lato 3.5.1 → 3.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56ee3e9b961152eba70e1a6bc9847cba388918270a97b54b0e5f62c411522d7e
-  data.tar.gz: 6911a1d184c652e28489ccba829b0fe1fdfa48fc4e2bf38de2a4996b9b6be279
+  metadata.gz: 0e24a9027aaa18602126a3e83d58f6965fa71767621211ae79026192f74f01f6
+  data.tar.gz: 07beba102b8c9cd35d985d0870c73553a635a9e2f8f23e6e74d3c7881ebb96c8
 SHA512:
-  metadata.gz: a3ec9fc339e4606798bbe19d2879f6e9900a6b72ff0feb0904b88be10e0854b17f73abceee9f5b7e5b9ee4c0f56d8973afde4cb32f42dea4abff56501e4187e3
-  data.tar.gz: c97f878b5872460270eaf450f6cfec947dbaeaef884e63afcd7213bf427a82080effc2df75f24b1813f2e763dd3bbeb8546aebcbee5daf6d5c4492cc0b73bacf
+  metadata.gz: 5cd1b768467aaba97b45b31ff9dfc852872cd496da2c16ea265a2f60b134e729efe90cf3daab6b2f53bee8ad3e6541d41f2e529fd61e227999ab78126355b7d5
+  data.tar.gz: 60f6a2f4a3040ab22dfd24615a859a74f744bdfa03796cfd9a607c7abf6907aa3d80f5a808c6b65f182f72754131c8bf32e843985e1cf4f080161c63aff0db5b

data/app/controllers/lato/authentication_controller.rb

@@ -6,9 +6,10 @@ module Lato
 
     before_action :find_user, only: %i[verify_email verify_email_action update_password update_password_action]
     before_action :find_invitation, only: %i[accept_invitation accept_invitation_action]
-    
+
     before_action :lock_signup_if_disabled, only: %i[signup signup_action]
     before_action :lock_recover_password_if_disabled, only: %i[recover_password recover_password_action update_password update_password_action]
+    before_action :lock_web3_if_disabled, only: %i[web3_signin web3_signin_action]
 
     before_action :hide_sidebar
 
@@ -38,6 +39,34 @@ module Lato
       end
     end
 
+    def web3_signin
+      session[:web3_signin_id] = SecureRandom.hex
+
+      @user = Lato::User.new
+      @user.id = session[:web3_signin_id] # This is a temporary id to identify the user
+      @user.start_web3_signin
+    end
+
+    def web3_signin_action
+      @user = Lato::User.new
+      @user.id = session[:web3_signin_id] # This is a temporary id to identify the user
+
+      respond_to do |format|
+        if @user.web3_signin(params.require(:user).permit(:web3_address, :web3_signed_nonce).merge(
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        ))
+          session_create(@user.id)
+
+          format.html { redirect_to lato.root_path }
+          format.json { render json: @user }
+        else
+          format.html { render :web3_signin, status: :unprocessable_entity }
+          format.json { render json: @user.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
     # Signup
     ##
 
@@ -180,6 +209,13 @@ module Lato
     def lock_recover_password_if_disabled
       return unless Lato.config.auth_disable_recover_password
 
+      respond_to_with_not_found
+    end
+
+    def lock_web3_if_disabled
+      return if Lato.config.web3_connection && !Lato.config.auth_disable_web3
+
+
       respond_to_with_not_found
     end
   end

data/app/models/lato/user.rb

@@ -12,6 +12,7 @@ module Lato
     validates :email, presence: true, uniqueness: true
     validates :accepted_privacy_policy_version, presence: true
     validates :accepted_terms_and_conditions_version, presence: true
+    validates :web3_address, uniqueness: true, allow_blank: true
 
     # Relations
     ##
@@ -118,6 +119,42 @@ module Lato
       true
     end
 
+    def start_web3_signin
+      c_web3_nonce(SecureRandom.hex(32))
+    end
+
+    def web3_signin(params)
+      self.web3_address = params[:web3_address]
+
+      user = Lato::User.find_by(web3_address: params[:web3_address].downcase)
+      unless user
+        errors.add(:web3_address, :not_correct)
+        return
+      end
+
+      signature_pubkey = Eth::Signature.personal_recover(c_web3_nonce, params[:web3_signed_nonce])
+      signature_address = Eth::Util.public_key_to_address signature_pubkey
+      unless signature_address.to_s.downcase == params[:web3_address].downcase
+        errors.add(:web3_signed_nonce, :not_correct)
+        return
+      end
+
+      self.id = user.id
+      reload
+
+      begin
+        lato_log_user_signins.create(
+          ip_address: params[:ip_address],
+          user_agent: params[:user_agent]
+        )
+      rescue StandardError => e
+        Rails.logger.error(e)
+      end
+
+      c_web3_nonce__clear
+      true
+    end
+
     def request_verify_email
       if c_email_verification_semaphore
         errors.add(:base, :email_verification_limit)

data/app/views/lato/account/_form-web3.html.erb

@@ -11,14 +11,18 @@ user ||= Lato::User.new
 
     <% if user.web3_connection_completed? %>
       <div class="row">
-        <div class="col col-12">
-          <%= lato_form_item_label form, :web3_address, 'You are connected to the following address' %>
+        <div class="col col-12 mb-3">
+          <%= lato_form_item_label form, :web3_address %>
           <div class="input-group">
             <%= lato_form_item_input_text form, :web3_address, required: true, readonly: true %>
-            <%= lato_form_submit form, 'Disconnect', class: %w[btn-danger] %>
+            <button class="btn btn-outline-success" style="pointer-events: none"><%= I18n.t('lato.connected_wallet') %></button>
           </div>
         </div>
       </div>
+
+      <div class="d-flex justify-content-end">
+        <%= lato_form_submit form, I18n.t('lato.disconnect_wallet'), class: %w[btn-danger] %>
+      </div>
     <% elsif user.web3_connection_started? %>
       <div class="alert alert-light mb-0">
         <h4 class="alert-heading">Connecting..</h4>
@@ -58,12 +62,12 @@ user ||= Lato::User.new
       </script>
     <% else %>
       <div class="alert alert-light mb-0">
-        <h4 class="alert-heading">Connect your wallet</h4>
+        <h4 class="alert-heading"><%= I18n.t('lato.account_web3_start_title') %></h4>
         <p>
-          Connect your web3 wallet by clicking the button below and signing the message.
+          <%= raw I18n.t('lato.account_web3_start_description') %>
         </p>
         <p class="mb-0">
-          <%= lato_form_submit form, 'Connect wallet', class: %w[btn-primary] %>
+          <%= lato_form_submit form, I18n.t('lato.connect_wallet'), class: %w[btn-primary] %>
         </p>
       </div>
     <% end %>

data/app/views/lato/account/index.html.erb

@@ -12,25 +12,25 @@
   </div>
 </div>
 
-<% if Lato.config.web3_connection %>
 <div class="card mb-4">
   <div class="card-header">
-    <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
+    <h2 class="fs-4 mb-0"><%= I18n.t('lato.update_password') %></h2>
   </div>
   <div class="card-body">
-    <%= render 'lato/account/form-web3', user: @session.user %>
+    <%= render 'lato/account/form-password', user: @session.user %>
   </div>
 </div>
-<% end %>
 
+<% if Lato.config.web3_connection %>
 <div class="card mb-4">
   <div class="card-header">
-    <h2 class="fs-4 mb-0"><%= I18n.t('lato.update_password') %></h2>
+    <h2 class="fs-4 mb-0"><%= I18n.t('lato.account_web3') %></h2>
   </div>
   <div class="card-body">
-    <%= render 'lato/account/form-password', user: @session.user %>
+    <%= render 'lato/account/form-web3', user: @session.user %>
   </div>
 </div>
+<% end %>
 
 <div class="card mb-4">
   <div class="card-header">

data/app/views/lato/authentication/_form-signin.html.erb

@@ -22,6 +22,11 @@ user ||= Lato::User.new
     <div>
       <%= lato_form_submit form, I18n.t('lato.signin'), class: %w[d-block w-100] %>
     </div>
+    <% if Lato.config.web3_connection && !Lato.config.auth_disable_web3 %>
+      <div class="mt-2">
+        <%= link_to I18n.t('lato.web3_signin'), lato.authentication_web3_signin_path, class: 'btn btn-info w-100' %>
+      </div>
+    <% end %>
     <% unless Lato.config.auth_disable_signup %>
       <div class="text-center mt-3 mb-3">
         <%= I18n.t('lato.or').downcase %> <%= link_to I18n.t('lato.create_free_account').downcase, lato.authentication_signup_path %>

data/app/views/lato/authentication/_form-web3-signin.html.erb

@@ -0,0 +1,49 @@
+<%
+
+user ||= Lato::User.new
+
+%>
+
+<%= turbo_frame_tag 'authentication_form-web3-signin' do %>
+  <%= form_with model: user, url: lato.authentication_web3_signin_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
+    <%= lato_form_notices class: %w[mb-3] %>
+    <%= lato_form_errors user, class: %w[mb-3] %>
+    
+    <div class="alert alert-light mb-0 text-center">
+      <h4 class="alert-heading">Connecting..</h4>
+      <div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
+        <div class="progress-bar progress-bar-striped progress-bar-animated" style="width: 100%"></div>
+      </div>
+    </div>
+    
+    <span id="account_form-web3__nonce" style="display: none;"><%= user.c_web3_nonce %></span>
+    <%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address'  %>
+    <%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
+    <%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
+
+    <script>
+      (async () => {
+        const ethers = await import('https://cdnjs.cloudflare.com/ajax/libs/ethers/5.7.2/ethers.esm.min.js')
+
+        const nonce = document.getElementById('account_form-web3__nonce').innerText
+        const inputAddress = document.getElementById('account_form-web3__input-web3_address')
+        const inputSignedNonce = document.getElementById('account_form-web3__input-web3_signed_nonce')
+        const submitButton = document.getElementById('account_form-web3__submit')
+
+        let address = ''
+        let signedNonce = ''
+
+        if (window.ethereum) {
+          const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
+          const signer = provider.getSigner()
+          address = await signer.getAddress()
+          signedNonce = await signer.signMessage(nonce)
+        }
+
+        inputAddress.value = address
+        inputSignedNonce.value = signedNonce
+        submitButton.click()
+      })()
+    </script>
+  <% end %>
+<% end %>

data/app/views/lato/authentication/web3_signin.html.erb

@@ -0,0 +1,10 @@
+<div class="w-100 h-100 d-flex justify-content-center align-items-center" style="min-height: calc(100vh - 54px - 2rem)">
+  <div class="card w-100" style="max-width: 400px">
+    <div class="card-header">
+      <h1 class="fs-3 mb-0 text-center"><%= I18n.t('lato.web3_signin') %></h1>
+    </div>
+    <div class="card-body">
+      <%= render 'lato/authentication/form-web3-signin', user: @user %>
+    </div>
+  </div>
+</div>

data/config/locales/en.yml

@@ -41,6 +41,12 @@ en:
     terms_and_conditions_update_title: Terms and conditions update
     accept_invitation: Accept invitation
     account_web3: Web3 connection
+    account_web3_start_title: Connect your wallet
+    account_web3_start_description: Connect your web3 wallet by clicking the button below and signing the message.<br> This will allow you to use the platform without having to enter your password.
+    connect_wallet: Connect wallet
+    disconnect_wallet: Disconnect
+    connected_wallet: Connected
+    web3_signin: Web3 Login
 
     account_controller:
       update_user_action_notice: Account information properly updated
@@ -85,6 +91,8 @@ en:
               inclusion: not accepted
             accepted_terms_and_conditions_version:
               inclusion: not accepted
+            web3_address:
+              not_correct: not correct
         lato/invitation:
           attributes:
             base:

data/config/locales/it.yml

@@ -43,6 +43,12 @@ it:
     terms_and_conditions_update_title: Aggiornamento termini e condizioni
     accept_invitation: Accetta invito
     account_web3: Connessione Web3
+    account_web3_start_title: Connetti il tuo wallet
+    account_web3_start_description: Connetti il tuo wallet web3 cliccando il pulsante sottostante e firmando il messaggio.<br>Questo ti permetterà di utilizzare la piattaforma senza dover inserire la tua password.
+    connect_wallet: Connetti wallet
+    disconnect_wallet: Disconnetti
+    connected_wallet: Connesso
+    web3_signin: Accedi con Web3
 
     account_controller:
       update_user_action_notice: Informazioni account aggiornate correttamente
@@ -95,6 +101,8 @@ it:
               inclusion: non accettata
             accepted_terms_and_conditions_version:
               inclusion: non accettati
+            web3_address:
+              not_correct: non corretto
         lato/invitation:
           attributes:
             base:

data/config/routes.rb

@@ -12,6 +12,8 @@ Lato::Engine.routes.draw do
   scope :authentication do
     get 'signin', to: 'authentication#signin', as: :authentication_signin
     post 'signin_action', to: 'authentication#signin_action', as: :authentication_signin_action
+    get 'web3_signin', to: 'authentication#web3_signin', as: :authentication_web3_signin
+    post 'web3_signin_action', to: 'authentication#web3_signin_action', as: :authentication_web3_signin_action
     get 'signup', to: 'authentication#signup', as: :authentication_signup
     post 'signup_action', to: 'authentication#signup_action', as: :authentication_signup_action
     get 'signout', to: 'authentication#signout', as: :authentication_signout

data/lib/lato/config.rb

@@ -10,7 +10,7 @@ module Lato
     attr_accessor :session_lifetime, :session_root_path
 
     # Authentication configs
-    attr_accessor :auth_disable_signup, :auth_disable_recover_password
+    attr_accessor :auth_disable_signup, :auth_disable_recover_password, :auth_disable_web3
 
     # Assets configs
     attr_accessor :assets_stylesheet_entry
@@ -33,6 +33,7 @@ module Lato
 
       @auth_disable_signup = false
       @auth_disable_recover_password = false
+      @auth_disable_web3 = false
 
       @assets_stylesheet_entry = 'application'
 

data/lib/lato/version.rb

@@ -1,3 +1,3 @@
 module Lato
-  VERSION = "3.5.1"
+  VERSION = "3.5.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lato
 version: !ruby/object:Gem::Version
-  version: 3.5.1
+  version: 3.5.2
 platform: ruby
 authors:
 - Gregorio Galante
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-22 00:00:00.000000000 Z
+date: 2024-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -174,6 +174,7 @@ files:
 - app/views/lato/authentication/_form-signup.html.erb
 - app/views/lato/authentication/_form-update-password.html.erb
 - app/views/lato/authentication/_form-verify-email.html.erb
+- app/views/lato/authentication/_form-web3-signin.html.erb
 - app/views/lato/authentication/accept_invitation.html.erb
 - app/views/lato/authentication/recover_password.html.erb
 - app/views/lato/authentication/signin.html.erb
@@ -181,6 +182,7 @@ files:
 - app/views/lato/authentication/signup.html.erb
 - app/views/lato/authentication/update_password.html.erb
 - app/views/lato/authentication/verify_email.html.erb
+- app/views/lato/authentication/web3_signin.html.erb
 - app/views/lato/components/_index.html.erb
 - app/views/lato/components/_navbar_nav_item.html.erb
 - app/views/lato/components/_navbar_nav_locales_item.html.erb