@digitalbazaar/zcap - npm Package Compare versions

Comparing version 7.1.0 to 7.2.0

CHANGELOG.md

 # @digitalbazaar/zcap ChangeLog
 
+## 7.2.0 - 2022-01-20
+
+### Added
+- Include `capability` and `verificationMethod` as details when a zcap
+  invocation/delegation fails verification because the capability
+  controller does not match the verification method (or its controller). If
+  this information causes undesirable correlation, i.e., the controller
+  of a root zcap is private in some way, do not include it when transmitting
+  errors to a client. This information can be omitted by deleting `details`
+  from the error or constructing a new error that omits `details`.
+
 ## 7.1.0 - 2022-01-14
@@ -4,0 +15,0 @@

lib/CapabilityDelegation.js

@@ -259,5 +259,10 @@ /*!
       {capability: verifiedParentCapability, verificationMethod})) {
-      throw new Error(
+      const error = new Error(
         'The capability controller does not match the verification ' +
         'method (or its controller) used to delegate.');
+      error.details = {
+        capability: verifiedParentCapability,
+        verificationMethod
+      };
+      throw error;
     }
@@ -264,0 +269,0 @@

lib/CapabilityInvocation.js

@@ -292,5 +292,10 @@ /*!
     if(!utils.isController({capability, verificationMethod})) {
-      throw new Error(
+      const error = new Error(
         'The capability controller does not match the verification method ' +
         '(or its controller) used to invoke.');
+      error.details = {
+        capability,
+        verificationMethod
+      };
+      throw error;
     }
@@ -297,0 +302,0 @@

package.json

 {
   "name": "@digitalbazaar/zcap",
-  "version": "7.1.0",
+  "version": "7.2.0",
   "description": "Authorization Capabilities reference implementation.",
@@ -5,0 +5,0 @@ "homepage": "https://github.com/digitalbazaar/zcap",

No alert changes

Improved metrics

Total package byte prevSize

89786

increased by0.88%

Lines of code

1638

increased by0.61%

No dependency changes