From 00dbbd823079dffde44110dcc74fbc6b88ce6778 Mon Sep 17 00:00:00 2001
From: Yordan Kinkov <yordan.kinkov@vereign.com>
Date: Tue, 30 Aug 2022 10:49:21 +0300
Subject: [PATCH] #45 remove duplicate types in GetLoginProogInvitation ext
 function

---
 internal/regofunc/ocm.go      | 10 +++++++++-
 internal/regofunc/ocm_test.go | 27 +++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/internal/regofunc/ocm.go b/internal/regofunc/ocm.go
index dc2553b3..1872aac8 100644
--- a/internal/regofunc/ocm.go
+++ b/internal/regofunc/ocm.go
@@ -38,12 +38,20 @@ func (of *OcmFuncs) GetLoginProofInvitation() (*rego.Function, rego.Builtin2) {
 			}
 
 			var credTypes []string
+			distinctTypes := make(map[string]bool, len(scopeToType))
 			for _, scope := range scopes {
 				credType, ok := scopeToType[scope]
 				if !ok {
 					return nil, fmt.Errorf("scope not found in scope to type map: %s", scope)
 				}
-				credTypes = append(credTypes, credType)
+				if credType != "" && !distinctTypes[credType] {
+					credTypes = append(credTypes, credType)
+				}
+				distinctTypes[credType] = true
+			}
+
+			if len(credTypes) == 0 {
+				return nil, fmt.Errorf("no credential types found in the scope to type map: %s", scopeToType)
 			}
 
 			res, err := of.client.GetLoginProofInvitation(bctx.Context, credTypes)
diff --git a/internal/regofunc/ocm_test.go b/internal/regofunc/ocm_test.go
index ef968f7a..3e9ca069 100644
--- a/internal/regofunc/ocm_test.go
+++ b/internal/regofunc/ocm_test.go
@@ -44,6 +44,20 @@ func TestGetLoginProofInvitationSuccess(t *testing.T) {
 	resultBytes, err := json.Marshal(resultSet[0].Expressions[0].Value)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(resultBytes))
+
+	// "scope to credential type" map with duplicate and empty credential types
+	r = rego.New(
+		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile", "email"], {"openid": "credType1", "profile": "credType1", "email": ""})`),
+		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
+		rego.StrictBuiltinErrors(true),
+	)
+
+	resultSet, err = r.Eval(context.Background())
+	assert.NoError(t, err)
+
+	resultBytes, err = json.Marshal(resultSet[0].Expressions[0].Value)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(resultBytes))
 }
 
 func TestGetLoginProofInvitationErr(t *testing.T) {
@@ -77,6 +91,19 @@ func TestGetLoginProofInvitationErr(t *testing.T) {
 	assert.Error(t, err)
 	assert.Empty(t, resultSet)
 	assert.Contains(t, err.Error(), "invalid scope to credential type map")
+
+	// empty types in "scope to credential type" map
+	r = rego.New(
+		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile"], {"openid": "", "profile": ""})`),
+		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
+		rego.StrictBuiltinErrors(true),
+	)
+
+	resultSet, err = r.Eval(context.Background())
+	assert.Error(t, err)
+	assert.Empty(t, resultSet)
+	assert.Contains(t, err.Error(), "no credential types found in the scope to type map")
+
 }
 
 func TestGetLoginProofResult(t *testing.T) {
-- 
GitLab