Page MenuHomePhabricator

D6909.id23216.diff
No OneTemporary

D6909.id23216.diff

diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js
--- a/keyserver/src/responders/user-responders.js
+++ b/keyserver/src/responders/user-responders.js
@@ -428,8 +428,13 @@
): Promise<LogInResponse> {
await validateInput(viewer, siweAuthRequestInputValidator, input);
const request: SIWEAuthRequest = input;
- const { message, signature, deviceTokenUpdateRequest, platformDetails } =
- request;
+ const {
+ message,
+ signature,
+ deviceTokenUpdateRequest,
+ platformDetails,
+ signedIdentityKeysBlob,
+ } = request;
const calendarQuery = normalizeCalendarQuery(request.calendarQuery);
// 1. Ensure that `message` is a well formed Comm SIWE Auth message.
@@ -466,24 +471,43 @@
}
}
- // 4. Pull `primaryIdentityPublicKey` out from SIWEMessage `statement`
- // if it was included. We expect it to be included for native clients,
- // and we expect it to be EXCLUDED for web clients.
+ // 4. Pull `primaryIdentityPublicKey` out from SIWEMessage `statement`.
+ // We expect it to be included for BOTH native and web clients.
const { statement } = siweMessage;
- // eslint-disable-next-line no-unused-vars
const primaryIdentityPublicKey =
statement && isValidSIWEStatementWithPublicKey(statement)
? getPublicKeyFromSIWEStatement(statement)
: null;
+ if (!primaryIdentityPublicKey) {
+ throw new ServerError('invalid_siwe_statement_public_key');
+ }
+
+ // 5. Verify `signedIdentityKeysBlob.payload` with included `signature`
+ // if `signedIdentityKeysBlob` was included in the `SIWEAuthRequest`.
+ if (signedIdentityKeysBlob) {
+ const identityKeys: IdentityKeysBlob = JSON.parse(
+ signedIdentityKeysBlob.payload,
+ );
+ const olmUtil: OLMUtility = getOLMUtility();
+ try {
+ olmUtil.ed25519_verify(
+ identityKeys.primaryIdentityPublicKeys.ed25519,
+ signedIdentityKeysBlob.payload,
+ signedIdentityKeysBlob.signature,
+ );
+ } catch (e) {
+ throw new ServerError('invalid_signature');
+ }
+ }
- // 5. Construct `SIWESocialProof` object with the stringified
+ // 6. Construct `SIWESocialProof` object with the stringified
// SIWEMessage and the corresponding signature.
const socialProof: SIWESocialProof = {
siweMessage: siweMessage.toMessage(),
siweMessageSignature: signature,
};
- // 6. Create account with call to `processSIWEAccountCreation(...)`
+ // 7. Create account with call to `processSIWEAccountCreation(...)`
// if address does not correspond to an existing user.
let userID = await fetchUserIDForEthereumAddress(siweMessage.address);
if (!userID) {
@@ -500,13 +524,14 @@
);
}
- // 7. Complete login with call to `processSuccessfulLogin(...)`.
+ // 8. Complete login with call to `processSuccessfulLogin(...)`.
return await processSuccessfulLogin({
viewer,
input,
userID,
calendarQuery,
socialProof,
+ signedIdentityKeysBlob,
});
}
diff --git a/lib/types/siwe-types.js b/lib/types/siwe-types.js
--- a/lib/types/siwe-types.js
+++ b/lib/types/siwe-types.js
@@ -1,6 +1,7 @@
// @flow
import type { LogInExtraInfo } from './account-types.js';
+import type { SignedIdentityKeysBlob } from './crypto-types.js';
import {
type DeviceTokenUpdateRequest,
type PlatformDetails,
@@ -18,6 +19,7 @@
+deviceTokenUpdateRequest?: ?DeviceTokenUpdateRequest,
+platformDetails: PlatformDetails,
+watchedIDs: $ReadOnlyArray<string>,
+ +signedIdentityKeysBlob?: ?SignedIdentityKeysBlob,
};
export type SIWEAuthServerCall = {

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 5, 3:38 AM (14 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2614392
Default Alt Text
D6909.id23216.diff (3 KB)

Event Timeline