Fix unit test

b322534f · Steinwender, Tamara · 1855a1aa · b322534f · b322534f · b322534f
Commit b322534f authored 3 years ago by Steinwender, Tamara
--- a/packages/file-handling/package.json
+++ b/packages/file-handling/package.json
@@ -37,7 +37,7 @@
    "@open-wc/scoped-elements": "^1.3.3",
    "file-saver": "^2.0.2",
    "i18next": "^20.0.0",
-    "jose": "^3.16.1",
+    "jose": "^4.0.0",
    "jszip": "^3.5.0",
    "lit-element": "^2.1.0",
    "lit-html": "^1.3.0",

--- a/packages/file-handling/rollup.config.js
+++ b/packages/file-handling/rollup.config.js
@@ -7,6 +7,7 @@ import json from '@rollup/plugin-json';
 import serve from 'rollup-plugin-serve';
 import del from 'rollup-plugin-delete';
 import {getPackagePath, getDistPath} from '../../rollup.utils.js';
+import path from "path";
 const pkg = require('./package.json');
 const build = (typeof process.env.BUILD !== 'undefined') ? process.env.BUILD : 'local';
@@ -29,7 +30,7 @@ export default (async () => {
            del({
                targets: 'dist/*'
            }),
-            resolve(),
+            resolve({browser: true}),
            commonjs(),
            json(),
            (build !== 'local' && build !== 'test') ? terser() : false,

--- a/packages/file-handling/src/crypto.js
+++ b/packages/file-handling/src/crypto.js
-import { CompactEncrypt } from 'jose/jwe/compact/encrypt';
+import { CompactEncrypt, compactDecrypt, importJWK, base64url } from 'jose';
-import { compactDecrypt } from 'jose/jwe/compact/decrypt';
-import { parseJwk } from 'jose/jwk/parse';
-import {encode} from 'jose/util/base64url';
 /**
- * This "encrypts" the additional information string using the current oauth2
+ * This encrypts the payload using the token,
- * token, using A256GCM and PBES2-HS256+A128KW.
+ * using A256GCM and PBES2-HS256+A128KW.
- *
- * Since we can't do any server side validation the user needs to confirm in the
- * UI that he/she won't abuse the system.
- *
- * By using the token we make replaying an older requests harder and by using
- * JOSE which needs crypto APIs, abusing the system can't reasonably be done by
- * accident but only deliberately.
- *
- * This doesn't make things more secure, it just makes the intent of the user
- * more clear in case the API isn't used through our UI flow.
 *
 * @param {string} token
 * @param {string} payload
@@ -23,40 +10,36 @@ import {encode} from 'jose/util/base64url';
 */
 export async function encrypt(token, payload) {
    const encoder = new TextEncoder();
-    const key = await parseJwk({kty: 'oct', k: encode(token)}, 'PBES2-HS256+A128KW');
+    const key = await importJWK({kty: 'oct', k: base64url.encode(token)}, 'PBES2-HS256+A128KW');
    const jwe = await new CompactEncrypt(encoder.encode(payload))
        .setProtectedHeader({alg: 'PBES2-HS256+A128KW', enc: 'A256GCM'})
        .encrypt(key);
    return jwe;
 }
 /**
- * This "encrypts" the additional information string using the current oauth2
+ * This creates a key from the given token and
- * token, using A256GCM and PBES2-HS256+A128KW.
+ * decrypts the payload using the token,
- *
+ * using A256GCM and PBES2-HS256+A128KW.
- * Since we can't do any server side validation the user needs to confirm in the
- * UI that he/she won't abuse the system.
- *
- * By using the token we make replaying an older requests harder and by using
- * JOSE which needs crypto APIs, abusing the system can't reasonably be done by
- * accident but only deliberately.
- *
- * This doesn't make things more secure, it just makes the intent of the user
- * more clear in case the API isn't used through our UI flow.
 *
 * @param {string} token
 * @param {string} payload
 * @returns {string}
 */
 export async function decrypt(token, payload) {
-    const key = await parseJwk({kty: 'oct', k: encode(token)}, 'PBES2-HS256+A128KW');
+    const key = await importJWK({kty: 'oct', k: base64url.encode(token)}, 'PBES2-HS256+A128KW');
    const decryption = await compactDecrypt(payload, key, {alg: 'PBES2-HS256+A128KW', enc: 'A256GCM'});
    const secret = new TextDecoder().decode(decryption.plaintext);
    return secret;
 }
+/*
+/**
+ * This parses a given json webtoken to its different parts
+ *
+ * @param {string} token
+ * @returns {string}
+ */
 export function parseJwt (token) {
    if (!token)
        return null;

--- a/yarn.lock
+++ b/yarn.lock
@@ -5155,6 +5155,11 @@ jest-worker@^26.2.1:
    merge-stream "^2.0.0"
    supports-color "^7.0.0"
+jose@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/jose/-/jose-4.2.0.tgz#eb3dfe4926514a99f325ba604d32e41589394f6d"
+  integrity sha512-7nlU7qankWiES1WmZXAJl0jiGusoouXhjiGR12yc+0/SIDi+4uhEGzqcfONtDI7g66K4IyqA44botXGpi9EBWA==
 jquery@>=1.7, jquery@^3.4.1:
  version "3.6.0"
  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"