Compare IP country with document country at time of issuance

holonym-foundation · May 6, 2024 · e0249b5 · e0249b5
1 parent ad11522
commit e0249b5
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 12 deletions.
diff --git a/src/init.js b/src/init.js
@@ -306,6 +306,7 @@ async function initializeMongoDb() {
       type: String,
       required: false,
     },
+    // ipCountry should be an ISO 3166-1 alpha-2 or alpha-3 country code
     ipCountry: {
       type: String,
       required: false,

diff --git a/src/services/idenfy/credentials.js b/src/services/idenfy/credentials.js
@@ -25,7 +25,7 @@ const endpointLogger = logger.child({
   },
 });
 
-function validateSession(statusData, verificationData, scanRef) {
+function validateSession(metaSession, statusData, verificationData, scanRef) {
   // if (statusData.autoDocument !== "DOC_VALIDATED") {
   //   return {
   //     error: `Verification failed. Failed to auto validate document.`,
@@ -95,6 +95,15 @@ function validateSession(statusData, verificationData, scanRef) {
       },
     };
   }
+  if (countryCode != countryCodeToPrime[metaSession.ipCountry]) {
+    return {
+      error: `Country code mismatch. Session country is '${metaSession.ipCountry}', but document country is '${country}'. scanRef: ${scanRef}`,
+      log: {
+        msg: "Country code mismatch",
+        data: { expected: countryCodeToPrime[metaSession.ipCountry], got: countryCode },
+      },
+    };
+  }
   return { success: true };
 }
 
@@ -286,14 +295,14 @@ async function saveUserToDb(uuid, scanRef) {
   return { success: true };
 }
 
-async function getSessionStatus(scanRef) {
+async function getMetaSession(scanRef) {
   const metaSession = await Session.findOne({ scanRef }).exec();
 
   if (!metaSession) {
     throw new Error("Session not found");
   }
 
-  return metaSession.status;
+  return metaSession;
 }
 
 async function updateSessionStatus(scanRef, status) {
@@ -333,8 +342,8 @@ async function getCredentials(req, res) {
       return res.status(400).json({ error: "No scanRef specified" });
     }
 
-    const metaSessionStatus = await getSessionStatus(scanRef);
-    if (metaSessionStatus !== sessionStatusEnum.IN_PROGRESS) {
+    const metaSession = await getMetaSession(scanRef);
+    if (metaSession.status !== sessionStatusEnum.IN_PROGRESS) {
       return res.status(400).json({ error: "Session is not in progress" });
     }
 
@@ -346,7 +355,7 @@ async function getCredentials(req, res) {
       return res.status(400).json({ error: "Failed to retrieve iDenfy session." });
     }
 
-    const validationResult = validateSession(statusData, verificationData, scanRef);
+    const validationResult = validateSession(metaSession, statusData, verificationData, scanRef);
     if (validationResult.error) {
       endpointLogger.error(validationResult.log.data, validationResult.log.msg);
       await updateSessionStatus(scanRef, sessionStatusEnum.VERIFICATION_FAILED);

diff --git a/src/services/onfido/credentials.js b/src/services/onfido/credentials.js
@@ -65,7 +65,7 @@ function validateCheck(check) {
   return { success: true };
 }
 
-function validateReports(reports) {
+function validateReports(reports, metaSession) {
   const reportNames = reports.map((report) => report.name);
   const missingReports = desiredOnfidoReports.filter(
     (report) => !reportNames.includes(report)
@@ -97,6 +97,18 @@ function validateReports(reports) {
           },
         };
       }
+      if (countryCodeToPrime[report.properties.issuing_country] != countryCodeToPrime[metaSession.ipCountry]) {
+        return {
+          error: `Country code mismatch. Session country is '${metaSession.ipCountry}', but document country is '${report.properties.issuing_country}'.`,
+          log: {
+            msg: "Country code mismatch",
+            data: { 
+              expected: countryCodeToPrime[metaSession.ipCountry], 
+              got: countryCodeToPrime[report.properties.issuing_country] 
+            },
+          },
+        };
+      }
     }
     if (report.name === "device_intelligence") {
       if (report?.properties?.device?.ip_reputation === "HIGH_RISK") {
@@ -419,7 +431,7 @@ async function getCredentials(req, res) {
       endpointLogger.error("No reports found");
       return res.status(400).json({ error: "No reports found" });
     }
-    const validationResult = validateReports(reports);
+    const validationResult = validateReports(reports, metaSession);
     if (validationResult.error) {
       endpointLogger.error(validationResult.log.data, validationResult.log.msg);
       const failureReason = validationResult.reasons
@@ -545,7 +557,7 @@ async function getCredentialsV2(req, res) {
       endpointLogger.error("No reports found");
       return res.status(400).json({ error: "No reports found" });
     }
-    const validationResult = validateReports(reports);
+    const validationResult = validateReports(reports, metaSession);
     if (validationResult.error) {
       endpointLogger.error(validationResult.log.data, validationResult.log.msg);
       const failureReason = validationResult.reasons

diff --git a/src/services/veriff/credentials.js b/src/services/veriff/credentials.js
@@ -23,7 +23,7 @@ const endpointLogger = logger.child({
   },
 });
 
-function validateSession(session) {
+function validateSession(session, metaSession) {
   if (session.status !== "success") {
     return {
       error: `Verification failed. Status is '${session.status}'. Expected 'success'.`,
@@ -114,6 +114,15 @@ function validateSession(session) {
       },
     };
   }
+  if (countryCode != countryCodeToPrime[metaSession.ipCountry]) {
+    return {
+      error: `Country code mismatch. Session country is '${metaSession.ipCountry}', but document country is '${session?.verification?.document?.country}'.`,
+      log: {
+        msg: "Country code mismatch",
+        data: { expected: countryCodeToPrime[metaSession.ipCountry], got: countryCode },
+      },
+    };
+  }
   return { success: true };
 }
 
@@ -371,7 +380,7 @@ async function getCredentials(req, res) {
       return res.status(400).json({ error: "Failed to retrieve Verrif session." });
     }
 
-    const validationResult = validateSession(session, req.query.sessionId);
+    const validationResult = validateSession(session, metaSession);
     if (validationResult.error) {
       endpointLogger.error(validationResult.log.data, validationResult.log.msg);
       await updateSessionStatus(
@@ -499,7 +508,7 @@ async function getCredentialsV2(req, res) {
       return res.status(400).json({ error: "Failed to retrieve Verrif session." });
     }
 
-    const validationResult = validateSession(session, req.query.sessionId);
+    const validationResult = validateSession(session, metaSession);
     if (validationResult.error) {
       endpointLogger.error(validationResult.log.data, validationResult.log.msg);
       await updateSessionStatus(