siwe 1.1.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5c8a137e642d2e6fe2fcb52a9d79dea2580eba1cc564889cf08baee669487c3
-  data.tar.gz: b55b6f1645681d007f678d692611ee40600a4406ab37f0b45182d92c374bb6f7
+  metadata.gz: 933ba5a3c973570550d45cd839212a57c6a66568e17a2b107be945fc5ee1c6f3
+  data.tar.gz: 6ea0957b133e576102f9038cee3a7c4459cba2d7bbbe11d4268ac8d464e5982b
 SHA512:
-  metadata.gz: dcff7464e7f27da76e5d53209f234490e76be3f9360ce5fceed3bf62975cef6c88dba6876c1590b0821bde63e0514e04033001b555a29b1a208e01121aab0f3d
-  data.tar.gz: 75055a13223cde52dfcc1ac75e1be8a466a80d1445f55aa724a9304be60c281c006f636302b588c40f31684fe8cf7bbe5f1fee1221dbe58280f03f4721e36e52
+  metadata.gz: 9ecf2bac358261ae3cd49f8c5ef43ddc7724360705dddaf2704cf3ba427bbb2181bc20a5189cc66bd991144cc669a8fb9555db36780f439dfa6b0d007c941202
+  data.tar.gz: d63ad437299d1386f5cfce1ce44a4d76ecd7a8bcffd3e819f3d2b625196a3b4ced5128544a1413c76447b918e901fa78b63ed4268b6785c631ba18e3675c5327

data/.rubocop.yml

@@ -32,5 +32,11 @@ Metrics/ClassLength:
 Style/OptionalBooleanParameter:
   Enabled: false
 
+Style/RegexpLiteral:
+  Enabled: false
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: false
+
 Layout/LineLength:
-  Max: 120
+  Enabled: false

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    siwe (1.1.1)
+    siwe (2.0.0)
       eth (~> 0.5.1)
 
 GEM
@@ -12,7 +12,7 @@ GEM
     benchmark (0.2.0)
     diff-lcs (1.5.0)
     e2mmap (0.1.0)
-    eth (0.5.1)
+    eth (0.5.2)
       keccak (~> 1.3)
       konstructor (~> 1.0)
       openssl (~> 2.2)

data/lib/siwe/exceptions.rb

@@ -3,7 +3,28 @@
 module Siwe
   # Used when the message is already expired. (Expires At < Time.now)
   class ExpiredMessage < StandardError
-    def initialize(msg = "Message expired.")
+    def initialize(msg = "Expired message.")
+      super
+    end
+  end
+
+  # Used when the domain is not a valid authority or is empty.
+  class InvalidDomain < StandardError
+    def initialize(msg = "Invalid domain.")
+      super
+    end
+  end
+
+  # Used when the domain doesn't match the domain provided for verification.
+  class DomainMismatch < StandardError
+    def initialize(msg = "Domain does not match provided domain for verification.")
+      super
+    end
+  end
+
+  # Used when the nonce doesn't match the nonce provided for verification.
+  class NonceMismatch < StandardError
+    def initialize(msg = "Nonce does not match provided nonce for verification.")
       super
     end
   end
@@ -15,6 +36,20 @@ module Siwe
     end
   end
 
+  # Used when the message is created with an invalid URI
+  class InvalidURI < StandardError
+    def initialize(msg = "URI does not conform to RFC 3986.")
+      super
+    end
+  end
+
+  # Used when the nonce is smaller then 8 characters or is not alphanumeric
+  class InvalidNonce < StandardError
+    def initialize(msg = "Nonce size smaller then 8 characters or is not alphanumeric.")
+      super
+    end
+  end
+
   # Used when the message is not yet valid. (Not Before > Time.now)
   class NotValidMessage < StandardError
     def initialize(msg = "Message not yet valid.")
@@ -22,10 +57,31 @@ module Siwe
     end
   end
 
+  # Used when the message contains a time format not compliant to ISO8601.
+  class InvalidTimeFormat < StandardError
+    def initialize(field, msg = "Invalid time format for: #{field}")
+      super
+    end
+  end
+
+  # Used when the message version is not 1.
+  class InvalidMessageVersion < StandardError
+    def initialize(msg = "Invalid message version.")
+      super
+    end
+  end
+
   # Used when the signature doesn't correspond to the address of the message.
   class InvalidSignature < StandardError
     def initialize(msg = "Signature doesn't match message.")
       super
     end
   end
+
+  # Used when the message doesn't match the RegExp.
+  class UnableToParseMessage < StandardError
+    def initialize(msg = "Unable to parse message.")
+      super
+    end
+  end
 end

data/lib/siwe/message.rb

@@ -4,26 +4,27 @@ require "time"
 require "eth"
 require "json"
 
-SIWE_DOMAIN = "^(?<domain>([^?#]*)) wants you to sign in with your Ethereum account:\\n"
-SIWE_ADDRESS = "(?<address>0x[a-zA-Z0-9]{40})\\n\\n"
-SIWE_STATEMENT = "((?<statement>[^\\n]+)\\n)?\\n"
-SIWE_URI = "(([^:?#]+):)?(([^?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))"
-SIWE_URI_LINE = "URI: (?<uri>#{SIWE_URI}?)\\n"
-SIWE_VERSION = "Version: (?<version>1)\\n"
-SIWE_CHAIN_ID = "Chain ID: (?<chain_id>[0-9]+)\\n"
-SIWE_NONCE = "Nonce: (?<nonce>[a-zA-Z0-9]{8,})\\n"
-SIWE_DATETIME = "([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9])"\
-                ":([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([\+|\-]([01][0-9]|2[0-3]):[0-5][0-9]))"
-SIWE_ISSUED_AT = "Issued At: (?<issued_at>#{SIWE_DATETIME})"
-SIWE_EXPIRATION_TIME = "(\\nExpiration Time: (?<expiration_time>#{SIWE_DATETIME}))?"
-SIWE_NOT_BEFORE = "(\\nNot Before: (?<not_before>#{SIWE_DATETIME}))?"
-SIWE_REQUEST_ID = "(\\nRequest ID: (?<request_id>[-._~!$&'()*+,;=:@%a-zA-Z0-9]*))?"
-SIWE_RESOURCES = "(\\nResources:(?<resources>(\\n- #{SIWE_URI}?)+))?$"
-
-SIWE_MESSAGE = "#{SIWE_DOMAIN}#{SIWE_ADDRESS}#{SIWE_STATEMENT}#{SIWE_URI_LINE}#{SIWE_VERSION}#{SIWE_CHAIN_ID}"\
-               "#{SIWE_NONCE}#{SIWE_ISSUED_AT}#{SIWE_EXPIRATION_TIME}#{SIWE_NOT_BEFORE}#{SIWE_REQUEST_ID}"\
-               "#{SIWE_RESOURCES}"
-
+DOMAIN = %r{(?<domain>[^/?#]+)}.freeze
+SIWE_DOMAIN = %r{^#{DOMAIN.source} wants you to sign in with your Ethereum account:}.freeze
+
+SIWE_ADDRESS = %r{\n(?<address>0x[a-zA-Z0-9]{40})\n\n}.freeze
+SIWE_STATEMENT = %r{((?<statement>[^\n]+)\n)?}.freeze
+RFC3986 = %r{(([^:?#]+):)?(([^?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?}.freeze
+SIWE_URI_LINE = %r{\nURI: (?<uri>#{RFC3986.source}?)}.freeze
+SIWE_VERSION = %r{\nVersion: (?<version>1)}.freeze
+SIWE_CHAIN_ID = %r{\nChain ID: (?<chain_id>[0-9]+)}.freeze
+SIWE_NONCE = %r{\nNonce: (?<nonce>[a-zA-Z0-9]{8,})}.freeze
+SIWE_DATETIME = %r{([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([+|\-]([01][0-9]|2[0-3]):[0-5][0-9]))}.freeze
+SIWE_ISSUED_AT = %r{\nIssued At: (?<issued_at>#{SIWE_DATETIME.source})}.freeze
+SIWE_EXPIRATION_TIME = %r{(\nExpiration Time: (?<expiration_time>#{SIWE_DATETIME.source}))?}.freeze
+SIWE_NOT_BEFORE = %r{(\nNot Before: (?<not_before>#{SIWE_DATETIME.source}))?}.freeze
+SIWE_REQUEST_ID = %r{(\nRequest ID: (?<request_id>[-._~!$&'()*+,;=:@%a-zA-Z0-9]*))?}.freeze
+SIWE_RESOURCES = %r{(\nResources:(?<resources>(\n- #{RFC3986.source}?)+))?$}.freeze
+
+SIWE_MESSAGE = Regexp.new(SIWE_DOMAIN.source + SIWE_ADDRESS.source + SIWE_STATEMENT.source + SIWE_URI_LINE.source +
+                          SIWE_VERSION.source + SIWE_CHAIN_ID.source + SIWE_NONCE.source + SIWE_ISSUED_AT.source +
+                          SIWE_EXPIRATION_TIME.source + SIWE_NOT_BEFORE.source + SIWE_REQUEST_ID.source +
+                          SIWE_RESOURCES.source)
 module Siwe
   # Class that defines the EIP-4361 message fields and some utility methods to
   # generate/validate the messages
@@ -76,47 +77,41 @@ module Siwe
 
     def initialize(domain, address, uri, version, options = {})
       @domain = domain
-      begin
-        @address = Eth::Address.new(address).to_s
-      rescue StandardError
-        raise Siwe::InvalidAddress
-      end
-      raise Siwe::InvalidAddress unless @address.eql? address
-
+      @address = address
       @uri = uri
       @version = version
       @statement = options.fetch :statement, ""
       @issued_at = options.fetch :issued_at, Time.now.utc.iso8601
       @nonce = options.fetch :nonce, Siwe::Util.generate_nonce
-      @chain_id = options.fetch :chain_id, "1"
+      @chain_id = options.fetch :chain_id, 1
       @expiration_time = options.fetch :expiration_time, ""
       @not_before = options.fetch :not_before, ""
       @request_id = options.fetch :request_id, ""
       @resources = options.fetch :resources, []
+      validate
     end
 
     def self.from_message(msg)
-      if (message = msg.match SIWE_MESSAGE)
-        new(
-          message[:domain],
-          Eth::Address.new(message[:address]).to_s,
-          message[:uri],
-          message[:version],
-          {
-            statement: message[:statement] || "",
-            issued_at: message[:issued_at],
-            nonce: message[:nonce],
-            chain_id: message[:chain_id],
-            expiration_time: message[:expiration_time] || "",
-            not_before: message[:not_before] || "",
-            request_id: message[:request_id] || "",
-            resources: message[:resources]&.split("\n- ")&.drop(1) || []
-          }
-        )
-
-      else
-        throw "Invalid message input."
-      end
+      message = msg.match SIWE_MESSAGE
+
+      raise Siwe::UnableToParseMessage unless message.to_s == msg
+
+      new(
+        message[:domain],
+        message[:address],
+        message[:uri],
+        message[:version],
+        {
+          statement: message[:statement],
+          issued_at: message[:issued_at],
+          nonce: message[:nonce],
+          chain_id: message[:chain_id].to_i,
+          expiration_time: message[:expiration_time],
+          not_before: message[:not_before],
+          request_id: message[:request_id],
+          resources: message[:resources]&.split("\n- ")&.drop(1)
+        }
+      )
     end
 
     def to_json_string
@@ -156,15 +151,62 @@ module Siwe
       )
     end
 
-    def validate(signature)
-      raise Siwe::ExpiredMessage if !@expiration_time.empty? && Time.now.utc > Time.parse(@expiration_time)
-      raise Siwe::NotValidMessage if !@not_before.empty? && Time.now.utc < Time.parse(@not_before)
+    def validate
+      # check domain
+      raise Siwe::InvalidDomain unless @domain.match %r{[^/?#]*} || @domain.empty?
+
+      # check address EIP-55
+      raise Siwe::InvalidAddress unless Eth::Address.new(@address).to_s.eql? @address
+
+      # check uri
+      raise Siwe::InvalidURI unless URI.parse(@uri)
+
+      # check version
+      raise Siwe::InvalidMessageVersion unless @version == "1"
+
+      # check if the nonce is alphanumeric and bigger then 8 characters
+      raise Siwe::InvalidNonce unless @nonce.match(%r{[a-zA-Z0-9]{8,}})
+
+      # check issued_at format
+      begin
+        Time.iso8601(@issued_at)
+      rescue ArgumentError
+        raise Siwe::InvalidTimeFormat, "issued_at"
+      end
+
+      # check exp_time
+      begin
+        Time.iso8601(@expiration_time) unless @expiration_time.nil? || @expiration_time.empty?
+      rescue ArgumentError
+        raise Siwe::InvalidTimeFormat, "expiration_time"
+      end
+
+      # check not_before
+      begin
+        Time.iso8601(@not_before) unless @not_before.nil? || @not_before.empty?
+      rescue ArgumentError
+        raise Siwe::InvalidTimeFormat, "not_before"
+      end
+
+      # check resources
+      raise Siwe::InvalidURI unless @resources.nil? || @resources.empty? || @resources.each { |uri| URI.parse(uri) }
+    end
+
+    def verify(signature, domain, time, nonce)
+      raise Siwe::DomainMismatch unless domain.nil? || domain.eql?(@domain)
+
+      raise Siwe::NonceMismatch unless nonce.nil? || nonce.eql?(@nonce)
+
+      check_time = time.nil? ? Time.now.utc : Time.iso8601(time)
+
+      raise Siwe::ExpiredMessage if (!@expiration_time.nil? && !@expiration_time.empty?) && check_time > Time.iso8601(@expiration_time)
+
+      raise Siwe::NotValidMessage if (!@not_before.nil? && !@not_before.empty?) && check_time < Time.iso8601(@not_before)
 
-      raise Siwe::InvalidSignature if signature.empty?
+      raise Siwe::InvalidSignature if signature.nil? && signature.empty?
 
       raise Siwe::InvalidAddress unless @address.eql?(Eth::Address.new(@address).to_s)
 
-      puts "whatever"
       begin
         pub_key = Eth::Signature.personal_recover prepare_message, signature
         signature_address = Eth::Util.public_key_to_address pub_key
@@ -184,7 +226,7 @@ module Siwe
 
       header = [greeting, address]
 
-      if @statement.empty?
+      if @statement.nil? || @statement.empty?
         header.push "\n"
       else
         header.push statement
@@ -203,7 +245,6 @@ module Siwe
       expiration_time = "Expiration Time: #{@expiration_time}"
       not_before = "Not Before: #{@not_before}"
       request_id = "Request ID: #{@request_id}"
-      resources = "Resources:\n#{@resources.map { |x| "- #{x}" }.join "\n"}"
 
       body.push expiration_time unless @expiration_time.to_s.strip.empty?
 
@@ -211,7 +252,7 @@ module Siwe
 
       body.push request_id unless @request_id.to_s.strip.empty?
 
-      body.push resources unless @resources.empty?
+      body.push "Resources:\n#{@resources.map { |x| "- #{x}" }.join "\n"}" unless @resources.nil? || @resources.empty?
 
       body = body.join "\n"
 

data/lib/siwe/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Siwe
-  VERSION = "1.1.2"
+  VERSION = "2.0.0"
 end

data/lib/siwe.rb

@@ -7,9 +7,17 @@ module Siwe
   autoload :Message, "siwe/message"
   autoload :Util, "siwe/util"
   autoload :ExpiredMessage, "siwe/exceptions"
+  autoload :InvalidDomain, "siwe/exceptions"
+  autoload :DomainMismatch, "siwe/exceptions"
+  autoload :NonceMismatch, "siwe/exceptions"
+  autoload :InvalidAddress, "siwe/exceptions"
+  autoload :InvalidURI, "siwe/exceptions"
+  autoload :InvalidNonce, "siwe/exceptions"
   autoload :NotValidMessage, "siwe/exceptions"
+  autoload :InvalidTimeFormat, "siwe/exceptions"
+  autoload :InvalidMessageVersion, "siwe/exceptions"
   autoload :InvalidSignature, "siwe/exceptions"
-  autoload :InvalidAddress, "siwe/exceptions"
+  autoload :UnableToParseMessage, "siwe/exceptions"
 
   class Error < StandardError; end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: siwe
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 2.0.0
 platform: ruby
 authors:
 - Spruce Systems Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-07 00:00:00.000000000 Z
+date: 2022-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eth