Implement EIP-4361 sign in with Ethereum (#5)

* Blacklist some sytest tests that are failing in our environment * Commenting out test that isn't reliably passing or failing, probably a race * refresh latest dendrite main * refresh latest dendrite main * dendrite implementation of eip-4361 * simplify nonce generation Co-authored-by: Brian Meek <brian@hntlabs.com> Co-authored-by: Tak Wai Wong <takwaiw@gmail.com>
2026-01-16 18:43:10 -06:00 · 2022-06-09 13:03:04 -04:00 · 2022-06-09 13:03:04 -04:00 · a2d0ea1be0
parent 3145a9dc52
commit a2d0ea1be0
5 changed files with 11 additions and 49 deletions
--- a/clientapi/auth/user_interactive.go
+++ b/clientapi/auth/user_interactive.go
@ -246,7 +246,7 @@ func (u *UserInteractive) ResponseWithChallenge(sessionID string, response inter
 // Verify returns an error/challenge response to send to the client, or nil if the user is authenticated.
 // `bodyBytes` is the HTTP request body which must contain an `auth` key.
 // Returns the login that was verified for additional checks if required.
-func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte) (*Login, *util.JSONResponse) {
+func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte, device *api.Device) (*Login, *util.JSONResponse) {
 	// TODO: rate limit

 	// "A client should first make a request with no auth parameter. The homeserver returns an HTTP 401 response, with a JSON body"
--- a/clientapi/auth/user_interactive_test.go
+++ b/clientapi/auth/user_interactive_test.go
@ -17,6 +17,11 @@ var (
 	serverName = gomatrixserverlib.ServerName("example.com")
 	// space separated localpart+password -> account
 	lookup = make(map[string]*api.Account)
+	device = &api.Device{
+		AccessToken: "flibble",
+		DisplayName: "My Device",
+		ID:          "device_id_goes_here",
+	}
 )

 type fakeAccountDatabase struct {
@ -55,7 +60,7 @@ func setup() *UserInteractive {
 func TestUserInteractiveChallenge(t *testing.T) {
 	uia := setup()
 	// no auth key results in a challenge
-	_, errRes := uia.Verify(ctx, []byte(`{}`))
+	_, errRes := uia.Verify(ctx, []byte(`{}`), device)
 	if errRes == nil {
 		t.Fatalf("Verify succeeded with {} but expected failure")
 	}
@ -95,7 +100,7 @@ func TestUserInteractivePasswordLogin(t *testing.T) {
 		}`),
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc)
+		_, errRes := uia.Verify(ctx, tc, device)
 		if errRes != nil {
 			t.Errorf("Verify failed but expected success for request: %s - got %+v", string(tc), errRes)
 		}
@ -176,7 +181,7 @@ func TestUserInteractivePasswordBadLogin(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc.body)
+		_, errRes := uia.Verify(ctx, tc.body, device)
 		if errRes == nil {
 			t.Errorf("Verify succeeded but expected failure for request: %s", string(tc.body))
 			continue
--- a/clientapi/routing/deactivate.go
+++ b/clientapi/routing/deactivate.go
@ -28,7 +28,7 @@ func Deactivate(
 		}
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, deviceAPI)
 	if errRes != nil {
 		return *errRes
 	}
--- a/clientapi/routing/device.go
+++ b/clientapi/routing/device.go
@ -198,7 +198,7 @@ func DeleteDeviceById(
 		sessionID = s
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, device)
 	if errRes != nil {
 		switch data := errRes.JSON.(type) {
 		case auth.Challenge:
--- a/setup/config/config_clientapi.go
+++ b/setup/config/config_clientapi.go
@ -3,8 +3,6 @@ package config
 import (
 	"fmt"
 	"time"
-
-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 )

 type ClientAPI struct {
@ -162,44 +160,3 @@ func (r *RateLimiting) Defaults() {
 	r.Threshold = 5
 	r.CooloffMS = 500
 }
-
-type ethereumAuthParams struct {
-	Version  uint32   `json:"version"`
-	ChainIDs []string `json:"chain_ids"`
-}
-
-type ethereumAuthConfig struct {
-	Enabled  bool     `yaml:"enabled"`
-	Version  uint32   `yaml:"version"`
-	ChainIDs []string `yaml:"chain_ids"`
-}
-
-type publicKeyAuthentication struct {
-	Ethereum ethereumAuthConfig `yaml:"ethereum"`
-}
-
-func (pk *publicKeyAuthentication) Enabled() bool {
-	return pk.Ethereum.Enabled
-}
-
-func (pk *publicKeyAuthentication) GetPublicKeyRegistrationFlows() []authtypes.Flow {
-	var flows []authtypes.Flow
-	if pk.Ethereum.Enabled {
-		flows = append(flows, authtypes.Flow{Stages: []authtypes.LoginType{authtypes.LoginTypePublicKeyEthereum}})
-	}
-
-	return flows
-}
-
-func (pk *publicKeyAuthentication) GetPublicKeyRegistrationParams() map[string]interface{} {
-	params := make(map[string]interface{})
-	if pk.Ethereum.Enabled {
-		p := ethereumAuthParams{
-			Version:  pk.Ethereum.Version,
-			ChainIDs: pk.Ethereum.ChainIDs,
-		}
-		params[authtypes.LoginTypePublicKeyEthereum] = p
-	}
-
-	return params
-}