add nonce empty test

nuts-foundation · Dec 8, 2023 · 6a43dfa · 6a43dfa
1 parent ffed13f
commit 6a43dfa
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 4 deletions.
diff --git a/auth/api/iam/s2s_vptoken.go b/auth/api/iam/s2s_vptoken.go
@@ -238,17 +238,17 @@ func (r *Wrapper) validateS2SPresentationNonce(presentation vc.VerifiablePresent
 	var nonce string
 	switch presentation.Format() {
 	case vc.JWTPresentationProofFormat:
-		nonceRaw, hasNonce := presentation.JWT().Get("nonce")
-		nonce, hasNonce = nonceRaw.(string)
-		if !hasNonce {
+		nonceRaw, _ := presentation.JWT().Get("nonce")
+		nonce, _ = nonceRaw.(string)
+		if nonce == "" {
 			return oauth.OAuth2Error{
 				Code:        oauth.InvalidRequest,
 				Description: "presentation has invalid/missing nonce",
 			}
 		}
 	case vc.JSONLDPresentationProofFormat:
 		proof, err := credential.ParseLDProof(presentation)
-		if err != nil || proof.Nonce == nil {
+		if err != nil || proof.Nonce == nil || *proof.Nonce == "" {
 			return oauth.OAuth2Error{
 				Code:          oauth.InvalidRequest,
 				InternalError: err,

diff --git a/auth/api/iam/s2s_vptoken_test.go b/auth/api/iam/s2s_vptoken_test.go
@@ -245,6 +245,19 @@ func TestWrapper_handleS2SAccessTokenRequest(t *testing.T) {
 			assert.EqualError(t, err, "invalid_request - presentation has invalid proof or nonce")
 			assert.Nil(t, resp)
 		})
+		t.Run("JSON-LD VP has empty nonce", func(t *testing.T) {
+			ctx := newTestClient(t)
+
+			proofVisitor := test.LDProofVisitor(func(proof *proof.LDProof) {
+				proof.Domain = &issuerDIDStr
+				proof.Nonce = new(string)
+			})
+			presentation := test.CreateJSONLDPresentation(t, *subjectDID, proofVisitor, verifiableCredential)
+
+			resp, err := ctx.client.handleS2SAccessTokenRequest(issuerDID, requestedScope, submissionJSON, presentation.Raw())
+			assert.EqualError(t, err, "invalid_request - presentation has invalid proof or nonce")
+			assert.Nil(t, resp)
+		})
 		t.Run("JWT VP is missing nonce", func(t *testing.T) {
 			ctx := newTestClient(t)
 			presentation := test.CreateJWTPresentation(t, *subjectDID, func(token jwt.Token) {
@@ -254,6 +267,28 @@ func TestWrapper_handleS2SAccessTokenRequest(t *testing.T) {
 
 			_, err := ctx.client.handleS2SAccessTokenRequest(issuerDID, requestedScope, submissionJSON, presentation.Raw())
 
+			require.EqualError(t, err, "invalid_request - presentation has invalid/missing nonce")
+		})
+		t.Run("JWT VP has empty nonce", func(t *testing.T) {
+			ctx := newTestClient(t)
+			presentation := test.CreateJWTPresentation(t, *subjectDID, func(token jwt.Token) {
+				_ = token.Set(jwt.AudienceKey, issuerDID.String())
+				_ = token.Set("nonce", "")
+			}, verifiableCredential)
+
+			_, err := ctx.client.handleS2SAccessTokenRequest(issuerDID, requestedScope, submissionJSON, presentation.Raw())
+
+			require.EqualError(t, err, "invalid_request - presentation has invalid/missing nonce")
+		})
+		t.Run("JWT VP nonce is not a string", func(t *testing.T) {
+			ctx := newTestClient(t)
+			presentation := test.CreateJWTPresentation(t, *subjectDID, func(token jwt.Token) {
+				_ = token.Set(jwt.AudienceKey, issuerDID.String())
+				_ = token.Set("nonce", true)
+			}, verifiableCredential)
+
+			_, err := ctx.client.handleS2SAccessTokenRequest(issuerDID, requestedScope, submissionJSON, presentation.Raw())
+
 			require.EqualError(t, err, "invalid_request - presentation has invalid/missing nonce")
 		})
 	})