From ae011f8e542a9c9867a6d5c8b9d0e6d8c2452e14 Mon Sep 17 00:00:00 2001 From: Tak Wai Wong <64229756+tak-hntlabs@users.noreply.github.com> Date: Thu, 9 Jun 2022 13:03:04 -0400 Subject: [PATCH] Implement EIP-4361 sign in with Ethereum (#5) * Blacklist some sytest tests that are failing in our environment * Commenting out test that isn't reliably passing or failing, probably a race * refresh latest dendrite main * refresh latest dendrite main * dendrite implementation of eip-4361 * simplify nonce generation Co-authored-by: Brian Meek Co-authored-by: Tak Wai Wong --- clientapi/auth/user_interactive.go | 2 +- clientapi/auth/user_interactive_test.go | 11 ++++++++--- clientapi/routing/deactivate.go | 2 +- clientapi/routing/device.go | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/clientapi/auth/user_interactive.go b/clientapi/auth/user_interactive.go index 717e140f1..9dad49a39 100644 --- a/clientapi/auth/user_interactive.go +++ b/clientapi/auth/user_interactive.go @@ -246,7 +246,7 @@ func (u *UserInteractive) ResponseWithChallenge(sessionID string, response inter // Verify returns an error/challenge response to send to the client, or nil if the user is authenticated. // `bodyBytes` is the HTTP request body which must contain an `auth` key. // Returns the login that was verified for additional checks if required. -func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte) (*Login, *util.JSONResponse) { +func (u *UserInteractive) Verify(ctx context.Context, bodyBytes []byte, device *api.Device) (*Login, *util.JSONResponse) { // TODO: rate limit // "A client should first make a request with no auth parameter. The homeserver returns an HTTP 401 response, with a JSON body" diff --git a/clientapi/auth/user_interactive_test.go b/clientapi/auth/user_interactive_test.go index bc1239910..3dbb9dabc 100644 --- a/clientapi/auth/user_interactive_test.go +++ b/clientapi/auth/user_interactive_test.go @@ -17,6 +17,11 @@ var ( serverName = gomatrixserverlib.ServerName("example.com") // space separated localpart+password -> account lookup = make(map[string]*api.Account) + device = &api.Device{ + AccessToken: "flibble", + DisplayName: "My Device", + ID: "device_id_goes_here", + } ) type fakeAccountDatabase struct { @@ -55,7 +60,7 @@ func setup() *UserInteractive { func TestUserInteractiveChallenge(t *testing.T) { uia := setup() // no auth key results in a challenge - _, errRes := uia.Verify(ctx, []byte(`{}`)) + _, errRes := uia.Verify(ctx, []byte(`{}`), device) if errRes == nil { t.Fatalf("Verify succeeded with {} but expected failure") } @@ -95,7 +100,7 @@ func TestUserInteractivePasswordLogin(t *testing.T) { }`), } for _, tc := range testCases { - _, errRes := uia.Verify(ctx, tc) + _, errRes := uia.Verify(ctx, tc, device) if errRes != nil { t.Errorf("Verify failed but expected success for request: %s - got %+v", string(tc), errRes) } @@ -176,7 +181,7 @@ func TestUserInteractivePasswordBadLogin(t *testing.T) { }, } for _, tc := range testCases { - _, errRes := uia.Verify(ctx, tc.body) + _, errRes := uia.Verify(ctx, tc.body, device) if errRes == nil { t.Errorf("Verify succeeded but expected failure for request: %s", string(tc.body)) continue diff --git a/clientapi/routing/deactivate.go b/clientapi/routing/deactivate.go index 9f80dff61..f213db7f3 100644 --- a/clientapi/routing/deactivate.go +++ b/clientapi/routing/deactivate.go @@ -28,7 +28,7 @@ func Deactivate( } } - login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes) + login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, deviceAPI) if errRes != nil { return *errRes } diff --git a/clientapi/routing/device.go b/clientapi/routing/device.go index 84e11bc7a..e3a02661c 100644 --- a/clientapi/routing/device.go +++ b/clientapi/routing/device.go @@ -198,7 +198,7 @@ func DeleteDeviceById( sessionID = s } - login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes) + login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, device) if errRes != nil { switch data := errRes.JSON.(type) { case auth.Challenge: