        "statusPurpose": "revocation"
+    },
+    "issuer": "did:key:z6Mkg165pEHaUPxkY4NxToor7suxzawEmdT1DEWq3e1Nr2VR",
+    "validFrom": "2024-09-03T15:24:19.685Z",
+    "proof": {
+        "type": "Ed25519Signature2020",
+        "created": "2024-09-03T15:24:19Z",
+        "verificationMethod": "did:key:z6Mkg165pEHaUPxkY4NxToor7suxzawEmdT1DEWq3e1Nr2VR#z6Mkg165pEHaUPxkY4NxToor7suxzawEmdT1DEWq3e1Nr2VR",
+        "proofPurpose": "assertionMethod",
+        "proofValue": "z4y3GawinQg1aCqbYqZM8dmDpbmtFa3kE6tFefdXvLi5iby25dvmVwLNZrfcFPyhpshrhCWB76pdSZchVve3K1Znr"
+    }
+}`
+
+export default () => {
+  nock('http://localhost:4008')
+    .get('/slAwJe6GGR6mBojlGW5U')
+    .reply(200, theList)
+}
diff --git a/src/test-fixtures/nocks/unknown_status_list_nock.js b/src/test-fixtures/nocks/unknown_status_list_nock.js
@@ -0,0 +1,7 @@
+import nock from 'nock'
+
+export default () => {
+  nock('http://localhost:4008')
+    .get('/9898u')
+    .reply(404, { code: 404, message: 'No status credential found for that id.' })
+}