Skip to content

Commit fbed49c

Browse files
committed
feat(filesharing): accept signer name from passport/idcard/drivinglicence
Replace the previous (PR #239) mandatory pbdf.gemeente.personalData.fullname disclosure with a Yivi disjunction-of-conjunctions: the signer must disclose a name, but they may satisfy that from any one of four credentials -- gemeente fullname, OR firstName+lastName from pbdf.pbdf.{passport,idcard,drivinglicence}. This addresses dobby's review of #239: requiring only the gemeente credential silently locked out everyone without a Dutch municipality attestation. The disjunction is mandatory -- disclosure refuses to complete unless at least one option is satisfied. Optional mobilenumber and dateofbirth remain unchanged. The disjunction lives in a new signAttributes.ts module exporting a typed AttrConItem[] consumed by SendButton.svelte. Splitting it out keeps the component file focused and the attribute list reviewable in isolation. Locale copy updates flagged by dobby on en.json/nl.json: - emailSenderSubHeading describes the four-credential rule. - yiviTip no longer frames the name as optional. The $derived.by + (!canEncrypt) call-site fixes from #239 are preserved. Depends on encryption4all/postguard#198 (PKG), postguard-js#78 (sign.yivi attrs), and cryptify#170 (render firstName+lastName). Supersedes #239 in this repo. npm run check: 0 errors, 0 warnings.
1 parent 1cc1892 commit fbed49c

4 files changed

Lines changed: 49 additions & 21 deletions

File tree

src/lib/components/filesharing/SendButton.svelte

Lines changed: 8 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
import { MAX_UPLOAD_SIZE, ROLLING_LIMIT } from '$lib/env'
2020
import { parseLimitExceededBody, bytesToGB } from '$lib/usage'
2121
import { recordUpload, getLocalUsedBytes } from '$lib/localUsage'
22+
import { SIGN_ATTRIBUTES } from './signAttributes'
2223
2324
interface props {
2425
encryptState: EncryptState
@@ -37,7 +38,7 @@
3738
const emailRegex =
3839
/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
3940
40-
let canEncrypt = $derived(() => {
41+
let canEncrypt = $derived.by(() => {
4142
if (encryptState.files.length === 0) return false
4243
const totalSize = encryptState.files.reduce((a, f) => a + f.size, 0)
4344
if (totalSize >= MAX_UPLOAD_SIZE) return false
@@ -138,7 +139,7 @@
138139
await tick()
139140
140141
try {
141-
if (!canEncrypt()) return
142+
if (!canEncrypt) return
142143
143144
// Build recipients
144145
const recipients = encryptState.recipients.map(
@@ -151,23 +152,13 @@
151152
}
152153
)
153154
154-
// Build sign method — email always included, other attributes optional
155+
// Build sign method — email and a name attribute are always
156+
// required so the recipient mail can show a real name. The
157+
// name may come from any one of four credentials; see
158+
// signAttributes.ts for the disjunction.
155159
const sign = pg.sign.yivi({
156160
element: '#crypt-irma-qr',
157-
attributes: [
158-
{
159-
t: 'pbdf.gemeente.personalData.fullname',
160-
optional: true,
161-
},
162-
{
163-
t: 'pbdf.sidn-pbdf.mobilenumber.mobilenumber',
164-
optional: true,
165-
},
166-
{
167-
t: 'pbdf.gemeente.personalData.dateofbirth',
168-
optional: true,
169-
},
170-
],
161+
attributes: SIGN_ATTRIBUTES,
171162
includeSender: true,
172163
})
173164
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
import type { AttrConItem } from '@e4a/pg-js'
2+
3+
/**
4+
* Yivi attributes the sender must (or may) disclose when signing a
5+
* PostGuard file share. The PostGuard PKG prepends the email attribute,
6+
* so it's not listed here.
7+
*
8+
* The first entry is the **mandatory name disjunction** — the sender
9+
* proves their name from any one of four credentials:
10+
*
11+
* - `pbdf.gemeente.personalData.fullname` (Dutch municipality), OR
12+
* - `pbdf.pbdf.passport.{firstName,lastName}`, OR
13+
* - `pbdf.pbdf.idcard.{firstName,lastName}`, OR
14+
* - `pbdf.pbdf.drivinglicence.{firstName,lastName}`.
15+
*
16+
* The remaining entries are unchanged optional extras from before
17+
* postguard#239 — kept in the legacy flat shape with `optional: true`.
18+
*/
19+
export const SIGN_ATTRIBUTES: AttrConItem[] = [
20+
[
21+
[{ t: 'pbdf.gemeente.personalData.fullname' }],
22+
[
23+
{ t: 'pbdf.pbdf.passport.firstName' },
24+
{ t: 'pbdf.pbdf.passport.lastName' },
25+
],
26+
[
27+
{ t: 'pbdf.pbdf.idcard.firstName' },
28+
{ t: 'pbdf.pbdf.idcard.lastName' },
29+
],
30+
[
31+
{ t: 'pbdf.pbdf.drivinglicence.firstName' },
32+
{ t: 'pbdf.pbdf.drivinglicence.lastName' },
33+
],
34+
],
35+
{ t: 'pbdf.sidn-pbdf.mobilenumber.mobilenumber', optional: true },
36+
{ t: 'pbdf.gemeente.personalData.dateofbirth', optional: true },
37+
]

src/lib/locales/en.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -202,15 +202,15 @@
202202
"emailSender": "Email address",
203203
"emailSenderHeading": "Your information",
204204
"emailSenderSubHeadingToggle": "Why do you need this information?",
205-
"emailSenderSubHeading": "Let the recipient(s) know these files are from you. Before sending, you sign the files by proving your email address and any additional personal data with the Yivi app.",
205+
"emailSenderSubHeading": "Let the recipient(s) know these files are from you. Before sending, you sign the files with the Yivi app by proving your email address and your name (from a Dutch municipality credential, or from a passport, ID card, or driving licence).",
206206
"messageHeading": "Message (optional)",
207207
"messageText": "This message will not be encrypted and will be included in the notification email.",
208208
"messagePlaceholder": "Type your message here...",
209209
"encryptSend": "Sign & send",
210210
"yiviInfo": "What is Yivi?",
211211
"yiviInfoText": "Yivi is a free and privacy-friendly authentication app. With Yivi you can prove who you are by selectively sharing personal data, such as your email address, phone number, or name. At PostGuard we use Yivi to securely encrypt and decrypt files.",
212212
"yiviInfoLink": "Learn more about Yivi",
213-
"yiviTip": "Tip: In the Yivi app you can add optional data. This way you let the recipient(s) know for sure that these files come from you.",
213+
"yiviTip": "Tip: In the Yivi app you can also add an optional phone number or date of birth. This way you let the recipient(s) know for sure that these files come from you.",
214214
"sending": "Your files are being sent",
215215
"retrying": "Connection hiccup, retrying… (attempt {attempt} of {max})",
216216
"encrypting": "Encrypting & uploading...",

src/lib/locales/nl.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -201,15 +201,15 @@
201201
"emailSender": "E-mailadres",
202202
"emailSenderHeading": "Jouw gegevens",
203203
"emailSenderSubHeadingToggle": "Waarom heb je deze gegevens nodig?",
204-
"emailSenderSubHeading": "Laat de ontvanger(s) weten dat deze bestanden van jou afkomstig zijn. Voor het verzenden onderteken je de bestanden door je e-mailadres en eventuele aanvullende persoonlijke gegevens aan te tonen met de Yivi-app.",
204+
"emailSenderSubHeading": "Laat de ontvanger(s) weten dat deze bestanden van jou afkomstig zijn. Voor het verzenden onderteken je de bestanden met de Yivi-app door je e-mailadres en je naam aan te tonen (afkomstig uit je gemeente, paspoort, ID-kaart of rijbewijs).",
205205
"messageHeading": "Bericht (optioneel)",
206206
"messageText": "Dit bericht wordt niet versleuteld en wordt opgenomen in de notificatie-e-mail.",
207207
"messagePlaceholder": "Typ hier je bericht...",
208208
"encryptSend": "Onderteken & verzend",
209209
"yiviInfo": "Wat is Yivi?",
210210
"yiviInfoText": "Yivi is een gratis en privacy-vriendelijke authenticatie-app. Met Yivi kun je bewijzen wie je bent door selectief persoonlijke gegevens te delen, zoals je e-mailadres, telefoonnummer of naam. Bij PostGuard gebruiken we Yivi om bestanden veilig te versleutelen en ontsleutelen.",
211211
"yiviInfoLink": "Meer informatie over Yivi",
212-
"yiviTip": "Tip: In de Yivi-app kun je optionele gegevens toevoegen. Zo laat je de ontvanger(s) zeker weten dat deze bestanden van jou komen.",
212+
"yiviTip": "Tip: In de Yivi-app kun je ook een optioneel telefoonnummer of geboortedatum toevoegen. Zo laat je de ontvanger(s) zeker weten dat deze bestanden van jou komen.",
213213
"sending": "Je bestanden worden verzonden",
214214
"retrying": "Verbindingshapering, opnieuw proberen… (poging {attempt} van {max})",
215215
"encrypting": "Ondertekenen & verzenden...",

0 commit comments

Comments
 (0)