From 82ad3fa3fc0b06260cd05d750096fd34ed07722a Mon Sep 17 00:00:00 2001 From: 0xdev22 Date: Thu, 18 Jan 2024 13:13:10 -0500 Subject: [PATCH] Remove setEth function and initialize eth client in connector.Open --- server/handlers.go | 87 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/server/handlers.go b/server/handlers.go index 788fd9b0b9..46f4532c74 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -525,6 +525,93 @@ func (s *Server) handleVerifyDirect(w http.ResponseWriter, r *http.Request) { // Handle the usual token request, except instead of the code we look for // state (the auth request) and the sugnature. +func (s *Server) handleSubmitChallenge(w http.ResponseWriter, r *http.Request) { + if err := r.ParseForm(); err != nil { + s.renderErrorJSON(w, http.StatusBadRequest, "Couldn't parse form.") + return + } + + r.PostForm.Set("redirect_uri", r.Form.Get("domain")) + + authReqID := r.PostFormValue("state") + authReq, err := s.storage.GetAuthRequest(authReqID) + if err != nil { + s.renderErrorJSON(w, http.StatusBadRequest, "Requested resource does not exist.") + return + } + + var data web3ConnectorData + json.Unmarshal(authReq.ConnectorData, &data) + + conn, err := s.getConnector(authReq.ConnectorID) + if err != nil { + s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.") + return + } + + w3Conn, ok := conn.Connector.(connector.Web3Connector) + if !ok { + s.renderErrorJSON(w, http.StatusInternalServerError, "Requested resource does not exist.") + return + } + + identity, err := w3Conn.Verify(data.Address, data.Nonce, r.PostFormValue("signature")) + if err != nil { + s.renderErrorJSON(w, http.StatusBadRequest, "Could not verify signature.") + return + } + + _, _, err = s.finalizeLogin(identity, authReq, conn) + if err != nil { + s.renderErrorJSON(w, http.StatusInternalServerError, "Login failure.") + } + + // Need to pick up the changes made by finalizeLogin. This is pretty gross! + authReq, err = s.storage.GetAuthRequest(authReqID) + if err != nil { + s.logger.Errorf("Failed to get auth request: %v", err) + s.renderError(r, w, http.StatusInternalServerError, "Database error.") + return + } + + if s.now().After(authReq.Expiry) { + s.renderErrorJSON(w, http.StatusBadRequest, "User session has expired.") + return + } + + if err := s.storage.DeleteAuthRequest(authReq.ID); err != nil { + if err != storage.ErrNotFound { + s.logger.Errorf("Failed to delete authorization request: %v", err) + s.renderErrorJSON(w, http.StatusInternalServerError, "Internal server error.") + } else { + s.renderErrorJSON(w, http.StatusBadRequest, "User session error.") + } + return + } + + code := storage.AuthCode{ + ID: storage.NewID(), + ClientID: authReq.ClientID, + ConnectorID: authReq.ConnectorID, + Nonce: authReq.Nonce, + Scopes: authReq.Scopes, + Claims: authReq.Claims, + Expiry: s.now().Add(time.Minute * 30), + RedirectURI: authReq.RedirectURI, + ConnectorData: authReq.ConnectorData, + PKCE: authReq.PKCE, + } + if err := s.storage.CreateAuthCode(code); err != nil { + s.logger.Errorf("Failed to create auth code: %v", err) + s.renderError(r, w, http.StatusInternalServerError, "Internal server error.") + return + } + + r.PostForm.Set("code", code.ID) + + s.handleToken(w, r) +} + func (s *Server) handleCreateAuthorizationRequest(w http.ResponseWriter, r *http.Request) { authReq, err := s.parseAuthorizationRequest(r) if err != nil {