@dynamic-labs/utils 3.0.0-alpha.55 → 3.0.0-alpha.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +25 -0
  2. package/package.json +4 -4
  3. package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.cjs +13 -3
  4. package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.js +13 -3
package/CHANGELOG.md CHANGED
@@ -1,4 +1,29 @@
1
1
 
2
+ ## [3.0.0-alpha.57](https://github.com/dynamic-labs/DynamicAuth/compare/v3.0.0-alpha.56...v3.0.0-alpha.57) (2024-09-05)
3
+
4
+
5
+ ### Features
6
+
7
+ * add support for headless mfa ([#6802](https://github.com/dynamic-labs/DynamicAuth/issues/6802)) ([1eea60e](https://github.com/dynamic-labs/DynamicAuth/commit/1eea60e4f6acf60a9efa8ae64626d0c72e18a12d))
8
+ * telegram auto login ([#6803](https://github.com/dynamic-labs/DynamicAuth/issues/6803)) ([1123ae4](https://github.com/dynamic-labs/DynamicAuth/commit/1123ae4acfdfc54be8dbfa03cc41cbbd00b4bea4))
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * circular dependency in solana-core and wallet-book ([#6794](https://github.com/dynamic-labs/DynamicAuth/issues/6794)) ([c0d9254](https://github.com/dynamic-labs/DynamicAuth/commit/c0d9254f21c4a847bcf271886997ba61fe077696))
14
+ * fix overriding cosmos wallet methods ([#6799](https://github.com/dynamic-labs/DynamicAuth/issues/6799)) ([ebce93b](https://github.com/dynamic-labs/DynamicAuth/commit/ebce93bab49bb54d320c77a558d0df48eb1ce19a))
15
+ * fix overriding solana wallet methods ([#6798](https://github.com/dynamic-labs/DynamicAuth/issues/6798)) ([6ab57b5](https://github.com/dynamic-labs/DynamicAuth/commit/6ab57b534b04a3824898bbb9df3fc23397e661f3))
16
+ * memoize return of useSwitchWallet ([#6804](https://github.com/dynamic-labs/DynamicAuth/issues/6804)) ([7e96eb2](https://github.com/dynamic-labs/DynamicAuth/commit/7e96eb28ca3809edd89855c4ecb1344f3e9d53bd))
17
+ * phantom wallets error when trying to sync wallet ([#6782](https://github.com/dynamic-labs/DynamicAuth/issues/6782)) ([481e474](https://github.com/dynamic-labs/DynamicAuth/commit/481e4746adf1ebac5584e3c83d1603e5b2e48f8a))
18
+ * remove miss use of hook inside function ([#6795](https://github.com/dynamic-labs/DynamicAuth/issues/6795)) ([35902cf](https://github.com/dynamic-labs/DynamicAuth/commit/35902cfc876e93928cf5baff0313d8b0352c1129))
19
+
20
+ ## [3.0.0-alpha.56](https://github.com/dynamic-labs/DynamicAuth/compare/v3.0.0-alpha.55...v3.0.0-alpha.56) (2024-09-03)
21
+
22
+
23
+ ### Bug Fixes
24
+
25
+ * pass `authCode` for telegram from sdk to `signin` and `verify` calls ([#6777](https://github.com/dynamic-labs/DynamicAuth/issues/6777)) ([43d09dd](https://github.com/dynamic-labs/DynamicAuth/commit/43d09dd3ea82fd13f1c798c0745aa0fef2051f90))
26
+
2
27
  ## [3.0.0-alpha.55](https://github.com/dynamic-labs/DynamicAuth/compare/v3.0.0-alpha.54...v3.0.0-alpha.55) (2024-09-02)
3
28
 
4
29
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dynamic-labs/utils",
3
- "version": "3.0.0-alpha.55",
3
+ "version": "3.0.0-alpha.57",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "git+https://github.com/dynamic-labs/dynamic-auth.git",
@@ -26,10 +26,10 @@
26
26
  "./package.json": "./package.json"
27
27
  },
28
28
  "dependencies": {
29
- "@dynamic-labs/sdk-api-core": "0.0.524",
29
+ "@dynamic-labs/sdk-api-core": "0.0.526",
30
30
  "tldts": "6.0.16",
31
- "@dynamic-labs/logger": "3.0.0-alpha.55",
32
- "@dynamic-labs/types": "3.0.0-alpha.55",
31
+ "@dynamic-labs/logger": "3.0.0-alpha.57",
32
+ "@dynamic-labs/types": "3.0.0-alpha.57",
33
33
  "buffer": "6.0.3",
34
34
  "stream": "0.0.2"
35
35
  },
package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.cjs CHANGED
@@ -87,7 +87,7 @@ const createWindowOauth2Service = () => ({
87
87
  }
88
88
  clearListeners();
89
89
  if (isTelegramCompletedMessage) {
90
- handleTelegramCompletionMessage(message);
90
+ handleTelegramCompletionMessage(message, state);
91
91
  return;
92
92
  }
93
93
  handleAuthorizationMessage(message, provider, state);
@@ -107,11 +107,21 @@ const createWindowOauth2Service = () => ({
107
107
  return;
108
108
  }
109
109
  };
110
- const handleTelegramCompletionMessage = (message) => {
110
+ const handleTelegramCompletionMessage = (message, state) => {
111
111
  logger.logger.debug('Telegram completion message received', {
112
112
  data: message,
113
113
  });
114
- resolve('telegram_completed');
114
+ const { code, state: authState } = message;
115
+ // check that the state we receive from message is the same state we calculated earlier
116
+ // this could be an attack
117
+ if (state !== authState) {
118
+ typedReject({
119
+ code: types.SocialOAuthErrorCode.OAUTH_ERROR,
120
+ message: 'Failed to connect telegram account: Invalid random state',
121
+ });
122
+ return;
123
+ }
124
+ resolve(code);
115
125
  setIsProcessing(false);
116
126
  };
117
127
  const handleAuthorizationMessage = (message, provider, state) => {
package/src/services/Oauth2Service/createWindowOauth2Service/createWindowOauth2Service.js CHANGED
@@ -83,7 +83,7 @@ const createWindowOauth2Service = () => ({
83
83
  }
84
84
  clearListeners();
85
85
  if (isTelegramCompletedMessage) {
86
- handleTelegramCompletionMessage(message);
86
+ handleTelegramCompletionMessage(message, state);
87
87
  return;
88
88
  }
89
89
  handleAuthorizationMessage(message, provider, state);
@@ -103,11 +103,21 @@ const createWindowOauth2Service = () => ({
103
103
  return;
104
104
  }
105
105
  };
106
- const handleTelegramCompletionMessage = (message) => {
106
+ const handleTelegramCompletionMessage = (message, state) => {
107
107
  logger.debug('Telegram completion message received', {
108
108
  data: message,
109
109
  });
110
- resolve('telegram_completed');
110
+ const { code, state: authState } = message;
111
+ // check that the state we receive from message is the same state we calculated earlier
112
+ // this could be an attack
113
+ if (state !== authState) {
114
+ typedReject({
115
+ code: SocialOAuthErrorCode.OAUTH_ERROR,
116
+ message: 'Failed to connect telegram account: Invalid random state',
117
+ });
118
+ return;
119
+ }
120
+ resolve(code);
111
121
  setIsProcessing(false);
112
122
  };
113
123
  const handleAuthorizationMessage = (message, provider, state) => {