Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix manage data value in SEP0010 challenge builder. #396

Merged
merged 2 commits into from
Aug 6, 2019
Merged

Fix manage data value in SEP0010 challenge builder. #396

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
939eb76
Fix manage data value in SEP0010 challenge builder.
abuiles Aug 6, 2019
ca01ae4
Bump stellar-base.
abuiles Aug 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@
"eventsource": "^1.0.7",
"lodash": "^4.17.11",
"randombytes": "^2.1.0",
"stellar-base": "^1.0.3",
"stellar-base": "^1.1.1",
"toml": "^2.3.0",
"tslib": "^1.10.0",
"urijs": "^1.19.1",
Expand Down
21 changes: 20 additions & 1 deletion src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ export namespace Utils {
const account = new Account(serverKeypair.publicKey(), "-1");
const now = Math.floor(Date.now() / 1000);

// A Base64 digit represents 6 bits, to generate a random 64 bytes
// base64 string, we need 48 random bytes = (64 * 6)/8
//
// Each Base64 digit is in ASCII and each ASCII characters when
// turned into binary represents 8 bits = 1 bytes.
const value = randomBytes(48).toString("base64");

const transaction = new TransactionBuilder(account, {
fee: BASE_FEE,
timebounds: {
Expand All @@ -52,7 +59,7 @@ export namespace Utils {
.addOperation(
Operation.manageData({
name: `${anchorName} auth`,
value: randomBytes(64),
value,
source: clientAccountID,
}),
)
Expand Down Expand Up @@ -132,6 +139,18 @@ export namespace Utils {
);
}

if (Buffer.from(operation.value.toString(), "base64").length !== 48) {
throw new InvalidSep10ChallengeError(
"The transaction's operation value should be a 64 bytes base64 random string",
);
}

if (operation.type !== "manageData") {
throw new InvalidSep10ChallengeError(
"The transaction's operation should be manageData",
);
}

if (!verifyTxSignedBy(transaction, serverAccountId)) {
throw new InvalidSep10ChallengeError(
"The transaction is not signed by the server",
Expand Down
31 changes: 30 additions & 1 deletion test/unit/utils_test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ describe('Utils', function() {
expect(operation.source).to.eql("GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF");
expect(operation.type).to.eql("manageData");
expect(operation.value.length).to.eql(64);
expect(Buffer.from(operation.value.toString(), 'base64').length).to.eql(48);
});

it('uses the passed-in timeout', function() {
Expand Down Expand Up @@ -154,7 +155,7 @@ describe('Utils', function() {
.addOperation(
StellarSdk.Operation.manageData({
name: 'SDF auth',
value: randomBytes(64)
value: randomBytes(48).toString('base64')
})
)
.setTimeout(30)
Expand Down Expand Up @@ -201,6 +202,34 @@ describe('Utils', function() {
);
});

it('throws an error if operation value is not a 64 bytes base64 string', function() {
let keypair = StellarSdk.Keypair.random();
const account = new StellarSdk.Account(keypair.publicKey(), "-1");
const transaction = new StellarSdk.TransactionBuilder(account, { fee: 100 })
.addOperation(
StellarSdk.Operation.manageData({
name: 'SDF auth',
value: randomBytes(64),
source: 'GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF'
})
)
.setTimeout(30)
.build();

transaction.sign(keypair);
const challenge = transaction
.toEnvelope()
.toXDR("base64")
.toString();

expect(
() => StellarSdk.Utils.verifyChallengeTx(challenge, keypair.publicKey())
).to.throw(
StellarSdk.InvalidSep10ChallengeError,
/The transaction\'s operation value should be a 64 bytes base64 random string/
);
});

it('throws an error if transaction is not signed by the server', function() {
let keypair = StellarSdk.Keypair.random();

Expand Down
8 changes: 4 additions & 4 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7855,10 +7855,10 @@ statuses@~1.4.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.4.0.tgz#bb73d446da2796106efcc1b601a253d6c46bd087"

stellar-base@^1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/stellar-base/-/stellar-base-1.0.3.tgz#8d3121ca1ce85321b0647c44e69e5877be8e16e1"
integrity sha512-1JP/OnjUfbXryrICQJOrxsGgw9VlsgdpGje67692uI9mN8xP+2EyTF1fDs2KllO1Xx/6AaIB+DaU9VGv2nBMgw==
stellar-base@^1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/stellar-base/-/stellar-base-1.1.1.tgz#2a97b25584e3e92241a601903a96a776938848cf"
integrity sha512-E7L6bjM2OlY4wtf+G9ruG52/LXP/Bs7i5L4jbJJK+RFK/2jp6CNqK97i8/isKF/XpO46WW14EwqOUnXvVfBioQ==
dependencies:
base32.js "^0.1.0"
bignumber.js "^4.0.0"
Expand Down