Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorise email retrieval relative to JWT authentication #1460

Merged
merged 39 commits into from
May 6, 2024
Merged

Authorise email retrieval relative to JWT authentication #1460

merged 39 commits into from
May 6, 2024

Conversation

iamacook
Copy link
Member

@iamacook iamacook commented Apr 25, 2024
edited

Summary

Prior to this, retrieving accounts required a user to sign a message with every request. This migrates the suboptimal authentication/authorisation to the new JWT/SIWE-based approach.

Changes

  • Replace EmailRetrievalGuard and TimestampGuard guards with AuthGuard
  • Delete EmailRetrievalGuard
  • Checksum signer of request
  • Ensure authorisation payload exists and the chain_id and signer_address matches that of the request
  • Add/update test coverage accordingly.

@iamacook iamacook self-assigned this Apr 25, 2024
@iamacook iamacook requested a review from a team as a code owner April 25, 2024 11:19
iamacook
iamacook commented Apr 25, 2024
View reviewed changes
src/domain/account/account.repository.interface.ts
@@ -6,7 +6,7 @@ export interface IAccountRepository {
getAccount(args: {
chainId: string;
safeAddress: string;
signer: string;
signer: `0x${string}`;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These type changes and addition of a AddressSchema validation of the :signer ensures that the address is checksummed for comparison against the JWT token.

iamacook
iamacook commented Apr 25, 2024
View reviewed changes
src/routes/email/email.controller.ts
@UseFilters(AccountDoesNotExistExceptionFilter)
async getEmail(
@Param('chainId') chainId: string,
@Param('safeAddress') safeAddress: string,
@Param('signer') signer: string,
@Param('signer', new ValidationPipe(AddressSchema)) signer: `0x${string}`,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is where the address is checksummed.

@coveralls
Copy link

coveralls commented Apr 25, 2024
edited

Pull Request Test Coverage Report for Build 8965479414

Details

  • 10 of 10 (100.0%) changed or added relevant lines in 4 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage decreased (-0.06%) to 92.166%
Files with Coverage Reduction New Missed Lines %
src/routes/transactions/entities/tests/human-description.builder.ts 1 90.0%
Totals Coverage Status
Change from base Build 8923924899: -0.06%
Covered Lines: 6892
Relevant Lines: 7208
💛 - Coveralls

hectorgomezv
hectorgomezv approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@hectorgomezv hectorgomezv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏🏻

src/domain/account/account.repository.ts Outdated Show resolved Hide resolved
hectorgomezv
hectorgomezv previously approved these changes Apr 26, 2024
View reviewed changes
@fmrsabino fmrsabino removed the in review Someone is reviewing this Pull Request label Apr 29, 2024
@iamacook iamacook requested a review from fmrsabino April 29, 2024 11:14
@iamacook iamacook requested a review from fmrsabino April 29, 2024 12:49
@iamacook
Copy link
Member Author

iamacook commented Apr 29, 2024
edited

I'm going to mark this as a draft and abstract the AuthPayload entity into a separate PR to reduce the scope of this.

@iamacook iamacook marked this pull request as draft April 29, 2024 14:16
iamacook
iamacook commented Apr 29, 2024
View reviewed changes
src/routes/recovery/recovery.controller.spec.ts
@@ -58,6 +63,8 @@ describe('Recovery (Unit)', () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule.register(testConfiguration)],
})
.overrideModule(JWT_CONFIGURATION_MODULE)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this opts in to features.email, the override is needed asAuthGuard is now on the EmailController.

iamacook
iamacook commented Apr 29, 2024
View reviewed changes
src/routes/subscriptions/subscription.controller.spec.ts
@@ -49,6 +54,8 @@ describe('Subscription Controller tests', () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule.register(testConfiguration), EmailControllerModule],
})
.overrideModule(JWT_CONFIGURATION_MODULE)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this opts in to features.email, the override is needed asAuthGuard is now on the EmailController.

iamacook
iamacook commented Apr 29, 2024
View reviewed changes
src/routes/alerts/alerts.controller.spec.ts
@@ -112,6 +117,8 @@ describe('Alerts (Unit)', () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule.register(testConfiguration)],
})
.overrideModule(JWT_CONFIGURATION_MODULE)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this opts in to features.email, the override is needed asAuthGuard is now on the EmailController.

@iamacook iamacook marked this pull request as ready for review April 29, 2024 16:22
@fmrsabino fmrsabino added the in review Someone is reviewing this Pull Request label Apr 30, 2024
fmrsabino
fmrsabino approved these changes Apr 30, 2024
View reviewed changes
Copy link
Collaborator

@fmrsabino fmrsabino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏 🚀

@fmrsabino fmrsabino removed the in review Someone is reviewing this Pull Request label Apr 30, 2024
@iamacook iamacook requested a review from fmrsabino May 6, 2024 07:19
@iamacook iamacook merged commit 8a4e421 into main May 6, 2024
16 checks passed
@iamacook iamacook deleted the get-email-jwt branch May 6, 2024 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmrsabino fmrsabino fmrsabino approved these changes

@hectorgomezv hectorgomezv Awaiting requested review from hectorgomezv

Assignees

@iamacook iamacook

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@iamacook @coveralls @fmrsabino @hectorgomezv