npm - @dynamic-labs/utils - Versions diffs - 3.0.0-alpha.55 → 3.0.0-alpha.56 - Mend

@dynamic-labs/utils 3.0.0-alpha.55 → 3.0.0-alpha.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,11 @@
+## [3.0.0-alpha.56](https://github.com/dynamic-labs/DynamicAuth/compare/v3.0.0-alpha.55...v3.0.0-alpha.56) (2024-09-03)
+### Bug Fixes
+* pass `authCode` for telegram from sdk to `signin` and `verify` calls ([#6777](https://github.com/dynamic-labs/DynamicAuth/issues/6777)) ([43d09dd](https://github.com/dynamic-labs/DynamicAuth/commit/43d09dd3ea82fd13f1c798c0745aa0fef2051f90))
 ## [3.0.0-alpha.55](https://github.com/dynamic-labs/DynamicAuth/compare/v3.0.0-alpha.54...v3.0.0-alpha.55) (2024-09-02)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dynamic-labs/utils",
-  "version": "3.0.0-alpha.55",
+  "version": "3.0.0-alpha.56",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/dynamic-labs/dynamic-auth.git",
@@ -26,10 +26,10 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@dynamic-labs/sdk-api-core": "0.0.524",
+    "@dynamic-labs/sdk-api-core": "0.0.525",
     "tldts": "6.0.16",
-    "@dynamic-labs/logger": "3.0.0-alpha.55",
-    "@dynamic-labs/types": "3.0.0-alpha.55",
+    "@dynamic-labs/logger": "3.0.0-alpha.56",
+    "@dynamic-labs/types": "3.0.0-alpha.56",
     "buffer": "6.0.3",
     "stream": "0.0.2"
   },

package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.cjs CHANGED Viewed

@@ -87,7 +87,7 @@ const createWindowOauth2Service = () => ({
             }
             clearListeners();
             if (isTelegramCompletedMessage) {
-                handleTelegramCompletionMessage(message);
+                handleTelegramCompletionMessage(message, state);
                 return;
             }
             handleAuthorizationMessage(message, provider, state);
@@ -107,11 +107,21 @@ const createWindowOauth2Service = () => ({
                 return;
             }
         };
-        const handleTelegramCompletionMessage = (message) => {
+        const handleTelegramCompletionMessage = (message, state) => {
             logger.logger.debug('Telegram completion message received', {
                 data: message,
             });
-            resolve('telegram_completed');
+            const { code, state: authState } = message;
+            // check that the state we receive from message is the same state we calculated earlier
+            // this could be an attack
+            if (state !== authState) {
+                typedReject({
+                    code: types.SocialOAuthErrorCode.OAUTH_ERROR,
+                    message: 'Failed to connect telegram account: Invalid random state',
+                });
+                return;
+            }
+            resolve(code);
             setIsProcessing(false);
         };
         const handleAuthorizationMessage = (message, provider, state) => {

package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.js CHANGED Viewed

@@ -83,7 +83,7 @@ const createWindowOauth2Service = () => ({
             }
             clearListeners();
             if (isTelegramCompletedMessage) {
-                handleTelegramCompletionMessage(message);
+                handleTelegramCompletionMessage(message, state);
                 return;
             }
             handleAuthorizationMessage(message, provider, state);
@@ -103,11 +103,21 @@ const createWindowOauth2Service = () => ({
                 return;
             }
         };
-        const handleTelegramCompletionMessage = (message) => {
+        const handleTelegramCompletionMessage = (message, state) => {
             logger.debug('Telegram completion message received', {
                 data: message,
             });
-            resolve('telegram_completed');
+            const { code, state: authState } = message;
+            // check that the state we receive from message is the same state we calculated earlier
+            // this could be an attack
+            if (state !== authState) {
+                typedReject({
+                    code: SocialOAuthErrorCode.OAUTH_ERROR,
+                    message: 'Failed to connect telegram account: Invalid random state',
+                });
+                return;
+            }
+            resolve(code);
             setIsProcessing(false);
         };
         const handleAuthorizationMessage = (message, provider, state) => {