Merge 9b451e7 into b8990ef

elucidsoft · Oct 13, 2020 · 43a35f8 · 43a35f8
2 parents b8990ef + 9b451e7
commit 43a35f8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 51 deletions.
diff --git a/stellar-dotnet-sdk-test/WebAuthenticationTest.cs b/stellar-dotnet-sdk-test/WebAuthenticationTest.cs
@@ -1,9 +1,9 @@
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using stellar_dotnet_sdk;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
-using Microsoft.VisualStudio.TestTools.UnitTesting;
-using stellar_dotnet_sdk;
 
 namespace stellar_dotnet_sdk_test
 {
@@ -522,38 +522,6 @@ public void TestReadChallengeTransactionInvalidSequenceNoNotZero()
             }
         }
 
-        [TestMethod]
-        public void TestReadChallengeTransactionInvalidTooManyOperations()
-        {
-            Network.Use(Network.Test());
-
-            var serverKeypair = KeyPair.Random();
-            var clientKeypair = KeyPair.Random();
-
-            var txSource = new Account(serverKeypair.Address, -1);
-            var opSource = new Account(clientKeypair.Address, 0);
-
-            var plainTextBytes = Encoding.UTF8.GetBytes(new string(' ', 48));
-            var base64Data = Encoding.ASCII.GetBytes(Convert.ToBase64String(plainTextBytes));
-
-            var operation = new ManageDataOperation.Builder(ManageDataOperationName, base64Data).SetSourceAccount(opSource.KeyPair).Build();
-            var transaction = new TransactionBuilder(txSource)
-                .AddOperation(operation).AddOperation(operation)
-                .AddTimeBounds(new TimeBounds(DateTimeOffset.Now, DateTimeOffset.Now.AddSeconds(1000)))
-                .Build();
-
-            transaction.Sign(serverKeypair);
-
-            try
-            {
-                var readTransactionID = WebAuthentication.ReadChallengeTransaction(transaction, serverKeypair.AccountId, HomeDomain, Network.Test());
-            }
-            catch (Exception exception)
-            {
-                Assert.IsTrue(exception.Message.Contains("Challenge transaction must contain one operation"));
-            }
-        }
-
         [TestMethod]
         public void TestReadChallengeTransactionInvalidOperationWrongType()
         {
@@ -855,7 +823,7 @@ public void TestVerifyChallengeTransactionThresholdInvalidServerAndMultipleClien
             {
                 var signersFound = WebAuthentication.VerifyChallengeTransactionThreshold(transaction, serverKeypair.AccountId, threshold, signerSummary, HomeDomain, Network.Test()).ToList();
             }
-            catch(Exception exception)
+            catch (Exception exception)
             {
                 Assert.IsTrue(exception.Message.Contains("Signers with weight 3 do not meet threshold 10"));
             }
@@ -1523,4 +1491,4 @@ public void TestVerifyChallengeTransactionSignersInvalidNoSigners()
             }
         }
     }
-}
+}
diff --git a/stellar-dotnet-sdk/WebAuthentication.cs b/stellar-dotnet-sdk/WebAuthentication.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
@@ -16,7 +16,7 @@ public static class WebAuthentication
         /// </summary>
         /// <param name="serverKeypair">Server signing keypair</param>
         /// <param name="clientAccountId">The client account id that needs authentication</param>
-        /// <param name="anchorName">The anchor name</param>
+        /// <param name="domainName">The domain name</param>
         /// <param name="nonce">48 bytes long cryptographic-quality random data</param>
         /// <param name="now">The datetime from which the transaction is valid</param>
         /// <param name="timeout">The transaction lifespan</param>
@@ -25,15 +25,15 @@ public static class WebAuthentication
         /// <exception cref="ArgumentNullException"></exception>
         /// <exception cref="ArgumentException"></exception>
         public static Transaction BuildChallengeTransaction(KeyPair serverKeypair, string clientAccountId,
-            string anchorName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
+            string domainName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
             Network network = null)
         {
             if (string.IsNullOrEmpty(clientAccountId)) throw new ArgumentNullException(nameof(clientAccountId));
 
             if (StrKey.DecodeVersionByte(clientAccountId) != StrKey.VersionByte.ACCOUNT_ID)
                 throw new InvalidWebAuthenticationException($"{nameof(clientAccountId)} is not a valid account id");
             var clientAccountKeypair = KeyPair.FromAccountId(clientAccountId);
-            return BuildChallengeTransaction(serverKeypair, clientAccountKeypair, anchorName, nonce, now, timeout,
+            return BuildChallengeTransaction(serverKeypair, clientAccountKeypair, domainName, nonce, now, timeout,
                 network);
         }
 
@@ -42,7 +42,7 @@ public static class WebAuthentication
         /// </summary>
         /// <param name="serverKeypair">Server signing keypair</param>
         /// <param name="clientAccountId">The client account id that needs authentication</param>
-        /// <param name="anchorName">The anchor name</param>
+        /// <param name="domainName">The domain name</param>
         /// <param name="nonce">48 bytes long cryptographic-quality random data</param>
         /// <param name="now">The datetime from which the transaction is valid</param>
         /// <param name="timeout">The transaction lifespan</param>
@@ -51,12 +51,12 @@ public static class WebAuthentication
         /// <exception cref="ArgumentNullException"></exception>
         /// <exception cref="ArgumentException"></exception>
         public static Transaction BuildChallengeTransaction(KeyPair serverKeypair, KeyPair clientAccountId,
-            string anchorName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
+            string domainName, byte[] nonce = null, DateTimeOffset? now = null, TimeSpan? timeout = null,
             Network network = null)
         {
             if (serverKeypair is null) throw new ArgumentNullException(nameof(serverKeypair));
             if (clientAccountId is null) throw new ArgumentNullException(nameof(clientAccountId));
-            if (string.IsNullOrEmpty(anchorName)) throw new ArgumentNullException(nameof(anchorName));
+            if (string.IsNullOrEmpty(domainName)) throw new ArgumentNullException(nameof(domainName));
 
             if (nonce is null)
             {
@@ -78,7 +78,7 @@ public static class WebAuthentication
             // Sequence number is incremented by 1 before building the transaction, set it to -1 to have 0
             var serverAccount = new Account(serverKeypair, -1);
 
-            var manageDataKey = $"{anchorName} auth";
+            var manageDataKey = $"{domainName} auth";
             var manageDataValue = Encoding.UTF8.GetBytes(Convert.ToBase64String(nonce));
 
             var timeBounds = new TimeBounds(validFrom, validFor);
@@ -133,8 +133,8 @@ public static class WebAuthentication
             if (transaction.SourceAccount.AccountId != serverAccountId)
                 throw new InvalidWebAuthenticationException("Challenge transaction source must be serverAccountId");
 
-            if (transaction.Operations.Length != 1)
-                throw new InvalidWebAuthenticationException("Challenge transaction must contain one operation");
+            if (transaction.Operations.Length < 1)
+                throw new InvalidWebAuthenticationException("Challenge transaction must contain atleast one operation");
 
             var operation = transaction.Operations[0] as ManageDataOperation;
 
@@ -145,6 +145,20 @@ public static class WebAuthentication
             if (operation.SourceAccount is null)
                 throw new InvalidWebAuthenticationException("Challenge transaction operation must have source account");
 
+            var subsequentOperations = transaction.Operations;
+            foreach (var op in subsequentOperations.Skip(1))
+            {
+                if (!(op is ManageDataOperation))
+                {
+                    throw new InvalidWebAuthenticationException("The transaction has operations that are not of type 'manageData'");
+                }
+
+                if (op.SourceAccount.AccountId != serverAccountId)
+                {
+                    throw new InvalidWebAuthenticationException("The transaction has operations that are unrecognized");
+                }
+            }
+
             var clientAccountKeypair = operation.SourceAccount;
 
             if (clientAccountKeypair.IsMuxedAccount)
@@ -157,9 +171,6 @@ public static class WebAuthentication
                 throw new InvalidWebAuthenticationException(
                     "Challenge transaction operation data must be 64 bytes long");
 
-            if (operation.Name != $"{homeDomain} auth")
-                throw new InvalidWebAuthenticationException("Challenge transaction operation data must have home domain key");
-
             try
             {
                 // There is no need to check for decoded value length since we know it's valid base64 and 64 bytes long.
@@ -276,7 +287,7 @@ public static class WebAuthentication
 
         private static bool ValidateSignedBy(Transaction transaction, string accountId, Network network)
         {
-            var signaturesUsed = VerifyTransactionSignatures(transaction, new[] {accountId}, network);
+            var signaturesUsed = VerifyTransactionSignatures(transaction, new[] { accountId }, network);
             return signaturesUsed.Count == 1;
         }
 
@@ -318,4 +329,4 @@ private static bool ValidateTimeBounds(TimeBounds timeBounds, DateTimeOffset now
             return signersFound.ToArray();
         }
     }
-}
+}