veramo `handleMessage` incorrectly returns successful value even if `credentialStatus` is present but can't be verified

`handleMessage` incorrectly returns successful value even if `credentialStatus` is present but can't be verified

Open nickreynolds opened this issue 2 years ago • 0 comments

Bug severity 4

Describe the bug If handleMessage is passed a credential that contains a credentialStatus property, but that property cannot be validated (e.g. it would be false or the agent has no plugin for credential status), it returns a successful message anyways.

It appears handleMessage is ignoring the credentialStatus property entirely.

If the same credential passed into verifyCredential, instead of credentialStatus, the function correctly returns an error.

To Reproduce Steps to reproduce the behaviour:

Create a Credential that contains a credentialStatus property
Create an Agent that does NOT contain an ICredentialStatusVerifier plugin
Notice that verifyCredential correctly returns an error
Notice that handleMessage incorrectly returns a seemingly valid Message

Versions (please complete the following information):

Veramo: 4.0.2 via Agent Deploy

Oct 24 '22 18:10 nickreynolds

veramo veramo copied to clipboard

`handleMessage` incorrectly returns successful value even if `credentialStatus` is present but can't be verified

veramo
veramo copied to clipboard