feat(native-app): Add barcode session error

apps/api/infra/api.ts

@@ -279,6 +279,8 @@ export const serviceSetup = (services: {
         staging: 'island-is-assistant-feedback',
         prod: 'island-is-assistant-feedback',
       },
+      BARCODE_EXPIRE_TIME_IN_SEC: '60',
+      BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800',
     })
 
     .secrets({

apps/native/app/src/messages/en.ts

@@ -270,6 +270,8 @@ export const en: TranslatedMessages = {
   'walletPass.barcodeErrorNotConnected':
     'Not possible to scan barcode if the device is not connected to the internet.',
   'walletPass.barcodeErrorFailedToFetch': 'Could not fetch barcode',
+  'walletPass.barcodeErrorBadSession':
+    'Too soon since license was accessed on another device',
   'walletPass.validLicense': 'Valid',
   'walletPass.expiredLicense': 'Expired',
   'walletPass.passportNumber': 'Passport number: {licenseNumber}',

apps/native/app/src/messages/is.ts

@@ -406,6 +406,8 @@ export const is = {
   'walletPass.barcodeErrorNotConnected':
     'Ekki er hægt að skanna skírteini nema að tækið sé nettengt.',
   'walletPass.barcodeErrorFailedToFetch': 'Ekki tókst að sækja barkóða',
+  'walletPass.barcodeErrorBadSession':
+    'Of stutt síðan skírteini var sótt á öðru tæki',
   'walletPass.validLicense': 'Í gildi',
   'walletPass.expiredLicense': 'Útrunnið',
   'walletPass.passportNumber': 'Númer vegabréfs: {licenseNumber}',

apps/native/app/src/screens/wallet-pass/wallet-pass.tsx

@@ -401,7 +401,7 @@ export const WalletPassScreen: NavigationFunctionComponent<{
           type={licenseType}
           title={data?.payload?.metadata?.name ?? undefined}
           loading={res.loading}
-          error={!!res.error}
+          error={res.error}
           logo={
             isBarcodeEnabled &&
             data?.license?.type === GenericLicenseType.DriversLicense

apps/native/app/src/ui/lib/card/license-card.tsx

@@ -8,6 +8,7 @@ import {
   ViewStyle,
 } from 'react-native'
 import styled, { useTheme } from 'styled-components/native'
+import { ApolloError } from '@apollo/client'
 
 import { Barcode } from '../barcode/barcode'
 import { Skeleton } from '../skeleton/skeleton'
@@ -22,6 +23,10 @@ import { dynamicColor } from '../../utils/dynamic-color'
 import { Typography } from '../typography/typography'
 import { screenWidth } from '../../../utils/dimensions'
 import { BARCODE_MAX_WIDTH } from '../../../screens/wallet-pass/wallet-pass.constants'
+import {
+  findProblemInApolloError,
+  ProblemType,
+} from '@island.is/shared/problem'
 
 const Host = styled(Animated.View)`
   position: relative;
@@ -122,7 +127,7 @@ interface LicenseCardProps {
   backgroundColor?: string
   showBarcodeOfflineMessage?: boolean
   loading?: boolean
-  error?: boolean
+  error?: ApolloError
   barcode?: {
     value?: string | null
     loading?: boolean
@@ -166,6 +171,10 @@ export function LicenseCard({
     : screenWidth - theme.spacing[4] * 2 - theme.spacing.smallGutter * 2
   const barcodeHeight = barcodeWidth / 3
 
+  const badSessionError = error
+    ? findProblemInApolloError(error as any, [ProblemType.BAD_SESSION])
+    : undefined
+
   return (
     <Host>
       <BackgroundImage
@@ -297,7 +306,9 @@ export function LicenseCard({
             <OfflineMessage variant="body3" style={{ opacity: 1 }}>
               {intl.formatMessage({
                 id: error
-                  ? 'walletPass.barcodeErrorFailedToFetch'
+                  ? badSessionError
+                    ? 'walletPass.barcodeErrorBadSession'
+                    : 'walletPass.barcodeErrorFailedToFetch'
                   : 'walletPass.barcodeErrorNotConnected',
               })}
             </OfflineMessage>

apps/services/license-api/infra/license-api.ts

@@ -43,6 +43,8 @@ export const serviceSetup = (): ServiceBuilder<'license-api'> =>
         staging: '1da72d52-a93a-4d0f-8463-1933a2bd210b',
         prod: 'd4ecf781-3764-4063-a4e1-9c3e17cebfba',
       },
+      BARCODE_EXPIRE_TIME_IN_SEC: '60',
+      BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800',
     })
     .secrets({
       SMART_SOLUTIONS_API_URL: '/k8s/api/SMART_SOLUTIONS_API_URL',

apps/services/license-api/src/app/modules/license/test/license.service.spec.ts

@@ -33,7 +33,6 @@ import { Cache } from 'cache-manager'
 import * as faker from 'faker'
 
 import ShortUniqueId from 'short-unique-id'
-import { BARCODE_EXPIRE_TIME_IN_SEC } from '@island.is/services/license'
 import { VerifyInputData } from '../dto/verifyLicense.input'
 import { LicenseService } from '../license.service'
 import {
@@ -226,6 +225,7 @@ export class MockUpdateClient extends BaseLicenseUpdateClient {
 describe('LicenseService', () => {
   let licenseService: LicenseService
   let barcodeService: BarcodeService
+  let config: ConfigType<typeof LicenseConfig>
 
   beforeAll(async () => {
     const moduleRef = await Test.createTestingModule({
@@ -294,6 +294,7 @@ describe('LicenseService', () => {
 
     licenseService = moduleRef.get<LicenseService>(LicenseService)
     barcodeService = moduleRef.get<BarcodeService>(BarcodeService)
+    config = moduleRef.get(LicenseConfig.KEY)
   })
 
   describe.each(licenseIds)('given %s license type id', (licenseId) => {
@@ -376,7 +377,7 @@ describe('LicenseService', () => {
         await barcodeService.setCache(code, data)
 
         // Let the token expire
-        jest.advanceTimersByTime(BARCODE_EXPIRE_TIME_IN_SEC * 1000)
+        jest.advanceTimersByTime(config.barcodeExpireTimeInSec * 1000)
 
         // Assert
         const result = await licenseService.verifyLicense({

charts/islandis-services/api/values.dev.yaml

@@ -35,6 +35,8 @@ env:
   AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local'
   AUTH_IDS_API_URL: 'https://identity-server.dev01.devland.is'
   AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api'
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]'
   COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1'
   CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is'

charts/islandis-services/api/values.prod.yaml

@@ -35,6 +35,8 @@ env:
   AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is'
   AUTH_IDS_API_URL: 'https://innskra.island.is'
   AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api'
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]'
   COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1'
   CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi.island.is'

charts/islandis-services/api/values.staging.yaml

@@ -35,6 +35,8 @@ env:
   AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local'
   AUTH_IDS_API_URL: 'https://identity-server.staging01.devland.is'
   AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api'
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]'
   COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1'
   CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is'

charts/islandis-services/license-api/values.dev.yaml

@@ -19,6 +19,8 @@ global:
 name: 'license-api'
 enabled: true
 env:
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   CODE_OWNER: 'hugsmidjan'
   HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b'
   IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is'

charts/islandis-services/license-api/values.prod.yaml

@@ -19,6 +19,8 @@ global:
 name: 'license-api'
 enabled: true
 env:
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   CODE_OWNER: 'hugsmidjan'
   HUNTING_LICENSE_PASS_TEMPLATE_ID: 'd4ecf781-3764-4063-a4e1-9c3e17cebfba'
   IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is'

charts/islandis-services/license-api/values.staging.yaml

@@ -19,6 +19,8 @@ global:
 name: 'license-api'
 enabled: true
 env:
+  BARCODE_EXPIRE_TIME_IN_SEC: '60'
+  BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
   CODE_OWNER: 'hugsmidjan'
   HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b'
   IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is'

charts/islandis/values.dev.yaml

@@ -286,6 +286,8 @@ api:
     AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local'
     AUTH_IDS_API_URL: 'https://identity-server.dev01.devland.is'
     AUTH_PUBLIC_API_URL: 'https://identity-server.dev01.devland.is/api'
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.5fzau3.euw1.cache.amazonaws.com:6379"]'
     COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-DEV/GOV/10006/Skatturinn/ft-v1'
     CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is'
@@ -1693,6 +1695,8 @@ island-ui-storybook:
 license-api:
   enabled: true
   env:
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     CODE_OWNER: 'hugsmidjan'
     HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b'
     IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.dev01.devland.is'

charts/islandis/values.prod.yaml

@@ -274,6 +274,8 @@ api:
     AUTH_DELEGATION_API_URL: 'https://auth-delegation-api.internal.innskra.island.is'
     AUTH_IDS_API_URL: 'https://innskra.island.is'
     AUTH_PUBLIC_API_URL: 'https://innskra.island.is/api'
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.whakos.euw1.cache.amazonaws.com:6379"]'
     COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS/GOV/5402696029/Skatturinn/ft-v1'
     CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi.island.is'
@@ -1559,6 +1561,8 @@ island-ui-storybook:
 license-api:
   enabled: true
   env:
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     CODE_OWNER: 'hugsmidjan'
     HUNTING_LICENSE_PASS_TEMPLATE_ID: 'd4ecf781-3764-4063-a4e1-9c3e17cebfba'
     IDENTITY_SERVER_ISSUER_URL: 'https://innskra.island.is'

charts/islandis/values.staging.yaml

@@ -286,6 +286,8 @@ api:
     AUTH_DELEGATION_API_URL: 'http://web-services-auth-delegation-api.identity-server-delegation.svc.cluster.local'
     AUTH_IDS_API_URL: 'https://identity-server.staging01.devland.is'
     AUTH_PUBLIC_API_URL: 'https://identity-server.staging01.devland.is/api'
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     COMPANY_REGISTRY_REDIS_NODES: '["clustercfg.general-redis-cluster-group.ab9ckb.euw1.cache.amazonaws.com:6379"]'
     COMPANY_REGISTRY_XROAD_PROVIDER_ID: 'IS-TEST/GOV/5402696029/Skatturinn/ft-v1'
     CONSULTATION_PORTAL_CLIENT_BASE_PATH: 'https://samradapi-test.devland.is'
@@ -1435,6 +1437,8 @@ island-ui-storybook:
 license-api:
   enabled: true
   env:
+    BARCODE_EXPIRE_TIME_IN_SEC: '60'
+    BARCODE_SESSION_EXPIRE_TIME_IN_SEC: '1800'
     CODE_OWNER: 'hugsmidjan'
     HUNTING_LICENSE_PASS_TEMPLATE_ID: '1da72d52-a93a-4d0f-8463-1933a2bd210b'
     IDENTITY_SERVER_ISSUER_URL: 'https://identity-server.staging01.devland.is'

libs/api/domains/license-service/src/lib/licenseService.service.ts

@@ -48,6 +48,8 @@ import {
   TOKEN_EXPIRED_ERROR,
 } from '@island.is/services/license'
 import { UserAgent } from '@island.is/nest/core'
+import { ProblemError } from '@island.is/nest/problem'
+import { ProblemType } from '@island.is/shared/problem'
 
 const LOG_CATEGORY = 'license-service'
 
@@ -469,6 +471,34 @@ export class LicenseService {
     )
   }
 
+  getBarcodeSessionKey(licenseType: LicenseType, sub: string) {
+    return `${licenseType}-${sub}`
+  }
+
+  async checkBarcodeSession(
+    barcodeSessionKey: string | undefined,
+    user: User,
+    licenseType: LicenseType,
+  ) {
+    if (barcodeSessionKey) {
+      const activeBarcodeSession = await this.barcodeService.getSessionCache(
+        barcodeSessionKey,
+      )
+
+      if (activeBarcodeSession && activeBarcodeSession !== user.sid) {
+        // If the user has an active session for the license type, we should not create a new barcode
+        this.logger.info(
+          `User has an active session for license: ${licenseType}`,
+        )
+
+        throw new ProblemError({
+          type: ProblemType.BAD_SESSION,
+          title: `User has an active session for license type: ${licenseType}`,
+        })
+      }
+    }
+  }
+
   async createBarcode(
     user: User,
     genericUserLicense: GenericUserLicense,
@@ -478,6 +508,12 @@ export class LicenseService {
     const licenseType = this.mapLicenseType(genericUserLicenseType)
     const client = await this.getClient<typeof licenseType>(licenseType)
 
+    const barcodeSessionKey = user.sub
+      ? this.getBarcodeSessionKey(licenseType, user.sub)
+      : undefined
+
+    await this.checkBarcodeSession(barcodeSessionKey, user, licenseType)
+
     if (
       genericUserLicense.license.pkpassStatus !==
       GenericUserLicensePkPassStatus.Available
@@ -518,6 +554,9 @@ export class LicenseService {
         licenseType,
         extraData,
       }),
+      barcodeSessionKey &&
+        user.sid &&
+        this.barcodeService.setSessionCache(barcodeSessionKey, user.sid),
     ])
 
     return tokenPayload

libs/auth-nest-tools/src/lib/auth.ts

@@ -7,6 +7,7 @@ import {
 
 export interface Auth {
   sub?: string
+  sid?: string
   nationalId?: string
   scope: string[]
   authorization: string

libs/auth-nest-tools/src/lib/current-actor.decorator.ts

@@ -25,6 +25,7 @@ export const getCurrentActor = (context: ExecutionContext): User => {
     : {
         ...user.actor,
         sub: user.sub,
+        sid: user.sid,
         client: user.client,
         authorization: user.authorization,
         ip: user.ip,

libs/auth-nest-tools/src/lib/jwt.payload.ts

@@ -10,6 +10,7 @@ export interface JwtAct {
 
 export interface JwtPayload {
   sub?: string
+  sid?: string
   nationalId?: string
   scope: string | string[]
   client_id: string

libs/auth-nest-tools/src/lib/jwt.strategy.spec.ts

@@ -24,6 +24,8 @@ describe('JwtStrategy#validate', () => {
 
     fakePayload = {
       nationalId: '1234567890',
+      sub: 'sub',
+      sid: 'sid',
       scope: ['test-scope-1'],
       client_id: 'test-client',
       delegationType: [AuthDelegationType.Custom],

libs/auth-nest-tools/src/lib/jwt.strategy.ts

@@ -55,6 +55,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
 
     return {
       sub: payload.sub,
+      sid: payload.sid,
       nationalId: payload.nationalId,
       scope: this.parseScopes(payload.scope),
       client: payload.client_id,

libs/services/license/src/index.ts

@@ -4,7 +4,6 @@ export {
   BarcodeData,
   LicenseTokenData,
   TOKEN_EXPIRED_ERROR,
-  BARCODE_EXPIRE_TIME_IN_SEC,
 } from './lib/barcode.service'
 export { LicenseConfig } from './lib/license.config'
 export { LICENSE_SERVICE_CACHE_MANAGER_PROVIDER } from './lib/licenseCache.provider'