Paths

Table of Contentst

Differential D6022

[keyserver] Add `isValidSIWENonce` check to `landingResponder`
ClosedPublic
Actions

Authored by atul on Dec 23 2022, 6:01 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Nov 7, 5:50 AM

	Unknown Object (File)
	Tue, Nov 5, 4:12 AM

	Unknown Object (File)
	Tue, Nov 5, 4:12 AM

	Unknown Object (File)
	Mon, Nov 4, 8:49 AM

	Unknown Object (File)
	Mon, Nov 4, 8:31 AM

	Unknown Object (File)
	Sun, Nov 3, 1:57 AM

	Unknown Object (File)
	Sun, Nov 3, 1:57 AM

	Unknown Object (File)
	Sun, Nov 3, 1:57 AM

View All 97 Files

Subscribers

None

Details

Reviewers

ashoat
tomek

Commits

rCOMM54fcc7b8feb1: [keyserver] Add `isValidSIWENonce` check to `landingResponder`

Summary

Addresses feedback from: https://phab.comm.dev/D5977#180158

If the siweNonce header is set and it's not valid, we immediately return a 400 and return.

If the siweNonce header is empty or it is set and valid, we proceed with the request as usual.

Test Plan

Tested isValidSIWENonce regex with some simple unit tests.
Made sure landing generally continues to work as expected on desktop (no nonce).
Made sure landing/SIWE continues to work as expected on native.
Messed up the nonce in the request to landing/SIWE (hardcoded to some gibberish) and ensured that we got a 400 in response:

Simulator Screen Shot - iPhone 14 Pro - 2022-12-23 at 18.11.14.png (2×1 px, 420 KB)

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

atul created this revision.Dec 23 2022, 6:01 PM

atul added inline comments.Dec 23 2022, 6:04 PM

lib/utils/siwe-utils.js
3 ↗	(On Diff #20089)	The following line defines `ALPHANUMERIC` with the range of characters that can be included in the nonce. https://github.com/StableLib/stablelib/blob/a89a438fcbf855de6b2e9faa2630f03c3f3b3a54/packages/random/random.ts#L41

atul published this revision for review.Dec 23 2022, 6:11 PM

atul edited the test plan for this revision. (Show Details)

atul mentioned this in D5977: [keyserver] Capture `siwe-nonce` header and make available to `SIWE` component.Dec 23 2022, 6:14 PM

Harbormaster completed remote builds in B14731: Diff 20089.Dec 23 2022, 6:16 PM

ashoat accepted this revision.Dec 23 2022, 8:32 PM

This revision is now accepted and ready to land.Dec 23 2022, 8:32 PM

Closed by commit rCOMM54fcc7b8feb1: [keyserver] Add `isValidSIWENonce` check to `landingResponder` (authored by atul). · Explain WhyDec 23 2022, 9:51 PM

This revision was automatically updated to reflect the committed changes.

atul added a commit: rCOMM54fcc7b8feb1: [keyserver] Add `isValidSIWENonce` check to `landingResponder`.

Revision Contents
Changeset List

Path

Size

keyserver/

src/

responders/

landing-handler.js

12 lines

lib/

utils/

8 lines

siwe-utils.test.js

78 lines

Diff 20096

keyserver/src/responders/landing-handler.js

Loading...

lib/utils/siwe-utils.js

Loading...

lib/utils/siwe-utils.test.js

Loading...