From b0c8353df3a17093fc2017e9ac913dc324bd02f1 Mon Sep 17 00:00:00 2001
From: daveroga <daveroga@gmail.com>
Date: Thu, 16 Jan 2025 10:04:34 +0100
Subject: [PATCH] add logic from skip tests in verifier test

---
 contracts/verifiers/Verifier.sol | 28 ++++++++++++++++++++++++----
 test/verifier/verifer.test.ts    |  8 ++++----
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/contracts/verifiers/Verifier.sol b/contracts/verifiers/Verifier.sol
index c2dc3de7..c4d10eca 100644
--- a/contracts/verifiers/Verifier.sol
+++ b/contracts/verifiers/Verifier.sol
@@ -24,12 +24,14 @@ error LinkIDNotTheSameForGroupedRequests();
 error UserIDNotFound(uint256 userID);
 error UserIDNotLinkedToAddress(uint256 userID, address userAddress);
 error UserNotAuthenticated();
+error UserIDMismatch(uint256 userIDFromAuth, uint256 userIDFromResponse);
 error MetadataNotSupportedYet();
 error GroupMustHaveAtLeastTwoRequests(uint256 groupID);
 error NullifierSessionIDAlreadyExists(uint256 nullifierSessionID);
 error VerifierIDIsNotValid(uint256 requestVerifierID, uint256 expectedVerifierID);
 error RequestIdNotValid();
 error RequestIdUsesReservedBytes();
+error ResponseFieldAlreadyExists(string responseFieldName);
 
 abstract contract Verifier is IVerifier, ContextUpgradeable {
     /// @dev Key to retrieve the linkID from the proof storage
@@ -462,13 +464,13 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
 
         // TODO: Get userID from responses that has userID informed (LinkedMultiquery doesn't have userID)
 
-        uint256 userIDFromReponse;
+        uint256 userIDFromAuthResponse;
         AuthTypeData storage authTypeData = $._authMethods[authResponse.authType];
 
         bytes32 expectedNonce = keccak256(abi.encode(sender, responses));
 
         // Authenticate user
-        userIDFromReponse = authTypeData.validator.verify(
+        userIDFromAuthResponse = authTypeData.validator.verify(
             authResponse.proof,
             authTypeData.params,
             sender,
@@ -476,11 +478,11 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
             expectedNonce
         );
 
-        if (userIDFromReponse == 0) {
+        if (userIDFromAuthResponse == 0) {
             revert UserNotAuthenticated();
         }
 
-        // 3. Verify all the responses, write proof results (under the userID key from the auth of the user),
+        // 3. Verify all the responses, check userID from signals and write proof results,
         //      emit events (existing logic)
         for (uint256 i = 0; i < responses.length; i++) {
             IVerifier.Response memory response = responses[i];
@@ -493,6 +495,24 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
                 $._state
             );
 
+            // Check if userID from authResponse is the same as the one in the signals
+            for (uint256 j = 0; j < signals.length; j++) {
+                if (keccak256(abi.encodePacked(signals[j].name)) == keccak256(abi.encodePacked("userID"))) {
+                    if (userIDFromAuthResponse != signals[j].value) {
+                        revert UserIDMismatch(userIDFromAuthResponse, signals[j].value);
+                    }
+                }
+            }
+
+            // Check that response fields are not repeated
+            for (uint256 j = 0; j < signals.length; j++) {
+                for (uint256 k = j + 1; k < signals.length; k++) {
+                    if (keccak256(abi.encodePacked(signals[j].name)) == keccak256(abi.encodePacked(signals[k].name))) {
+                        revert ResponseFieldAlreadyExists(signals[j].name);
+                    }
+                }
+            }
+
             $.writeProofResults(response.requestId, sender, signals);
 
             if (response.metadata.length > 0) {
diff --git a/test/verifier/verifer.test.ts b/test/verifier/verifer.test.ts
index 8871f1ce..87804cbb 100644
--- a/test/verifier/verifer.test.ts
+++ b/test/verifier/verifer.test.ts
@@ -71,14 +71,14 @@ describe("Verifer tests", function () {
     it("setRequests: requestId should be valid and not using reserved bytes", async function () {
       await validator.stub_setRequestParams([request.params], [paramsFromValidator]);
 
-      request.requestId = BigInt(2 ** 256) - BigInt(1);
+      request.requestId = BigInt(2 ** 256) - BigInt(1); // requestId without valid prefix 0x0000000000000000 or 0x0000000000000001
 
       await expect(verifier.setRequests([request])).to.be.revertedWithCustomError(
         verifier,
         "RequestIdNotValid",
       );
 
-      request.requestId = BigInt(2 ** 248) + BigInt(2 ** 247);
+      request.requestId = BigInt(2 ** 247); // requestId uses reserved bytes
       await expect(verifier.setRequests([request])).to.be.revertedWithCustomError(
         verifier,
         "RequestIdUsesReservedBytes",
@@ -124,7 +124,7 @@ describe("Verifer tests", function () {
       expect(resonseField2).to.be.equal(2);
     });
 
-    it.skip("submitResponse: should throw if repeated responseFields from validator", async function () {
+    it("submitResponse: should throw if repeated responseFields from validator", async function () {
       await verifier.setRequests([request]);
       await validator.stub_setVerifyResults([
         {
@@ -152,7 +152,7 @@ describe("Verifer tests", function () {
         .withArgs("someFieldName1");
     });
 
-    it.skip("submitResponse: userID in response fields should match auth userID", async function () {
+    it("submitResponse: userID in response fields should match auth userID", async function () {
       await verifier.setRequests([request]);
 
       let userID = 1; // we assume that userID is hardcoded to 1 in the auth stub contract