Add API v2 identity_register method

src/canister_tests/src/api/internet_identity/api_v2.rs

@@ -1,12 +1,34 @@
 use candid::Principal;
 use ic_cdk::api::management_canister::main::CanisterId;
-use ic_test_state_machine_client::{call_candid_as, CallError, StateMachine};
-use internet_identity_interface::internet_identity::types::{
-    AuthnMethodAddResponse, AuthnMethodData, AuthnMethodRemoveResponse, IdentityInfoResponse,
-    IdentityMetadataReplaceResponse, IdentityNumber, MetadataEntry, PublicKey,
-};
+use ic_test_state_machine_client::{call_candid, call_candid_as, CallError, StateMachine};
+use internet_identity_interface::internet_identity::types::*;
 use std::collections::HashMap;
 
+pub fn captcha_create(
+    env: &StateMachine,
+    canister_id: CanisterId,
+) -> Result<Option<CaptchaCreateResponse>, CallError> {
+    call_candid(env, canister_id, "captcha_create", ()).map(|(x,)| x)
+}
+
+pub fn identity_register(
+    env: &StateMachine,
+    canister_id: CanisterId,
+    sender: Principal,
+    authn_method: &AuthnMethodData,
+    challenge_attempt: &ChallengeAttempt,
+    temp_key: Option<Principal>,
+) -> Result<Option<IdentityRegisterResponse>, CallError> {
+    call_candid_as(
+        env,
+        canister_id,
+        sender,
+        "identity_register",
+        (authn_method, challenge_attempt, temp_key),
+    )
+    .map(|(x,)| x)
+}
+
 pub fn identity_info(
     env: &StateMachine,
     canister_id: CanisterId,

src/frontend/generated/internet_identity_idl.js

@@ -99,6 +99,7 @@ export const idlFactory = ({ IDL }) => {
     'png_base64' : IDL.Text,
     'challenge_key' : ChallengeKey,
   });
+  const CaptchaCreateResponse = IDL.Variant({ 'ok' : Challenge });
   const DeployArchiveResult = IDL.Variant({
     'creation_in_progress' : IDL.Null,
     'success' : IDL.Principal,
@@ -215,6 +216,17 @@ export const idlFactory = ({ IDL }) => {
   });
   const IdentityInfoResponse = IDL.Variant({ 'ok' : IdentityInfo });
   const IdentityMetadataReplaceResponse = IDL.Variant({ 'ok' : IDL.Null });
+  const ChallengeResult = IDL.Record({
+    'key' : ChallengeKey,
+    'chars' : IDL.Text,
+  });
+  const CaptchaResult = ChallengeResult;
+  const IdentityRegisterResponse = IDL.Variant({
+    'ok' : IdentityNumber,
+    'invalid_metadata' : IDL.Text,
+    'bad_captcha' : IDL.Null,
+    'canister_full' : IDL.Null,
+  });
   const UserKey = PublicKey;
   const PrepareIdAliasRequest = IDL.Record({
     'issuer' : FrontendHostname,
@@ -230,10 +242,6 @@ export const idlFactory = ({ IDL }) => {
     'ok' : PreparedIdAlias,
     'authentication_failed' : IDL.Text,
   });
-  const ChallengeResult = IDL.Record({
-    'key' : ChallengeKey,
-    'chars' : IDL.Text,
-  });
   const RegisterResponse = IDL.Variant({
     'bad_challenge' : IDL.Null,
     'canister_full' : IDL.Null,
@@ -276,6 +284,7 @@ export const idlFactory = ({ IDL }) => {
         [IDL.Opt(AuthnMethodRemoveResponse)],
         [],
       ),
+    'captcha_create' : IDL.Func([], [IDL.Opt(CaptchaCreateResponse)], []),
     'create_challenge' : IDL.Func([], [Challenge], []),
     'deploy_archive' : IDL.Func([IDL.Vec(IDL.Nat8)], [DeployArchiveResult], []),
     'enter_device_registration_mode' : IDL.Func([UserNumber], [Timestamp], []),
@@ -314,6 +323,11 @@ export const idlFactory = ({ IDL }) => {
         [IDL.Opt(IdentityMetadataReplaceResponse)],
         [],
       ),
+    'identity_register' : IDL.Func(
+        [AuthnMethodData, CaptchaResult, IDL.Opt(IDL.Principal)],
+        [IDL.Opt(IdentityRegisterResponse)],
+        [],
+      ),
     'init_salt' : IDL.Func([], [], []),
     'lookup' : IDL.Func([UserNumber], [IDL.Vec(DeviceData)], ['query']),
     'prepare_delegation' : IDL.Func(

src/frontend/generated/internet_identity_types.d.ts

@@ -51,6 +51,8 @@ export interface BufferedArchiveEntry {
   'anchor_number' : UserNumber,
   'timestamp' : Timestamp,
 }
+export type CaptchaCreateResponse = { 'ok' : Challenge };
+export type CaptchaResult = ChallengeResult;
 export interface Challenge {
   'png_base64' : string,
   'challenge_key' : ChallengeKey,
@@ -138,6 +140,10 @@ export interface IdentityInfo {
 export type IdentityInfoResponse = { 'ok' : IdentityInfo };
 export type IdentityMetadataReplaceResponse = { 'ok' : null };
 export type IdentityNumber = bigint;
+export type IdentityRegisterResponse = { 'ok' : IdentityNumber } |
+  { 'invalid_metadata' : string } |
+  { 'bad_captcha' : null } |
+  { 'canister_full' : null };
 export interface InternetIdentityInit {
   'max_num_latest_delegation_origins' : [] | [bigint],
   'assigned_user_number_range' : [] | [[bigint, bigint]],
@@ -241,6 +247,7 @@ export interface _SERVICE {
     [IdentityNumber, PublicKey],
     [] | [AuthnMethodRemoveResponse]
   >,
+  'captcha_create' : ActorMethod<[], [] | [CaptchaCreateResponse]>,
   'create_challenge' : ActorMethod<[], Challenge>,
   'deploy_archive' : ActorMethod<[Uint8Array | number[]], DeployArchiveResult>,
   'enter_device_registration_mode' : ActorMethod<[UserNumber], Timestamp>,
@@ -261,6 +268,10 @@ export interface _SERVICE {
     [IdentityNumber, MetadataMap],
     [] | [IdentityMetadataReplaceResponse]
   >,
+  'identity_register' : ActorMethod<
+    [AuthnMethodData, CaptchaResult, [] | [Principal]],
+    [] | [IdentityRegisterResponse]
+  >,
   'init_salt' : ActorMethod<[], undefined>,
   'lookup' : ActorMethod<[UserNumber], Array<DeviceData>>,
   'prepare_delegation' : ActorMethod<

src/internet_identity/internet_identity.did

@@ -241,6 +241,7 @@ type ChallengeResult = record {
     key : ChallengeKey;
     chars : text;
 };
+type CaptchaResult = ChallengeResult;
 
 // Extra information about registration status for new devices
 type DeviceRegistrationInfo = record {
@@ -357,6 +358,21 @@ type IdentityInfo = record {
     metadata: MetadataMap;
 };
 
+type CaptchaCreateResponse = variant {
+    ok: Challenge;
+};
+
+type IdentityRegisterResponse = variant {
+    // Registration successful.
+    ok: IdentityNumber;
+    // No more registrations are possible in this instance of the II service canister.
+    canister_full;
+    // The captcha check was not successful.
+    bad_captcha;
+    // The metadata of the provided authentication method contains invalid entries.
+    invalid_metadata: text;
+};
+
 type IdentityInfoResponse = variant {
     ok: IdentityInfo;
 };
@@ -474,6 +490,16 @@ service : (opt InternetIdentityInit) -> {
     // A client decoding a response as `null` indicates outdated type information
     // and should be treated as an error.
 
+
+    // Creates a new captcha. The solution needs to be submitted using the
+    // `identity_register` call.
+    captcha_create: () -> (opt CaptchaCreateResponse);
+
+    // Registers a new identity with the given authn_method.
+    // A valid captcha solution to a previously generated captcha (using create_captcha) must be provided.
+    // The sender needs to match the supplied authn_method.
+    identity_register: (AuthnMethodData, CaptchaResult, opt principal) -> (opt IdentityRegisterResponse);
+
     // Returns information about the identity with the given number.
     // Requires authentication.
     identity_info: (IdentityNumber) -> (opt IdentityInfoResponse);

src/internet_identity/src/main.rs

@@ -505,6 +505,33 @@ fn check_authentication(anchor_number: AnchorNumber) -> Result<(Anchor, DeviceKe
 mod v2_api {
     use super::*;
 
+    #[update]
+    #[candid_method]
+    async fn captcha_create() -> Option<CaptchaCreateResponse> {
+        let challenge = anchor_management::registration::create_challenge().await;
+        Some(CaptchaCreateResponse::Ok(challenge))
+    }
+
+    #[update]
+    #[candid_method]
+    fn identity_register(
+        authn_method: AuthnMethodData,
+        challenge_result: ChallengeAttempt,
+        temp_key: Option<Principal>,
+    ) -> Option<IdentityRegisterResponse> {
+        let result = match DeviceWithUsage::try_from(authn_method)
+            .map_err(|err| IdentityRegisterResponse::InvalidMetadata(err.to_string()))
+        {
+            Ok(device) => IdentityRegisterResponse::from(register(
+                DeviceData::from(device),
+                challenge_result,
+                temp_key,
+            )),
+            Err(err) => err,
+        };
+        Some(result)
+    }
+
     #[update]
     #[candid_method]
     fn identity_info(identity_number: IdentityNumber) -> Option<IdentityInfoResponse> {

src/internet_identity/tests/integration/v2_api/authn_method_test_helpers.rs

@@ -1,9 +1,10 @@
-use canister_tests::api::internet_identity as api;
+use canister_tests::api::internet_identity::api_v2;
+use canister_tests::match_value;
 use ic_cdk::api::management_canister::main::CanisterId;
 use ic_test_state_machine_client::StateMachine;
 use internet_identity_interface::internet_identity::types::{
-    AuthnMethod, AuthnMethodData, AuthnMethodProtection, ChallengeAttempt, DeviceData,
-    DeviceWithUsage, IdentityNumber, PublicKeyAuthn, Purpose, RegisterResponse,
+    AuthnMethod, AuthnMethodData, AuthnMethodProtection, CaptchaCreateResponse, ChallengeAttempt,
+    IdentityNumber, IdentityRegisterResponse, PublicKeyAuthn, Purpose,
 };
 use serde_bytes::ByteBuf;
 
@@ -36,23 +37,26 @@ pub fn create_identity_with_authn_method(
     canister_id: CanisterId,
     authn_method: &AuthnMethodData,
 ) -> IdentityNumber {
-    let challenge = api::create_challenge(env, canister_id).unwrap();
-    let device = DeviceData::from(DeviceWithUsage::try_from(authn_method.clone()).unwrap());
+    match_value!(
+        api_v2::captcha_create(env, canister_id).unwrap(),
+        Some(CaptchaCreateResponse::Ok(challenge))
+    );
+
     let challenge_attempt = ChallengeAttempt {
         chars: "a".to_string(),
         key: challenge.challenge_key,
     };
-    let RegisterResponse::Registered { user_number } = api::register(
-        env,
-        canister_id,
-        device.principal(),
-        &device,
-        &challenge_attempt,
-        None,
-    )
-    .unwrap() else {
-        panic!("Expected device to be registered");
-    };
+    match_value!(
+        api_v2::identity_register(
+            env,
+            canister_id,
+            authn_method.principal(),
+            authn_method,
+            &challenge_attempt,
+            None,
+        ),
+        Ok(Some(IdentityRegisterResponse::Ok(user_number)))
+    );
     user_number
 }