Skip to content
This repository was archived by the owner on Jan 14, 2020. It is now read-only.

ERC725: Attestations and users #152

Merged
merged 54 commits into from
May 4, 2018
Merged

ERC725: Attestations and users #152

merged 54 commits into from
May 4, 2018

Conversation

@tyleryasaka
Copy link
Contributor

@tyleryasaka tyleryasaka commented May 3, 2018
edited
Loading

Checklist:

  • Code contains relevant tests for the problem you are solving
  • Ensure all new and existing tests pass
  • Update any relevant READMEs and docs
  • Submit to the develop branch instead of master

Description:

This adds 2 new resources, Attestations and Users. They are extensively documented in my docs PR.

Some other things going on:

  • ERC725 contract restructuring
  • Fixes some migration issues that were making my tests flaky (not sure if anyone else has been experiencing this)
  • Extensive test coverage for the attestations and users resources
  • Adds a couple of conveniences to the contract service for the new web3 setup

Example usage in demo-dapp

Can use attestationServerUrl: "http://bridge-server-test.herokuapp.com/api/attestations" in config. That's a heroku app that's up and running right now.

Just to make this easier to review and understand.

Can stick this in src/services/origin.js (in demo-dapp):

import Origin from 'origin'

let config = {}

config.ipfsDomain = process.env.IPFS_DOMAIN ? process.env.IPFS_DOMAIN : null
config.ipfsApiPort = process.env.IPFS_API_PORT ? process.env.IPFS_API_PORT : null
config.ipfsGatewayPort = process.env.IPFS_GATEWAY_PORT ? process.env.IPFS_GATEWAY_PORT : null
config.ipfsGatewayProtocol = process.env.IPFS_GATEWAY_PROTOCOL ? process.env.IPFS_GATEWAY_PROTOCOL : null
config.attestationServerUrl = "http://bridge-server-test.herokuapp.com/api/attestations"

const origin = new Origin(config)
window.web3 = origin.contractService.web3

let sendCode = () => {
  origin.attestations.phoneGenerateCode({
    phone: "555-555-5555"
  })
}

let createUser = async () => {
  let phoneAttestation = await origin.attestations.phoneVerify({
    phone: "555-555-5555",
    code: "332308"
  })
  let myNewUser = {
    profile: { claims: { name: "Wonder Woman" } },
    attestations: [ phoneAttestation ]
  }
  let user = await origin.users.set(myNewUser)
  console.log('user created', user)
}

// get your verification code, then remove me
sendCode()

// uncomment me once you have your code
// createUser()

export default origin

tyleryasaka added 30 commits May 2, 2018 20:53
@tyleryasaka
Remove unused variables
9ab8913
@tyleryasaka
Move getBytes to ClaimHolder contract and make it internal vs private
2ff0ecb 
This will allow it to be accessed from both ClaimHolder and ClaimHolderPresigned
@tyleryasaka
Implement addClaims method on ClaimHolder contract
faf0745
@tyleryasaka
Create attestations resource
1c52075
@tyleryasaka
Rename user registry methods
bcf1fb3 
The name `create` conflicts with a Truffle method (it conflicts with something anyway - I am guessing it's Truffle)
@tyleryasaka
Make claim holder contract available in contract service
e3bdb81
@tyleryasaka
Create users resource
6677875
@tyleryasaka
Expose attestation and user resources on origin-js
76703da
@tyleryasaka
Properly initialize attestation resource
1b5b13a 
This one is different than the other resources. Takes in different config options.
@tyleryasaka
Add rlp dependency
dbc8eb7
@tyleryasaka
Add alternative wallet param and use it predict identity address
50bd6cb 
We can predict where a contract will be deployed, thus presign claims for an identity that does not exist yet.

See: https://ethereum.stackexchange.com/questions/760/how-is-the-address-of-an-ethereum-contract-computed?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
@tyleryasaka
Add ethereumjs-util dependency
3518b90
@tyleryasaka
Ensure identity addresses we send to bridge server are checksummed
611e5cc
@tyleryasaka
Bug fix: don't hash data that is already a hash :)
b26b7ef
@tyleryasaka
Add web3-eth-accounts dependency
286ec28
@tyleryasaka
Validate attestations, client-side
b463e6f 
origin-js should validate all attestations, and only return the ones that are valid.
@tyleryasaka
Instantiate users separately from other resources
9ca2fdb 
This is required for now so that issuer will be passed in. We can refactor this later.
@tyleryasaka
Refactor user registry/claim holder relationship
34218e6 
Now the user directly calls the identity contracts, and the identity contracts add themselves to the user registry.

This seems cleaner and simpler, but the real motivation to refactor was to allow identity contract addresses to be reliably predicted before they are actually deployed (for creating presigned claims). If the identity contract is deployed directly by the user, then its address can be predicted safely. If it is deployed by a shared user registry contract though, that opens the door to race conditions where other people might be deploying identities at the same time.
@tyleryasaka
Only accept wallet as param for verify methods
efc1268 
We can and should just accept wallet as input - users of origin-js should not have to worry about the identity contract itself (for now). We're managing that behind the scenes.
@tyleryasaka
Don't create identity if one already exists
0148631
@tyleryasaka
Refactor claim holder contract inheritance structure
948d220 
ClaimHolder -> ClaimHolderRegistered -> ClaimHolderPresigned

This way we can use ClaimHolder on its own without a constructor that tries to add itself to a user registry.
@tyleryasaka
Create OriginIdentity contract for issuing attestations
983769d
@tyleryasaka
Properly verify attestation issuer by checking that it is a valid key
8fdcdd2 
Instead of hard-coding a single key, we have a single "hard-coded" identity contract that can have multiple keys - so we can use multiple keys to sign attestations if we want to or need to. This complies with the design of ERC725/ERC735.
@tyleryasaka
Fix the way we reference contracts in migrations
97040ec 
We shouldn't be loading json files and using truffle-contract in the tests. Depending on how the tests are run, the files may not have the correct network addresses. The tests should be able to be run in an isolated environment, regardless of the state of the json files.
@tyleryasaka
Use deployer.then to make sure migrations run synchronously
e710d73 
See: http://truffleframework.com/docs/getting_started/migrations#deployer-then-function-
@tyleryasaka
Remove unnecessary issuer config option
fb23a9b 
We're using a master origin identity contract to keep up with issuers. No need for the config option now. (Eventually might allow people to pass in the address of one or more trusted attestation identities - for now we'll just manage that automatically.)
@tyleryasaka
Hash data in attestation resource rather than user resource
dbfaa14 
Once data leaves the attestation resource, we'll assume that it's been hashed
@tyleryasaka
Never mind - don't hash data in the constructor
ba48ad6 
This results in double hashing if your data is already hashed. That was a bad idea in the first place.
@tyleryasaka
Only add new attestations in set method
932f2cc 
This will allow consumers of this library to simply pass in the state that they want (both the profile and attestations). In other words, this efficiently replaces the existing user with whatever is passed in. (The only exception to this is removing attestations. We won't worry about that for now.)
@tyleryasaka
Use last rather than first profile event as the current
97170b6 
Because we're just fetching from the logs, we want to make sure to get the most recent so that profile updates work. Sooner rather than later we should move away from using the logs like this.
tyleryasaka added 16 commits May 2, 2018 22:48
@tyleryasaka
Move "private" methods to bottom of file
245d0ef 
Of course there's no real distinction between private and public, but it's easier to read if we keep the "public" methods at the top
@tyleryasaka
Add fetch-mock dependency
5df0281 
This is a really nice library that lets us mock the fetch object for http requests. Makes it a breeze to write tests that make external http requests.
@tyleryasaka
Test attestations resource
3e3abb9 
This carefully stubs out the server response and asserts that each request uses the correct method, url, and params.

As long as we keep the test expectations in line with the actual bridge server, we get decent confidence that this code will work with the bridge server.
@tyleryasaka
Directly use web3 rather than drop in pieces
5e6195d 
We can do this since we're on 1.0 now. :D
@tyleryasaka
Add deploy method to contract service
b6ab69d
@tyleryasaka
Add optional addres param to deployed method
c3e7170
@tyleryasaka
Update users resource to use 1.0
4f3fc44
@tyleryasaka
Coerce claimType to number in AttestationObject constructor
88fad96 
Just to be safe
@tyleryasaka
Contract service bug fix
98caf41
@tyleryasaka
Fix logic error - should use and instead of or for exact match
4989006
@tyleryasaka
Add a second sample issuer during migrations
d1a4359
@tyleryasaka
Create separate method for validating a single attestation
836a66b
@tyleryasaka
Code format with npm run format
2a73835
@tyleryasaka
Users resource bug fixes
9f03339
@tyleryasaka
Add clearUser method to user registry
31007f3 
It doesn't add any new functionality, strictly speaking. The same thing could be accomplished by creating a contract that does the same thing. I basically just created this as a convenience for clearing users between tests. We can refactor later if we think of a cleaner solution.
@tyleryasaka
Test the users resource
636aefc
@tyleryasaka tyleryasaka mentioned this pull request May 3, 2018
Merged
@tyleryasaka tyleryasaka force-pushed the tyleryasaka/attestations-and-users branch from b05f3cc to d18dddb Compare May 4, 2018 00:27
nick
nick approved these changes May 4, 2018
View reviewed changes
Copy link
Contributor

@nick nick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really awesome work!

package.json
"babel-polyfill": "^6.26.0",
"bs58": "^4.0.1",
"cross-fetch": "^2.1.1",
"ethereumjs-util": "^5.2.0",
Copy link
Contributor

@nick nick May 4, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need this?

Copy link
Contributor Author

@tyleryasaka tyleryasaka May 4, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nick No I don't think it's needed. It's currently being used for attestation signature validation.

origin-js/src/resources/users.js

Line 189 in d18dddb

async isValidAttestation({ claimType, data, signature }, identityAddress) {

We should be able to do all this with web3. Created an issue for it so I don't forget. #153

src/contract-service.js
arguments: args
})
.send(options)
.on("receipt", receipt => {
Copy link
Contributor

@nick nick May 4, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we listen for the "confirmation" event instead?

Copy link
Contributor Author

@tyleryasaka tyleryasaka May 4, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nick I'm actually not that familiar with this API. I just looked at what we're doing in ResourceBase.contractFn with waitTransactionFinished and did the same thing here.

https://github.com/OriginProtocol/origin-js/blob/master/src/ResourceBase.js#L24

@joshfraser joshfraser merged commit e47be8c into develop May 4, 2018
@tyleryasaka tyleryasaka deleted the tyleryasaka/attestations-and-users branch May 4, 2018 09:22
@wanderingstan
Copy link
Contributor

wanderingstan commented May 4, 2018

@tyleryasaka one nit-pick: when running npm test its spitting out multiple screenfuls of hex. I wonder if some debugging code got left in?
image

@tyleryasaka
Copy link
Contributor Author

tyleryasaka commented May 5, 2018
edited
Loading

@wanderingstan That output is coming from the new web3 version 1.0, rather than anything I changed in this PR. The various console.log statements scattered through this codebase are spitting out more verbose items now.

I think we should remove console.log statements from this package entirely. I don't think it's good practice in general.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@DanielVF DanielVF Awaiting requested review from DanielVF

@wanderingstan wanderingstan Awaiting requested review from wanderingstan

1 more reviewer

@nick nick nick approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tyleryasaka @wanderingstan @nick @joshfraser