diff --git a/package-lock.json b/package-lock.json index be1aac33..7e40f4f2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21494,7 +21494,6 @@ "@stacks/encryption": "^3.3.0", "@stacks/network": "^3.3.0", "@stacks/profile": "^3.3.0", - "c32check": "^1.1.3", "cross-fetch": "^3.1.4", "jsontokens": "^3.0.0", "query-string": "^6.13.1" @@ -24526,7 +24525,6 @@ "@stacks/network": "^3.3.0", "@stacks/profile": "^3.3.0", "@types/jest": "^26.0.22", - "c32check": "^1.1.3", "cross-fetch": "^3.1.4", "jest": "^26.6.3", "jest-fetch-mock": "^3.0.3", diff --git a/packages/auth/package.json b/packages/auth/package.json index 4c34624f..a9396219 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -44,7 +44,6 @@ "@stacks/encryption": "^3.3.0", "@stacks/network": "^3.3.0", "@stacks/profile": "^3.3.0", - "c32check": "^1.1.3", "cross-fetch": "^3.1.4", "jsontokens": "^3.0.0", "query-string": "^6.13.1" diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts index 6fd7a0b4..f0db6c5f 100644 --- a/packages/auth/src/index.ts +++ b/packages/auth/src/index.ts @@ -6,7 +6,6 @@ export { verifyAuthResponse, isExpirationDateValid, isIssuanceDateValid, - doPublicKeysMatchUsername, doPublicKeysMatchIssuer, doSignaturesMatchPublicKeys, isManifestUriValid, diff --git a/packages/auth/src/verification.ts b/packages/auth/src/verification.ts index b2ea6469..87831477 100644 --- a/packages/auth/src/verification.ts +++ b/packages/auth/src/verification.ts @@ -1,9 +1,8 @@ +import { isSameOriginAbsoluteUrl } from '@stacks/common'; +import { publicKeyToAddress } from '@stacks/encryption'; import { decodeToken, TokenVerifier } from 'jsontokens'; import { getAddressFromDID } from './dids'; -import { publicKeyToAddress } from '@stacks/encryption'; -import { fetchPrivate, isSameOriginAbsoluteUrl } from '@stacks/common'; import { fetchAppManifest } from './provider'; -import { c32ToB58 } from 'c32check'; /** * Checks if the ES256k signature on passed `token` match the claimed public key @@ -65,70 +64,6 @@ export function doPublicKeysMatchIssuer(token: string): boolean { return false; } -/** - * Looks up the identity address that owns the claimed username - * in `token` using the lookup endpoint provided in `nameLookupURL` - * to determine if the username is owned by the identity address - * that matches the claimed public key - * - * @param {String} token encoded and signed authentication token - * @param {String} nameLookupURL a URL to the name lookup endpoint of the Blockstack Core API - * @return {Promise} returns a `Promise` that resolves to - * `true` if the username is owned by the public key, otherwise the - * `Promise` resolves to `false` - * @private - * @ignore - */ -export async function doPublicKeysMatchUsername( - token: string, - nameLookupURL: string -): Promise { - try { - const payload = decodeToken(token).payload; - if (typeof payload === 'string') { - throw new Error('Unexpected token payload type of string'); - } - if (!payload.username) { - return true; - } - - if (payload.username === null) { - return true; - } - - if (nameLookupURL === null) { - return false; - } - - const username = payload.username; - const url = `${nameLookupURL.replace(/\/$/, '')}/${username}`; - const response = await fetchPrivate(url); - const responseText = await response.text(); - const responseJSON = JSON.parse(responseText); - if (responseJSON.hasOwnProperty('address')) { - const nameOwningAddress = responseJSON.address; - let nameOwningAddressBtc = nameOwningAddress; - try { - // try converting STX to BTC - // if this throws, it's already a BTC address - nameOwningAddressBtc = c32ToB58(nameOwningAddress, 0); - } catch {} - const addressFromIssuer = getAddressFromDID(payload.iss); - if (nameOwningAddressBtc === addressFromIssuer) { - return true; - } else { - return false; - } - } else { - return false; - } - } catch (error) { - console.log(error); - console.log('Error checking `doPublicKeysMatchUsername`'); - return false; - } -} - /** * Checks if the if the token issuance time and date is after the * current time and date. diff --git a/packages/auth/tests/auth.test.ts b/packages/auth/tests/auth.test.ts index 57e205db..5bc16934 100644 --- a/packages/auth/tests/auth.test.ts +++ b/packages/auth/tests/auth.test.ts @@ -8,7 +8,6 @@ import { isIssuanceDateValid, doSignaturesMatchPublicKeys, doPublicKeysMatchIssuer, - doPublicKeysMatchUsername, isManifestUriValid, isRedirectUriValid, verifyAuthRequestAndLoadManifest, @@ -30,7 +29,6 @@ beforeEach(() => { const privateKey = 'a5c61c6ca7b3e7e55edee68566aeab22e4da26baa285c7bd10e8d2218aa3b229'; const publicKey = '027d28f9951ce46538951e3697c62588a87f1f1f295de4a14fdd4c780fc52cfe69'; -const nameLookupURL = 'https://stacks-node-api.mainnet.stacks.co/v1/names/'; test('makeAuthRequest && verifyAuthRequest', async () => { const appConfig = new AppConfig(['store_write'], 'http://localhost:3000'); @@ -191,10 +189,6 @@ test('makeAuthResponse && verifyAuthResponse', async () => { expect(isIssuanceDateValid(authResponse)).toBe(true); expect(doSignaturesMatchPublicKeys(authResponse)).toBe(true); expect(doPublicKeysMatchIssuer(authResponse)).toBe(true); - - await doPublicKeysMatchUsername(authResponse, nameLookupURL).then(verifiedResult => { - expect(verifiedResult).toBe(true); - }); }); test('auth response with invalid or empty appPrivateKeyFromWalletSalt', async () => { @@ -253,15 +247,11 @@ test('auth response with username', async () => { const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, 'ryan.id', null); - await doPublicKeysMatchUsername(authResponse, nameLookupURL).then(verified => { - expect(verified).toBe(true); - }); - await verifyAuthResponse(authResponse).then(verifiedResult => { expect(verifiedResult).toBe(true); }); - expect(fetchMock.mock.calls.length).toEqual(1); + expect(fetchMock.mock.calls.length).toEqual(0); }); test('auth response with invalid private key', async () => {