diff --git a/src/canister_tests/src/api/internet_identity/api_v2.rs b/src/canister_tests/src/api/internet_identity/api_v2.rs index e566f1155e..afd8e452c2 100644 --- a/src/canister_tests/src/api/internet_identity/api_v2.rs +++ b/src/canister_tests/src/api/internet_identity/api_v2.rs @@ -160,7 +160,7 @@ pub fn authn_method_remove( .map(|(x,)| x) } -pub fn tentative_authn_method_registration_mode_enter( +pub fn authn_method_registration_mode_enter( env: &StateMachine, canister_id: CanisterId, sender: Principal, @@ -170,13 +170,13 @@ pub fn tentative_authn_method_registration_mode_enter( env, canister_id, sender, - "tentative_authn_method_registration_mode_enter", + "authn_method_registration_mode_enter", (identity_number,), ) .map(|(x,)| x) } -pub fn tentative_authn_method_registration_mode_exit( +pub fn authn_method_registration_mode_exit( env: &StateMachine, canister_id: CanisterId, sender: Principal, @@ -186,40 +186,40 @@ pub fn tentative_authn_method_registration_mode_exit( env, canister_id, sender, - "tentative_authn_method_registration_mode_exit", + "authn_method_registration_mode_exit", (identity_number,), ) .map(|(x,)| x) } -pub fn tentative_authn_method_add( +pub fn authn_method_register( env: &StateMachine, canister_id: CanisterId, identity_number: IdentityNumber, authn_method: &AuthnMethodData, -) -> Result, CallError> { +) -> Result, CallError> { call_candid( env, canister_id, - "tentative_authn_method_add", + "authn_method_register", (identity_number, authn_method), ) .map(|(x,)| x) } -pub fn tentative_authn_method_verify( +pub fn authn_method_confirm( env: &StateMachine, canister_id: CanisterId, sender: Principal, identity_number: IdentityNumber, - verification_code: &str, -) -> Result, CallError> { + confirmation_code: &str, +) -> Result, CallError> { call_candid_as( env, canister_id, sender, - "tentative_authn_method_verify", - (identity_number, verification_code), + "authn_method_confirm", + (identity_number, confirmation_code), ) .map(|(x,)| x) } diff --git a/src/frontend/generated/internet_identity_idl.js b/src/frontend/generated/internet_identity_idl.js index a0c38c6846..dcac4a0818 100644 --- a/src/frontend/generated/internet_identity_idl.js +++ b/src/frontend/generated/internet_identity_idl.js @@ -110,10 +110,24 @@ export const idlFactory = ({ IDL }) => { 'authn_method' : AuthnMethod, }); const AuthnMethodAddError = IDL.Variant({ 'InvalidMetadata' : IDL.Text }); + const AuthnMethodConfirmationError = IDL.Variant({ + 'RegistrationModeOff' : IDL.Null, + 'NoAuthnMethodToConfirm' : IDL.Null, + 'WrongCode' : IDL.Record({ 'retries_left' : IDL.Nat8 }), + }); const AuthnMethodMetadataReplaceError = IDL.Variant({ 'AuthnMethodNotFound' : IDL.Null, 'InvalidMetadata' : IDL.Text, }); + const AuthnMethodConfirmationCode = IDL.Record({ + 'confirmation_code' : IDL.Text, + 'expiration' : Timestamp, + }); + const AuthnMethodRegisterError = IDL.Variant({ + 'RegistrationModeOff' : IDL.Null, + 'RegistrationAlreadyInProgress' : IDL.Null, + 'InvalidMetadata' : IDL.Text, + }); const AuthnMethodReplaceError = IDL.Variant({ 'AuthnMethodNotFound' : IDL.Null, 'InvalidMetadata' : IDL.Text, @@ -283,20 +297,6 @@ export const idlFactory = ({ IDL }) => { 'archive_info' : ArchiveInfo, 'canister_creation_cycles_cost' : IDL.Nat64, }); - const TentativeAuthnMethodAddInfo = IDL.Record({ - 'expiration' : Timestamp, - 'verification_code' : IDL.Text, - }); - const TentativeAuthnMethodAddError = IDL.Variant({ - 'RegistrationModeOff' : IDL.Null, - 'VerificationAlreadyInProgress' : IDL.Null, - 'InvalidMetadata' : IDL.Text, - }); - const TentativeAuthnMethodVerificationError = IDL.Variant({ - 'NoAuthnMethodToVerify' : IDL.Null, - 'RegistrationModeOff' : IDL.Null, - 'WrongCode' : IDL.Record({ 'retries_left' : IDL.Nat8 }), - }); const VerifyTentativeDeviceResponse = IDL.Variant({ 'device_registration_mode_off' : IDL.Null, 'verified' : IDL.Null, @@ -316,6 +316,16 @@ export const idlFactory = ({ IDL }) => { [IDL.Variant({ 'Ok' : IDL.Null, 'Err' : AuthnMethodAddError })], [], ), + 'authn_method_confirm' : IDL.Func( + [IdentityNumber, IDL.Text], + [ + IDL.Variant({ + 'Ok' : IDL.Null, + 'Err' : AuthnMethodConfirmationError, + }), + ], + [], + ), 'authn_method_metadata_replace' : IDL.Func( [IdentityNumber, PublicKey, MetadataMapV2], [ @@ -326,6 +336,31 @@ export const idlFactory = ({ IDL }) => { ], [], ), + 'authn_method_register' : IDL.Func( + [IdentityNumber, AuthnMethodData], + [ + IDL.Variant({ + 'Ok' : AuthnMethodConfirmationCode, + 'Err' : AuthnMethodRegisterError, + }), + ], + [], + ), + 'authn_method_registration_mode_enter' : IDL.Func( + [IdentityNumber], + [ + IDL.Variant({ + 'Ok' : IDL.Record({ 'expiration' : Timestamp }), + 'Err' : IDL.Null, + }), + ], + [], + ), + 'authn_method_registration_mode_exit' : IDL.Func( + [IdentityNumber], + [IDL.Variant({ 'Ok' : IDL.Null, 'Err' : IDL.Null })], + [], + ), 'authn_method_remove' : IDL.Func( [IdentityNumber, PublicKey], [IDL.Variant({ 'Ok' : IDL.Null, 'Err' : IDL.Null })], @@ -419,41 +454,6 @@ export const idlFactory = ({ IDL }) => { 'remove' : IDL.Func([UserNumber, DeviceKey], [], []), 'replace' : IDL.Func([UserNumber, DeviceKey, DeviceData], [], []), 'stats' : IDL.Func([], [InternetIdentityStats], ['query']), - 'tentative_authn_method_add' : IDL.Func( - [IdentityNumber, AuthnMethodData], - [ - IDL.Variant({ - 'Ok' : TentativeAuthnMethodAddInfo, - 'Err' : TentativeAuthnMethodAddError, - }), - ], - [], - ), - 'tentative_authn_method_registration_mode_enter' : IDL.Func( - [IdentityNumber], - [ - IDL.Variant({ - 'Ok' : IDL.Record({ 'expiration' : Timestamp }), - 'Err' : IDL.Null, - }), - ], - [], - ), - 'tentative_authn_method_registration_mode_exit' : IDL.Func( - [IdentityNumber], - [IDL.Variant({ 'Ok' : IDL.Null, 'Err' : IDL.Null })], - [], - ), - 'tentative_authn_method_verify' : IDL.Func( - [IdentityNumber, IDL.Text], - [ - IDL.Variant({ - 'Ok' : IDL.Null, - 'Err' : TentativeAuthnMethodVerificationError, - }), - ], - [], - ), 'update' : IDL.Func([UserNumber, DeviceKey, DeviceData], [], []), 'verify_tentative_device' : IDL.Func( [UserNumber, IDL.Text], diff --git a/src/frontend/generated/internet_identity_types.d.ts b/src/frontend/generated/internet_identity_types.d.ts index 76626f2223..f41d2a9ef7 100644 --- a/src/frontend/generated/internet_identity_types.d.ts +++ b/src/frontend/generated/internet_identity_types.d.ts @@ -30,6 +30,13 @@ export interface ArchiveInfo { export type AuthnMethod = { 'PubKey' : PublicKeyAuthn } | { 'WebAuthn' : WebAuthn }; export type AuthnMethodAddError = { 'InvalidMetadata' : string }; +export interface AuthnMethodConfirmationCode { + 'confirmation_code' : string, + 'expiration' : Timestamp, +} +export type AuthnMethodConfirmationError = { 'RegistrationModeOff' : null } | + { 'NoAuthnMethodToConfirm' : null } | + { 'WrongCode' : { 'retries_left' : number } }; export interface AuthnMethodData { 'security_settings' : AuthnMethodSecuritySettings, 'metadata' : MetadataMapV2, @@ -42,6 +49,9 @@ export type AuthnMethodProtection = { 'Protected' : null } | { 'Unprotected' : null }; export type AuthnMethodPurpose = { 'Recovery' : null } | { 'Authentication' : null }; +export type AuthnMethodRegisterError = { 'RegistrationModeOff' : null } | + { 'RegistrationAlreadyInProgress' : null } | + { 'InvalidMetadata' : string }; export interface AuthnMethodRegistrationInfo { 'expiration' : Timestamp, 'authn_method' : [] | [AuthnMethodData], @@ -230,18 +240,6 @@ export interface StreamingCallbackHttpResponse { export type StreamingStrategy = { 'Callback' : { 'token' : Token, 'callback' : [Principal, string] } }; -export type TentativeAuthnMethodAddError = { 'RegistrationModeOff' : null } | - { 'VerificationAlreadyInProgress' : null } | - { 'InvalidMetadata' : string }; -export interface TentativeAuthnMethodAddInfo { - 'expiration' : Timestamp, - 'verification_code' : string, -} -export type TentativeAuthnMethodVerificationError = { - 'NoAuthnMethodToVerify' : null - } | - { 'RegistrationModeOff' : null } | - { 'WrongCode' : { 'retries_left' : number } }; export type Timestamp = bigint; export type Token = {}; export type UserKey = PublicKey; @@ -272,11 +270,31 @@ export interface _SERVICE { { 'Ok' : null } | { 'Err' : AuthnMethodAddError } >, + 'authn_method_confirm' : ActorMethod< + [IdentityNumber, string], + { 'Ok' : null } | + { 'Err' : AuthnMethodConfirmationError } + >, 'authn_method_metadata_replace' : ActorMethod< [IdentityNumber, PublicKey, MetadataMapV2], { 'Ok' : null } | { 'Err' : AuthnMethodMetadataReplaceError } >, + 'authn_method_register' : ActorMethod< + [IdentityNumber, AuthnMethodData], + { 'Ok' : AuthnMethodConfirmationCode } | + { 'Err' : AuthnMethodRegisterError } + >, + 'authn_method_registration_mode_enter' : ActorMethod< + [IdentityNumber], + { 'Ok' : { 'expiration' : Timestamp } } | + { 'Err' : null } + >, + 'authn_method_registration_mode_exit' : ActorMethod< + [IdentityNumber], + { 'Ok' : null } | + { 'Err' : null } + >, 'authn_method_remove' : ActorMethod< [IdentityNumber, PublicKey], { 'Ok' : null } | @@ -350,26 +368,6 @@ export interface _SERVICE { 'remove' : ActorMethod<[UserNumber, DeviceKey], undefined>, 'replace' : ActorMethod<[UserNumber, DeviceKey, DeviceData], undefined>, 'stats' : ActorMethod<[], InternetIdentityStats>, - 'tentative_authn_method_add' : ActorMethod< - [IdentityNumber, AuthnMethodData], - { 'Ok' : TentativeAuthnMethodAddInfo } | - { 'Err' : TentativeAuthnMethodAddError } - >, - 'tentative_authn_method_registration_mode_enter' : ActorMethod< - [IdentityNumber], - { 'Ok' : { 'expiration' : Timestamp } } | - { 'Err' : null } - >, - 'tentative_authn_method_registration_mode_exit' : ActorMethod< - [IdentityNumber], - { 'Ok' : null } | - { 'Err' : null } - >, - 'tentative_authn_method_verify' : ActorMethod< - [IdentityNumber, string], - { 'Ok' : null } | - { 'Err' : TentativeAuthnMethodVerificationError } - >, 'update' : ActorMethod<[UserNumber, DeviceKey, DeviceData], undefined>, 'verify_tentative_device' : ActorMethod< [UserNumber, string], diff --git a/src/internet_identity/internet_identity.did b/src/internet_identity/internet_identity.did index b8978ceba5..4932316f0d 100644 --- a/src/internet_identity/internet_identity.did +++ b/src/internet_identity/internet_identity.did @@ -367,29 +367,29 @@ type AuthnMethodRegistrationInfo = record { expiration: Timestamp; }; -type TentativeAuthnMethodAddInfo = record { - verification_code: text; +type AuthnMethodConfirmationCode = record { + confirmation_code: text; expiration: Timestamp; }; -type TentativeAuthnMethodAddError = variant { +type AuthnMethodRegisterError = variant { // Authentication method registration mode is off, either due to timeout or because it was never enabled. RegistrationModeOff; - // There is another authentication method already added tentatively that needs to be verified first. - VerificationAlreadyInProgress; + // There is another authentication method already registered that needs to be confirmed first. + RegistrationAlreadyInProgress; // The metadata of the provided authentication method contains invalid entries. InvalidMetadata: text; }; -type TentativeAuthnMethodVerificationError = variant { - // Wrong verification code entered. Retry with correct code. +type AuthnMethodConfirmationError = variant { + // Wrong confirmation code entered. Retry with correct code. WrongCode: record { retries_left: nat8 }; // Authentication method registration mode is off, either due to timeout or because it was never enabled. RegistrationModeOff; - // There is no tentative authentication method to be verified. - NoAuthnMethodToVerify; + // There is no registered authentication method to be confirmed. + NoAuthnMethodToConfirm; }; type IdentityAuthnInfo = record { @@ -571,25 +571,25 @@ service : (opt InternetIdentityInit) -> { authn_method_remove: (IdentityNumber, PublicKey) -> (variant {Ok; Err;}); // Enters the authentication method registration mode for the identity. - // In this mode, a new authentication method can be added tentatively, which then needs to be - // verified before it can be used for authentication on this identity. + // In this mode, a new authentication method can be registered, which then needs to be + // confirmed before it can be used for authentication on this identity. // The registration mode is automatically exited after the returned expiration timestamp. // Requires authentication. - tentative_authn_method_registration_mode_enter : (IdentityNumber) -> (variant {Ok: record { expiration: Timestamp; }; Err;}); + authn_method_registration_mode_enter : (IdentityNumber) -> (variant {Ok: record { expiration: Timestamp; }; Err;}); // Exits the authentication method registration mode for the identity. // Requires authentication. - tentative_authn_method_registration_mode_exit : (IdentityNumber) -> (variant {Ok; Err;}); + authn_method_registration_mode_exit : (IdentityNumber) -> (variant {Ok; Err;}); - // Tentatively adds a new authentication method to the identity. - // This authentication method needs to be verified before it can be used for authentication on this identity. - tentative_authn_method_add: (IdentityNumber, AuthnMethodData) -> (variant {Ok: TentativeAuthnMethodAddInfo; Err: TentativeAuthnMethodAddError;}); + // Registers a new authentication method to the identity. + // This authentication method needs to be confirmed before it can be used for authentication on this identity. + authn_method_register: (IdentityNumber, AuthnMethodData) -> (variant {Ok: AuthnMethodConfirmationCode; Err: AuthnMethodRegisterError;}); - // Verifies a previously added tentative authentication method. - // On successful verification, the tentative authentication method is permanently added to the identity and can + // Confirms a previously registered authentication method. + // On successful confirmation, the authentication method is permanently added to the identity and can // subsequently be used for authentication for that identity. // Requires authentication. - tentative_authn_method_verify: (IdentityNumber, verification_code: text) -> (variant {Ok; Err: TentativeAuthnMethodVerificationError;}); + authn_method_confirm: (IdentityNumber, confirmation_code: text) -> (variant {Ok; Err: AuthnMethodConfirmationError;}); // Attribute Sharing MVP API // The methods below are used to generate ID-alias credentials during attribute sharing flow. diff --git a/src/internet_identity/src/main.rs b/src/internet_identity/src/main.rs index 4f78aecefa..70895be2cf 100644 --- a/src/internet_identity/src/main.rs +++ b/src/internet_identity/src/main.rs @@ -714,7 +714,7 @@ mod v2_api { #[update] #[candid_method] - fn tentative_authn_method_registration_mode_enter( + fn authn_method_registration_mode_enter( identity_number: IdentityNumber, ) -> Result { let timeout = enter_device_registration_mode(identity_number); @@ -725,56 +725,54 @@ mod v2_api { #[update] #[candid_method] - fn tentative_authn_method_registration_mode_exit( - identity_number: IdentityNumber, - ) -> Result<(), ()> { + fn authn_method_registration_mode_exit(identity_number: IdentityNumber) -> Result<(), ()> { exit_device_registration_mode(identity_number); Ok(()) } #[update] #[candid_method] - async fn tentative_authn_method_add( + async fn authn_method_register( identity_number: IdentityNumber, authn_method: AuthnMethodData, - ) -> Result { + ) -> Result { let device = DeviceWithUsage::try_from(authn_method) - .map_err(|err| TentativeAuthnMethodAddError::InvalidMetadata(err.to_string()))?; + .map_err(|err| AuthnMethodRegisterError::InvalidMetadata(err.to_string()))?; let result = add_tentative_device(identity_number, DeviceData::from(device)).await; match result { AddTentativeDeviceResponse::AddedTentatively { device_registration_timeout, verification_code, - } => Ok(TentativeAuthnMethodAddInfo { + } => Ok(AuthnMethodConfirmationCode { expiration: device_registration_timeout, - verification_code, + confirmation_code: verification_code, }), AddTentativeDeviceResponse::DeviceRegistrationModeOff => { - Err(TentativeAuthnMethodAddError::RegistrationModeOff) + Err(AuthnMethodRegisterError::RegistrationModeOff) } AddTentativeDeviceResponse::AnotherDeviceTentativelyAdded => { - Err(TentativeAuthnMethodAddError::VerificationAlreadyInProgress) + Err(AuthnMethodRegisterError::RegistrationAlreadyInProgress) } } } #[update] #[candid_method] - fn tentative_authn_method_verify( + fn authn_method_confirm( identity_number: IdentityNumber, - verification_code: String, - ) -> Result<(), TentativeAuthnMethodVerificationError> { - let response = verify_tentative_device(identity_number, verification_code); + confirmation_code: String, + ) -> Result<(), AuthnMethodConfirmationError> { + let response = verify_tentative_device(identity_number, confirmation_code); match response { VerifyTentativeDeviceResponse::Verified => Ok(()), VerifyTentativeDeviceResponse::WrongCode { retries_left } => { - Err(TentativeAuthnMethodVerificationError::WrongCode { retries_left }) + Err(AuthnMethodConfirmationError::WrongCode { retries_left }) } VerifyTentativeDeviceResponse::DeviceRegistrationModeOff => { - Err(TentativeAuthnMethodVerificationError::RegistrationModeOff) + Err(AuthnMethodConfirmationError::RegistrationModeOff) } VerifyTentativeDeviceResponse::NoDeviceToVerify => { - Err(TentativeAuthnMethodVerificationError::NoAuthnMethodToVerify) + Err(AuthnMethodConfirmationError::NoAuthnMethodToConfirm) } } } diff --git a/src/internet_identity/tests/integration/v2_api/tentative_authn_method.rs b/src/internet_identity/tests/integration/v2_api/authn_method_registration.rs similarity index 65% rename from src/internet_identity/tests/integration/v2_api/tentative_authn_method.rs rename to src/internet_identity/tests/integration/v2_api/authn_method_registration.rs index c0b95bbc44..0613647698 100644 --- a/src/internet_identity/tests/integration/v2_api/tentative_authn_method.rs +++ b/src/internet_identity/tests/integration/v2_api/authn_method_registration.rs @@ -9,8 +9,8 @@ use canister_tests::framework::{ use ic_test_state_machine_client::CallError; use ic_test_state_machine_client::ErrorCode::CanisterCalledTrap; use internet_identity_interface::internet_identity::types::{ - AuthnMethodRegistration, TentativeAuthnMethodAddError, TentativeAuthnMethodAddInfo, - TentativeAuthnMethodVerificationError, + AuthnMethodConfirmationCode, AuthnMethodConfirmationError, AuthnMethodRegisterError, + AuthnMethodRegistration, }; use regex::Regex; use std::ops::Add; @@ -23,13 +23,13 @@ fn should_enter_authn_method_registration_mode() -> Result<(), CallError> { let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - let result = api_v2::tentative_authn_method_registration_mode_enter( + let result = api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); assert_eq!( result.expiration, @@ -49,7 +49,7 @@ fn should_require_authentication_to_enter_authn_method_registration_mode() { let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - let result = api_v2::tentative_authn_method_registration_mode_enter( + let result = api_v2::authn_method_registration_mode_enter( &env, canister_id, Principal::anonymous(), @@ -64,64 +64,64 @@ fn should_require_authentication_to_enter_authn_method_registration_mode() { } #[test] -fn should_register_tentative_authn_method() -> Result<(), CallError> { +fn should_register_authn_method() -> Result<(), CallError> { let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); - let add_response = api_v2::tentative_authn_method_add( + let add_response = api_v2::authn_method_register( &env, canister_id, identity_number, &sample_pubkey_authn_method(1), )? - .expect("tentative_authn_method_add failed"); + .expect("authn_method_register failed"); - api_v2::tentative_authn_method_verify( + api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), identity_number, - &add_response.verification_code, + &add_response.confirmation_code, )? - .expect("tentative_authn_method_verify failed"); + .expect("authn_method_confirm failed"); Ok(()) } #[test] -fn should_verify_tentative_authn_method_after_failed_attempt() -> Result<(), CallError> { +fn should_verify_authn_method_after_failed_attempt() -> Result<(), CallError> { let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); - let add_response = api_v2::tentative_authn_method_add( + let add_response = api_v2::authn_method_register( &env, canister_id, identity_number, &sample_pubkey_authn_method(1), )? - .expect("tentative_authn_method_add failed"); + .expect("authn_method_register failed"); - let result = api_v2::tentative_authn_method_verify( + let result = api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), @@ -131,40 +131,40 @@ fn should_verify_tentative_authn_method_after_failed_attempt() -> Result<(), Cal assert!(matches!( result, - Err(TentativeAuthnMethodVerificationError::WrongCode { retries_left: 2 }) + Err(AuthnMethodConfirmationError::WrongCode { retries_left: 2 }) )); - api_v2::tentative_authn_method_verify( + api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), identity_number, - &add_response.verification_code, + &add_response.confirmation_code, )? - .expect("tentative_authn_method_verify failed"); + .expect("authn_method_confirm failed"); Ok(()) } #[test] -fn identity_info_should_return_tentative_authn_method() -> Result<(), CallError> { +fn identity_info_should_return_authn_method() -> Result<(), CallError> { let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); let authn_method2 = sample_pubkey_authn_method(1); - let TentativeAuthnMethodAddInfo { expiration, .. } = - api_v2::tentative_authn_method_add(&env, canister_id, identity_number, &authn_method2)? - .expect("tentative_authn_method_add failed"); + let AuthnMethodConfirmationCode { expiration, .. } = + api_v2::authn_method_register(&env, canister_id, identity_number, &authn_method2)? + .expect("authn_method_register failed"); let identity_info = api_v2::identity_info(&env, canister_id, authn_method.principal(), identity_number)? @@ -180,13 +180,13 @@ fn identity_info_should_return_tentative_authn_method() -> Result<(), CallError> } #[test] -fn should_reject_tentative_authn_method_if_not_in_registration_mode() -> Result<(), CallError> { +fn should_reject_authn_method_if_not_in_registration_mode() -> Result<(), CallError> { let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - let result = api_v2::tentative_authn_method_add( + let result = api_v2::authn_method_register( &env, canister_id, identity_number, @@ -195,25 +195,25 @@ fn should_reject_tentative_authn_method_if_not_in_registration_mode() -> Result< assert!(matches!( result, - Err(TentativeAuthnMethodAddError::RegistrationModeOff) + Err(AuthnMethodRegisterError::RegistrationModeOff) )); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); - api_v2::tentative_authn_method_registration_mode_exit( + .expect("authn_method_registration_mode_enter failed"); + api_v2::authn_method_registration_mode_exit( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_exit failed"); - let result = api_v2::tentative_authn_method_add( + let result = api_v2::authn_method_register( &env, canister_id, identity_number, @@ -222,30 +222,30 @@ fn should_reject_tentative_authn_method_if_not_in_registration_mode() -> Result< assert!(matches!( result, - Err(TentativeAuthnMethodAddError::RegistrationModeOff) + Err(AuthnMethodRegisterError::RegistrationModeOff) )); Ok(()) } #[test] -fn should_reject_tentative_authn_method_if_registration_mode_is_expired() -> Result<(), CallError> { +fn should_reject_authn_method_if_registration_mode_is_expired() -> Result<(), CallError> { const REGISTRATION_MODE_EXPIRATION: Duration = Duration::from_secs(900); let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); env.advance_time(REGISTRATION_MODE_EXPIRATION + Duration::from_secs(1)); - let result = api_v2::tentative_authn_method_add( + let result = api_v2::authn_method_register( &env, canister_id, identity_number, @@ -254,27 +254,27 @@ fn should_reject_tentative_authn_method_if_registration_mode_is_expired() -> Res assert!(matches!( result, - Err(TentativeAuthnMethodAddError::RegistrationModeOff) + Err(AuthnMethodRegisterError::RegistrationModeOff) )); Ok(()) } #[test] -fn should_reject_verification_without_tentative_authn_method() -> Result<(), CallError> { +fn should_reject_confirmation_without_authn_method() -> Result<(), CallError> { let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); - let result = api_v2::tentative_authn_method_verify( + let result = api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), @@ -284,59 +284,59 @@ fn should_reject_verification_without_tentative_authn_method() -> Result<(), Cal assert!(matches!( result, - Err(TentativeAuthnMethodVerificationError::NoAuthnMethodToVerify) + Err(AuthnMethodConfirmationError::NoAuthnMethodToConfirm) )); Ok(()) } #[test] -fn should_reject_verification_with_wrong_code() -> Result<(), CallError> { +fn should_reject_confirmation_with_wrong_code() -> Result<(), CallError> { const MAX_RETRIES: u8 = 3; let env = env(); let canister_id = install_ii_canister(&env, II_WASM.clone()); let authn_method = test_authn_method(); let identity_number = create_identity_with_authn_method(&env, canister_id, &authn_method); - api_v2::tentative_authn_method_registration_mode_enter( + api_v2::authn_method_registration_mode_enter( &env, canister_id, authn_method.principal(), identity_number, )? - .expect("tentative_authn_method_registration_mode_enter failed"); + .expect("authn_method_registration_mode_enter failed"); - api_v2::tentative_authn_method_add( + api_v2::authn_method_register( &env, canister_id, identity_number, &sample_pubkey_authn_method(1), )? - .expect("tentative_authn_method_add failed"); + .expect("authn_method_register failed"); for expected_retries in (0..MAX_RETRIES).rev() { assert!(matches!( - api_v2::tentative_authn_method_verify( + api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), identity_number, "invalid code" )?, - Err(TentativeAuthnMethodVerificationError::WrongCode { + Err(AuthnMethodConfirmationError::WrongCode { retries_left }) if retries_left == expected_retries )); } assert!(matches!( - api_v2::tentative_authn_method_verify( + api_v2::authn_method_confirm( &env, canister_id, authn_method.principal(), identity_number, "invalid code" )?, - Err(TentativeAuthnMethodVerificationError::RegistrationModeOff) + Err(AuthnMethodConfirmationError::RegistrationModeOff) )); Ok(()) } diff --git a/src/internet_identity/tests/integration/v2_api/mod.rs b/src/internet_identity/tests/integration/v2_api/mod.rs index 2893e90083..871721c989 100644 --- a/src/internet_identity/tests/integration/v2_api/mod.rs +++ b/src/internet_identity/tests/integration/v2_api/mod.rs @@ -1,5 +1,6 @@ mod authn_method_add; mod authn_method_metadata; +mod authn_method_registration; mod authn_method_remove; mod authn_method_replace; mod authn_method_security_settings; @@ -8,4 +9,3 @@ mod identity_authn_info; mod identity_info; mod identity_metadata; mod identity_register; -mod tentative_authn_method; diff --git a/src/internet_identity_interface/src/internet_identity/types/api_v2.rs b/src/internet_identity_interface/src/internet_identity/types/api_v2.rs index 70d7e3484b..d8f48b00c0 100644 --- a/src/internet_identity_interface/src/internet_identity/types/api_v2.rs +++ b/src/internet_identity_interface/src/internet_identity/types/api_v2.rs @@ -115,21 +115,21 @@ pub struct RegistrationModeInfo { } #[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)] -pub struct TentativeAuthnMethodAddInfo { - pub verification_code: String, +pub struct AuthnMethodConfirmationCode { + pub confirmation_code: String, pub expiration: Timestamp, } #[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)] -pub enum TentativeAuthnMethodAddError { +pub enum AuthnMethodRegisterError { RegistrationModeOff, - VerificationAlreadyInProgress, + RegistrationAlreadyInProgress, InvalidMetadata(String), } #[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)] -pub enum TentativeAuthnMethodVerificationError { +pub enum AuthnMethodConfirmationError { WrongCode { retries_left: u8 }, RegistrationModeOff, - NoAuthnMethodToVerify, + NoAuthnMethodToConfirm, }