TECH-156 - Fix issue with candid types

civicteam · May 17, 2024 · 1deb5e6 · 1deb5e6
1 parent e996447
commit 1deb5e6
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 55 deletions.
diff --git a/README.md b/README.md
@@ -24,58 +24,24 @@ Create the canisters
 dfx canister create --all
 ```
 
-### Configure the correct Alternative Frontends
-Get the ID of the Civic Backend canister
+Set the environment variables before deploying the backend canister
 ```
-dfx canister id civic_canister_backend
+scripts/set-env-vars.sh
 ```
 
-Put this as the `canisterId` inside the `src/civic_canister_frontend/index.ts` AND `src/relying_canister_frontend/src/index.ts`:
+Deploy the backend canister
 ```
-const canisterId = "canister-id-here" 
+scripts/deploy-civic.sh
 ```
-This sets up the canister login with the correct `derivationOrigin` that the vc-flow call inside `src/relying_canister_frontend/src/index.ts` will later be pointed to
 
-(NOTE: You should be able to get these IDs from environmental variables as well, like ```const local_ii_url = `http://${process.env.INTERNET_IDENTITY_CANISTER_ID}.localhost:4943`;``` but that's not working for the `CIVIC_CANISTER_BACKEND_ID`)
-
-Get the ID of the civic frontend canister 
-```
-dfx canister id civic_canister_frontend
-```
-write it into the `src/civic_canister_backend/dist/.well-known/ii-alternative-origins` file:
-```
-{
-    "alternativeOrigins": ["http://${ID-here}.localhost:4943"]
-}
-```
-
-### Deploying 
-Deploy II
+Deploy the internet identity canister
 ```
 dfx deploy internet_identity
 ```
 
-Now build & deploy the Civic Frontend:
-```
-cd src/civic_canister_frontend
-yarn install
-yarn build
-dfx deploy civic_canister_frontend
-cd ../..
-```
-
-Build & Deploy Civic Backend Canister (using the local `ic_rootkey`):
-```
-src/civic_canister_backend/deploy-civic.sh
-```
-
-
-RP Frontend: 
+Update the  that are printed in the CLI for the relying and civic dummy canister and then deploy them
 ```
-cd src/relying_canister_frontend
-yarn install
-yarn build
-./deploy-rp.sh
+dfx deploy relying_canister_frontend && dfx deploy relying_canister_frontend
 ```
 
 ### Tests

diff --git a/src/civic_canister_backend/src/credential.rs b/src/civic_canister_backend/src/credential.rs
@@ -37,9 +37,6 @@ use identity_core::common::Timestamp;
 // The expiration of issued verifiable credentials.
 const MINUTE_NS: u64 = 60 * 1_000_000_000;
 const VC_EXPIRATION_PERIOD_NS: u64 = 15 * MINUTE_NS;
-// Authorized Civic Principal - get this from the frontend
-const AUTHORIZED_PRINCIPAL: &str =
-    "tglqb-kbqlj-to66e-3w5sg-kkz32-c6ffi-nsnta-vj2gf-vdcc5-5rzjk-jae";
 
 lazy_static! {
     // Seed and public key used for signing the credentials.
@@ -172,7 +169,7 @@ fn authorize_vc_request(
 
 #[update]
 #[candid_method(update)]
-fn add_credentials(principal: Principal, new_credentials: Vec<StoredCredential>) -> String {
+fn add_credentials(principal: Principal, new_credentials: Vec<StoredCredential>) -> Result<String, CredentialError> {
     let caller = ic_cdk::api::caller();
 
     // Access the configuration and check if the caller is an authorized issuer
@@ -183,16 +180,22 @@ fn add_credentials(principal: Principal, new_credentials: Vec<StoredCredential>)
     });
 
     if !is_authorized {
-        return "Unauthorized: You do not have permission to add credentials.".to_string();
+        return Err(CredentialError::UnauthorizedSubject(format!(
+            "Unauthorized issuer: {}",
+            caller.to_text()
+        )));
     }
 
     // If authorized, proceed to add credentials
     CREDENTIALS.with_borrow_mut(|credentials| {
-        let entry = credentials.entry(principal).or_insert_with(Vec::new);
+        let entry: &mut Vec<StoredCredential> = credentials.entry(principal).or_insert_with(Vec::new);
         entry.extend(new_credentials.clone());
     });
 
-    format!("Added credentials: \n{:?}", new_credentials)
+    return Ok(format!(
+        "Credentials added successfully: {:?}",
+        new_credentials
+    ));
 }
 
 #[update]
@@ -202,13 +205,21 @@ fn update_credential(
     credential_id: String,
     updated_credential: StoredCredential,
 ) -> Result<String, CredentialError> {
-    // Check if the caller is the authorized principal
-    if caller().to_text() != AUTHORIZED_PRINCIPAL {
-        return Err(CredentialError::UnauthorizedSubject(
-            "Unauthorized: You do not have permission to update credentials.".to_string(),
-        ));
-    }
+    let caller = ic_cdk::api::caller();
 
+    // Access the configuration and check if the caller is an authorized issuer
+    let is_authorized = CONFIG.with(|config_cell| {
+        let config = config_cell.borrow();
+        let current_config = config.get();
+        current_config.authorized_issuers.contains(&caller)
+    });
+
+    if !is_authorized {
+        return Err(CredentialError::UnauthorizedSubject(format!(
+            "Unauthorized issuer: {}",
+            caller.to_text()
+        )));
+    }
     // Access the credentials storage and attempt to update the specified credential
     CREDENTIALS.with_borrow_mut(|credentials| {
         if let Some(creds) = credentials.get_mut(&principal) {

diff --git a/src/civic_canister_frontend/scripts/issue-credential.ts b/src/civic_canister_frontend/scripts/issue-credential.ts
@@ -17,7 +17,7 @@ const dummyCivicSampleKey = new Uint8Array([
 ]);
 
 // Dummy principal for testing purposes - this is the principal from the vc-flows that represents the user id from the civic POV (the same user that logs into the demo RP)
-const principal = Principal.fromText("vf76i-nmrzf-fiv3u-tnduz-litud-n6xqn-yw4em-c32vp-m55jf-fgsys-3ae");
+const principal = Principal.fromText("your-principal-here");
 
 // Define the dummy credential
 const id = ["id", { Text: "did:example:c276e12ec21ebfeb1f712ebc6f1" }];