Page MenuHomePhabricator

[keyserver] Return generated `nonce` in `siweNonceResponder`
ClosedPublic

Authored by atul on Dec 16 2022, 11:09 AM.
Tags
None
Referenced Files
F3499823: D5885.diff
Fri, Dec 20, 12:12 AM
Unknown Object (File)
Fri, Dec 6, 4:05 AM
Unknown Object (File)
Sun, Dec 1, 2:39 PM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Unknown Object (File)
Fri, Nov 22, 5:54 AM
Subscribers
None

Details

Summary
  • return nonce generated from siwe:generateNonce
  • input validation with tcomb
  • introduce SIWENonceRequest and SIWENonceResponse types (to appease flow)

Again nothing very interesting, just necessary scaffolding.


Depends on D5884

Test Plan

Send a malformed request and make sure the keyserver throws.
Send a correctly formed request and make sure the keyserver validates input:

bf55cd.png (1×1 px, 233 KB)

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

atul published this revision for review.Dec 16 2022, 11:09 AM
atul edited the test plan for this revision. (Show Details)
atul retitled this revision from [keyserver] Introduce `siweNonceRequestInputValidator` to [keyserver] Return generated `nonce` in `siweNonceResponder`.
atul edited the summary of this revision. (Show Details)

Don't land until you connect the nonce to a specific session please

This revision is now accepted and ready to land.Dec 16 2022, 1:15 PM

remove walletAddress from endpoint input

keyserver/src/responders/siwe-nonce-responders.js
7–9 ↗(On Diff #19447)

This looks weird for a responder given it doesn't take viewer or input, but I guess that's by design.

Worth noting that the validateInput function has the side effect of calling checkClientSupported, which makes sure that we don't respond to requests from clients with ancient codeVersions. Probably doesn't matter for this use case, but it worries me a little bit... what if we add some additional side effect to validateInput in the future, on the assumption that every responder calls it? Not sure

keyserver/src/responders/siwe-nonce-responders.js
7–9 ↗(On Diff #19447)

Probably doesn't matter for this use case, but it worries me a little bit... what if we add some additional side effect to validateInput in the future, on the assumption that every responder calls it? Not sure

Might make sense to change the name of validateInput to something like validateInputAndViewer or validateRequest to make clear that there's more to it than checking input with the tcomb stuff.

keyserver/src/responders/siwe-nonce-responders.js
7–9 ↗(On Diff #19447)

Can you create a task?

This revision was landed with ongoing or failed builds.Dec 19 2022, 10:40 AM
This revision was automatically updated to reflect the committed changes.