Attribute restrictions fail in a proof request if attribute name has spaces in it

wadeking98 commented 1 year ago

When sending a proof request in bifold If the request template has an attribute restriction with a space in it such as 'attr::Given Name::value': 'Test' then the verifier will encounter an error. Additionally, if the attribute restriction doesn't have a space in it, but any of the requested attributes do have a space then the verifer will encounter the same error. If there is no space in any of the requested attributes or attribute restrictions then the proof request works fine. Here is an example template which generates the error in bifold:

{
    id: 'BC:5:Test:0.0.1:indy',
    name: 'Test',
    description: 'Test attr restriction error',
    version: '0.0.1',
    payload: {
      type: ProofRequestType.AnonCreds,
      data: [
        {
          schema: memberCardSchema,
          requestedAttributes: [{ name: 'PPID', restrictions: [{ schema_id: 'L6ASjmDDbDH7yPL1t2yFj9:2:member_card:1.51', issuer_did: 'L6ASjmDDbDH7yPL1t2yFj9', 'attr::Given Name::value': 'Joyce' }] }],
        },
      ],
    },
  },

After the holder sends the request successfully, on the verifier side AFJ responds with an error:

And in the logs:

 ERROR  ERROR: Failed to process message {
  "error": {
    "name": "Error",
    "stack": "Error: Requested restriction validation failed for \"{\"PPID\": Some(\"MC12349\")}\" attributes [Proof rejected: $or operator validation failed. All conditions were failed.]\n    at construct (native)\n    at Wrapper (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:19377:64)\n    at construct (native)\n    at _createSuperInternal (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:300942:406)\n    at call (native)\n    at AnoncredsError (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:300957:26)\n    at handleError (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:301391:101)\n    at verifyPresentation (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:301546:40)\n    at verify (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:300823:96)\n    at verifyProof$ (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:301270:67)\n    at call (native)\n    at tryCatch (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20536:23)\n    at invoke (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20682:32)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20576:30)\n    at call (native)\n    at tryCatch (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20536:23)\n    at invoke (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20601:30)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20626:19)\n    at tryCallTwo (/tmp/hermes/staging/hermes/cmake/intlDebug/arm64-v8a/lib/InternalBytecode/InternalBytecode.js:61:9)\n    at doResolve (/tmp/hermes/staging/hermes/cmake/intlDebug/arm64-v8a/lib/InternalBytecode/InternalBytecode.js:216:25)\n    at Promise (/tmp/hermes/staging/hermes/cmake/intlDebug/arm64-v8a/lib/InternalBytecode/InternalBytecode.js:82:14)\n    at callInvokeWithMethodAndArg (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20625:33)\n    at enqueue (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20629:157)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20576:30)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20643:69)\n    at verifyProof (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:301249:82)\n    at processPresentation$ (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:286544:116)\n    at call (native)\n    at tryCatch (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20536:23)\n    at invoke (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20682:32)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20576:30)\n    at call (native)\n    at tryCatch (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20536:23)\n    at invoke (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20601:30)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:20609:21)\n    at tryCallOne (/tmp/hermes/staging/hermes/cmake/intlDebug/arm64-v8a/lib/InternalBytecode/InternalBytecode.js:53:16)\n    at anonymous (/tmp/hermes/staging/hermes/cmake/intlDebug/arm64-v8a/lib/InternalBytecode/InternalBytecode.js:139:27)\n    at apply (native)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:25070:26)\n    at _callTimer (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:24985:17)\n    at _callReactNativeMicrotasksPass (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:25019:17)\n    at callReactNativeMicrotasks (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:25184:44)\n    at __callReactNativeMicrotasks (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:4949:46)\n    at anonymous (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:4761:45)\n    at __guard (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:4933:15)\n    at flushedQueue (http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=ca.bc.gov.BCWallet&modulesOnly=false&runModule=true:4760:21)",
    "message": "Requested restriction validation failed for \"{\"PPID\": Some(\"MC12349\")}\" attributes [Proof rejected: $or operator validation failed. All conditions were failed.]",
    "code": 1
  }
}

The rust syntax in the error message seems to suggest that indy-vdr is throwing the error but I'm not sure if this is an issue in Indy-VDR or if it's some kind of URL-encoding issue in AFJ.

genaris commented 1 year ago

I am not familiar with the "request template" concept (although it seems quite interesting!). Are you sure there is not any issue in that side (i.e. Bifold or its Mobile Verifier module) when parsing the restrictions?

For the moment I did some quick verification in the way AFJ is parsing restrictions from JSON and seems fine. The same for anoncreds-rs (which is actually the module throwing the error) and its NodeJS wrapper (I didn't test in React Native though) using some attributes with spaces on them. 🤔

TimoGlastra commented 10 months ago

@wadeking98 were you able to solve this issue? Based on the comments from @genaris it seems spaces are allowed?

openwallet-foundation / credo-ts

Attribute restrictions fail in a proof request if attribute name has spaces in it #1536