Page MenuHomePhabricator

[identity] verify nonce in siwe message
ClosedPublic

Authored by varun on Oct 9 2023, 9:11 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 11:02 AM
Unknown Object (File)
Fri, Nov 1, 11:02 AM
Unknown Object (File)
Fri, Nov 1, 11:01 AM
Unknown Object (File)
Fri, Nov 1, 10:43 AM
Unknown Object (File)
Tue, Oct 22, 1:07 PM
Unknown Object (File)
Tue, Oct 22, 1:07 PM
Unknown Object (File)
Tue, Oct 22, 9:18 AM
Unknown Object (File)
Tue, Oct 22, 5:04 AM
Subscribers

Details

Summary

get the nonce from the SIWE message provided by the user and check if it exists in our nonces table. if it doesn't, return an error. if it does, remove it and proceed.

Depends on D9440

Test Plan

tried to use the same nonce for consecutive sign-in requests and only the first request succeeded.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable