-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorise email retrieval relative to JWT authentication #1460
Conversation
@@ -6,7 +6,7 @@ export interface IAccountRepository { | |||
getAccount(args: { | |||
chainId: string; | |||
safeAddress: string; | |||
signer: string; | |||
signer: `0x${string}`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These type changes and addition of a AddressSchema
validation of the :signer
ensures that the address is checksummed for comparison against the JWT token.
@UseFilters(AccountDoesNotExistExceptionFilter) | ||
async getEmail( | ||
@Param('chainId') chainId: string, | ||
@Param('safeAddress') safeAddress: string, | ||
@Param('signer') signer: string, | ||
@Param('signer', new ValidationPipe(AddressSchema)) signer: `0x${string}`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where the address is checksummed.
Pull Request Test Coverage Report for Build 8965479414Details
💛 - Coveralls |
e34243f
to
770f9c7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏🏻
|
@@ -58,6 +63,8 @@ describe('Recovery (Unit)', () => { | |||
const moduleFixture: TestingModule = await Test.createTestingModule({ | |||
imports: [AppModule.register(testConfiguration)], | |||
}) | |||
.overrideModule(JWT_CONFIGURATION_MODULE) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this opts in to features.email
, the override is needed asAuthGuard
is now on the EmailController
.
@@ -49,6 +54,8 @@ describe('Subscription Controller tests', () => { | |||
const moduleFixture: TestingModule = await Test.createTestingModule({ | |||
imports: [AppModule.register(testConfiguration), EmailControllerModule], | |||
}) | |||
.overrideModule(JWT_CONFIGURATION_MODULE) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this opts in to features.email
, the override is needed asAuthGuard
is now on the EmailController
.
@@ -112,6 +117,8 @@ describe('Alerts (Unit)', () => { | |||
const moduleFixture: TestingModule = await Test.createTestingModule({ | |||
imports: [AppModule.register(testConfiguration)], | |||
}) | |||
.overrideModule(JWT_CONFIGURATION_MODULE) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this opts in to features.email
, the override is needed asAuthGuard
is now on the EmailController
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏 🚀
Summary
Prior to this, retrieving accounts required a user to sign a message with every request. This migrates the suboptimal authentication/authorisation to the new JWT/SIWE-based approach.
Changes
EmailRetrievalGuard
andTimestampGuard
guards withAuthGuard
EmailRetrievalGuard
signer
of requestchain_id
andsigner_address
matches that of the request