Skip to content

fix: [WLEO-439] Changed behavior of evaluateInputDescriptor helper functions to throw on no match #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: eudiw-master
Choose a base branch
from
Open

fix: [WLEO-439] Changed behavior of evaluateInputDescriptor helper functions to throw on no match #238

wants to merge 1 commit into from
+24 −14

Conversation

sebastianopriscan
Copy link
Collaborator

@sebastianopriscan sebastianopriscan commented Jun 5, 2025
edited
Loading

This PR changes the behavior of the evaluateInputDescriptorForMdoc and evaluateInputDescriptorForSdJwt4VC methods to solve a bug regarding presentations containing only optional values.

List of Changes

  • src/credential/presentation/__tests__/07-evaluate-input-descriptor.test.ts, src/credential/presentation/__tests__/07-evaluate-input-descriptor.ts : made the methods evaluateInputDescriptorFor* has been changed to throw in case no matches are found for a credential, optional or not. Tests have been modified accordingly.

Motivation and Context

The findCredentialSdJwt and findCredentialMdoc use their corresponding evaluateInputDescriptorFor* methods' logic to handle matching of the input descriptor with a credential's claims, more precisely they switch to the next credential upon the method throwing an error, and return its matches upon successful invocation.

Before this change, this function returned at the first credential in case an input descriptor with zero required disclosures and optional disclosures was passed, thus stopping the credentials' parsing process.

This has led to the following unwanted scenario:

  1. The RP generates an input descriptor containing no required disclosures and some optional disclosures, which are contained in a credential B. When passing the input descriptor in search for matches, the credential array is the following: [A,B].
  2. The parser tries to find disclosures in credential A, it being the first in the array, "matches" all required disclosures (for there were none), and doesn't find any of the optional disclosures, but, being that the required disclosures check passes, the evaluateInputDescriptor method succeeds, and credential B is not searched, so the findCredential* method returns that no match has been found, despite the claims being present in credential B.

To fix this, now the evaluateInputDescriptorFor* methods throw an error if zero matches, optional or not, are found, too.

How Has This Been Tested?

  1. The original tests for the changed methods have been updated to comply to the new specification.
  2. Despite the example app doesn't support optional disclosure selection, some presentation to various RPs have been done to check for regressions.

Screenshots (if appropriate):

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@sebastianopriscan
fix: [WLEO-439] Changed behavior of evaluateInputDescriptorFor(Mdoc|S…
3deddd8 
…dJwt4VC) to throw when no claims are found inside of a credential (neither optional nor required). This allows to continue looping to search for matches in other credentials inside of the findCredential(MDoc|SdJwt)
@github-actions github-actions bot added the fix label Jun 5, 2025
@sebastianopriscan sebastianopriscan marked this pull request as ready for review June 6, 2025 15:01
@sebastianopriscan sebastianopriscan requested a review from a team as a code owner June 6, 2025 15:01
@manuraf
Copy link
Contributor

manuraf commented Jun 9, 2025

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuraf manuraf manuraf approved these changes

@ale-mazz ale-mazz Awaiting requested review from ale-mazz ale-mazz is a code owner automatically assigned from pagopa/io-wallet

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sebastianopriscan @manuraf