lato 3.5.4 → 3.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/lato/account_controller.rb +6 -4
- data/app/controllers/lato/authentication_controller.rb +5 -6
- data/app/models/lato/user.rb +7 -56
- data/app/views/lato/account/_form-web3.html.erb +13 -9
- data/app/views/lato/authentication/_form-web3-signin.html.erb +52 -36
- data/config/locales/en.yml +2 -1
- data/config/locales/it.yml +2 -1
- data/lib/lato/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4dc0f435932a6eb561b49dc030c8d331ac306331ca42e9ea65a37418820c682
|
|
4
|
+
data.tar.gz: 6cfd69cae2762adbd4790af754f9b30e4f7f621f46f0f41ab5906f7c35c43b17
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b4738ffe8f9a83428305903f6253bdf844f7e64b87aa12f061597f579b558236e14357f51f091f646010186bd8d6dcf84348de019b16e512e53fcd8040295945
|
|
7
|
+
data.tar.gz: 645f8fad8ddcc489f954ddf704c44fa8ad1a088f20d768c9a0ce0524e19c227b62528701eabdb5ab3201e5576674873006ba3ac3ff7358c60b6ff88ed5bb5e28
|
|
@@ -20,7 +20,7 @@ module Lato
|
|
|
20
20
|
def update_web3_action
|
|
21
21
|
return respond_to_with_not_found unless Lato.config.web3_connection
|
|
22
22
|
|
|
23
|
-
if @session.user.
|
|
23
|
+
if @session.user.web3_address
|
|
24
24
|
respond_to do |format|
|
|
25
25
|
if @session.user.remove_web3_connection
|
|
26
26
|
format.html { redirect_to lato.account_path }
|
|
@@ -30,19 +30,21 @@ module Lato
|
|
|
30
30
|
format.json { render json: @session.user.errors, status: :unprocessable_entity }
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
|
-
elsif
|
|
33
|
+
elsif session[:web3_nonce]
|
|
34
34
|
respond_to do |format|
|
|
35
|
-
if @session.user.
|
|
35
|
+
if @session.user.add_web3_connection(params.require(:user).permit(:web3_address, :web3_signed_nonce).merge(web3_nonce: session[:web3_nonce]))
|
|
36
|
+
session[:web3_nonce] = nil
|
|
36
37
|
format.html { redirect_to lato.account_path }
|
|
37
38
|
format.json { render json: @session.user }
|
|
38
39
|
else
|
|
40
|
+
session[:web3_nonce] = nil
|
|
39
41
|
format.html { render :index, status: :unprocessable_entity }
|
|
40
42
|
format.json { render json: @session.user.errors, status: :unprocessable_entity }
|
|
41
43
|
end
|
|
42
44
|
end
|
|
43
45
|
else
|
|
44
46
|
respond_to do |format|
|
|
45
|
-
if
|
|
47
|
+
if session[:web3_nonce] = SecureRandom.hex(32)
|
|
46
48
|
format.html { redirect_to lato.account_path }
|
|
47
49
|
format.json { render json: @session.user }
|
|
48
50
|
else
|
|
@@ -40,27 +40,26 @@ module Lato
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def web3_signin
|
|
43
|
-
session[:web3_signin_id] = SecureRandom.hex
|
|
44
|
-
|
|
45
43
|
@user = Lato::User.new
|
|
46
|
-
|
|
47
|
-
@user.start_web3_signin
|
|
44
|
+
session[:web3_nonce] = SecureRandom.hex(32)
|
|
48
45
|
end
|
|
49
46
|
|
|
50
47
|
def web3_signin_action
|
|
51
48
|
@user = Lato::User.new
|
|
52
|
-
@user.id = session[:web3_signin_id] # This is a temporary id to identify the user
|
|
53
49
|
|
|
54
50
|
respond_to do |format|
|
|
55
51
|
if @user.web3_signin(params.require(:user).permit(:web3_address, :web3_signed_nonce).merge(
|
|
56
52
|
ip_address: request.remote_ip,
|
|
57
|
-
user_agent: request.user_agent
|
|
53
|
+
user_agent: request.user_agent,
|
|
54
|
+
web3_nonce: session[:web3_nonce]
|
|
58
55
|
))
|
|
56
|
+
session[:web3_nonce] = nil
|
|
59
57
|
session_create(@user.id)
|
|
60
58
|
|
|
61
59
|
format.html { redirect_to lato.root_path }
|
|
62
60
|
format.json { render json: @user }
|
|
63
61
|
else
|
|
62
|
+
session[:web3_nonce] = nil
|
|
64
63
|
format.html { render :web3_signin, status: :unprocessable_entity }
|
|
65
64
|
format.json { render json: @user.errors, status: :unprocessable_entity }
|
|
66
65
|
end
|
data/app/models/lato/user.rb
CHANGED
|
@@ -53,14 +53,6 @@ module Lato
|
|
|
53
53
|
@valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
-
def web3_connection_completed?
|
|
57
|
-
@web3_connection_completed ||= !web3_address.blank?
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def web3_connection_started?
|
|
61
|
-
@web3_connection_started ||= !c_web3_nonce.blank?
|
|
62
|
-
end
|
|
63
|
-
|
|
64
56
|
# Helpers
|
|
65
57
|
##
|
|
66
58
|
|
|
@@ -119,10 +111,6 @@ module Lato
|
|
|
119
111
|
true
|
|
120
112
|
end
|
|
121
113
|
|
|
122
|
-
def start_web3_signin
|
|
123
|
-
c_web3_nonce(SecureRandom.hex(32))
|
|
124
|
-
end
|
|
125
|
-
|
|
126
114
|
def web3_signin(params)
|
|
127
115
|
self.web3_address = params[:web3_address]
|
|
128
116
|
|
|
@@ -132,7 +120,7 @@ module Lato
|
|
|
132
120
|
return
|
|
133
121
|
end
|
|
134
122
|
|
|
135
|
-
signature_pubkey = Eth::Signature.personal_recover(
|
|
123
|
+
signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
|
|
136
124
|
signature_address = Eth::Util.public_key_to_address signature_pubkey
|
|
137
125
|
unless signature_address.to_s.downcase == params[:web3_address].downcase
|
|
138
126
|
errors.add(:web3_signed_nonce, :not_correct)
|
|
@@ -151,8 +139,10 @@ module Lato
|
|
|
151
139
|
Rails.logger.error(e)
|
|
152
140
|
end
|
|
153
141
|
|
|
154
|
-
c_web3_nonce__clear
|
|
155
142
|
true
|
|
143
|
+
rescue StandardError => e
|
|
144
|
+
errors.add(:base, :web3_connection_error)
|
|
145
|
+
false
|
|
156
146
|
end
|
|
157
147
|
|
|
158
148
|
def request_verify_email
|
|
@@ -278,45 +268,22 @@ module Lato
|
|
|
278
268
|
end
|
|
279
269
|
end
|
|
280
270
|
|
|
281
|
-
def
|
|
282
|
-
|
|
283
|
-
c_web3_nonce(SecureRandom.hex(32))
|
|
284
|
-
|
|
285
|
-
true
|
|
286
|
-
end
|
|
287
|
-
|
|
288
|
-
def complete_web3_connection(params)
|
|
289
|
-
nonce = c_web3_nonce
|
|
290
|
-
c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
|
|
291
|
-
|
|
292
|
-
unless nonce
|
|
293
|
-
errors.add(:base, :web3_nonce_expired)
|
|
294
|
-
return
|
|
295
|
-
end
|
|
296
|
-
|
|
297
|
-
signature_pubkey = Eth::Signature.personal_recover(nonce, params[:web3_signed_nonce])
|
|
271
|
+
def add_web3_connection(params)
|
|
272
|
+
signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
|
|
298
273
|
signature_address = Eth::Util.public_key_to_address signature_pubkey
|
|
299
274
|
unless signature_address.to_s.downcase == params[:web3_address].downcase
|
|
300
275
|
errors.add(:base, :web3_address_invalid)
|
|
301
276
|
return
|
|
302
277
|
end
|
|
303
278
|
|
|
304
|
-
|
|
305
|
-
return true if result
|
|
306
|
-
|
|
307
|
-
web3_address = nil # Important to rollback to status 0 of web3 connection
|
|
308
|
-
reload
|
|
309
|
-
|
|
310
|
-
false
|
|
279
|
+
update(web3_address: params[:web3_address])
|
|
311
280
|
rescue StandardError => e
|
|
312
|
-
c_web3_nonce__clear # Important to rollback to status 0 of web3 connection
|
|
313
281
|
errors.add(:base, :web3_connection_error)
|
|
314
282
|
false
|
|
315
283
|
end
|
|
316
284
|
|
|
317
285
|
def remove_web3_connection
|
|
318
286
|
update(web3_address: nil)
|
|
319
|
-
c_web3_nonce__clear
|
|
320
287
|
true
|
|
321
288
|
end
|
|
322
289
|
|
|
@@ -346,21 +313,5 @@ module Lato
|
|
|
346
313
|
Rails.cache.write(cache_key, value, expires_in: 30.minutes)
|
|
347
314
|
value
|
|
348
315
|
end
|
|
349
|
-
|
|
350
|
-
def c_web3_nonce(value = nil)
|
|
351
|
-
cache_key = "Lato::User/c_web3_nonce/#{id}"
|
|
352
|
-
return Rails.cache.read(cache_key) if value.nil?
|
|
353
|
-
|
|
354
|
-
Rails.cache.write(cache_key, value, expires_in: 1.minutes)
|
|
355
|
-
@web3_connection_started = nil # HARD FIX: reset web3 connection status
|
|
356
|
-
value
|
|
357
|
-
end
|
|
358
|
-
|
|
359
|
-
def c_web3_nonce__clear
|
|
360
|
-
cache_key = "Lato::User/c_web3_nonce/#{id}"
|
|
361
|
-
Rails.cache.delete(cache_key)
|
|
362
|
-
@web3_connection_started = nil # HARD FIX: reset web3 connection status
|
|
363
|
-
true
|
|
364
|
-
end
|
|
365
316
|
end
|
|
366
317
|
end
|
|
@@ -9,7 +9,7 @@ user ||= Lato::User.new
|
|
|
9
9
|
<%= lato_form_notices class: %w[mb-3] %>
|
|
10
10
|
<%= lato_form_errors user, class: %w[mb-3] %>
|
|
11
11
|
|
|
12
|
-
<% if user.
|
|
12
|
+
<% if user.web3_address %>
|
|
13
13
|
<div class="row">
|
|
14
14
|
<div class="col col-12 mb-3">
|
|
15
15
|
<%= lato_form_item_label form, :web3_address %>
|
|
@@ -23,7 +23,7 @@ user ||= Lato::User.new
|
|
|
23
23
|
<div class="d-flex justify-content-end">
|
|
24
24
|
<%= lato_form_submit form, I18n.t('lato.disconnect_wallet'), class: %w[btn-danger] %>
|
|
25
25
|
</div>
|
|
26
|
-
<% elsif
|
|
26
|
+
<% elsif session[:web3_nonce] %>
|
|
27
27
|
<div class="alert alert-light mb-0">
|
|
28
28
|
<h4 class="alert-heading">Connecting..</h4>
|
|
29
29
|
<div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
|
|
@@ -31,7 +31,7 @@ user ||= Lato::User.new
|
|
|
31
31
|
</div>
|
|
32
32
|
</div>
|
|
33
33
|
|
|
34
|
-
<span id="account_form-web3__nonce" style="display: none;"><%=
|
|
34
|
+
<span id="account_form-web3__nonce" style="display: none;"><%= session[:web3_nonce] %></span>
|
|
35
35
|
<%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address' %>
|
|
36
36
|
<%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
|
|
37
37
|
<%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
|
|
@@ -48,12 +48,16 @@ user ||= Lato::User.new
|
|
|
48
48
|
let address = ''
|
|
49
49
|
let signedNonce = ''
|
|
50
50
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
51
|
+
try {
|
|
52
|
+
if (window.ethereum) {
|
|
53
|
+
const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
|
|
54
|
+
await provider.send('eth_requestAccounts', [])
|
|
55
|
+
const signer = provider.getSigner()
|
|
56
|
+
address = await signer.getAddress()
|
|
57
|
+
signedNonce = await signer.signMessage(nonce)
|
|
58
|
+
}
|
|
59
|
+
} catch (error) {
|
|
60
|
+
console.error(error)
|
|
57
61
|
}
|
|
58
62
|
|
|
59
63
|
inputAddress.value = address
|
|
@@ -8,43 +8,59 @@ user ||= Lato::User.new
|
|
|
8
8
|
<%= form_with model: user, url: lato.authentication_web3_signin_action_path, data: { turbo_frame: '_self', controller: 'lato-form' } do |form| %>
|
|
9
9
|
<%= lato_form_notices class: %w[mb-3] %>
|
|
10
10
|
<%= lato_form_errors user, class: %w[mb-3] %>
|
|
11
|
+
|
|
12
|
+
<% if session[:web3_nonce] %>
|
|
11
13
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
<div class="alert alert-light mb-0 text-center">
|
|
15
|
+
<h4 class="alert-heading">Connecting..</h4>
|
|
16
|
+
<div class="progress" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100">
|
|
17
|
+
<div class="progress-bar progress-bar-striped progress-bar-animated" style="width: 100%"></div>
|
|
18
|
+
</div>
|
|
16
19
|
</div>
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
20
|
+
|
|
21
|
+
<span id="account_form-web3__nonce" style="display: none;"><%= session[:web3_nonce] %></span>
|
|
22
|
+
<%= form.hidden_field :web3_address, id: 'account_form-web3__input-web3_address' %>
|
|
23
|
+
<%= form.hidden_field :web3_signed_nonce, id: 'account_form-web3__input-web3_signed_nonce' %>
|
|
24
|
+
<%= lato_form_submit form, 'Confirm', class: %w[btn-primary d-none], id: 'account_form-web3__submit' %>
|
|
25
|
+
|
|
26
|
+
<script>
|
|
27
|
+
(async () => {
|
|
28
|
+
const ethers = await import('https://cdnjs.cloudflare.com/ajax/libs/ethers/5.7.2/ethers.esm.min.js')
|
|
29
|
+
|
|
30
|
+
const nonce = document.getElementById('account_form-web3__nonce').innerText
|
|
31
|
+
const inputAddress = document.getElementById('account_form-web3__input-web3_address')
|
|
32
|
+
const inputSignedNonce = document.getElementById('account_form-web3__input-web3_signed_nonce')
|
|
33
|
+
const submitButton = document.getElementById('account_form-web3__submit')
|
|
34
|
+
|
|
35
|
+
let address = ''
|
|
36
|
+
let signedNonce = ''
|
|
37
|
+
|
|
38
|
+
try {
|
|
39
|
+
if (window.ethereum) {
|
|
40
|
+
const provider = new ethers.ethers.providers.Web3Provider(window.ethereum)
|
|
41
|
+
await provider.send('eth_requestAccounts', [])
|
|
42
|
+
const signer = provider.getSigner()
|
|
43
|
+
address = await signer.getAddress()
|
|
44
|
+
signedNonce = await signer.signMessage(nonce)
|
|
45
|
+
}
|
|
46
|
+
} catch (error) {
|
|
47
|
+
console.error(error)
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
inputAddress.value = address
|
|
51
|
+
inputSignedNonce.value = signedNonce
|
|
52
|
+
submitButton.click()
|
|
53
|
+
})()
|
|
54
|
+
</script>
|
|
55
|
+
|
|
56
|
+
<% else %>
|
|
57
|
+
<div class="text-center">
|
|
58
|
+
<%= link_to I18n.t('lato.retry'), lato.authentication_web3_signin_path, class: %w[btn btn-primary], data: { turbo_frame: '_self' } %>
|
|
59
|
+
|
|
60
|
+
<div class="mt-3">
|
|
61
|
+
<%= I18n.t('lato.or').downcase %> <%= link_to I18n.t('lato.back').downcase, lato.authentication_signin_path %>
|
|
62
|
+
</div>
|
|
63
|
+
</div>
|
|
64
|
+
<% end %>
|
|
49
65
|
<% end %>
|
|
50
66
|
<% end %>
|
data/config/locales/en.yml
CHANGED
|
@@ -47,6 +47,8 @@ en:
|
|
|
47
47
|
disconnect_wallet: Disconnect
|
|
48
48
|
connected_wallet: Connected
|
|
49
49
|
web3_signin: Web3 Login
|
|
50
|
+
retry: Retry
|
|
51
|
+
back: Go back
|
|
50
52
|
|
|
51
53
|
account_controller:
|
|
52
54
|
update_user_action_notice: Account information properly updated
|
|
@@ -79,7 +81,6 @@ en:
|
|
|
79
81
|
privacy_policy_invalid: To accept the privacy policy you must select the confirmation checkbox
|
|
80
82
|
terms_and_conditions_invalid: To accept the terms and conditions you must select the confirmation checkbox
|
|
81
83
|
web3_address_invalid: The address you send is not corretly signed
|
|
82
|
-
web3_nonce_expired: The nonce used to sign the address is expired
|
|
83
84
|
web3_connection_error: Impossible to connect the wallet
|
|
84
85
|
password:
|
|
85
86
|
not_correct: not correct
|
data/config/locales/it.yml
CHANGED
|
@@ -49,6 +49,8 @@ it:
|
|
|
49
49
|
disconnect_wallet: Disconnetti
|
|
50
50
|
connected_wallet: Connesso
|
|
51
51
|
web3_signin: Accedi con Web3
|
|
52
|
+
retry: Riprova
|
|
53
|
+
back: Torna indietro
|
|
52
54
|
|
|
53
55
|
account_controller:
|
|
54
56
|
update_user_action_notice: Informazioni account aggiornate correttamente
|
|
@@ -87,7 +89,6 @@ it:
|
|
|
87
89
|
terms_and_conditions_invalid: Per accettare i termini e condizioni devi selezionare la checkbox di conferma
|
|
88
90
|
invitation_invalid: Invito non valido
|
|
89
91
|
web3_address_invalid: L'inidirizzo inviato non è correttamente firmato
|
|
90
|
-
web3_nonce_expired: Il nonce utilizzato per firmare l'indirizzo è scaduto
|
|
91
92
|
web3_connection_error: Impossibile connettere il wallet
|
|
92
93
|
password:
|
|
93
94
|
not_correct: non corretta
|
data/lib/lato/version.rb
CHANGED