diff --git a/Sources/Auth/Services/App/AuthRespondSubscriber.swift b/Sources/Auth/Services/App/AuthRespondSubscriber.swift index 95c42bb12c..3419fb15c8 100644 --- a/Sources/Auth/Services/App/AuthRespondSubscriber.swift +++ b/Sources/Auth/Services/App/AuthRespondSubscriber.swift @@ -30,7 +30,8 @@ class AuthRespondSubscriber { guard let requestId = subscriptionPayload.request.id, let request = rpcHistory.get(recordId: requestId)?.request, - request.method == "wc_authRequest" else { return } + let requestParams = request.params, request.method == "wc_authRequest" + else { return } networkingInteractor.unsubscribe(topic: subscriptionPayload.topic) @@ -39,14 +40,19 @@ class AuthRespondSubscriber { return logger.debug("Malformed auth response params") } + let requestPayload = try requestParams.get(AuthRequestParams.self) let address = try DIDPKH(iss: cacao.payload.iss).account.address - let payload = AuthPayload(payload: cacao.payload) - let message = messageFormatter.formatMessage(from: payload, address: address) + let message = try messageFormatter.formatMessage(from: cacao.payload) + let originalMessage = messageFormatter.formatMessage(from: requestPayload.payloadParams, address: address) + + guard originalMessage == message else { + return logger.debug("Original message compromised") + } try signatureVerifier.verify( signature: cacao.signature.s, message: message, - address: cacao.payload.iss + address: address ) onResponse?(requestId, cacao) } catch { diff --git a/Sources/Auth/Services/Common/SIWEMessageFormatter.swift b/Sources/Auth/Services/Common/SIWEMessageFormatter.swift index 1861e28082..64f6a6ced2 100644 --- a/Sources/Auth/Services/Common/SIWEMessageFormatter.swift +++ b/Sources/Auth/Services/Common/SIWEMessageFormatter.swift @@ -3,22 +3,44 @@ import WalletConnectUtils protocol SIWEMessageFormatting { func formatMessage(from authPayload: AuthPayload, address: String) -> String + func formatMessage(from payload: CacaoPayload) throws -> String } struct SIWEMessageFormatter: SIWEMessageFormatting { - func formatMessage(from authPayload: AuthPayload, address: String) -> String { - SIWEMessage(domain: authPayload.domain, - uri: authPayload.aud, + func formatMessage(from payload: AuthPayload, address: String) -> String { + let message = SIWEMessage(domain: payload.domain, + uri: payload.aud, address: address, - version: authPayload.version, - nonce: authPayload.nonce, - chainId: authPayload.chainId, - iat: authPayload.iat, - nbf: authPayload.nbf, - exp: authPayload.exp, - statement: authPayload.statement, - requestId: authPayload.requestId, - resources: authPayload.resources).formatted + version: payload.version, + nonce: payload.nonce, + chainId: payload.chainId, + iat: payload.iat, + nbf: payload.nbf, + exp: payload.exp, + statement: payload.statement, + requestId: payload.requestId, + resources: payload.resources + ) + return message.formatted + } + + func formatMessage(from payload: CacaoPayload) throws -> String { + let address = try DIDPKH(iss: payload.iss).account.address + let message = SIWEMessage( + domain: payload.domain, + uri: payload.aud, + address: address, + version: payload.version, + nonce: payload.nonce, + chainId: "1", + iat: payload.iat, + nbf: payload.nbf, + exp: payload.exp, + statement: payload.statement, + requestId: payload.requestId, + resources: payload.resources + ) + return message.formatted } } diff --git a/Sources/Auth/Services/Signer/MessageSigner.swift b/Sources/Auth/Services/Signer/MessageSigner.swift index 6ae159058f..a00c9cd0c3 100644 --- a/Sources/Auth/Services/Signer/MessageSigner.swift +++ b/Sources/Auth/Services/Signer/MessageSigner.swift @@ -4,11 +4,11 @@ protocol MessageSignatureVerifying { func verify(signature: String, message: String, address: String) throws } -protocol MessageSignatureSigning { +protocol MessageSigning { func sign(message: String, privateKey: Data) throws -> String } -struct MessageSigner: MessageSignatureVerifying & MessageSignatureSigning { +struct MessageSigner: MessageSignatureVerifying & MessageSigning { enum Errors: Error { case signatureValidationFailed diff --git a/Sources/Auth/Types/AuthPayload.swift b/Sources/Auth/Types/AuthPayload.swift index 43332b81e4..35a4b23386 100644 --- a/Sources/Auth/Types/AuthPayload.swift +++ b/Sources/Auth/Types/AuthPayload.swift @@ -28,19 +28,4 @@ struct AuthPayload: Codable, Equatable { self.requestId = requestParams.requestId self.resources = requestParams.resources } - - init(payload: CacaoPayload) { - self.type = "eip4361" - self.chainId = "1" // TODO: Check this! - self.domain = payload.domain - self.aud = payload.aud - self.version = payload.version - self.nonce = payload.nonce - self.iat = payload.iat - self.nbf = payload.nbf - self.exp = payload.exp - self.statement = payload.statement - self.requestId = payload.requestId - self.resources = payload.resources - } } diff --git a/Tests/AuthTests/Mocks/SIWEMessageFormatterMock.swift b/Tests/AuthTests/Mocks/SIWEMessageFormatterMock.swift index bce7c4824f..086ebba3ce 100644 --- a/Tests/AuthTests/Mocks/SIWEMessageFormatterMock.swift +++ b/Tests/AuthTests/Mocks/SIWEMessageFormatterMock.swift @@ -3,7 +3,12 @@ import Foundation class SIWEMessageFormatterMock: SIWEMessageFormatting { var formattedMessage: String! + func formatMessage(from authPayload: AuthPayload, address: String) -> String { return formattedMessage } + + func formatMessage(from payload: CacaoPayload) throws -> String { + return formattedMessage + } }