Page MenuHomePhabricator
Differential D11331

[web] Add QR auth handler logic
ClosedPublic
Actions

Authored by bartek on Mar 14 2024, 10:39 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, May 5, 3:06 PM
Unknown Object (File)
Sat, May 4, 3:43 AM
Unknown Object (File)
Thu, Apr 25, 8:38 AM
Unknown Object (File)
Thu, Apr 25, 8:37 AM
Unknown Object (File)
Thu, Apr 25, 7:23 AM
Unknown Object (File)
Apr 3 2024, 2:28 AM
Unknown Object (File)
Apr 3 2024, 2:27 AM
Unknown Object (File)
Mar 27 2024, 4:33 PM
View All 19 Files
Subscribers
ashoat
tomek

Details

Reviewers
kamil
michal
Commits
rCOMM725663b26bf7: [web] Add QR auth handler logic
Summary

Added QR code auth logic on web. Basically web counterpart of parent diffs in this stack.

Depends on D11330

Test Plan

Repeated test plan from parent diffs in this stack (mainly D11301 and D11330), but used web as a secondary device.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek created this revision.Mar 14 2024, 10:39 AM
bartek held this revision as a draft.
Herald added subscribers: tomek, ashoat. · View Herald TranscriptMar 14 2024, 10:39 AM
bartek added a child revision: D11332: [web][native] Encrypt QR auth messages with AES.Mar 14 2024, 10:42 AM
Harbormaster completed remote builds in B27517: Diff 38082.Mar 14 2024, 10:54 AM
bartek published this revision for review.Mar 18 2024, 12:33 AM
bartek updated this revision to Diff 38130.Mar 18 2024, 5:33 AM

Rebase

Harbormaster completed remote builds in B27559: Diff 38130.Mar 18 2024, 5:50 AM
ashoat added inline comments.Mar 18 2024, 6:17 PM
web/account/qr-code-login.react.js
67 ↗(On Diff #38130)

In the SIWE spec, the client always includes a timestamp with the nonce. The server then verifies the recency of the timestamp.

Our spec in the whitepaper doesn't seem to mention this sort of thing. I'm not sure it's necessary, given that the identity service already verifies the recency of the nonce.

Guessing it would be too much work to change at this point, but figured I'd mention this to see what you think.

bartek added inline comments.Mar 19 2024, 5:57 AM
web/account/qr-code-login.react.js
67 ↗(On Diff #38130)

We've already discussed it. The timestamp is created along with the nonce and is stored server-side. When received a nonce, Identity Service verifies the recency of its timestamp. There's no need to pass it back and forth to the client. Our wallet login nonces work the same.

kamil accepted this revision.Mar 19 2024, 6:33 AM
kamil added inline comments.
web/account/qr-code-login.react.js
59–73 ↗(On Diff #38130)

this some code that could be unified with native, added to olmAPI - should make things more readable and reduce duplication

As discussed in the office, this looks fine for now and @michal will add sign() method to olmAPI and refactor this code in hist stack with moving olm to worker

This revision is now accepted and ready to land.Mar 19 2024, 6:33 AM
Closed by commit rCOMM725663b26bf7: [web] Add QR auth handler logic (authored by bartek). · Explain WhyMar 21 2024, 4:29 AM
This revision was automatically updated to reflect the committed changes.
bartek added a commit: rCOMM725663b26bf7: [web] Add QR auth handler logic.

Revision Contents
Changeset List

PathSize
web/
account/
123 lines

Diff 38254

View Options

web/account/qr-code-login.react.js

Loading...