[Wallet] Add reCaptcha verification behind feature flag #5630
Conversation
gnardini
requested review from
aaronmgdr,
asaj,
cmcewen,
i1skn,
jeanregisser,
jmrossy and
timmoreton
as code owners
| @@ -0,0 +1,3 @@ | |||
| <?xml version="1.0" encoding="utf-8"?> | |||
There was a problem hiding this comment.
I know this file looks weird, it's because of SafetyNet. It depends on react-native-securerandom which doesn't support automatic linking, and when doing it manually it threw an error because this file was missing.
This manual linking is the reason for the changes to the settings.gradle and the Podfile as well.
There was a problem hiding this comment.
Would love to fork/fix/upstream after wednesday as good citizens of the open source world
There was a problem hiding this comment.
Yeah, I like doing that sort of stuff too, but the maintainers don't seem very active. The first reason I had to fork was to add support for AndroidX since it was failing for that reason. There's a PR that adds that from almost a year ago: rajivshah3/react-native-google-safetynet#283 which has this message:
Thanks for the PR! I can review and investigate the build failure in a few days when I have some time
(December 2019)
| @@ -108,17 +108,26 @@ exports[`TransferConfirmationCard renders correctly for CELO withdrawal transact | |||
| </svg> | |||
| </View> | |||
| </View> | |||
| <Text | |||
| <View | |||
There was a problem hiding this comment.
This changes are due to the change to the implementation of Expandable. It changes nothing visually, it's just wrapping the Text with a View.
| "body": "To make sure your number is really yours, we’re going to send you three messages that will cost about 0.05 cUSD each.\n\nConfirming your number takes about three minutes.", | ||
| "title": "Phone Number", | ||
| "header": "Connect your phone number", | ||
| "body": "Connecting takes about three minutes. To confirm your number, you’ll receive three messages.", |
There was a problem hiding this comment.
Do we need to keep this text for the fallback version? cc @tarikbellamine
There was a problem hiding this comment.
Yeah good catch. We will want to keep all the old text because both feeless and non-feeless flows will be possible.
packages/mobile/package.json
Outdated
| @@ -107,6 +107,7 @@ | |||
| "react-native-fs": "^2.16.6", | |||
| "react-native-gesture-handler": "^1.6.1", | |||
| "react-native-geth": "https://github.com/celo-org/react-native-geth#5864c09", | |||
| "react-native-google-safetynet": "https://github.com/celo-org/react-native-google-safetynet#e698d70", | |||
There was a problem hiding this comment.
not sure if you created a PR to get this upstreamed - but usually nice to do
| @@ -47,6 +60,12 @@ function VerificationEducationScreen({ route, navigation }: Props) { | |||
| const numberVerified = useSelector(numberVerifiedSelector) | |||
| const partOfOnboarding = !route.params?.hideOnboardingStep | |||
|
|
|||
| const country = useMemo(() => { | |||
| const regionCode = getRegionCode(e164PhoneNumber || '') | |||
| const countries = new Countries(i18n.language) | |||
There was a problem hiding this comment.
this looks like it could be expensive - but just a note that useMemo is not always necessary https://blog.logrocket.com/rethinking-hooks-memoization/
There was a problem hiding this comment.
That was a great article, I've specially been guilty of 4. Using useMemo solely for referential equalities in the past.
I didn't benchmark how expensive the call is tbh, but it's iterating and applying transformations over a list, if there are many re-renders it could get expensive I guess. I'll make sure not to abuse the use of useMemo :)
| const showCaptcha = async () => { | ||
| setIsCaptchaVisible(true) | ||
| const safetyNetAttestationResponse = await getSafetyNetAttestation() | ||
| Logger.info('SafetyNet attestation complete:', JSON.stringify(safetyNetAttestationResponse)) |
There was a problem hiding this comment.
is this response big? do we need to log it all?
There was a problem hiding this comment.
This is an example response:
{
"apkCertificateDigestSha256": ["+sYXRdwJA3hvue3mKpYrOZ9zSPC7b4mbgzJmdZEDO5w="],
"apkDigestSha256": "5UVIjg1t6wE5CfIhgRMiXQAmB7PzUpSUyGuirP/qyOs=",
"apkPackageName": "org.celo.mobile.alfajores.dev",
"basicIntegrity": true,
"ctsProfileMatch": true,
"evaluationType": "BASIC",
"nonce": "IdJQ46NEBT214jlGZ036i7vZq81j/dBiUOAR6HEM",
"timestampMs": 1603991278194
}
Probably not all fields are necessary, but I thought they might be useful.
| const captchaCode = res?.nativeEvent?.data | ||
| if (captchaCode !== 'cancel' && captchaCode !== 'error') { | ||
| Logger.info('Captcha code received: ', captchaCode) | ||
| // TODO: Add some brief loading indicator and send captcha somewhere before continuing. |
There was a problem hiding this comment.
given the feature flag this is okay, but normally i would request some changes 😛
There was a problem hiding this comment.
Yeah, this PR by itself is not super useful, it's just laying the foundation for the next one when this is integrated with KomenciKit :D
| {firstButton} | ||
| <View style={styles.spacer} /> | ||
| <TextButton style={styles.doINeedToConfirmButton} onPress={onPressLearnMore}> | ||
| {t('verificationEducation.doINeedToConfirm')} | ||
| </TextButton> | ||
| </ScrollView> | ||
| <Modal isVisible={isCaptchaVisible} style={styles.recaptchaModal}> |
There was a problem hiding this comment.
i mentioned this to cal, but we should just be mindful of modals from a perf perspective - can lead to overdraw https://developer.android.com/topic/performance/rendering/overdraw
There was a problem hiding this comment.
Yes, we do use these modals in a bunch a places already, we can address this separately.
| </head> | ||
| <body> | ||
| <div id="captcha" style="height: 100vh;"> | ||
| <div style="text-align: center; height: 100%; display: flex; flex-direction: column; justify-content: center; align-items: center;"> |
There was a problem hiding this comment.
could you fix the indents here? (just kidding 😄 )
There was a problem hiding this comment.
Run it through a formatter so it looks nicer :)
| </html>` | ||
| return ( | ||
| <WebView | ||
| originWhitelist={['*']} |
There was a problem hiding this comment.
does this have to be *? it looks like we maybe want https? https://github.com/react-native-webview/react-native-webview/blob/master/docs/Reference.md#originwhitelist
| <GoogleReCaptcha | ||
| siteKey={RECAPTCHA_SITE_KEY} | ||
| url={WEB_LINK} | ||
| languageCode="en" |
There was a problem hiding this comment.
Don't we want this to be whatever the app language is?
| {firstButton} | ||
| <View style={styles.spacer} /> | ||
| <TextButton style={styles.doINeedToConfirmButton} onPress={onPressLearnMore}> | ||
| {t('verificationEducation.doINeedToConfirm')} | ||
| </TextButton> | ||
| </ScrollView> | ||
| <Modal isVisible={isCaptchaVisible} style={styles.recaptchaModal}> |
There was a problem hiding this comment.
Yes, we do use these modals in a bunch a places already, we can address this separately.
yarn.lock
Outdated
| react-native-securerandom@^0.1.1: | ||
| version "0.1.1" | ||
| resolved "https://registry.yarnpkg.com/react-native-securerandom/-/react-native-securerandom-0.1.1.tgz#f130623a412c338b0afadedbc204c5cbb8bf2070" | ||
| integrity sha1-8TBiOkEsM4sK+t7bwgTFy7i/IHA= | ||
| dependencies: | ||
| base64-js "*" | ||
|
|
||
| react-native-securerandom@^1.0.0: | ||
| version "1.0.0" | ||
| resolved "https://registry.yarnpkg.com/react-native-securerandom/-/react-native-securerandom-1.0.0.tgz#1cff2f727c90c9ec3318b42dbf825a628b53b49b" | ||
| integrity sha512-lnhcsWloFzMN/HffyDBlh4VlqdhDH8uxEzUIH3aJPgC1PxV6OKZkvAk409EwsAhcmG/z3yZuVKegKpUr5IM9ug== | ||
| dependencies: | ||
| base64-js "*" | ||
|
|
There was a problem hiding this comment.
We shouldn't add 2 versions of the same depdency here.
Description
Adds reCaptcha implementation behind a feature flag. If
KOMENCIistrue, after clicking onStarton theVerificationEducationScreenthe user will be prompted with a reCaptcha challenge that they'll need to complete before being able to verify. It also adds SafetyNet which is a check for Android devices.This is missing integration with KomenciKit
Tested
By changing the value of the KOMENCI flag and seeing the captcha flow (captcha code is logged)
Related issues