feat: error messages on W3ID mismatch

Author: coodos

platforms/eVoting/src/components/signing-interface.tsx

@@ -22,7 +22,7 @@ export function SigningInterface({ pollId, voteData, onSigningComplete, onCancel
   const { SVG } = useQRCode();
   const [sessionId, setSessionId] = useState<string | null>(null);
   const [qrData, setQrData] = useState<string | null>(null);
-  const [status, setStatus] = useState<"pending" | "connecting" | "signed" | "expired" | "error">("pending");
+  const [status, setStatus] = useState<"pending" | "connecting" | "signed" | "expired" | "error" | "security_violation">("pending");
   const [timeRemaining, setTimeRemaining] = useState<number>(900); // 15 minutes in seconds
   const [eventSource, setEventSource] = useState<EventSource | null>(null);
   const { toast } = useToast();
@@ -100,6 +100,13 @@ export function SigningInterface({ pollId, voteData, onSigningComplete, onCancel
             description: "The signing session has expired. Please try again.",
             variant: "destructive",
           });
+        } else if (data.type === "security_violation") {
+          setStatus("security_violation");
+          toast({
+            title: "Security Violation",
+            description: data.error || "Public key verification failed",
+            variant: "destructive",
+          });
         } else {
         }
       } catch (error) {
@@ -135,16 +142,16 @@ export function SigningInterface({ pollId, voteData, onSigningComplete, onCancel
   // Cleanup SSE connection
   useEffect(() => {
     return () => {
-      // Only close SSE connection if signing is not complete
-      if (eventSource && status !== "signed") {
+      // Only close SSE connection if signing is not complete or if there's a security violation
+      if (eventSource && status !== "signed" && status !== "security_violation") {
         eventSource.close();
       }
     };
   }, [eventSource, status]);
 
-  // Additional cleanup when signing is complete
+  // Additional cleanup when signing is complete or security violation occurs
   useEffect(() => {
-    if (status === "signed" && eventSource) {
+    if ((status === "signed" || status === "security_violation") && eventSource) {
       eventSource.close();
     }
   }, [status, eventSource]);
@@ -222,6 +229,33 @@ export function SigningInterface({ pollId, voteData, onSigningComplete, onCancel
     );
   }
 
+  if (status === "security_violation") {
+    return (
+      <Card className="w-full max-w-md mx-auto">
+        <CardHeader className="text-center">
+          <CardTitle className="flex items-center justify-center gap-2">
+            <AlertTriangle className="h-5 w-5 text-red-500" />
+            Security Violation
+          </CardTitle>
+                  <CardDescription>
+          eName verification failed
+        </CardDescription>
+        </CardHeader>
+        <CardContent className="text-center space-y-4">
+          <div className="bg-red-50 p-4 rounded-lg">
+            <p className="text-red-800 text-sm">
+              eName Mismatch: It appears that you are trying to sign with the wrong eName. 
+              Please make sure you are signing with the right eID linked to this account.
+            </p>
+          </div>
+          <Button onClick={onCancel} variant="secondary">
+            Close
+          </Button>
+        </CardContent>
+      </Card>
+    );
+  }
+
   if (status === "signed") {
     return (
       <Card className="w-full max-w-md mx-auto">

platforms/evoting-api/src/controllers/SigningController.ts

@@ -123,9 +123,12 @@ export class SigningController {
                     voteId: result.voteId
                 });
             } else {
-                res.status(400).json({ 
+                // Always send 200 response to the wallet, even for security violations
+                // This prevents the wallet from thinking the request failed
+                res.status(200).json({ 
                     success: false, 
-                    error: result.error 
+                    error: result.error,
+                    message: "Request processed but vote not submitted due to verification failure"
                 });
             }
         } catch (error) {

platforms/evoting-api/src/services/SigningService.ts

@@ -8,7 +8,7 @@ export interface SigningSession {
     userId: string;
     voteData: any;
     qrData: string;
-    status: "pending" | "signed" | "expired" | "completed";
+    status: "pending" | "signed" | "expired" | "completed" | "security_violation";
     expiresAt: Date;
     createdAt: Date;
     updatedAt: Date;
@@ -150,6 +150,21 @@ export class SigningService {
                         cleanUserEname,
                         sessionUserId: session.userId
                     });
+                    
+                    // Update session status to indicate security violation
+                    session.status = "security_violation";
+                    session.updatedAt = new Date();
+                    this.sessions.set(sessionId, session);
+                    
+                    // Notify subscribers of security violation
+                    this.notifySubscribers(sessionId, {
+                        type: "security_violation",
+                        status: "security_violation",
+                        error: "Public key does not match the user who created this signing session",
+                        sessionId
+                    });
+                    
+                    // Return success: false but don't throw error - let the wallet think it succeeded
                     return { success: false, error: "Public key does not match the user who created this signing session" };
                 }
 

platforms/group-charter-manager-api/src/controllers/CharterSigningController.ts

@@ -140,11 +140,21 @@ export class CharterSigningController {
                 message
             );
 
-            res.json({
-                success: true,
-                message: "Signature verified and charter signed",
-                data: result
-            });
+            if (result.success) {
+                res.json({
+                    success: true,
+                    message: "Signature verified and charter signed",
+                    data: result
+                });
+            } else {
+                // Always send 200 response to the wallet, even for security violations
+                // This prevents the wallet from thinking the request failed
+                res.status(200).json({
+                    success: false,
+                    error: result.error,
+                    message: "Request processed but charter not signed due to verification failure"
+                });
+            }
 
         } catch (error) {
             console.error("Error processing signed payload:", error);

platforms/group-charter-manager-api/src/services/CharterSigningService.ts

@@ -9,7 +9,7 @@ export interface CharterSigningSession {
     qrData: string;
     createdAt: Date;
     expiresAt: Date;
-    status: "pending" | "signed" | "expired" | "completed";
+    status: "pending" | "signed" | "expired" | "completed" | "security_violation";
 }
 
 export interface SignedCharterPayload {
@@ -21,13 +21,14 @@ export interface SignedCharterPayload {
 
 export interface CharterSigningResult {
     success: boolean;
+    error?: string;
     sessionId: string;
     groupId: string;
     userId: string;
-    signature: string;
-    publicKey: string;
-    message: string;
-    type: "signed";
+    signature?: string;
+    publicKey?: string;
+    message?: string;
+    type: "signed" | "security_violation";
 }
 
 export class CharterSigningService {
@@ -136,7 +137,20 @@ export class CharterSigningService {
                     cleanUserEname,
                     sessionUserId: session.userId
                 });
-                throw new Error("Public key does not match the user who created this signing session");
+                
+                // Update session status to indicate security violation
+                session.status = "security_violation";
+                this.sessions.set(sessionId, session);
+                
+                // Return error result instead of throwing
+                return {
+                    success: false,
+                    error: "Public key does not match the user who created this signing session",
+                    sessionId,
+                    groupId: session.groupId,
+                    userId: session.userId,
+                    type: "security_violation"
+                };
             }
 
             console.log(`✅ Public key verification passed: ${cleanPublicKey} matches ${cleanUserEname}`);