fix: remove username checking

hirosystems · Apr 14, 2022 · 022efda · 022efda
1 parent b5e4e72
commit 022efda
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 45 deletions.
diff --git a/packages/auth/src/userSession.ts b/packages/auth/src/userSession.ts
@@ -25,7 +25,7 @@ import {
   nextHour,
 } from '@stacks/common';
 import { extractProfile } from '@stacks/profile';
-import { AuthScope, DEFAULT_PROFILE, NAME_LOOKUP_PATH } from './constants';
+import { AuthScope, DEFAULT_PROFILE } from './constants';
 import * as queryString from 'query-string';
 import { UserData } from './userData';
 import { StacksMainnet } from '@stacks/network';
@@ -237,27 +237,7 @@ export class UserSession {
       throw new Error('Unexpected token payload type of string');
     }
 
-    // Section below is removed since the config was never persisted and therefore useless
-
-    // if (isLaterVersion(tokenPayload.version as string, '1.3.0')
-    //    && tokenPayload.blockstackAPIUrl !== null && tokenPayload.blockstackAPIUrl !== undefined) {
-    //   // override globally
-    //   Logger.info(`Overriding ${config.network.blockstackAPIUrl} `
-    //     + `with ${tokenPayload.blockstackAPIUrl}`)
-    //   // TODO: this config is never saved so the user node preference
-    //   // is not respected in later sessions..
-    //   config.network.blockstackAPIUrl = tokenPayload.blockstackAPIUrl as string
-    //   coreNode = tokenPayload.blockstackAPIUrl as string
-    // }
-
-    const nameLookupURL = `${coreNode}${NAME_LOOKUP_PATH}`;
-
-    const fallbackLookupURLs = [
-      `https://stacks-node-api.stacks.co${NAME_LOOKUP_PATH}`,
-      `https://registrar.stacks.co${NAME_LOOKUP_PATH}`,
-    ].filter(url => url !== nameLookupURL);
-
-    const isValid = await verifyAuthResponse(authResponseToken, nameLookupURL, fallbackLookupURLs);
+    const isValid = await verifyAuthResponse(authResponseToken);
     if (!isValid) {
       throw new LoginFailedError('Invalid authentication response.');
     }

diff --git a/packages/auth/src/verification.ts b/packages/auth/src/verification.ts
@@ -275,22 +275,12 @@ export async function verifyAuthRequestAndLoadManifest(token: string): Promise<a
  * @private
  * @ignore
  */
-export async function verifyAuthResponse(
-  token: string,
-  nameLookupURL: string,
-  fallbackLookupURLs?: string[]
-): Promise<boolean> {
-  const values = await Promise.all([
+export async function verifyAuthResponse(token: string): Promise<boolean> {
+  const conditions = await Promise.all([
     isExpirationDateValid(token),
     isIssuanceDateValid(token),
     doSignaturesMatchPublicKeys(token),
     doPublicKeysMatchIssuer(token),
   ]);
-  const usernameMatchings = await Promise.all(
-    [nameLookupURL]
-      .concat(fallbackLookupURLs || [])
-      .map(url => doPublicKeysMatchUsername(token, url))
-  );
-  const someUsernameMatches = usernameMatchings.includes(true);
-  return !!someUsernameMatches && values.every(val => val);
+  return conditions.every(val => val);
 }
diff --git a/packages/auth/tests/auth.test.ts b/packages/auth/tests/auth.test.ts
@@ -183,7 +183,7 @@ test('makeAuthResponse && verifyAuthResponse', async () => {
   );
   expect((decodedToken.payload as any).username).toBe(null);
 
-  await verifyAuthResponse(authResponse, nameLookupURL).then(verifiedResult => {
+  await verifyAuthResponse(authResponse).then(verifiedResult => {
     expect(verifiedResult).toBe(true);
   });
 
@@ -257,11 +257,11 @@ test('auth response with username', async () => {
     expect(verified).toBe(true);
   });
 
-  await verifyAuthResponse(authResponse, nameLookupURL).then(verifiedResult => {
+  await verifyAuthResponse(authResponse).then(verifiedResult => {
     expect(verifiedResult).toBe(true);
   });
 
-  expect(fetchMock.mock.calls.length).toEqual(2);
+  expect(fetchMock.mock.calls.length).toEqual(1);
 });
 
 test('auth response with invalid private key', async () => {
@@ -308,8 +308,6 @@ test('auth response with invalid private key', async () => {
 });
 
 test('handlePendingSignIn with authResponseToken', async () => {
-  const url = `${nameLookupURL}ryan.id`;
-
   fetchMock.mockResponse(JSON.stringify(sampleNameRecords.ryan));
 
   const appPrivateKey = makeECPrivateKey();
@@ -338,12 +336,10 @@ test('handlePendingSignIn with authResponseToken', async () => {
 
   expect(fail).toBeCalledTimes(0);
   expect(pass).toBeCalledTimes(1);
-  expect(fetchMock.mock.calls.length).toEqual(3);
-  expect(fetchMock.mock.calls[0][0]).toEqual(url);
+  expect(fetchMock.mock.calls.length).toEqual(0);
 });
 
 test('handlePendingSignIn 2', async () => {
-  const url = `${nameLookupURL}ryan.id`;
   fetchMock.mockResponse(JSON.stringify(sampleNameRecords.ryan));
 
   const appPrivateKey = makeECPrivateKey();
@@ -371,8 +367,7 @@ test('handlePendingSignIn 2', async () => {
   await blockstack.handlePendingSignIn(authResponse).then(pass).catch(fail);
   expect(fail).toBeCalledTimes(0);
   expect(pass).toBeCalledTimes(1);
-  expect(fetchMock.mock.calls.length).toEqual(3);
-  expect(fetchMock.mock.calls[0][0]).toEqual(url);
+  expect(fetchMock.mock.calls.length).toEqual(0);
 });
 
 test('handlePendingSignIn with existing user session', async () => {