From bc7410719b09d8b628c299bb291478fd1bcbb171 Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 13:38:36 +0100 Subject: [PATCH 1/6] remove problematic jsonwebtoken package --- lib/av_client.ts | 4 +- package-lock.json | 113 +++++----------------------------------------- package.json | 3 +- webpack.config.js | 4 +- 4 files changed, 17 insertions(+), 107 deletions(-) diff --git a/lib/av_client.ts b/lib/av_client.ts index d3ed6401..c2445870 100644 --- a/lib/av_client.ts +++ b/lib/av_client.ts @@ -5,7 +5,7 @@ import * as NistConverter from './util/nist_converter'; import { constructBallotCryptograms } from './av_client/actions/construct_ballot_cryptograms'; import { KeyPair, CastVoteRecord, Affidavit, VerifierItem, CommitmentOpening, SpoilRequestItem } from './av_client/types'; import { randomKeyPair } from './av_client/generate_key_pair'; -import * as jwt from 'jsonwebtoken'; +import * as jwt from 'jose'; import { @@ -211,7 +211,7 @@ export class AVClient implements IAVClient { const { authToken } = authorizationResponse.data; - const decoded = jwt.decode(authToken); // TODO: Verify against dbb pubkey: this.getElectionConfig().services.voterAuthorizer.public_key); + const decoded = jwt.decodeJwt(authToken); // TODO: Verify against dbb pubkey: this.getElectionConfig().services.voterAuthorizer.public_key); if(decoded === null) throw new InvalidTokenError('Auth token could not be decoded'); diff --git a/package-lock.json b/package-lock.json index 5b53ac28..bd335edd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -585,14 +585,6 @@ "integrity": "sha512-qcUXuemtEu+E5wZSJHNxUXeCZhAfXKQ41D+duX+VYPde7xyEVZci+/oXKJL13tnRs9lR2pr4fod59GT6/X1/yQ==", "dev": true }, - "@types/jsonwebtoken": { - "version": "8.5.8", - "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-8.5.8.tgz", - "integrity": "sha512-zm6xBQpFDIDM6o9r6HSgDeIcLy82TKWctCXEPbJJcXb5AKmi5BNNdLXneixK4lplX3PqIVcwLBCGE/kAGnlD4A==", - "requires": { - "@types/node": "*" - } - }, "@types/mocha": { "version": "9.1.0", "resolved": "https://registry.npmjs.org/@types/mocha/-/mocha-9.1.0.tgz", @@ -602,7 +594,8 @@ "@types/node": { "version": "17.0.12", "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.12.tgz", - "integrity": "sha512-4YpbAsnJXWYK/fpTVFlMIcUIho2AYCi4wg5aNPrG1ng7fn/1/RZfCIpRCiBX+12RVa34RluilnvCqD+g3KiSiA==" + "integrity": "sha512-4YpbAsnJXWYK/fpTVFlMIcUIho2AYCi4wg5aNPrG1ng7fn/1/RZfCIpRCiBX+12RVa34RluilnvCqD+g3KiSiA==", + "dev": true }, "@types/sjcl": { "version": "1.0.30", @@ -1088,11 +1081,6 @@ "picocolors": "^1.0.0" } }, - "buffer-equal-constant-time": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" - }, "buffer-from": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", @@ -1365,14 +1353,6 @@ "esutils": "^2.0.2" } }, - "ecdsa-sig-formatter": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", - "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", - "requires": { - "safe-buffer": "^5.0.1" - } - }, "electron-to-chromium": { "version": "1.4.53", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.53.tgz", @@ -2267,6 +2247,11 @@ } } }, + "jose": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.6.0.tgz", + "integrity": "sha512-0hNAkhMBNi4soKSAX4zYOFV+aqJlEz/4j4fregvasJzEVtjDChvWqRjPvHwLqr5hx28Ayr6bsOs1Kuj87V0O8w==" + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -2327,55 +2312,12 @@ "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", "dev": true }, - "jsonwebtoken": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz", - "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==", - "requires": { - "jws": "^3.2.2", - "lodash.includes": "^4.3.0", - "lodash.isboolean": "^3.0.3", - "lodash.isinteger": "^4.0.4", - "lodash.isnumber": "^3.0.3", - "lodash.isplainobject": "^4.0.6", - "lodash.isstring": "^4.0.1", - "lodash.once": "^4.0.0", - "ms": "^2.1.1", - "semver": "^5.6.0" - }, - "dependencies": { - "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" - } - } - }, "just-extend": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", "dev": true }, - "jwa": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", - "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", - "requires": { - "buffer-equal-constant-time": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - } - }, - "jws": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", - "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", - "requires": { - "jwa": "^1.4.1", - "safe-buffer": "^5.0.1" - } - }, "kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", @@ -2425,47 +2367,12 @@ "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=", "dev": true }, - "lodash.includes": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" - }, - "lodash.isboolean": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" - }, - "lodash.isinteger": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" - }, - "lodash.isnumber": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" - }, - "lodash.isplainobject": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=" - }, - "lodash.isstring": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=" - }, "lodash.merge": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, - "lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" - }, "lodash.set": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz", @@ -2661,7 +2568,8 @@ "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true }, "nanoid": { "version": "3.2.0", @@ -3272,7 +3180,8 @@ "safe-buffer": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dev": true }, "safer-buffer": { "version": "2.1.2", diff --git a/package.json b/package.json index efe4bb67..2aff602b 100644 --- a/package.json +++ b/package.json @@ -25,9 +25,8 @@ "node": ">=14.17.0" }, "dependencies": { - "@types/jsonwebtoken": "^8.5.8", "axios": "^0.25.0", - "jsonwebtoken": "^8.5.1", + "jose": "^4.6.0", "xml-js": "^1.6.11" }, "devDependencies": { diff --git a/webpack.config.js b/webpack.config.js index 3359b560..bce5a891 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -3,7 +3,9 @@ const path = require('path'); module.exports = { entry: './dist/lib/av_verifier.js', resolve: { - fallback: {"crypto": false} + fallback: { + "crypto": false + } }, optimization: { minimize: false, From 69b647e0ddd4bdb82ba1bc3a0f1f2c51c1287f46 Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 13:38:44 +0100 Subject: [PATCH 2/6] display verifier key --- public/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/index.html b/public/index.html index 4d4c7306..c019d95e 100644 --- a/public/index.html +++ b/public/index.html @@ -54,7 +54,7 @@

Step-by-Step Instructions

Ballot found!

- +

Does the passkey displayed above match the passkey displayed in the Mark.It app? Tap Yes or No in the Mark.It app.

Your unsealed ballot will then display below.

From 669637397c326e8b95600e12fa2d511321a95349 Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 13:45:40 +0100 Subject: [PATCH 3/6] prepare version 1.0.1 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc50ef6e..b4789bbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # AV Client Library Changelog +## 1.0.1 +* Remove jsonwebtoken package +* Verifier UX improvements + +## 1.0.0 +* Support new DBB structure + ## 0.1.14 * Auth token replaces registration token and session token. diff --git a/package.json b/package.json index 2aff602b..6ab7b06b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@aion-dk/js-client", - "version": "0.1.14", + "version": "1.0.1", "license": "MIT", "description": "Assembly Voting JS client", "main": "dist/lib/av_client.js", From 86ff7f2d1ec9938f1ebfa57b48de5eb6b854ba01 Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 13:46:39 +0100 Subject: [PATCH 4/6] Update package-lock.json --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index bd335edd..2dbc6b07 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@aion-dk/js-client", - "version": "0.1.14", + "version": "1.0.1", "lockfileVersion": 1, "requires": true, "dependencies": { From d4f90ced617095f9d7e81f85888376af8f109805 Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 15:07:27 +0100 Subject: [PATCH 5/6] symlink bundle in public folder --- public/bundle.js | 1 + public/index.html | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 120000 public/bundle.js diff --git a/public/bundle.js b/public/bundle.js new file mode 120000 index 00000000..f0e3b957 --- /dev/null +++ b/public/bundle.js @@ -0,0 +1 @@ +../dist/bundle.js \ No newline at end of file diff --git a/public/index.html b/public/index.html index c019d95e..3a5fda76 100644 --- a/public/index.html +++ b/public/index.html @@ -81,7 +81,7 @@

Ballot

- + From c51d7666405679c4ae504d29d045da5f7395704c Mon Sep 17 00:00:00 2001 From: Mads Christiansen Date: Wed, 16 Mar 2022 15:46:45 +0100 Subject: [PATCH 6/6] copy bundle.js to image --- Dockerfile | 2 ++ docker-compose.yml | 2 -- public/bundle.js | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) delete mode 120000 public/bundle.js diff --git a/Dockerfile b/Dockerfile index 2266d869..bb739f3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,8 @@ RUN apk add curl COPY package*.json ./ +COPY ./dist/bundle.js ./public/ + RUN npm install COPY . . diff --git a/docker-compose.yml b/docker-compose.yml index e6bcaf19..0e69d472 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,5 @@ services: js-client: image: "js-client:latest" command: "npm run server" - volumes: - - ".:/usr/src/app" ports: - "3005:3005" diff --git a/public/bundle.js b/public/bundle.js deleted file mode 120000 index f0e3b957..00000000 --- a/public/bundle.js +++ /dev/null @@ -1 +0,0 @@ -../dist/bundle.js \ No newline at end of file