revert "remove legacy auth validation"

This reverts commit da0bd09.
PeerMeHQ · Feb 29, 2024 · 3814724 · 3814724
1 parent 4267a68
commit 3814724
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/src/Auth/NativeAuthServer.php b/src/Auth/NativeAuthServer.php
@@ -19,6 +19,7 @@ public function __construct(
         public ?string $apiUrl = null,
         public array $acceptedOrigins = [],
         public int $maxExpirySeconds = 86400,
+        public bool $skipLegacyValidation = false,
     ) {
     }
 
@@ -70,6 +71,17 @@ public function validate(string $accessToken): NativeAuthValidateResult
         $valid = UserVerifier::fromAddress(Address::fromBech32($decoded->address))
             ->verify(new Bytes($verifiable->serializeForSigning()), new Bytes($verifiable->signature->hex()), $verifiable->address->getPublicKey());
 
+        if (! $valid && ! $this->skipLegacyValidation) {
+            $verifiable = new SignableMessage(
+                message: "{$decoded->address}{$decoded->body}{}",
+                signature: new Signature($decoded->signature),
+                address: Address::fromBech32($decoded->address),
+            );
+
+            $valid = UserVerifier::fromAddress(Address::fromBech32($decoded->address))
+                ->verify(new Bytes($verifiable->serializeForSigning()), new Bytes($verifiable->signature->hex()), $verifiable->address->getPublicKey());
+        }
+
         throw_unless($valid, NativeAuthInvalidSignatureException::class);
 
         return new NativeAuthValidateResult(

diff --git a/src/Multiversx.php b/src/Multiversx.php
@@ -27,6 +27,7 @@ public static function verifyNativeAuthToken(string $accessToken): NativeAuthVal
             apiUrl: config('multiversx.urls.api') ?? throw new Exception('missing config: urls.api'),
             acceptedOrigins: config('multiversx.native_auth.accepted_origins') ?? throw new Exception('missing native auth config: accepted_origins'),
             maxExpirySeconds: config('multiversx.native_auth.max_expiry_seconds') ?? throw new Exception('missing native auth config: max_expiry_seconds'),
+            skipLegacyValidation: config('multiversx.native_auth.skip_legacy_validation') ?? throw new Exception('missing native auth config: skip_legacy_validation'),
         );
 
         return $nativeAuth->validate($accessToken);

diff --git a/src/config.php b/src/config.php
@@ -33,5 +33,7 @@
         ],
 
         'max_expiry_seconds' => 86400,
+
+        'skip_legacy_validation' => false,
     ],
 ];
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,5 +33,7 @@ @@
             ],
             'max_expiry_seconds' => 86400,
+            'skip_legacy_validation' => false,
         ],
     ];