Revert "fix: accepts alternative iss for Google (#693) (#703)"

This reverts commit 031bef4.
MystenLabs · Nov 28, 2023 · b902911 · b902911
1 parent 26ef2fd
commit b902911
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 39 deletions.
diff --git a/fastcrypto-zkp/benches/zklogin.rs b/fastcrypto-zkp/benches/zklogin.rs
@@ -109,7 +109,6 @@ mod zklogin_benches {
                     &eph_pubkey,
                     &map,
                     &ZkLoginEnv::Prod,
-                    true,
                 )
             })
         });

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_e2e_tests.rs
@@ -43,7 +43,6 @@ async fn test_end_to_end_twitch() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -54,7 +53,6 @@ async fn test_end_to_end_twitch() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -88,7 +86,6 @@ async fn test_end_to_end_kakao() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -99,7 +96,6 @@ async fn test_end_to_end_kakao() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -132,7 +128,6 @@ async fn test_end_to_end_apple() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -143,7 +138,6 @@ async fn test_end_to_end_apple() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }
@@ -176,7 +170,6 @@ async fn test_end_to_end_slack() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -187,7 +180,6 @@ async fn test_end_to_end_slack() {
         &eph_pubkey,
         &map,
         &ZkLoginEnv::Prod,
-        true,
     );
     assert!(res_prod.is_err());
 }

diff --git a/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs b/fastcrypto-zkp/src/bn254/unit_tests/zk_login_tests.rs
@@ -5,8 +5,7 @@ use std::str::FromStr;
 
 use crate::bn254::poseidon::hash;
 use crate::bn254::utils::{
-    big_int_str_to_bytes, gen_address_seed, gen_address_seed_with_salt_hash, get_nonce,
-    get_zk_login_address,
+    gen_address_seed, gen_address_seed_with_salt_hash, get_nonce, get_zk_login_address, big_int_str_to_bytes,
 };
 use crate::bn254::zk_login::{
     convert_base, decode_base64_url, hash_ascii_str_to_field, hash_to_field, parse_jwks, to_field,
@@ -142,14 +141,7 @@ async fn test_verify_zk_login_google() {
         ),
         content,
     );
-    let res = verify_zk_login(
-        &zk_login_inputs,
-        10,
-        &eph_pubkey,
-        &map,
-        &ZkLoginEnv::Prod,
-        true,
-    );
+    let res = verify_zk_login(&zk_login_inputs, 10, &eph_pubkey, &map, &ZkLoginEnv::Prod);
     assert!(res.is_ok());
 }
 
@@ -577,7 +569,6 @@ fn test_all_inputs_hash() {
         "2487117669597822357956926047501254969190518860900347921480370492048882803688".to_string()
     );
 }
-
 #[test]
 fn test_alternative_iss_for_google() {
     let input = ZkLoginInputs::from_json("{\"proofPoints\":{\"a\":[\"7566241567720780416751598994698310678767195459947224622023785587667176814058\",\"18104499930818305143361187733659014043953751050617136254447624192327280445771\",\"1\"],\"b\":[[\"11369230593957954942221175389182778816136534144714579815927653075736806430994\",\"11928003240637992017698644299021052465098754853899210401706726930513411198353\"],[\"2597127058046351054449743605218058440565462021354202666955356076272028963802\",\"3385145993275542896693643488618289924488296318344621918448585222369718288892\"],[\"1\",\"0\"]],\"c\":[\"395141536511114303768253959602639884294254888080713473665269769443249414257\",\"21430657725804540809568084344756144327539843580919730138594118365564728808275\",\"1\"]},\"issBase64Details\":{\"value\":\"yJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLC\",\"indexMod4\":1},\"headerBase64\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6ImM5YWZkYTM2ODJlYmYwOWViMzA1NWMxYzRiZDM5Yjc1MWZiZjgxOTUiLCJ0eXAiOiJKV1QifQ\"}", "4959624758616676340947699768172740454110375485415332267384397278368360470616").unwrap();
@@ -612,7 +603,6 @@ fn test_alternative_iss_for_google() {
         &eph_pubkey_bytes,
         &all_jwk,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(res.is_ok());
 
@@ -622,7 +612,6 @@ fn test_alternative_iss_for_google() {
         &eph_pubkey_bytes,
         &all_jwk,
         &ZkLoginEnv::Test,
-        true,
     );
     assert!(invalid_res.is_err());
 }
diff --git a/fastcrypto-zkp/src/bn254/zk_login.rs b/fastcrypto-zkp/src/bn254/zk_login.rs
@@ -151,7 +151,7 @@ impl OIDCProvider {
     /// Returns the OIDCProvider for the given iss string.
     pub fn from_iss(iss: &str) -> Result<Self, FastCryptoError> {
         match iss {
-            "https://accounts.google.com" | "accounts.google.com" => Ok(Self::Google),
+            "https://accounts.google.com" => Ok(Self::Google),
             "https://id.twitch.tv/oauth2" => Ok(Self::Twitch),
             "https://www.facebook.com" => Ok(Self::Facebook),
             "https://kauth.kakao.com" => Ok(Self::Kakao),
@@ -349,14 +349,6 @@ impl ZkLoginInputs {
         &self.jwt_details.iss
     }
 
-    /// Get the sanitized iss string to use standard iss string.
-    pub fn get_sanitized_iss(&self) -> &str {
-        if &self.jwt_details.iss == "accounts.google.com" {
-            "https://accounts.google.com"
-        } else {
-            &self.jwt_details.iss
-        }
-    }
     /// Get the zk login proof.
     pub fn get_proof(&self) -> &ZkLoginProof {
         &self.proof_points

diff --git a/fastcrypto-zkp/src/bn254/zk_login_api.rs b/fastcrypto-zkp/src/bn254/zk_login_api.rs
@@ -227,16 +227,9 @@ pub fn verify_zk_login(
     eph_pubkey_bytes: &[u8],
     all_jwk: &ImHashMap<JwkId, JWK>,
     env: &ZkLoginEnv,
-    should_sanitize_iss: bool,
 ) -> Result<(), FastCryptoError> {
     // Load the expected JWK based on (iss, kid).
-    let (iss, kid) = match should_sanitize_iss {
-        true => (
-            input.get_sanitized_iss().to_string(),
-            input.get_kid().to_string(),
-        ),
-        false => (input.get_iss().to_string(), input.get_kid().to_string()),
-    };
+    let (iss, kid) = (input.get_iss().to_string(), input.get_kid().to_string());
     let jwk = all_jwk
         .get(&JwkId::new(iss.clone(), kid.clone()))
         .ok_or_else(|| {
-Original file line number
+Diff line change
@@ Expand Up / @@ -109,7 +109,6 @@ mod zklogin_benches { @@
                         &eph_pubkey,
                         &map,
                         &ZkLoginEnv::Prod,
-                        true,
                     )
                 })
             });
@@ Expand Down @@