Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added webAuthDomain parameter and validation to SEP-10 util functions #607

Merged
merged 7 commits into from
Jan 18, 2021
Merged

Added webAuthDomain parameter and validation to SEP-10 util functions #607

merged 7 commits into from
Jan 18, 2021

Conversation

JakeUrban
Copy link
Contributor

resolves #606

Changes:

  • Added webAuthDomain parameter to readChallengeTx(), buildChallengeTx(), verifyChallengeTxSigners(), and verifyChallengeTxThreshold()
  • buildChallengeTx() now adds an additional Manage Data operation as described in the SEP-10 v3.1 changes
  • readChallengeTx() now verifies that the added webAuthDomain parameter matches the added Manage Data operation value if included in the challenge
  • verifyChallengeTxSigners() and verifyChallengeTxThreshold() pass webAuthDomain to readChallengeTx()
  • Tests (untils_test.js) have been added & updated

Shaptic
Shaptic previously approved these changes Jan 12, 2021
View reviewed changes
Copy link
Contributor

@Shaptic Shaptic left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[tragically trying to undo an approval]

Shaptic
Shaptic reviewed Jan 12, 2021
View reviewed changes
Copy link
Contributor

@Shaptic Shaptic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The JS looks good & comprehensive. I can't speak to the validity of the implementation (largely unfamiliar with SEP-10) so wait on @leighmcculloch for that, but otherwise this LGTM 👍. Thanks for doing this after raising #606, Jake!

@Shaptic Shaptic dismissed their stale review January 12, 2021 22:32

Please wait for Leigh

leighmcculloch
leighmcculloch requested changes Jan 16, 2021
View reviewed changes
Copy link
Member

@leighmcculloch leighmcculloch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One change in this PR conflicts ( ⏩ ) with another open PR and we should address that in that other PR I think, and there's one critical change ( ❗ ) I think we should make before merging this, otherwise looks great.

Love the tests 🎉 .

@JakeUrban
Copy link
Contributor Author

I had to force push after rebasing this branch on the update master, sorry

leighmcculloch
leighmcculloch approved these changes Jan 18, 2021
View reviewed changes
Copy link
Member

@leighmcculloch leighmcculloch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Looks great. Nice fix on the buffer compare. One suggestion (💡).

src/utils.ts
}
if (
op.name === "web_auth_domain" &&
op.value.compare(Buffer.from(webAuthDomain))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love it. 🚀

Initially I wasn't sure if this would work because compare returns a -1, 0, or 1 depending how the two buffers sort, but TIL it does work because:

> !!-1
true
> !!1
true
> !!0
false

test/unit/utils_test.js Outdated
Comment on lines 1125 to 1126
"testanchor.stellar.org",
"testanchor.stellar.org"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 For the sake of making sure the correct parameter is being matched against could you make the home domain an web auth domain different?

@JakeUrban JakeUrban merged commit 89f2d88 into stellar:master Jan 18, 2021
@JakeUrban JakeUrban deleted the sep10-v3.1 branch January 18, 2021 19:45
overcat
overcat reviewed Jan 19, 2021
View reviewed changes
src/utils.ts
@@ -234,6 +245,19 @@ export namespace Utils {
"The transaction has operations that are unrecognized",
);
}
if (op.value === undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @leighmcculloch @JakeUrban, I have some confusion about this, does the SEP-10 protocol specify that the values in other ManageData Operation cannot be null?

Copy link
Member

@leighmcculloch leighmcculloch Jan 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point, it does not specify this and shouldn't reject a challenge transaction because of this. This is a bug.

Copy link
Contributor Author

@JakeUrban JakeUrban Jan 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch. I'll fix it today, before release.

@JakeUrban JakeUrban mentioned this pull request Jan 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leighmcculloch leighmcculloch leighmcculloch approved these changes

@Shaptic Shaptic Shaptic left review comments

@overcat overcat overcat left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SEP-10 v3.1 Changes (from the SDF)
4 participants
@JakeUrban @leighmcculloch @Shaptic @overcat