Merge pull request #444 from LIT-Protocol/feature/lit-2961-auth-unifi…

…cation-breaking-remove-existing-authsigs

Feature/lit 2961 auth unification breaking remove existing authsigs

local-tests/build.mjs

@@ -34,7 +34,7 @@ export const build = async () => {
 export const postBuildPolyfill = () => {
   try {
     const file = fs.readFileSync(`./${TEST_DIR}/build/test.mjs`, 'utf8');
-    const content = `import fetch from 'cross-fetch';
+    const content = `import fetch from 'node-fetch';
 try {
   if (!globalThis.fetch) {
     globalThis.fetch = fetch;

local-tests/setup/tinny-environment.ts

@@ -14,7 +14,7 @@ export class TinnyEnvironment {
    * Environment variables used in the process.
    */
   public processEnvs: ProcessEnvs = {
-    MAX_ATTEMPTS: parseInt(process.env['MAX_ATTEMPTS']) || 3,
+    MAX_ATTEMPTS: parseInt(process.env['MAX_ATTEMPTS']) || 1,
     NETWORK: (process.env['NETWORK'] as LIT_TESTNET) || LIT_TESTNET.LOCALCHAIN,
     DEBUG: Boolean(process.env['DEBUG']) || false,
     REQUEST_PER_KILOSECOND:

local-tests/test.ts

@@ -1,8 +1,47 @@
-import { LIT_ENDPOINT_VERSION, LIT_TESTNET } from './setup/tinny-config';
+import { LIT_ENDPOINT_VERSION } from '@lit-protocol/constants';
+import { LIT_TESTNET } from './setup/tinny-config';
 import { TinnyEnvironment } from './setup/tinny-environment';
 import { runInBand, runTestsParallel } from './setup/tinny-operations';
-import { testBundleSpeed } from './tests/test-bundle-speed';
-import { testExample } from './tests/test-example';
+// import { testBundleSpeed } from './tests/test-bundle-speed';
+// import { testExample } from './tests/test-example';
+import { testUseEoaSessionSigsToExecuteJsSigning } from './tests/testUseEoaSessionSigsToExecuteJsSigning';
+import { testUseEoaSessionSigsToPkpSign } from './tests/testUseEoaSessionSigsToPkpSign';
+import { testUsePkpSessionSigsToExecuteJsSigning } from './tests/testUsePkpSessionSigsToExecuteJsSigning';
+import { testUsePkpSessionSigsToPkpSign } from './tests/testUsePkpSessionSigsToPkpSign';
+import { testUseValidLitActionCodeGeneratedSessionSigsToPkpSign } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToPkpSign';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigning } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigning';
+import { testUseEoaSessionSigsToExecuteJsSigningInParallel } from './tests/testUseEoaSessionSigsToExecuteJsSigningInParallel';
+import { testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs } from './tests/testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs';
+import { testDelegatingCapacityCreditsNFTToAnotherWalletToPkpSign } from './tests/testDelegatingCapacityCreditsNFTToAnotherWalletToPkpSign';
+import { testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToPkpSign } from './tests/testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToPkpSign';
+import { testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToExecuteJs } from './tests/testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToExecuteJs';
+import { testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToPkpSign } from './tests/testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToPkpSign';
+import { testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToExecuteJs } from './tests/testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToExecuteJs';
+import { testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs } from './tests/testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs';
+import { testUseEoaSessionSigsToExecuteJsClaimKeys } from './tests/testUseEoaSessionSigsToExecuteJsClaimKeys';
+import { testUseEoaSessionSigsToExecuteJsClaimMultipleKeys } from './tests/testUseEoaSessionSigsToExecuteJsClaimMultipleKeys';
+import { testUseEoaSessionSigsToExecuteJsJsonResponse } from './tests/testUseEoaSessionSigsToExecuteJsJsonResponse';
+import { testUseEoaSessionSigsToExecuteJsConsoleLog } from './tests/testUseEoaSessionSigsToExecuteJsConsoleLog';
+import { testUseEoaSessionSigsToEncryptDecryptString } from './tests/testUseEoaSessionSigsToEncryptDecryptString';
+import { testUsePkpSessionSigsToEncryptDecryptString } from './tests/testUsePkpSessionSigsToEncryptDecryptString';
+import { testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptString } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptString';
+import { testUseInvalidLitActionCodeToGenerateSessionSigs } from './tests/testUseInvalidLitActionCodeToGenerateSessionSigs';
+import { testUseEoaSessionSigsToEncryptDecryptFile } from './tests/testUseEoaSessionSigsToEncryptDecryptFile';
+import { testUseEoaSessionSigsToEncryptDecryptZip } from './tests/testUseEoaSessionSigsToEncryptDecryptZip';
+import { testUsePkpSessionSigsToExecuteJsSigningInParallel } from './tests/testUsePkpSessionSigsToExecuteJsSigningInParallel';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigningInParallel } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigningInParallel';
+import { testUsePkpSessionSigsToExecuteJsClaimKeys } from './tests/testUsePkpSessionSigsToExecuteJsClaimKeys';
+import { testUsePkpSessionSigsToExecuteJsClaimMultipleKeys } from './tests/testUsePkpSessionSigsToExecuteJsClaimMultipleKeys';
+import { testUsePkpSessionSigsToExecuteJsJsonResponse } from './tests/testUsePkpSessionSigsToExecuteJsJsonResponse';
+import { testUsePkpSessionSigsToExecuteJsConsoleLog } from './tests/testUsePkpSessionSigsToExecuteJsConsoleLog';
+import { testUsePkpSessionSigsToEncryptDecryptFile } from './tests/testUsePkpSessionSigsToEncryptDecryptFile';
+import { testUsePkpSessionSigsToEncryptDecryptZip } from './tests/testUsePkpSessionSigsToEncryptDecryptZip';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimKeys } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimKeys';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimMultipleKeys } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimMultipleKeys';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsJsonResponse } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsJsonResponse';
+import { testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsConsoleLog } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsConsoleLog';
+import { testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile';
+import { testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptZip } from './tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptZip';
 
 (async () => {
   console.log('[𐬺🧪 Tinny𐬺] Running tests...');
@@ -23,10 +62,64 @@ import { testExample } from './tests/test-example';
     );
   }
 
+  const eoaSessionSigsTests = {
+    testUseEoaSessionSigsToExecuteJsSigning,
+    testUseEoaSessionSigsToPkpSign,
+    testUseEoaSessionSigsToExecuteJsSigningInParallel,
+    testUseEoaSessionSigsToExecuteJsClaimKeys,
+    testUseEoaSessionSigsToExecuteJsClaimMultipleKeys,
+    testUseEoaSessionSigsToExecuteJsJsonResponse,
+    testUseEoaSessionSigsToExecuteJsConsoleLog,
+    testUseEoaSessionSigsToEncryptDecryptString,
+    testUseEoaSessionSigsToEncryptDecryptFile,
+    testUseEoaSessionSigsToEncryptDecryptZip,
+  };
+
+  const pkpSessionSigsTests = {
+    testUsePkpSessionSigsToExecuteJsSigning,
+    testUsePkpSessionSigsToPkpSign,
+    testUsePkpSessionSigsToExecuteJsSigningInParallel,
+    testUsePkpSessionSigsToExecuteJsClaimKeys,
+    testUsePkpSessionSigsToExecuteJsClaimMultipleKeys,
+    testUsePkpSessionSigsToExecuteJsJsonResponse,
+    testUsePkpSessionSigsToExecuteJsConsoleLog,
+    testUsePkpSessionSigsToEncryptDecryptString,
+    testUsePkpSessionSigsToEncryptDecryptFile,
+    testUsePkpSessionSigsToEncryptDecryptZip,
+  };
+
+  const litActionSessionSigsTests = {
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigning,
+    testUseValidLitActionCodeGeneratedSessionSigsToPkpSign,
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsSigningInParallel,
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimKeys,
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsClaimMultipleKeys,
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsJsonResponse,
+    testUseValidLitActionCodeGeneratedSessionSigsToExecuteJsConsoleLog,
+    testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptString,
+    testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile,
+    testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptZip,
+    testUseInvalidLitActionCodeToGenerateSessionSigs,
+  };
+
+  const capacityDelegationTests = {
+    testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs,
+    testDelegatingCapacityCreditsNFTToAnotherWalletToPkpSign,
+    testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs,
+    testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToExecuteJs,
+    testUseCapacityDelegationAuthSigWithUnspecifiedDelegateesToPkpSign,
+    testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToExecuteJs,
+    testUseCapacityDelegationAuthSigWithUnspecifiedCapacityTokenIdToPkpSign,
+  };
+
   const testConfig = {
     tests: {
-      testExample,
-      testBundleSpeed,
+      // testExample,
+      // testBundleSpeed,
+      ...eoaSessionSigsTests,
+      ...pkpSessionSigsTests,
+      ...litActionSessionSigsTests,
+      ...capacityDelegationTests,
     },
     devEnv,
   };

local-tests/tests/testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs.ts

@@ -0,0 +1,128 @@
+import {
+  AuthMethodScope,
+  AuthMethodType,
+  LIT_ENDPOINT_VERSION,
+} from '@lit-protocol/constants';
+import { LitAuthClient } from '@lit-protocol/lit-auth-client';
+import { LitActionResource, LitPKPResource } from '@lit-protocol/auth-helpers';
+import { LitAbility } from '@lit-protocol/types';
+import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
+import { LIT_TESTNET } from 'local-tests/setup/tinny-config';
+
+/**
+ * ## Scenario:
+ * Delegating capacity credits NFT to Bob (delegatee) for him to execute JS code to sign with his PKP
+ * - Given: The capacity credits NFT is minted by the dApp owner
+ * - When: The dApp owner creates a capacity delegation authSig
+ * - And: The dApp owner delegates the capacity credits NFT to Bob
+ * - Then: The delegated (Bob's) wallet can execute JS code to sign with his PKP using the capacity from the capacity credits NFT
+ *
+ *
+ * ## Test Commands:
+ * - ❌ Not supported in Cayenne
+ * - ✅ NETWORK=manzano yarn test:local --filter=testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs
+ * - ✅ NETWORK=localchain yarn test:local --filter=testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs
+ */
+export const testDelegatingCapacityCreditsNFTToAnotherPkpToExecuteJs = async (
+  devEnv: TinnyEnvironment
+) => {
+  devEnv.setUnavailable(LIT_TESTNET.CAYENNE);
+
+  const alice = await devEnv.createRandomPerson();
+  const bob = await devEnv.createRandomPerson();
+
+  // Checking the scopes of the PKP owned by Bob
+  const bobsAuthMethodAuthId = await LitAuthClient.getAuthIdByAuthMethod(
+    bob.authMethod
+  );
+
+  const scopes =
+    await bob.contractsClient.pkpPermissionsContract.read.getPermittedAuthMethodScopes(
+      bob.authMethodOwnedPkp.tokenId,
+      AuthMethodType.EthWallet,
+      bobsAuthMethodAuthId,
+      3
+    );
+
+  if (!scopes[AuthMethodScope.SignAnything]) {
+    throw new Error('Bob does not have the "SignAnything" scope on his PKP');
+  }
+
+  // As a dApp owner, create a capacity delegation authSig for Bob's PKP wallet
+  const capacityDelegationAuthSig = await alice.createCapacityDelegationAuthSig(
+    [bob.pkp.ethAddress]
+  );
+
+  // As a dApp owner, delegate the capacity credits NFT to Bob
+  const bobPkpSessionSigs = await devEnv.litNodeClient.getPkpSessionSigs({
+    pkpPublicKey: bob.authMethodOwnedPkp.publicKey,
+    authMethods: [bob.authMethod],
+    resourceAbilityRequests: [
+      {
+        resource: new LitPKPResource('*'),
+        ability: LitAbility.PKPSigning,
+      },
+      {
+        resource: new LitActionResource('*'),
+        ability: LitAbility.LitActionExecution,
+      },
+    ],
+    capabilityAuthSigs: [capacityDelegationAuthSig],
+  });
+
+  const res = await devEnv.litNodeClient.executeJs({
+    sessionSigs: bobPkpSessionSigs,
+    code: `(async () => {
+        const sigShare = await LitActions.signEcdsa({
+          toSign: dataToSign,
+          publicKey,
+          sigName: "sig",
+        });
+      })();`,
+    jsParams: {
+      dataToSign: alice.loveLetter,
+      publicKey: bob.authMethodOwnedPkp.publicKey,
+    },
+  });
+
+  console.log('✅ res:', res);
+
+  // -- Expected output:
+  // {
+  //   claims: {},
+  //   signatures: {
+  //     sig: {
+  //       r: "00fdf6f2fc3f13410393939bb678c8ec26c0eb46bfc39dbecdcf58540b7f9237",
+  //       s: "480b578c78137150db2420669c47b220001b42a0bb4e92194ce7b76f6fd78ddc",
+  //       recid: 0,
+  //       signature: "0x00fdf6f2fc3f13410393939bb678c8ec26c0eb46bfc39dbecdcf58540b7f9237480b578c78137150db2420669c47b220001b42a0bb4e92194ce7b76f6fd78ddc1b",
+  //       publicKey: "0465BFEE5CCFF60C0AF1D9B9481B680C2E34894A88F68F44CC094BA27501FD062A3C4AC61FA850BFA22D81D41AF72CBF983909501440FE51187F5FB3D1BC55C44E",
+  //       dataSigned: "7D87C5EA75F7378BB701E404C50639161AF3EFF66293E9F375B5F17EB50476F4",
+  //     },
+  //   },
+  //   decryptions: [],
+  //   response: undefined,
+  //   logs: "",
+  // }
+
+  // -- assertions
+  if (!res.signatures.sig.r) {
+    throw new Error(`Expected "r" in res.signatures.sig`);
+  }
+  if (!res.signatures.sig.s) {
+    throw new Error(`Expected "s" in res.signatures.sig`);
+  }
+
+  if (!res.signatures.sig.dataSigned) {
+    throw new Error(`Expected "dataSigned" in res.signatures.sig`);
+  }
+
+  if (!res.signatures.sig.publicKey) {
+    throw new Error(`Expected "publicKey" in res.signatures.sig`);
+  }
+
+  // -- signatures.sig.signature must start with 0x
+  if (!res.signatures.sig.signature.startsWith('0x')) {
+    throw new Error(`Expected "signature" to start with 0x`);
+  }
+};

local-tests/tests/testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs.ts

@@ -0,0 +1,116 @@
+import { LIT_ENDPOINT_VERSION } from '@lit-protocol/constants';
+import { LIT_TESTNET } from 'local-tests/setup/tinny-config';
+import { getEoaSessionSigsWithCapacityDelegations } from 'local-tests/setup/session-sigs/get-eoa-session-sigs';
+import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
+
+/**
+ * ## Scenario:
+ * Delegating capacity credits NFT to Bob (delegatee) for him to execute JS code to sign with his PKP
+ * - Given: The capacity credits NFT is minted by the dApp owner
+ * - When: The dApp owner creates a capacity delegation authSig
+ * - And: The dApp owner delegates the capacity credits NFT to Bob
+ * - Then: The delegated (Bob's) wallet can execute JS code to sign with his PKP using the capacity from the capacity credits NFT
+ *
+ *
+ * ## Test Commands:
+ * - ❌ Not supported in Cayenne, but session sigs would still work
+ * - ✅ NETWORK=manzano yarn test:local --filter=testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs
+ * - ✅ NETWORK=localchain yarn test:local --filter=testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs
+ */
+export const testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs =
+  async (devEnv: TinnyEnvironment) => {
+    devEnv.setUnavailable(LIT_TESTNET.CAYENNE);
+
+    const alice = await devEnv.createRandomPerson();
+    const bob = await devEnv.createRandomPerson();
+
+    const appOwnersCapacityDelegationAuthSig =
+      await alice.createCapacityDelegationAuthSig([bob.wallet.address]);
+
+    // 4. Bob receives the capacity delegation authSig use it to generate session sigs
+    const bobsSessionSigs = await getEoaSessionSigsWithCapacityDelegations(
+      devEnv,
+      bob.wallet,
+      appOwnersCapacityDelegationAuthSig
+    );
+
+    // -- printing out the recaps from the session sigs
+    const bobsSingleSessionSig =
+      bobsSessionSigs[devEnv.litNodeClient.config.bootstrapUrls[0]];
+
+    console.log('bobsSingleSessionSig:', bobsSingleSessionSig);
+
+    const regex = /urn:recap:[\w+\/=]+/g;
+
+    const recaps = bobsSingleSessionSig.signedMessage.match(regex) || [];
+
+    recaps.forEach((r) => {
+      const encodedRecap = r.split(':')[2];
+      const decodedRecap = Buffer.from(encodedRecap, 'base64').toString();
+      console.log(decodedRecap);
+    });
+
+    // 5. Bob can now execute JS code using the capacity credits NFT
+    const res = await devEnv.litNodeClient.executeJs({
+      sessionSigs: bobsSessionSigs,
+      code: `(async () => {
+        const sigShare = await LitActions.signEcdsa({
+          toSign: dataToSign,
+          publicKey,
+          sigName: "sig",
+        });
+      })();`,
+      jsParams: {
+        dataToSign: alice.loveLetter,
+        publicKey: bob.pkp.publicKey,
+      },
+    });
+
+    // Expected output:
+    // {
+    //   claims: {},
+    //   signatures: {
+    //     sig: {
+    //       r: "0f4b8b20369a8a021aae7c2083076715820e32d2b18826ea7ccea525a9adadc2",
+    //       s: "43aa338fa2c90e13c88d9b432d7ee6c8e3df006b8ef94ad5b4ab32d64b507f17",
+    //       recid: 1,
+    //       signature: "0x0f4b8b20369a8a021aae7c2083076715820e32d2b18826ea7ccea525a9adadc243aa338fa2c90e13c88d9b432d7ee6c8e3df006b8ef94ad5b4ab32d64b507f171c",
+    //       publicKey: "0406A76D2A6E3E729A537640C8C41592BBC2675799CCBBF310CD410691C028C529C5A8DE8016933CEC0B06EC7AA0FFAFBA2791158A11D382C558376DF392F436AD",
+    //       dataSigned: "7D87C5EA75F7378BB701E404C50639161AF3EFF66293E9F375B5F17EB50476F4",
+    //     },
+    //   },
+    //   decryptions: [],
+    //   response: undefined,
+    //   logs: "",
+    // }
+
+    // -- assertions
+    if (!res.signatures.sig.r) {
+      throw new Error(`Expected "r" in res.signatures.sig`);
+    }
+    if (!res.signatures.sig.s) {
+      throw new Error(`Expected "s" in res.signatures.sig`);
+    }
+
+    if (!res.signatures.sig.dataSigned) {
+      throw new Error(`Expected "dataSigned" in res.signatures.sig`);
+    }
+
+    if (!res.signatures.sig.publicKey) {
+      throw new Error(`Expected "publicKey" in res.signatures.sig`);
+    }
+
+    // -- signatures.sig.signature must start with 0x
+    if (!res.signatures.sig.signature.startsWith('0x')) {
+      throw new Error(`Expected "signature" to start with 0x`);
+    }
+
+    // -- signatures.sig.recid must be parseable as a number
+    if (isNaN(res.signatures.sig.recid)) {
+      throw new Error(`Expected "recid" to be parseable as a number`);
+    }
+
+    console.log(
+      '✅ testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs'
+    );
+  };