New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve standalone usage of SSX Gnosis Extension #69
Improve standalone usage of SSX Gnosis Extension #69
Conversation
Codecov ReportBase: 90.41% // Head: 90.41% // Increases project coverage by
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more Additional details and impacted files@@ Coverage Diff @@
## main #69 +/- ##
=======================================
Coverage 90.41% 90.41%
=======================================
Files 25 25
Lines 3337 3339 +2
Branches 265 266 +1
=======================================
+ Hits 3017 3019 +2
Misses 320 320
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The logic here looks sounds and works as expected in the gnosis component when tested in SSX. I did not test as a standalone component however
Description
ssx-gnosis-extension
helps to enable the DAO Login functionality by creating a modal and enabling selectors for end users. Because the module fetches the list of delegates for the sole purpose of displaying a selection UX to the user, the selected option is not currently matched against the retrieved list of delegates. This important security check is performed in SSX Server via a call to SiweMessage.verify, and these modules were designed to work together.This change improves the experience for developers who want to use
ssx-gnosis-extension
standalone (that is, without SSX Server) by adding extra checks on the client side to help with UX. However, the server side MUST still check for delegate inclusion by using SiweMessage.verify or similar immediately after sign-in.Type
Diligence Checklist