Page MenuHomePhabricator

[keyserver] Add `isValidSIWENonce` check to `landingResponder`
ClosedPublic

Authored by atul on Dec 23 2022, 6:01 PM.
Tags
None
Referenced Files
F3504217: D6022.diff
Fri, Dec 20, 7:47 AM
Unknown Object (File)
Wed, Dec 18, 6:19 PM
Unknown Object (File)
Wed, Dec 18, 6:19 PM
Unknown Object (File)
Thu, Nov 28, 10:34 PM
Unknown Object (File)
Wed, Nov 20, 7:36 PM
Unknown Object (File)
Nov 7 2024, 5:50 AM
Unknown Object (File)
Nov 5 2024, 4:12 AM
Unknown Object (File)
Nov 5 2024, 4:12 AM
Subscribers
None

Details

Summary

Addresses feedback from: https://phab.comm.dev/D5977#180158

If the siweNonce header is set and it's not valid, we immediately return a 400 and return.

If the siweNonce header is empty or it is set and valid, we proceed with the request as usual.

Test Plan
  1. Tested isValidSIWENonce regex with some simple unit tests.
  2. Made sure landing generally continues to work as expected on desktop (no nonce).
  3. Made sure landing/SIWE continues to work as expected on native.
  4. Messed up the nonce in the request to landing/SIWE (hardcoded to some gibberish) and ensured that we got a 400 in response:

Simulator Screen Shot - iPhone 14 Pro - 2022-12-23 at 18.11.14.png (2×1 px, 420 KB)

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage