sapphire-contract: Change bearer token type calldata -> memory

oasisprotocol · Nov 25, 2024 · 524837e · 524837e
1 parent 68206d9
commit 524837e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/contracts/contracts/auth/A13e.sol b/contracts/contracts/auth/A13e.sol
@@ -7,11 +7,12 @@ import {SignatureRSV} from "../EthereumUtils.sol";
  * @title Interface for authenticatable contracts
  * @notice This is the interface for universal authentication mechanism (e.g.
  * SIWE):
- * 1. The user-facing app calls login() to generate the bearer token on-chain.
- * 2. Any smart contract method that requires authentication accept this token
- *    as an argument. Then, it passes the token to authMsgSender() to verify it
- *    and obtain the **authenticated** user address. This address can then serve
- *    as a user ID for authorization.
+ * 1. The user-facing app calls `login()` which generates the bearer token
+ *    on-chain.
+ * 2. Any smart contract method that requires authentication takes this token
+ *    as an argument. It passes this token to `authMsgSender()` to verify it
+ *    and obtain the **authenticated** user address. This address can then
+ *    serve as a user ID for authorization.
  */
 abstract contract A13e {
     /// A mapping of revoked bearers. Access it directly or use the checkRevokedBearer modifier.
@@ -23,7 +24,7 @@ abstract contract A13e {
     /**
      * @notice Reverts if the given bearer was revoked
      */
-    modifier checkRevokedBearer(bytes calldata bearer) {
+    modifier checkRevokedBearer(bytes memory bearer) {
         if (_revokedBearers[keccak256(bearer)]) {
             revert RevokedBearer();
         }
@@ -43,7 +44,7 @@ abstract contract A13e {
     /**
      * @notice Validate the bearer token and return authenticated msg.sender.
      */
-    function authMsgSender(bytes calldata bearer)
+    function authMsgSender(bytes memory bearer)
         internal
         view
         virtual

diff --git a/contracts/contracts/auth/SiweAuth.sol b/contracts/contracts/auth/SiweAuth.sol
@@ -16,17 +16,18 @@ struct Bearer {
 /**
  * @title Base contract for SIWE-based authentication
  * @notice Inherit this contract, if you wish to enable SIWE-based
- * authentication for your contract methods that require authenticated calls.
+ * authentication for your contract methods that require authentication.
  * The smart contract needs to be bound to a domain (passed in constructor).
  *
  * #### Example
  *
  * ```solidity
  * contract MyContract is SiweAuth {
  *   address private _owner;
+ *   string private _message;
  *
  *   modifier onlyOwner(bytes calldata bearer) {
- *     if (authMsgSender(bearer) != _owner) {
+ *     if (msg.sender != _owner && authMsgSender(bearer) != _owner) {
  *       revert("not allowed");
  *     }
  *     _;
@@ -37,7 +38,11 @@ struct Bearer {
  *   }
  *
  *   function getSecretMessage(bytes calldata bearer) external view onlyOwner(bearer) returns (string memory) {
- *     return "Very secret message";
+ *     return _message;
+ *   }
+ *
+ *   function setSecretMessage(string calldata message) external onlyOwner("") {
+ *     _message = message;
  *   }
  * }
  * ```
@@ -144,13 +149,16 @@ contract SiweAuth is A13e {
         return _domain;
     }
 
-    function authMsgSender(bytes calldata bearer)
+    function authMsgSender(bytes memory bearer)
         internal
         view
         override
         checkRevokedBearer(bearer)
         returns (address)
     {
+        if (bearer.length == 0) {
+            return address(0);
+        }
         bytes memory bearerEncoded = Sapphire.decrypt(
             _bearerEncKey,
             0,