Critical code review PR - Last sprint handover checklist of 0.16.0 release #1799
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078 - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-6056408 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-572732 - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379 - https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464 - https://snyk.io/vuln/SNYK-JAVA-ORGSELENIUMHQSELENIUM-6062318 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2316893 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342645 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342646 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342647 - https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-472711 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-8186433 - https://snyk.io/vuln/SNYK-JAVA-SOFTWAREAMAZONION-6153869 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7926864 - https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-460111 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-3358774 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-3016866 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-3338628 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-7268350 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-5291542 - https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-6230634 - https://snyk.io/vuln/SNYK-JAVA-LOG4J-1300176 Signed-off-by: rajapandi.m <[email protected]>
* [INJIMOB-2272]: Expired Vc UI changes based on error code Signed-off-by: BalachandarG <[email protected]> * [INJIMOB-2272]: Hide activation from Kebab Popup and activation icons for Expired Vcs. Signed-off-by: BalachandarG <[email protected]> * [INJIMOB-2277]: Combine the actions for verified and expired flag.Update kebabmenu options condition. Signed-off-by: BalachandarG <[email protected]> * [INJIMOB-2277]: Update VcVerification props to accept vcMetadata. Signed-off-by: BalachandarG <[email protected]> --------- Signed-off-by: BalachandarG <[email protected]>
…feature (#1678) Signed-off-by: Abhishek Paul <[email protected]>
* MOSIP-37454 MOSIP-37452 Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> --------- Signed-off-by: Anup Nehe <[email protected]>
* MOSIP-37454 MOSIP-37452 Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * updated the readme Signed-off-by: Anup Nehe <[email protected]> * updated readme Signed-off-by: Anup Nehe <[email protected]> --------- Signed-off-by: Anup Nehe <[email protected]>
* MOSIP-37454 MOSIP-37452 Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * updated the readme Signed-off-by: Anup Nehe <[email protected]> * updated readme Signed-off-by: Anup Nehe <[email protected]> * update readme Signed-off-by: Anup Nehe <[email protected]> --------- Signed-off-by: Anup Nehe <[email protected]>
* [INJIMOB-2310]: handle biometric cancellation during app launch Signed-off-by: adityankannan-tw <[email protected]> * [INJIMOB-2310]: update secure keystore package and refactor Signed-off-by: adityankannan-tw <[email protected]> --------- Signed-off-by: adityankannan-tw <[email protected]> Co-authored-by: adityankannan-tw <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
* [INJIMOB-2393]: update about inji screen Signed-off-by: adityankannan-tw <[email protected]> * [INJIMOB-2394]: update about inji screen Signed-off-by: adityankannan-tw <[email protected]> * [INJIMOB-2394]: update about inji screen Signed-off-by: adityankannan-tw <[email protected]> --------- Signed-off-by: adityankannan-tw <[email protected]> Co-authored-by: adityankannan-tw <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
…ellknown (#1706) * [INJIMOB-2369] get authorization endpoint from auth server wellknown Replace hardcoded authorization endpoint (authorization_servers[0] + '/authorize') to fetching from oauth-authorization-server well-known Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2369] handle error scenarios for authz url discovery For getting the authorization_endpoint as per Wallet's support, as of now we are getting the first entry of authorization_server and fetching the authorization server metadata. In this metadata if grant type is not authorization_code, its considered as error scenario In case of error while fetching authorization endpoint from Authorization server, - Network error -> No internet error screen - oauth-authorization-server well-known's supported grant types is not supported by Wallet -> Grant type not supported error - Others -> Generic error screen Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2369] add locales support for grantTypeNotSupperted error Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2369]: remove unused url Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2369] modify cache key of issuer authorization server metadata Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: KiruthikaJeyashankar <[email protected]> Signed-off-by: Alka Prasad <[email protected]> Co-authored-by: Alka Prasad <[email protected]>
* MOSIP-37454 MOSIP-37452 Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * updated the readme Signed-off-by: Anup Nehe <[email protected]> * updated readme Signed-off-by: Anup Nehe <[email protected]> * update readme Signed-off-by: Anup Nehe <[email protected]> * MOSIP-37765 MOSIP-37848 Signed-off-by: Anup Nehe <[email protected]> * resolve conflict Signed-off-by: Anup Nehe <[email protected]> --------- Signed-off-by: Anup Nehe <[email protected]>
…1705) * [INJIMOB-2415] show credential type in mini view Previously, it was showing hardcoded fullName in mini view Other changes include - Handling of display property -> unavailable in wellknown -> empty array in wellknown -> expected credential type (name) is not available in display property of wellknown Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] rename getIDType to getCredentialType Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415]: update logic to get credential type Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2415]: update the translation for mso mdoc fallback for credential type Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2415] update getCredentialType method comments Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2369] remove commented code Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] get backgroundColor of VC from curr lang's display property Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] get background image of VC from curr lang's display property Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] get text color of VC from curr lang's display property Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] add prop types for VCVerification component Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] introduce fieldColor prop in VCItemField for VC mini & detail view As of now, for each and every field that is getting rendered we are calling getTextColor with wellknown param, if we start bringing in logic of getDisplayObjectForCurrentLanguage and then get the text_color from it, we will end up in running a filter for each and every field. For reducing this complexity, VCItemField component is accepting fieldColor prop from the caller. Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] move fallback miniview kebab popup color to const Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] move fallback detailview border color to const Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] move fallback verification text color to const Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] remove unnecessary sending of props Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor type error Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor type error Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor - remove unused prop Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor getBackgroundColor to accept display element as per app languange Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor getBackgroundImage to accept display element as per app languange Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] refactor getTextColor to accept display element as per app languange Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] fix credential type to be shown based on app lang Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] extract card's display related functions to class Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2415] fix build fail for accessing Theme in static block Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: KiruthikaJeyashankar <[email protected]> Signed-off-by: Alka Prasad <[email protected]> Co-authored-by: Alka Prasad <[email protected]>
…not available in client_metadata as per the spec Signed-off-by: PuBHARGAVI <[email protected]>
Signed-off-by: KiruthikaJeyashankar <[email protected]>
Signed-off-by: KiruthikaJeyashankar <[email protected]>
…-working-dev [INJIMOB-2462] fix error screen CTAs not working in VC download flow
…t token in vp sharing flow Signed-off-by: PuBHARGAVI <[email protected]>
[MOSIP-37071] fix: injitest/pom.xml to reduce vulnerabilities
Signed-off-by: Alka Prasad <[email protected]>
Signed-off-by: PuBHARGAVI <[email protected]>
…-develop [INJIMOB-2277]: add expired status in the info list of status
[Injimob 2265] show verifier name in VP sharing screen and consent screen and add translations for same
Signed-off-by: adityankannan-tw <[email protected]>
[INJIMOB-2265]: Update Openid4vp swift package
#1733) Signed-off-by: PuBHARGAVI <[email protected]> Co-authored-by: PuBHARGAVI <[email protected]>
#1723) Signed-off-by: Abhishek Paul <[email protected]>
…perty from inji default properties file and pass it to library (#1739) * [INJIMOB-2538] fetch whether we should do client validation or not in VP sharing flow based on the value assigned in inji config default properties file Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2538] convert clientValidation property from string to boolean before passing it to library Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2538] change the logic of checking the value of clientValidation property Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2538] rename clientValidation variable to shouldValiateClient and call verifiers api only if validation is required Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2538] check if client validation is needed or not as part of service instead of action Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2538] update Package.resolved Signed-off-by: Abhishek Paul <[email protected]> --------- Signed-off-by: PuBHARGAVI <[email protected]> Signed-off-by: Abhishek Paul <[email protected]> Co-authored-by: Abhishek Paul <[email protected]>
[MOSIP-38397] Upgraded actions/cache version
* [INJIMOB-2571]: refactor backed up data restoration method Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2571]: refactor the storage class to make it more readable and for seperation of concerns Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2571]: rename a few methods and throw the caught error along with logging it Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2571]: refactor verifyCredential method and its usages Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2571]: move verifyCredentialData method under OpenIdVCI Signed-off-by: Alka Prasad <[email protected]> --------- Signed-off-by: Alka Prasad <[email protected]>
…aring flow (#1741) * [INJIMOB-2550] set default key type to ed25519 for signing the vp token in VP sharing flow Signed-off-by: PuBHARGAVI <[email protected]> * [INJIMOB-2550]: encode ed25519 public key and pass to library Signed-off-by: adityankannan-tw <[email protected]> * [INJIMOB-2550] rename ovp signing algorithm and suite name variables to make them more meaningful Signed-off-by: PuBHARGAVI <[email protected]> --------- Signed-off-by: PuBHARGAVI <[email protected]> Signed-off-by: adityankannan-tw <[email protected]> Co-authored-by: adityankannan-tw <[email protected]>
* [INJIMOB-2471] make identifier of Vc as random UUID Previously, we were relying on the id feild of the Vc to construct the unique identifier for VC component and file name for storing VC, this identifier in now replaced with random generated UUID. This was made since id property of VC is optional field as per w3c data-model 1.1. We are using UUID version 4 to ensure randomness and collision-resistance. Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2471] maintain consistency in setting VCMetadata ID Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJICERT-2471] use VC metadata id as VC key This VC key will be used for storing file name, component key & other identifier for VCs Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2471] remove setting identifier field in credential wrapper The identitifier in credentialWrapper having the value "$issuer:$protocol:$UUID" was used to construct VC metadata id, issuer and protocol field which is already available in context param. This is now replaced with constructing VC metadata with the required fields available in machine context. Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2471] use context VCMetadata instead of calling function for accessing in issuersMachine Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2471] optimize import Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: KiruthikaJeyashankar <[email protected]>
…r boost podspec update (#1751) Signed-off-by: Abhishek Paul <[email protected]>
Signed-off-by: KiruthikaJeyashankar <[email protected]>
…en. (#1749) Signed-off-by: Abhishek Paul <[email protected]>
Signed-off-by: Chandra Keshav Mishra <[email protected]>
…isite data (#1760) * MOSIP-37454 MOSIP-37452 Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * resolve conflicts Signed-off-by: Anup Nehe <[email protected]> * updated the readme Signed-off-by: Anup Nehe <[email protected]> * updated readme Signed-off-by: Anup Nehe <[email protected]> * update readme Signed-off-by: Anup Nehe <[email protected]> * MOSIP-37765 MOSIP-37848 Signed-off-by: Anup Nehe <[email protected]> * resolve conflict Signed-off-by: Anup Nehe <[email protected]> * MOSIP-39001 Signed-off-by: Anup Nehe <[email protected]> * INJIMOB-2722 Signed-off-by: Anup Nehe <[email protected]> --------- Signed-off-by: Anup Nehe <[email protected]>
…screens (#1753) * [INJIMOB-2525]:Changed Helpscreen button in keymanagement page and backupandrestore and also changed style in homescreenlayout to fix overlapping of Inji logo with help button Signed-off-by: sairam-girirao_infosys <[email protected]> * Fix help icon style consistency across pages Signed-off-by: sairam-girirao_infosys <[email protected]> * Fix help Icon consistency across pages Signed-off-by: sairam-girirao_infosys <[email protected]> * Fix Code for HelpICon is Redundant across the code Signed-off-by: sairam-girirao_infosys <[email protected]> --------- Signed-off-by: sairam-girirao_infosys <[email protected]>
…1762) Signed-off-by: Abhishek Paul <[email protected]>
…quest uri support (#1772) * [INJIMOB-2325]: update openid4vp package with client id scheme and request uri support Signed-off-by: adityankannan-tw <[email protected]> * [INJIMOB-2325]: update openid4vp package with client id scheme and request uri support Signed-off-by: adityankannan-tw <[email protected]> --------- Signed-off-by: adityankannan-tw <[email protected]>
Signed-off-by: adityankannan-tw <[email protected]>
Signed-off-by: adityankannan-tw <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
…ble automation build without testflight deploy (#1774) * [INJIMOB-2878] modify ios/fastfile and internal build workflow to enable automation build without testflight deploy Signed-off-by: Abhishek Paul <[email protected]> * [INJIMOB-2878] add custom workflow for ios build Signed-off-by: Abhishek Paul <[email protected]> --------- Signed-off-by: Abhishek Paul <[email protected]>
Signed-off-by: sairam-girirao_infosys <[email protected]>
vishwa-vyom
commented
Feb 14, 2025
| vcData.publicKey = null; | ||
| vcData.privateKey = null; | ||
| return vcData; | ||
| } |
There was a problem hiding this comment.
As part of https://mosip.atlassian.net/projects/INJIMOB/versions/10206/tab/release-report-all-issues?sortBy=TYPE I was not able to find any task/story related to these changes.
There was a problem hiding this comment.
It was part of refactoring done here https://mosip.atlassian.net/browse/INJIMOB-2571
I have updated fix version as 0.16.0
| isCachePreferred: boolean = false, | ||
| ) => | ||
| generateCacheAPIFunction({ | ||
| isCachePreferred, | ||
| cacheKey: API_CACHED_STORAGE_KEYS.fetchIssuerWellknownConfig(issuerId), | ||
| fetchCall: API.fetchIssuerWellknownConfig.bind(null, issuerId), | ||
| fetchCall: API.fetchIssuerWellknownConfig.bind(null, credentialIssuer), |
There was a problem hiding this comment.
what is the expiry time for this cache data on wellknown ?
There was a problem hiding this comment.
There is no cache expiry in Inji wallet as of today.
Signed-off-by: BalachandarG <[email protected]>
…prove readability (#1804) Signed-off-by: Abhishek Paul <[email protected]>
* [INJIMOB-2091] update OpenID4VP swift library version Other changes: - Modify authenticateVerifier method call's labels as per library Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2901] rename encodedAuthorizationRequest to urlEncodedAuthorizationRequest Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: KiruthikaJeyashankar <[email protected]>
… in ovp flow (#1818) Signed-off-by: Abhishek Paul <[email protected]>
* [INJIMOB-2258]: bump up vc-verifier verion and update ovp library Signed-off-by: Alka Prasad <[email protected]> * [INJIMOB-2978] update module dependencies Other changes - update openid4vp swift library version Co-Authored by: Abhishek Paul <[email protected]> Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-2258] update swift openid4vp package Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: Alka Prasad <[email protected]> Signed-off-by: KiruthikaJeyashankar <[email protected]> Co-authored-by: Alka Prasad <[email protected]>
Signed-off-by: Anup Nehe <[email protected]>
Signed-off-by: BalachandarG <[email protected]>
Signed-off-by: KiruthikaJeyashankar <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
…of Purpose (#1834) Signed-off-by: BalachandarG <[email protected]>
Other changes include: - add mocks for failing tests Signed-off-by: KiruthikaJeyashankar <[email protected]>
Signed-off-by: Abhishek Paul <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is created just to add the review comments as part of the critical code review task of last sprint handover checklist for release of 0.16.0 version.
** THIS PR SHOULD NOT BE MERGED **