From 524837ed8abde3b57e019e2413c62d96fa6364fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matev=C5=BE=20Jekovec?= Date: Fri, 22 Nov 2024 12:23:22 +0100 Subject: [PATCH] sapphire-contract: Change bearer token type calldata -> memory --- contracts/contracts/auth/A13e.sol | 15 ++++++++------- contracts/contracts/auth/SiweAuth.sol | 16 ++++++++++++---- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/contracts/contracts/auth/A13e.sol b/contracts/contracts/auth/A13e.sol index 0c954326..b7426799 100644 --- a/contracts/contracts/auth/A13e.sol +++ b/contracts/contracts/auth/A13e.sol @@ -7,11 +7,12 @@ import {SignatureRSV} from "../EthereumUtils.sol"; * @title Interface for authenticatable contracts * @notice This is the interface for universal authentication mechanism (e.g. * SIWE): - * 1. The user-facing app calls login() to generate the bearer token on-chain. - * 2. Any smart contract method that requires authentication accept this token - * as an argument. Then, it passes the token to authMsgSender() to verify it - * and obtain the **authenticated** user address. This address can then serve - * as a user ID for authorization. + * 1. The user-facing app calls `login()` which generates the bearer token + * on-chain. + * 2. Any smart contract method that requires authentication takes this token + * as an argument. It passes this token to `authMsgSender()` to verify it + * and obtain the **authenticated** user address. This address can then + * serve as a user ID for authorization. */ abstract contract A13e { /// A mapping of revoked bearers. Access it directly or use the checkRevokedBearer modifier. @@ -23,7 +24,7 @@ abstract contract A13e { /** * @notice Reverts if the given bearer was revoked */ - modifier checkRevokedBearer(bytes calldata bearer) { + modifier checkRevokedBearer(bytes memory bearer) { if (_revokedBearers[keccak256(bearer)]) { revert RevokedBearer(); } @@ -43,7 +44,7 @@ abstract contract A13e { /** * @notice Validate the bearer token and return authenticated msg.sender. */ - function authMsgSender(bytes calldata bearer) + function authMsgSender(bytes memory bearer) internal view virtual diff --git a/contracts/contracts/auth/SiweAuth.sol b/contracts/contracts/auth/SiweAuth.sol index 570817dd..7b3f22ad 100644 --- a/contracts/contracts/auth/SiweAuth.sol +++ b/contracts/contracts/auth/SiweAuth.sol @@ -16,7 +16,7 @@ struct Bearer { /** * @title Base contract for SIWE-based authentication * @notice Inherit this contract, if you wish to enable SIWE-based - * authentication for your contract methods that require authenticated calls. + * authentication for your contract methods that require authentication. * The smart contract needs to be bound to a domain (passed in constructor). * * #### Example @@ -24,9 +24,10 @@ struct Bearer { * ```solidity * contract MyContract is SiweAuth { * address private _owner; + * string private _message; * * modifier onlyOwner(bytes calldata bearer) { - * if (authMsgSender(bearer) != _owner) { + * if (msg.sender != _owner && authMsgSender(bearer) != _owner) { * revert("not allowed"); * } * _; @@ -37,7 +38,11 @@ struct Bearer { * } * * function getSecretMessage(bytes calldata bearer) external view onlyOwner(bearer) returns (string memory) { - * return "Very secret message"; + * return _message; + * } + * + * function setSecretMessage(string calldata message) external onlyOwner("") { + * _message = message; * } * } * ``` @@ -144,13 +149,16 @@ contract SiweAuth is A13e { return _domain; } - function authMsgSender(bytes calldata bearer) + function authMsgSender(bytes memory bearer) internal view override checkRevokedBearer(bearer) returns (address) { + if (bearer.length == 0) { + return address(0); + } bytes memory bearerEncoded = Sapphire.decrypt( _bearerEncKey, 0,