HomePhabricator
Diffusion Comm 97b80c5d49a3

[native] Don't allow using cached SIWE signature if nonce is expired

Description

[native] Don't allow using cached SIWE signature if nonce is expired

Summary:
If the nonce used for SIWE will be rejected by the relevant backend (authoritative keyserver or identity service, depending on usingCommServicesAccessToken) due to expiration, then we should force the user to generate a new SIWE signature.

Would normally put @varun on the review here, but going to ask @inka instead because he is out.

Depends on D12007

Test Plan:
I tested (or will test) this diff stack as follows:

  1. Be in a multi-keyserver environment, testing SIWE with iOS simulator
  2. Do a SIWE and then wait 2 minutes to let the nonce expire in the following screens:
    • FullscreenSIWEPanel for an account that doesn't exist yet when the new registration flow is disabled
    • FullscreenSIWEPanel for an account that doesn't exist yet when the new registration flow is enabled
    • FullscreenSIWEPanel for an account that does exist
    • New registration flow for an account that doesn't exist yet (RegistrationTerms)
    • New registration flow for an account that does exist (ExistingEthereumAccount)
  3. Make sure there are no duplicate Alerts, that in all cases an Alert is shown, and that the "back" action activates when the user confirms the Alert

Reviewers: inka

Reviewed By: inka

Subscribers: tomek, varun, inka

Differential Revision: https://phab.comm.dev/D12008

Details

Provenance
ashoatAuthored on May 10 2024, 10:32 AM
Reviewer
inka
Differential Revision
D12008: [native] Don't allow using cached SIWE signature if nonce is expired
Parents
rCOMMcc1b7e413708: [native] Don't skip ConnectEthereum if nonce is expired
Branches
Unknown
Tags
Unknown