update challenge string and muxrpc call name

ssbc · Mar 22, 2021 · e5d981c · e5d981c
1 parent 4480f6d
commit e5d981c
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 10 deletions.
diff --git a/internal/signinwithssb/challenges.go b/internal/signinwithssb/challenges.go
@@ -45,13 +45,13 @@ type ClientRequest struct {
 func (cr ClientRequest) createMessage() []byte {
 	var msg bytes.Buffer
 	msg.WriteString("=http-auth-sign-in:")
-	msg.WriteString(cr.ClientID.Ref())
-	msg.WriteString(":")
 	msg.WriteString(cr.ServerID.Ref())
 	msg.WriteString(":")
-	msg.WriteString(cr.ClientChallange)
+	msg.WriteString(cr.ClientID.Ref())
 	msg.WriteString(":")
 	msg.WriteString(cr.ServerChallange)
+	msg.WriteString(":")
+	msg.WriteString(cr.ClientChallange)
 	return msg.Bytes()
 }
 

diff --git a/internal/signinwithssb/simple_test.go b/internal/signinwithssb/simple_test.go
@@ -0,0 +1,29 @@
+package signinwithssb
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	refs "go.mindeco.de/ssb-refs"
+)
+
+func TestClientRequestString(t *testing.T) {
+
+	server := refs.FeedRef{ID: bytes.Repeat([]byte{1}, 32), Algo: "test"}
+
+	client := refs.FeedRef{ID: bytes.Repeat([]byte{2}, 32), Algo: "test"}
+
+	var req ClientRequest
+
+	req.ServerID = server
+	req.ClientID = client
+
+	req.ServerChallange = "fooo"
+	req.ClientChallange = "barr"
+
+	want := "=http-auth-sign-in:@AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=.test:@AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI=.test:fooo:barr"
+
+	got := req.createMessage()
+	assert.Equal(t, want, string(got))
+}
diff --git a/web/handlers/auth/withssb.go b/web/handlers/auth/withssb.go
@@ -37,14 +37,16 @@ func (h withssbHandler) login(w http.ResponseWriter, req *http.Request) (interfa
 	queryParams := req.URL.Query()
 
 	var clientReq signinwithssb.ClientRequest
-	clientReq.ServerID = h.roomID
+	clientReq.ServerID = h.roomID // fll inthe server
 
+	// validate and update client challange
 	cc := queryParams.Get("challenge")
 	if _, err := signinwithssb.DecodeChallengeString(cc); err != nil {
 		return nil, weberrors.ErrBadRequest{Where: "client-challange", Details: err}
 	}
 	clientReq.ClientChallange = cc
 
+	// check who the client is
 	var client refs.FeedRef
 	if cid := queryParams.Get("cid"); cid != "" {
 		parsed, err := refs.ParseFeedRef(cid)
@@ -60,6 +62,7 @@ func (h withssbHandler) login(w http.ResponseWriter, req *http.Request) (interfa
 		client = alias.Feed
 	}
 
+	// check that we have that member
 	member, err := h.members.GetByFeed(req.Context(), client)
 	if err != nil {
 		if err == roomdb.ErrNotFound {
@@ -69,36 +72,44 @@ func (h withssbHandler) login(w http.ResponseWriter, req *http.Request) (interfa
 	}
 	clientReq.ClientID = client
 
+	// get the connected client for that member
 	edp, connected := h.endpoints.GetEndpointFor(client)
 	if !connected {
 		return nil, weberrors.ErrForbidden{Details: fmt.Errorf("sign-in: client not connected to room")}
 	}
 
+	// roll a challange from the server
 	sc := signinwithssb.GenerateChallenge()
 	clientReq.ServerChallange = sc
 
 	ctx, cancel := context.WithTimeout(req.Context(), 1*time.Minute)
 	defer cancel()
 
-	var clientResponse string
-	err = edp.Async(ctx, &clientResponse, muxrpc.TypeString, muxrpc.Method{"httpAuth", "signIn"}, sc, cc)
+	// request the signed solution over muxrpc
+	var solution string
+	err = edp.Async(ctx, &solution, muxrpc.TypeString, muxrpc.Method{"httpAuth", "requestSolution"}, sc, cc)
 	if err != nil {
 		return nil, err
 	}
 
-	responseBytes, err := base64.URLEncoding.DecodeString(clientResponse)
+	// decode and validate the response
+	solutionBytes, err := base64.URLEncoding.DecodeString(solution)
 	if err != nil {
 		return nil, err
 	}
 
-	if !clientReq.Validate(responseBytes) {
-		return nil, fmt.Errorf("sign-in with ssb: validation of client response failed")
+	if !clientReq.Validate(solutionBytes) {
+		return nil, fmt.Errorf("sign-in with ssb: validation of client solution failed")
 	}
 
+	// create a cookie for the member
 	err = h.cookieAuth.SaveUserSession(req, w, member.ID)
 	if err != nil {
 		return nil, err
 	}
 
+	// TODO: store the solution for session invalidation
+	// https://github.com/ssb-ngi-pointer/go-ssb-room/issues/92
+
 	return "you are now logged in!", nil
 }
diff --git a/web/handlers/auth_test.go b/web/handlers/auth_test.go
@@ -264,7 +264,7 @@ func TestAuthWithSSBHasClient(t *testing.T) {
 	// setup a mocked muxrpc call that asserts the arguments and returns the needed signature
 	edp.AsyncCalls(func(_ context.Context, ret interface{}, encoding muxrpc.RequestEncoding, method muxrpc.Method, args ...interface{}) error {
 		a.Equal(muxrpc.TypeString, encoding)
-		a.Equal("httpAuth.signIn", method.String())
+		a.Equal("httpAuth.requestSolution", method.String())
 
 		r.Len(args, 2, "expected two args")