feat(int): implement verify tx integration tests (#90)

* feat(int): add verifyTransaction workflow test

* feat(int): add verifyTransaction workflow test

* feat(int): add verifyTransaction workflow test

* feat(int): add verifyTransaction workflow test

* feat(int): add verifyTransaction workflow test

* feat: add signature validation to the fido-lib tests

* feat: succesfully recreated unit test of validation problem

* feat: succesfully recreated unit test of validation problem

* fix(fido): signing now working with valid creds!

* fix(unit): clean up unit tests

* feat: update ttk callback listening api

* feat(int): finish verify transaction integration tests

* fix(int): increase timeout for slower tests

* chore(ci): fix typo in env var

.circleci/config.yml

@@ -457,7 +457,7 @@ jobs:
           command: /tmp/ci-config/container-scanning/anchore-result-diff.js anchore-reports/node_12.16.1-alpine-policy.json anchore-reports/${CIRCLE_PROJECT_REPONAME}*-policy.json
       - slack/status:
           fail_only: true
-          webhook: "$SLACK_WEBHOOK_ANNOUNCMENT_CI_CD"
+          webhook: "$SLACK_WEBHOOK_ANNOUNCEMENT_CI_CD"
           failure_message: 'Anchore Image Scan failed  for: \`"${DOCKER_ORG}/${CIRCLE_PROJECT_REPONAME}:${CIRCLE_TAG}"\`'
       - store_artifacts:
           path: anchore-reports

docker/ml-testing-toolkit/spec_files/api_definitions/thirdparty_pisp/api_spec.yaml

@@ -399,6 +399,119 @@ paths:
           $ref: '#/components/responses/501'
         '503':
           $ref: '#/components/responses/503'
+  '/thirdpartyRequests/verifications/{ID}':
+    parameters:
+      - $ref: '#/components/parameters/ID'
+      - $ref: '#/components/parameters/Content-Type'
+      - $ref: '#/components/parameters/Date'
+      - $ref: '#/components/parameters/X-Forwarded-For'
+      - $ref: '#/components/parameters/FSPIOP-Source'
+      - $ref: '#/components/parameters/FSPIOP-Destination'
+      - $ref: '#/components/parameters/FSPIOP-Encryption'
+      - $ref: '#/components/parameters/FSPIOP-Signature'
+      - $ref: '#/components/parameters/FSPIOP-URI'
+      - $ref: '#/components/parameters/FSPIOP-HTTP-Method'
+    put:
+      tags:
+        - thirdpartyRequests
+        - sampled
+      operationId: PutThirdpartyRequestsVerificationsById
+      summary: PutThirdpartyRequestsVerificationsById
+      description: >
+        The HTTP request `PUT /thirdpartyRequests/verifications/{ID}` is used by
+        the Auth-Service to inform
+
+        the DFSP of a successful result in validating the verification of a
+        Thirdparty Transaction Request.
+
+
+        If the validation fails, The Auth-Service MUST use `PUT
+        /thirdpartyRequests/verifications/{ID}/error`
+
+        instead.
+      parameters:
+        - $ref: '#/components/parameters/Content-Length'
+      requestBody:
+        description: The result of validating the Thirdparty Transaction Request
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: >-
+                #/components/schemas/ThirdpartyRequestsVerificationsIDPutResponse
+            example:
+              authenticationResponse: VERIFIED
+      responses:
+        '200':
+          $ref: '#/components/responses/200'
+        '400':
+          $ref: '#/components/responses/400'
+        '401':
+          $ref: '#/components/responses/401'
+        '403':
+          $ref: '#/components/responses/403'
+        '404':
+          $ref: '#/components/responses/404'
+        '405':
+          $ref: '#/components/responses/405'
+        '406':
+          $ref: '#/components/responses/406'
+        '501':
+          $ref: '#/components/responses/501'
+        '503':
+          $ref: '#/components/responses/503'
+  '/thirdpartyRequests/verifications/{ID}/error':
+    parameters:
+      - $ref: '#/components/parameters/ID'
+      - $ref: '#/components/parameters/Content-Type'
+      - $ref: '#/components/parameters/Date'
+      - $ref: '#/components/parameters/X-Forwarded-For'
+      - $ref: '#/components/parameters/FSPIOP-Source'
+      - $ref: '#/components/parameters/FSPIOP-Destination'
+      - $ref: '#/components/parameters/FSPIOP-Encryption'
+      - $ref: '#/components/parameters/FSPIOP-Signature'
+      - $ref: '#/components/parameters/FSPIOP-URI'
+      - $ref: '#/components/parameters/FSPIOP-HTTP-Method'
+    put:
+      tags:
+        - thirdpartyRequests
+        - sampled
+      operationId: PutThirdpartyRequestsVerificationsByIdAndError
+      summary: PutThirdpartyRequestsVerificationsByIdAndError
+      description: >
+        The HTTP request `PUT /thirdpartyRequests/verifications/{ID}/error` is
+        used by the Auth-Service to inform
+
+        the DFSP of a failure in validating or looking up the verification of a
+        Thirdparty Transaction Request.
+      parameters:
+        - $ref: '#/components/parameters/Content-Length'
+      requestBody:
+        description: Error information returned.
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ErrorInformationObject'
+      responses:
+        '200':
+          $ref: '#/components/responses/200'
+        '400':
+          $ref: '#/components/responses/400'
+        '401':
+          $ref: '#/components/responses/401'
+        '403':
+          $ref: '#/components/responses/403'
+        '404':
+          $ref: '#/components/responses/404'
+        '405':
+          $ref: '#/components/responses/405'
+        '406':
+          $ref: '#/components/responses/406'
+        '501':
+          $ref: '#/components/responses/501'
+        '503':
+          $ref: '#/components/responses/503'
 components:
   parameters:
     ID:
@@ -783,8 +896,8 @@ components:
       description: |
         The type of the Credential.
         - "FIDO" - A FIDO public/private keypair
-    FIDOPublicKeyCredential:
-      title: FIDOPublicKeyCredential
+    FIDOPublicKeyCredentialAttestation:
+      title: FIDOPublicKeyCredentialAttestation
       type: object
       description: >
         An object sent in a `PUT /consents/{ID}` request.
@@ -867,7 +980,7 @@ components:
             - PENDING
           description: The challenge has signed but not yet verified.
         payload:
-          $ref: '#/components/schemas/FIDOPublicKeyCredential'
+          $ref: '#/components/schemas/FIDOPublicKeyCredentialAttestation'
       required:
         - credentialType
         - status
@@ -918,7 +1031,7 @@ components:
             - VERIFIED
           description: 'The Credential is valid, and ready to be used by the PISP.'
         payload:
-          $ref: '#/components/schemas/FIDOPublicKeyCredential'
+          $ref: '#/components/schemas/FIDOPublicKeyCredentialAttestation'
       required:
         - credentialType
         - status
@@ -1222,3 +1335,17 @@ components:
           $ref: '#/components/schemas/ExtensionList'
       required:
         - fspId
+    ThirdpartyRequestsVerificationsIDPutResponse:
+      title: ThirdpartyRequestsVerificationsIDPutResponse
+      type: object
+      description: >-
+        The object sent in the PUT /thirdpartyRequests/verifications/{ID}
+        request.
+      properties:
+        authenticationResponse:
+          type: string
+          enum:
+            - VERIFIED
+          description: The verification passed
+      required:
+        - authenticationResponse

docker/ml-testing-toolkit/spec_files/api_definitions/thirdparty_pisp/thirdparty-pisp-api-template.yaml

@@ -20,8 +20,7 @@ paths:
     $ref: '../../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/participants_Type_ID.yaml'
 
   # Transfer Verification Flow
-  # to be implemented
-  # /thirdpartyRequests/verifications/{ID}:
-  #   $ref: '../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID.yaml'
-  # /thirdpartyRequests/verifications/{ID}/error:
-  #   $ref: '../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID_error.yaml'
+  /thirdpartyRequests/verifications/{ID}:
+    $ref: '../../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID.yaml'
+  /thirdpartyRequests/verifications/{ID}/error:
+    $ref: '../../../../../node_modules/@mojaloop/api-snippets/thirdparty/openapi3/paths/thirdpartyRequests_verifications_ID_error.yaml'

src/domain/stateMachine/registerConsent.model.ts

@@ -125,7 +125,7 @@ export class RegisterConsentModel
       const challenge = deriveChallenge(consentsPostRequestAUTH)
       const decodedJsonString = decodeBase64String(consentsPostRequestAUTH.credential.payload.response.clientDataJSON)
       const parsedClientData = JSON.parse(decodedJsonString)
-
+ 
       const attestationExpectations: ExpectedAttestationResult = {
         challenge,
         // not sure what origin should be here

test/integration/server/workflows/registerConsent.test.ts

@@ -31,17 +31,10 @@ import axios from 'axios'
 import headers from '~/../test/data/headers.json'
 import { thirdparty as tpAPI } from '@mojaloop/api-snippets'
 import { closeKnexConnection } from '~/model/db'
+import { MLTestingToolkitRequest } from 'test/integration/ttkHelpers'
 const atob = require('atob')
 
 
-interface MLTestingToolkitRequest {
-  timestamp: string
-  method: string
-  path: string
-  headers: Record<string, unknown>
-  body: Record<string, unknown>
-}
-
 // test data from Lewis
 // here is how the client should convert ArrayBuffer to base64 strings using Browser's btoa function
 // take a look on `reduce` version