Implement EIP-4361 sign in with Ethereum (#5)

* Blacklist some sytest tests that are failing in our environment * Commenting out test that isn't reliably passing or failing, probably a race * refresh latest dendrite main * refresh latest dendrite main * dendrite implementation of eip-4361 * simplify nonce generation Co-authored-by: Brian Meek <brian@hntlabs.com> Co-authored-by: Tak Wai Wong <takwaiw@gmail.com>
2026-01-09 15:13:12 -06:00 · 2022-06-09 13:03:04 -04:00 · 2022-06-09 13:03:04 -04:00 · ae011f8e54
parent b2717519f8
commit ae011f8e54
4 changed files with 11 additions and 6 deletions
--- a/clientapi/auth/user_interactive.go
+++ b/clientapi/auth/user_interactive.go
@ -246,7 +246,7 @@ func (u *UserInteractive) ResponseWithChallenge(sessionID string, response inter
 // Verify returns an error/challenge response to send to the client, or nil if the user is authenticated.
 // `bodyBytes` is the HTTP request body which must contain an `auth` key.
 // Returns the login that was verified for additional checks if required.
-func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte) (*Login, *util.JSONResponse) {
+func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte, device *api.Device) (*Login, *util.JSONResponse) {
 	// TODO: rate limit

 	// "A client should first make a request with no auth parameter. The homeserver returns an HTTP 401 response, with a JSON body"
--- a/clientapi/auth/user_interactive_test.go
+++ b/clientapi/auth/user_interactive_test.go
@ -17,6 +17,11 @@ var (
 	serverName = gomatrixserverlib.ServerName("example.com")
 	// space separated localpart+password -> account
 	lookup = make(map[string]*api.Account)
+	device = &api.Device{
+		AccessToken: "flibble",
+		DisplayName: "My Device",
+		ID:          "device_id_goes_here",
+	}
 )

 type fakeAccountDatabase struct {
@ -55,7 +60,7 @@ func setup() *UserInteractive {
 func TestUserInteractiveChallenge(t *testing.T) {
 	uia := setup()
 	// no auth key results in a challenge
-	_, errRes := uia.Verify(ctx, []byte(`{}`))
+	_, errRes := uia.Verify(ctx, []byte(`{}`), device)
 	if errRes == nil {
 		t.Fatalf("Verify succeeded with {} but expected failure")
 	}
@ -95,7 +100,7 @@ func TestUserInteractivePasswordLogin(t *testing.T) {
 		}`),
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc)
+		_, errRes := uia.Verify(ctx, tc, device)
 		if errRes != nil {
 			t.Errorf("Verify failed but expected success for request: %s - got %+v", string(tc), errRes)
 		}
@ -176,7 +181,7 @@ func TestUserInteractivePasswordBadLogin(t *testing.T) {
 		},
 	}
 	for _, tc := range testCases {
-		_, errRes := uia.Verify(ctx, tc.body)
+		_, errRes := uia.Verify(ctx, tc.body, device)
 		if errRes == nil {
 			t.Errorf("Verify succeeded but expected failure for request: %s", string(tc.body))
 			continue
--- a/clientapi/routing/deactivate.go
+++ b/clientapi/routing/deactivate.go
@ -28,7 +28,7 @@ func Deactivate(
 		}
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, deviceAPI)
 	if errRes != nil {
 		return *errRes
 	}
--- a/clientapi/routing/device.go
+++ b/clientapi/routing/device.go
@ -198,7 +198,7 @@ func DeleteDeviceById(
 		sessionID = s
 	}

-	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes)
+	login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, device)
 	if errRes != nil {
 		switch data := errRes.JSON.(type) {
 		case auth.Challenge: