Paths

Table of Contentst

Diffusion Comm 54fcc7b8feb1

[keyserver] Add `isValidSIWENonce` check to `landingResponder`
54fcc7b8feb1
Actions

Tags

None

Referenced Files

	F303133: Simulator Screen Shot - iPhone 14 Pro - 2022-12-23 at 18.11.14.png
	Dec 23 2022, 9:51 PM
	File Not Attached

Subscribers

None

Description

[keyserver] Add isValidSIWENonce check to landingResponder

Summary:
Addresses feedback from: https://phab.comm.dev/D5977#180158

If the siweNonce header is set and it's not valid, we immediately return a 400 and return.

If the siweNonce header is empty or it is set and valid, we proceed with the request as usual.

Test Plan:

Tested isValidSIWENonce regex with some simple unit tests.
Made sure landing generally continues to work as expected on desktop (no nonce).
Made sure landing/SIWE continues to work as expected on native.
Messed up the nonce in the request to landing/SIWE (hardcoded to some gibberish) and ensured that we got a 400 in response:

Simulator Screen Shot - iPhone 14 Pro - 2022-12-23 at 18.11.14.png (2×1 px, 420 KB)

Reviewers: ashoat, tomek

Reviewed By: ashoat

Differential Revision: https://phab.comm.dev/D6022

Details

Provenance

atul	Authored on Dec 23 2022, 5:56 PM

Reviewer

Differential Revision

D6022: [keyserver] Add `isValidSIWENonce` check to `landingResponder`

Parents

rCOMM4930cf509f38: [native] Move Comm wordmark when SIWEPanel opened

Branches

Unknown

Tags

Unknown

Event Timeline

atul committed rCOMM54fcc7b8feb1: [keyserver] Add `isValidSIWENonce` check to `landingResponder` (authored by atul).Dec 23 2022, 9:50 PM

atul added an edge: D6022: [keyserver] Add `isValidSIWENonce` check to `landingResponder`.

Changes (3)

Path

Size

keyserver/

src/

responders/

landing-handler.js

lib/

utils/

siwe-utils.test.js

rCOMM54fcc7b8feb1

keyserver/src/responders/landing-handler.js

Loading...

lib/utils/siwe-utils.js

Loading...

lib/utils/siwe-utils.test.js

Loading...