fix: remove doPublicKeysMatchUsername

Author: janniks

packages/auth/src/index.ts

@@ -6,7 +6,6 @@ export {
   verifyAuthResponse,
   isExpirationDateValid,
   isIssuanceDateValid,
-  doPublicKeysMatchUsername,
   doPublicKeysMatchIssuer,
   doSignaturesMatchPublicKeys,
   isManifestUriValid,

packages/auth/src/verification.ts

@@ -65,70 +65,6 @@ export function doPublicKeysMatchIssuer(token: string): boolean {
   return false;
 }
 
-/**
- * Looks up the identity address that owns the claimed username
- * in `token` using the lookup endpoint provided in `nameLookupURL`
- * to determine if the username is owned by the identity address
- * that matches the claimed public key
- *
- * @param  {String} token  encoded and signed authentication token
- * @param  {String} nameLookupURL a URL to the name lookup endpoint of the Blockstack Core API
- * @return {Promise<Boolean>} returns a `Promise` that resolves to
- * `true` if the username is owned by the public key, otherwise the
- * `Promise` resolves to `false`
- * @private
- * @ignore
- */
-export async function doPublicKeysMatchUsername(
-  token: string,
-  nameLookupURL: string
-): Promise<boolean> {
-  try {
-    const payload = decodeToken(token).payload;
-    if (typeof payload === 'string') {
-      throw new Error('Unexpected token payload type of string');
-    }
-    if (!payload.username) {
-      return true;
-    }
-
-    if (payload.username === null) {
-      return true;
-    }
-
-    if (nameLookupURL === null) {
-      return false;
-    }
-
-    const username = payload.username;
-    const url = `${nameLookupURL.replace(/\/$/, '')}/${username}`;
-    const response = await fetchPrivate(url);
-    const responseText = await response.text();
-    const responseJSON = JSON.parse(responseText);
-    if (responseJSON.hasOwnProperty('address')) {
-      const nameOwningAddress = responseJSON.address;
-      let nameOwningAddressBtc = nameOwningAddress;
-      try {
-        // try converting STX to BTC
-        // if this throws, it's already a BTC address
-        nameOwningAddressBtc = c32ToB58(nameOwningAddress, 0);
-      } catch {}
-      const addressFromIssuer = getAddressFromDID(payload.iss);
-      if (nameOwningAddressBtc === addressFromIssuer) {
-        return true;
-      } else {
-        return false;
-      }
-    } else {
-      return false;
-    }
-  } catch (error) {
-    console.log(error);
-    console.log('Error checking `doPublicKeysMatchUsername`');
-    return false;
-  }
-}
-
 /**
  * Checks if the if the token issuance time and date is after the
  * current time and date.

packages/auth/tests/auth.test.ts

@@ -8,7 +8,6 @@ import {
   isIssuanceDateValid,
   doSignaturesMatchPublicKeys,
   doPublicKeysMatchIssuer,
-  doPublicKeysMatchUsername,
   isManifestUriValid,
   isRedirectUriValid,
   verifyAuthRequestAndLoadManifest,
@@ -191,10 +190,6 @@ test('makeAuthResponse && verifyAuthResponse', async () => {
   expect(isIssuanceDateValid(authResponse)).toBe(true);
   expect(doSignaturesMatchPublicKeys(authResponse)).toBe(true);
   expect(doPublicKeysMatchIssuer(authResponse)).toBe(true);
-
-  await doPublicKeysMatchUsername(authResponse, nameLookupURL).then(verifiedResult => {
-    expect(verifiedResult).toBe(true);
-  });
 });
 
 test('auth response with invalid or empty appPrivateKeyFromWalletSalt', async () => {
@@ -253,10 +248,6 @@ test('auth response with username', async () => {
 
   const authResponse = await makeAuthResponse(privateKey, sampleProfiles.ryan, 'ryan.id', null);
 
-  await doPublicKeysMatchUsername(authResponse, nameLookupURL).then(verified => {
-    expect(verified).toBe(true);
-  });
-
   await verifyAuthResponse(authResponse).then(verifiedResult => {
     expect(verifiedResult).toBe(true);
   });