Skip to content

Commit

Permalink
fix tests, update webauth server
Browse files Browse the repository at this point in the history
  • Loading branch information
JakeUrban committed Jan 24, 2023
1 parent 11d5a94 commit 58bafb1
Show file tree
Hide file tree
Showing 7 changed files with 96 additions and 57 deletions.
12 changes: 12 additions & 0 deletions exp/services/webauth/internal/serve/challenge.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package serve

import (
"net/http"
"strconv"
"strings"
"time"

Expand Down Expand Up @@ -57,13 +58,24 @@ func (h challengeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
homeDomain = h.HomeDomains[0]
}

var memo txnbuild.MemoID
if queryValues.Get("memo") != "" {
memoInt, err := strconv.ParseUint(queryValues.Get("memo"), 10, 64)
if err != nil {
badRequest.Render(w)
return
}
memo = txnbuild.MemoID(memoInt)
}

tx, err := txnbuild.BuildChallengeTx(
h.SigningKey.Seed(),
account,
h.Domain,
homeDomain,
h.NetworkPassphrase,
h.ChallengeExpiresIn,
memo,
)
if err != nil {
h.Logger.Ctx(ctx).WithStack(err).Error(err)
Expand Down
14 changes: 11 additions & 3 deletions exp/services/webauth/internal/serve/token.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
supportlog "github.com/stellar/go/support/log"
"github.com/stellar/go/support/render/httpjson"
"github.com/stellar/go/txnbuild"
"github.com/stellar/go/xdr"
"gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
Expand Down Expand Up @@ -52,9 +53,10 @@ func (h tokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
clientAccountID string
signingAddress *keypair.FromAddress
homeDomain string
memo txnbuild.Memo
)
for _, s := range h.SigningAddresses {
tx, clientAccountID, homeDomain, err = txnbuild.ReadChallengeTx(req.Transaction, s.Address(), h.NetworkPassphrase, h.Domain, h.HomeDomains)
tx, clientAccountID, homeDomain, memo, err = txnbuild.ReadChallengeTx(req.Transaction, s.Address(), h.NetworkPassphrase, h.Domain, h.HomeDomains)
if err == nil {
signingAddress = s
break
Expand All @@ -80,10 +82,16 @@ func (h tokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
WithField("tx", hash).
WithField("account", clientAccountID).
WithField("serversigner", signingAddress.Address()).
WithField("homedomain", homeDomain)
WithField("homedomain", homeDomain).
WithField("memo", memo)

l.Info("Start verifying challenge transaction.")

var muxedAccount xdr.MuxedAccount
if muxedAccount, err = xdr.AddressToMuxedAccount(clientAccountID); err == nil {
clientAccountID = muxedAccount.ToAccountId().Address()
}

var clientAccountExists bool
clientAccount, err := h.HorizonClient.AccountDetail(horizonclient.AccountRequest{AccountID: clientAccountID})
switch {
Expand Down Expand Up @@ -143,7 +151,7 @@ func (h tokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
issuedAt := time.Unix(tx.Timebounds().MinTime, 0)
claims := jwt.Claims{
Issuer: h.JWTIssuer,
Subject: clientAccountID,
Subject: muxedAccount.Address(),
IssuedAt: jwt.NewNumericDate(issuedAt),
Expiry: jwt.NewNumericDate(issuedAt.Add(h.JWTExpiresIn)),
}
Expand Down
12 changes: 12 additions & 0 deletions exp/services/webauth/internal/serve/token_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ func TestToken_formInputSuccess(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -146,6 +147,7 @@ func TestToken_formInputSuccess_jwtHeaderAndPayloadAreDeterministic(t *testing.T
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -255,6 +257,7 @@ func TestToken_jsonInputSuccess(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -412,6 +415,7 @@ func TestToken_jsonInputValidRotatingServerSigners(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -497,6 +501,7 @@ func TestToken_jsonInputValidMultipleSigners(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -605,6 +610,7 @@ func TestToken_jsonInputNotEnoughWeight(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -691,6 +697,7 @@ func TestToken_jsonInputUnrecognizedSigner(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -777,6 +784,7 @@ func TestToken_jsonInputAccountNotExistSuccess(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -881,6 +889,7 @@ func TestToken_jsonInputAccountNotExistFail(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -963,6 +972,7 @@ func TestToken_jsonInputAccountNotExistNotAllowed(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -1047,6 +1057,7 @@ func TestToken_jsonInputUnrecognizedServerSigner(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down Expand Up @@ -1248,6 +1259,7 @@ func TestToken_jsonInputInvalidWebAuthDomainFail(t *testing.T) {
homeDomain,
network.TestNetworkPassphrase,
time.Minute,
nil,
)
require.NoError(t, err)

Expand Down
2 changes: 1 addition & 1 deletion txnbuild/example_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -760,7 +760,7 @@ func ExampleBuildChallengeTx() {
webAuthDomain := "webauthdomain.example.org"
timebound := time.Duration(5 * time.Minute)

tx, err := BuildChallengeTx(serverSignerSeed, clientAccountID, webAuthDomain, anchorName, network.TestNetworkPassphrase, timebound)
tx, err := BuildChallengeTx(serverSignerSeed, clientAccountID, webAuthDomain, anchorName, network.TestNetworkPassphrase, timebound, nil)
check(err)

txeBase64, err := tx.Base64()
Expand Down
12 changes: 9 additions & 3 deletions txnbuild/transaction.go
Original file line number Diff line number Diff line change
Expand Up @@ -1113,7 +1113,7 @@ func generateRandomNonce(n int) ([]byte, error) {
// one of the following functions to completely verify the transaction:
// - VerifyChallengeTxThreshold
// - VerifyChallengeTxSigners
func ReadChallengeTx(challengeTx, serverAccountID, network, webAuthDomain string, homeDomains []string) (tx *Transaction, clientAccountID string, matchedHomeDomain string, memo MemoID, err error) {
func ReadChallengeTx(challengeTx, serverAccountID, network, webAuthDomain string, homeDomains []string) (tx *Transaction, clientAccountID string, matchedHomeDomain string, memo Memo, err error) {
parsed, err := TransactionFromXDR(challengeTx)
if err != nil {
return tx, clientAccountID, matchedHomeDomain, memo, errors.Wrap(err, "could not parse challenge")
Expand Down Expand Up @@ -1176,10 +1176,16 @@ func ReadChallengeTx(challengeTx, serverAccountID, network, webAuthDomain string
}

clientAccountID = op.SourceAccount
memo = tx.Memo()
rawOperations := tx.envelope.Operations()
if len(rawOperations) > 0 && rawOperations[0].SourceAccount.Type == xdr.CryptoKeyTypeKeyTypeMuxedEd25519 && tx.Memo() != nil {
if rawOperations[0].SourceAccount.Type == xdr.CryptoKeyTypeKeyTypeMuxedEd25519 && memo != nil {
err = errors.New("memos are not valid for challenge transactions with a muxed client account")
return tx, clientAccountID, matchedHomeDomain, memo, err
} else if rawOperations[0].SourceAccount.Type == xdr.CryptoKeyTypeKeyTypeEd25519 && memo != nil {
if rawMemo, err := memo.ToXDR(); err != nil || rawMemo.Type != xdr.MemoTypeMemoId {
err = errors.New("invalid memo, only ID memos are permitted")
return tx, clientAccountID, matchedHomeDomain, memo, err
}
}

// verify manage data value
Expand Down Expand Up @@ -1297,7 +1303,7 @@ func VerifyChallengeTxThreshold(challengeTx, serverAccountID, network, webAuthDo
// server account or one of the signers provided in the arguments.
func VerifyChallengeTxSigners(challengeTx, serverAccountID, network, webAuthDomain string, homeDomains []string, signers ...string) ([]string, error) {
// Read the transaction which validates its structure.
tx, _, _, err := ReadChallengeTx(challengeTx, serverAccountID, network, webAuthDomain, homeDomains)
tx, _, _, _, err := ReadChallengeTx(challengeTx, serverAccountID, network, webAuthDomain, homeDomains)
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions txnbuild/transaction_challenge_example_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ func ExampleVerifyChallengeTxThreshold() {
// Server builds challenge transaction
var challengeTx string
{
tx, err := txnbuild.BuildChallengeTx(serverAccount.Seed(), clientAccount.Address(), "webauthdomain.stellar.org", "test", network.TestNetworkPassphrase, time.Minute)
tx, err := txnbuild.BuildChallengeTx(serverAccount.Seed(), clientAccount.Address(), "webauthdomain.stellar.org", "test", network.TestNetworkPassphrase, time.Minute, nil)
if err != nil {
fmt.Println("Error:", err)
return
Expand All @@ -52,7 +52,7 @@ func ExampleVerifyChallengeTxThreshold() {
// Client reads and signs challenge transaction
var signedChallengeTx string
{
tx, txClientAccountID, _, err := txnbuild.ReadChallengeTx(challengeTx, serverAccount.Address(), network.TestNetworkPassphrase, "webauthdomain.stellar.org", []string{"test"})
tx, txClientAccountID, _, _, err := txnbuild.ReadChallengeTx(challengeTx, serverAccount.Address(), network.TestNetworkPassphrase, "webauthdomain.stellar.org", []string{"test"})
if err != nil {
fmt.Println("Error:", err)
return
Expand All @@ -75,7 +75,7 @@ func ExampleVerifyChallengeTxThreshold() {

// Server verifies signed challenge transaction
{
_, txClientAccountID, _, err := txnbuild.ReadChallengeTx(challengeTx, serverAccount.Address(), network.TestNetworkPassphrase, "webauthdomain.stellar.org", []string{"test"})
_, txClientAccountID, _, _, err := txnbuild.ReadChallengeTx(challengeTx, serverAccount.Address(), network.TestNetworkPassphrase, "webauthdomain.stellar.org", []string{"test"})
if err != nil {
fmt.Println("Error:", err)
return
Expand Down
Loading

0 comments on commit 58bafb1

Please sign in to comment.