@devtion/devcli 0.0.0-dev → 0.0.0-e312890

package/src/commands/authBandada.ts

@@ -0,0 +1,120 @@
+import { Identity } from "@semaphore-protocol/identity"
+
+import { commonTerms } from "@devtion/actions"
+import { httpsCallable } from "firebase/functions"
+import { groth16 } from "snarkjs"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import prompts from "prompts"
+import { getLocalDirname } from "../lib/files.js"
+import theme from "../lib/theme.js"
+import { customSpinner } from "../lib/utils.js"
+import { VerifiedBandadaResponse } from "../types/index.js"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import { addMemberToGroup, isGroupMember } from "../lib/bandada.js"
+import {
+    checkLocalBandadaIdentity,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    deleteLocalBandadaIdentity,
+    getLocalBandadaIdentity,
+    setLocalAccessToken,
+    setLocalAuthMethod,
+    setLocalBandadaIdentity
+} from "../lib/localConfigs.js"
+
+const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env
+
+const authBandada = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`)
+        spinner.start()
+        // 1. check if _identity string exists in local storage
+        let identityString: string | unknown
+        const isIdentityStringStored = checkLocalBandadaIdentity()
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity()
+            spinner.succeed(`Identity seed found\n`)
+        } else {
+            spinner.warn(`Identity seed not found\n`)
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            })
+            identityString = seed as string
+            setLocalBandadaIdentity(identityString as string)
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString as string)
+
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`)
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity)
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity)
+        }
+
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`
+        spinner.start()
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+
+        const initDirectoryName = getLocalDirname()
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName
+
+        const { proof, publicSignals } = await groth16.fullProve(
+            {
+                identityTrapdoor: identity.trapdoor,
+                identityNullifier: identity.nullifier,
+                externalNullifier: BANDADA_GROUP_ID
+            },
+            `${directoryName}/public/mini-semaphore.wasm`,
+            `${directoryName}/public/mini-semaphore.zkey`
+        )
+        spinner.succeed(`Proof generated.\n`)
+        spinner.text = `Sending proof to verification...`
+        spinner.start()
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof)
+        const result = await cf({
+            proof,
+            publicSignals
+        })
+        const { valid, token, message } = result.data as VerifiedBandadaResponse
+        if (!valid) {
+            showError(message, true)
+            deleteLocalAuthMethod()
+            deleteLocalAccessToken()
+            deleteLocalBandadaIdentity()
+        }
+        spinner.succeed(`Proof verified.\n`)
+        spinner.text = `Authenticating...`
+        spinner.start()
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        setLocalAuthMethod("bandada")
+        setLocalAccessToken(token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+        deleteLocalBandadaIdentity()
+    }
+
+    process.exit(0)
+}
+
+export default authBandada

package/src/commands/authSIWE.ts

@@ -0,0 +1,185 @@
+import open from "open"
+import figlet from "figlet"
+import clipboard from "clipboardy"
+import fetch from "node-fetch"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import { httpsCallable } from "firebase/functions"
+import { commonTerms } from "@devtion/actions"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import theme from "../lib/theme.js"
+import { customSpinner, sleep } from "../lib/utils.js"
+import { CheckNonceOfSIWEAddressResponse, OAuthDeviceCodeResponse, OAuthTokenResponse } from "../types/index.js"
+import {
+    checkLocalAccessToken,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    getLocalAccessToken,
+    setLocalAccessToken,
+    setLocalAuthMethod
+} from "../lib/localConfigs.js"
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode: OAuthDeviceCodeResponse) => {
+    // Copy code to clipboard.
+    let noClipboard = false
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code)
+        clipboard.readSync()
+    } catch (error) {
+        noClipboard = true
+    }
+    // Display data.
+    console.log(
+        `${theme.symbols.warning} Visit ${theme.text.bold(
+            theme.text.underlined(OAuthDeviceCode.verification_uri_complete)
+        )} on this device to generate a new token and authenticate\n`
+    )
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n")
+
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``
+    console.log(
+        `${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${
+            theme.symbols.success
+        }\n`
+    )
+    const spinner = customSpinner(`Redirecting to Sign In With Ethereum...`, `clock`)
+    spinner.start()
+    await sleep(10000) // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri_complete)
+    } catch (error: any) {
+        console.log(
+            `${theme.symbols.info} Please authenticate via SIWE at ${OAuthDeviceCode.verification_uri_complete}`
+        )
+    }
+    spinner.stop()
+}
+
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId: string, firebaseFunctions: any): Promise<string> => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json())) as OAuthDeviceCodeResponse
+    if (OAuthDeviceCode.error) {
+        showError(OAuthDeviceCode.error_description, true)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+    await showVerificationCodeAndUri(OAuthDeviceCode)
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false
+    let isExpired = false
+    let auth0Token = ""
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json())) as OAuthTokenResponse
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000)
+            } else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2)
+            } else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true
+            }
+        } else {
+            // The user signed in
+            isSignedIn = true
+            auth0Token = OAuthToken.access_token
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress)
+    const result = await cf({
+        auth0Token
+    })
+    const { token, valid, message } = result.data as CheckNonceOfSIWEAddressResponse
+    if (!valid) {
+        showError(message, true)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+    return token
+}
+
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        // Console more context for the user.
+        console.log(
+            `${theme.symbols.info} ${theme.text.bold(
+                `You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`
+            )}\n`
+        )
+        const spinner = customSpinner(`Checking authentication token...`, `clock`)
+        spinner.start()
+        await sleep(5000)
+
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken()
+
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`)
+
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions)
+
+            // Store the new access token.
+            setLocalAuthMethod("siwe")
+            setLocalAccessToken(newToken)
+        } else spinner.succeed(`Local authentication token found\n`)
+
+        // Get access token from local store.
+        const token = String(getLocalAccessToken())
+
+        spinner.text = `Authenticating...`
+        spinner.start()
+
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+        process.exit(0)
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+}
+
+export default authSIWE

package/src/commands/ceremony/index.ts

@@ -0,0 +1,20 @@
+import { Command } from "commander"
+import listParticipants from "./listParticipants.js"
+
+const setCeremonyCommands = (program: Command) => {
+    const ceremony = program.command("ceremony").description("manage ceremonies")
+
+    ceremony
+        .command("participants")
+        .description("retrieve participants list of a ceremony")
+        .requiredOption(
+            "-c, --ceremony <string>",
+            "the prefix of the ceremony you want to retrieve information about",
+            ""
+        )
+        .action(listParticipants)
+
+    return ceremony
+}
+
+export default setCeremonyCommands

package/src/commands/ceremony/listParticipants.ts

@@ -0,0 +1,56 @@
+import { collection, doc, getDocs } from "firebase/firestore"
+import { ParticipantDocument, UserDocument, commonTerms, getAllCeremonies } from "@devtion/actions"
+import theme from "../../lib/theme.js"
+import { bootstrapCommandExecutionAndServices } from "../../lib/services.js"
+import { showError } from "../../lib/errors.js"
+import { promptForCeremonySelection } from "../../lib/prompts.js"
+
+const listParticipants = async () => {
+    try {
+        const { firestoreDatabase } = await bootstrapCommandExecutionAndServices()
+
+        const allCeremonies = await getAllCeremonies(firestoreDatabase)
+        const selectedCeremony = await promptForCeremonySelection(
+            allCeremonies,
+            true,
+            "Which ceremony would you like to see participants?"
+        )
+
+        const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id)
+        const participantsRef = collection(docRef, "participants")
+        const participantsSnapshot = await getDocs(participantsRef)
+        const participants = participantsSnapshot.docs.map(
+            (participantDoc) => participantDoc.data() as ParticipantDocument
+        )
+
+        const usersRef = collection(firestoreDatabase, "users")
+        const usersSnapshot = await getDocs(usersRef)
+        const users = usersSnapshot.docs.map((userDoc) => {
+            const data = userDoc.data() as UserDocument
+            return { id: userDoc.id, ...data }
+        })
+
+        const participantDetails = participants
+            .map((participant) => {
+                const user = users.find((_user) => _user.id === participant.userId)
+                if (!user) return null
+                return {
+                    id: user.name,
+                    status: participant.status,
+                    contributionStep: participant.contributionStep,
+                    lastUpdated: new Date(participant.lastUpdated)
+                }
+            })
+            .filter((user) => user !== null)
+
+        const participantsDone = participantDetails.filter((participant) => participant.status === "DONE")
+        console.log(participantDetails)
+        console.log(`${theme.text.underlined("Total participants:")} ${participantDetails.length}`)
+        console.log(`${theme.text.underlined("Total participants finished:")} ${participantsDone.length}`)
+    } catch (err: any) {
+        showError(`Something went wrong: ${err.toString()}`, true)
+    }
+    process.exit(0)
+}
+
+export default listParticipants

package/src/commands/contribute.ts

@@ -22,7 +22,7 @@ import {
     generateValidContributionsAttestation,
     commonTerms,
     convertToDoubleDigits
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { DocumentSnapshot, DocumentData, Firestore, onSnapshot, Timestamp } from "firebase/firestore"
 import { Functions } from "firebase/functions"
 import open from "open"
@@ -40,8 +40,8 @@ import {
     estimateParticipantFreeGlobalDiskSpace
 } from "../lib/utils.js"
 import { COMMAND_ERRORS, showError } from "../lib/errors.js"
-import { bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
-import { getAttestationLocalFilePath, localPaths } from "../lib/localConfigs.js"
+import { authWithToken, bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
+import { getAttestationLocalFilePath, getLocalAuthMethod, localPaths } from "../lib/localConfigs.js"
 import theme from "../lib/theme.js"
 import { checkAndMakeNewDirectoryIfNonexistent, writeFile } from "../lib/files.js"
 
@@ -281,12 +281,12 @@ export const handleDiskSpaceRequirementForNextContribution = async (
             )} since is based on the aggregate free memory on your disks but some may not be detected!\n`
         )
 
-        const { confirmation } = await askForConfirmation(
+        const { confirmationEnoughMemory } = await askForConfirmation(
             `Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`,
             "Continue",
             "Exit"
         )
-        wannaContributeOrHaveEnoughMemory = !!confirmation
+        wannaContributeOrHaveEnoughMemory = !!confirmationEnoughMemory
 
         if (circuitSequencePosition > 1) {
             console.log(
@@ -419,14 +419,19 @@ export const handlePublicAttestation = async (
 
     await sleep(1000) // workaround for file descriptor unexpected close.
 
-    const gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix)
-
-    console.log(
-        `\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(
-            theme.text.underlined(gistUrl)
-        )})`
-    )
+    let gistUrl = ""
+    const isGithub = getLocalAuthMethod() === "github"
+    if (isGithub) {
+        gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix)
 
+        console.log(
+            `\n${
+                theme.symbols.info
+            } Your public attestation has been successfully posted as Github Gist (${theme.text.bold(
+                theme.text.underlined(gistUrl)
+            )})`
+        )
+    }
     // Prepare a ready-to-share tweet.
     await handleTweetGeneration(ceremonyName, gistUrl)
 }
@@ -514,6 +519,8 @@ export const listenToCeremonyCircuitDocumentChanges = (
     })
 }
 
+let contributionInProgress = false
+
 /**
  * Listen to current authenticated participant document changes.
  * @dev this is the core business logic related to the execution of the contribute command.
@@ -706,6 +713,12 @@ export const listenToParticipantDocumentChanges = async (
 
             // Scenario (3.B).
             if (isCurrentContributor && hasResumableStep && startingOrResumingContribution) {
+                if (contributionInProgress) {
+                    console.warn(
+                        `\n${theme.symbols.warning} Received instruction to start/resume contribution but contribution is already in progress...[skipping]`
+                    )
+                    return
+                }
                 // Communicate resume / start of the contribution to participant.
                 await simpleLoader(
                     `${
@@ -715,17 +728,24 @@ export const listenToParticipantDocumentChanges = async (
                     3000
                 )
 
-                // Start / Resume the contribution for the participant.
-                await handleStartOrResumeContribution(
-                    cloudFunctions,
-                    firestoreDatabase,
-                    ceremony,
-                    circuit,
-                    participant,
-                    entropy,
-                    providerUserId,
-                    false // not finalizing.
-                )
+                try {
+                    contributionInProgress = true
+
+                    // Start / Resume the contribution for the participant.
+                    await handleStartOrResumeContribution(
+                        cloudFunctions,
+                        firestoreDatabase,
+                        ceremony,
+                        circuit,
+                        participant,
+                        entropy,
+                        providerUserId,
+                        false, // not finalizing.
+                        circuits.length
+                    )
+                } finally {
+                    contributionInProgress = false
+                }
             }
             // Scenario (3.A).
             else if (isWaitingForContribution)
@@ -810,7 +830,9 @@ export const listenToParticipantDocumentChanges = async (
                     await getLatestVerificationResult(firestoreDatabase, ceremony.id, circuit.id, participant.id)
 
                 // Get next circuit for contribution.
-                const nextCircuit = timeoutExpired ? getCircuitBySequencePosition(circuits, changedContributionProgress) : getCircuitBySequencePosition(circuits, changedContributionProgress + 1)
+                const nextCircuit = timeoutExpired
+                    ? getCircuitBySequencePosition(circuits, changedContributionProgress)
+                    : getCircuitBySequencePosition(circuits, changedContributionProgress + 1)
 
                 // Check disk space requirements for participant.
                 const wannaGenerateAttestation = await handleDiskSpaceRequirementForNextContribution(
@@ -891,12 +913,13 @@ export const listenToParticipantDocumentChanges = async (
 const contribute = async (opt: any) => {
     const { firebaseApp, firebaseFunctions, firestoreDatabase } = await bootstrapCommandExecutionAndServices()
 
-    // Check for authentication.
-    const { user, providerUserId, token } = await checkAuth(firebaseApp)
-
     // Get options.
     const ceremonyOpt = opt.ceremony
     const entropyOpt = opt.entropy
+    const { auth } = opt
+
+    // Check for authentication.
+    const { user, providerUserId, token } = auth ? await authWithToken(firebaseApp, auth) : await checkAuth(firebaseApp)
 
     // Prepare data.
     let selectedCeremony: FirebaseDocumentInfo
@@ -934,7 +957,11 @@ const contribute = async (opt: any) => {
         } else selectedCeremony = selectedCeremonyDocument.at(0)
     } else {
         // Prompt the user to select a ceremony from the opened ones.
-        selectedCeremony = await promptForCeremonySelection(ceremoniesOpenedForContributions, false)
+        selectedCeremony = await promptForCeremonySelection(
+            ceremoniesOpenedForContributions,
+            false,
+            "Which ceremony would you like to contribute to?"
+        )
     }
 
     // Get selected ceremony circuit(s) documents.
@@ -948,7 +975,7 @@ const contribute = async (opt: any) => {
     const userData = userDoc.data()
     if (!userData) {
         spinner.fail(
-            `Unfortunately we could not find a user document with your information. This likely means that you did not pass the GitHub reputation checks and therefore are not elegible to contribute to any ceremony. Please contact the coordinator if you believe this to be an error.`
+            `Unfortunately we could not find a user document with your information. This likely means that you did not pass the GitHub reputation checks and therefore are not eligible to contribute to any ceremony. If you believe you pass the requirements, it might be possible that your profile is private and we were not able to fetch your real statistics, in this case please consider making your profile public for the duration of the contribution. Please contact the coordinator if you believe this to be an error.`
         )
         process.exit(0)
     }

package/src/commands/finalize.ts

@@ -22,7 +22,7 @@ import {
     exportVerifierContract,
     FirebaseDocumentInfo,
     exportVkey
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { Functions } from "firebase/functions"
 import { Firestore } from "firebase/firestore"
 import { dirname } from "path"
@@ -36,9 +36,9 @@ import {
     sleep,
     terminate
 } from "../lib/utils.js"
-import { bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
+import { authWithToken, bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
 import {
-    getAttestationLocalFilePath,
+    getFinalAttestationLocalFilePath,
     getFinalZkeyLocalFilePath,
     getVerificationKeyLocalFilePath,
     getVerifierContractLocalFilePath,
@@ -74,7 +74,7 @@ export const handleVerificationKey = async (
     // Write the verification key locally.
     writeLocalJsonFile(verificationKeyLocalFilePath, vKey)
 
-    await sleep(3000) // workaound for file descriptor.
+    await sleep(3000) // workaround for file descriptor.
 
     // Upload verification key to storage.
     await multiPartUpload(
@@ -112,7 +112,7 @@ export const handleVerifierSmartContract = async (
         ? `${dirname(
               fileURLToPath(import.meta.url)
           )}/../../../../node_modules/snarkjs/templates/verifier_groth16.sol.ejs`
-        : `${dirname(fileURLToPath(import.meta.url))}/../../../node_modules/snarkjs/templates/verifier_groth16.sol.ejs`
+        : `${dirname(fileURLToPath(import.meta.url))}/../node_modules/snarkjs/templates/verifier_groth16.sol.ejs`
 
     // Export the Solidity verifier smart contract.
     const verifierCode = await exportVerifierContract(finalZkeyLocalFilePath, verifierPath)
@@ -122,7 +122,7 @@ export const handleVerifierSmartContract = async (
     // Write the verification key locally.
     writeFile(verifierContractLocalFilePath, verifierCode)
 
-    await sleep(3000) // workaound for file descriptor.
+    await sleep(3000) // workaround for file descriptor.
 
     // Upload verifier smart contract to storage.
     await multiPartUpload(
@@ -152,6 +152,7 @@ export const handleVerifierSmartContract = async (
  * @param participant <FirebaseDocumentInfo> - the Firestore document of the participant (coordinator).
  * @param beacon <string> - the value used to compute the final contribution while finalizing the ceremony.
  * @param coordinatorIdentifier <string> - the identifier of the coordinator.
+ * @param circuitsLength <number> - the number of circuits in the ceremony.
  */
 export const handleCircuitFinalization = async (
     cloudFunctions: Functions,
@@ -160,7 +161,8 @@ export const handleCircuitFinalization = async (
     circuit: FirebaseDocumentInfo,
     participant: FirebaseDocumentInfo,
     beacon: string,
-    coordinatorIdentifier: string
+    coordinatorIdentifier: string,
+    circuitsLength: number
 ) => {
     // Step (1).
     await handleStartOrResumeContribution(
@@ -171,10 +173,11 @@ export const handleCircuitFinalization = async (
         participant,
         computeSHA256ToHex(beacon),
         coordinatorIdentifier,
-        true
+        true,
+        circuitsLength
     )
 
-    await sleep(2000) // workaound for descriptors.
+    await sleep(2000) // workaround for descriptors.
 
     // Extract data.
     const { prefix: circuitPrefix } = circuit.data
@@ -241,11 +244,16 @@ export const handleCircuitFinalization = async (
  * @dev For proper execution, the command requires the coordinator to be authenticated with a GitHub account (run auth command first) in order to
  * handle sybil-resistance and connect to GitHub APIs to publish the gist containing the final public attestation.
  */
-const finalize = async () => {
+const finalize = async (opt: any) => {
     const { firebaseApp, firebaseFunctions, firestoreDatabase } = await bootstrapCommandExecutionAndServices()
 
     // Check for authentication.
-    const { user, providerUserId, token: coordinatorAccessToken } = await checkAuth(firebaseApp)
+    const { auth } = opt
+    const {
+        user,
+        providerUserId,
+        token: coordinatorAccessToken
+    } = auth ? await authWithToken(firebaseApp, auth) : await checkAuth(firebaseApp)
 
     // Preserve command execution only for coordinators.
     if (!(await isCoordinator(user))) showError(COMMAND_ERRORS.COMMAND_NOT_COORDINATOR, true)
@@ -261,7 +269,11 @@ const finalize = async () => {
     )
 
     // Prompt for ceremony selection.
-    const selectedCeremony = await promptForCeremonySelection(ceremoniesClosedForFinalization, true)
+    const selectedCeremony = await promptForCeremonySelection(
+        ceremoniesClosedForFinalization,
+        true,
+        "Which ceremony would you like to finalize?"
+    )
 
     // Get coordinator participant document.
     let participant = await getDocumentById(
@@ -306,7 +318,8 @@ const finalize = async () => {
             circuit,
             participant,
             beacon,
-            providerUserId
+            providerUserId,
+            circuits.length
         )
 
     process.stdout.write(`\n`)
@@ -344,7 +357,7 @@ const finalize = async () => {
 
     // Write public attestation locally.
     writeFile(
-        getAttestationLocalFilePath(
+        getFinalAttestationLocalFilePath(
             `${prefix}_${finalContributionIndex}_${commonTerms.foldersAndPathsTerms.attestation}.log`
         ),
         Buffer.from(publicAttestation)