From 3f0b00ad4ed123c069703f67731f016f4b465678 Mon Sep 17 00:00:00 2001 From: nsjames Date: Wed, 19 Dec 2018 06:16:31 +0200 Subject: [PATCH] expanding auth system --- package.json | 2 +- .../panels/settings/SettingsGeneral.vue | 6 +++--- src/services/ApiService.js | 16 +++++++++++++--- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 0821b959..15113572 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "scatter", - "version": "10.0.2", + "version": "10.0.3", "description": "Scatter Desktop Companion", "private": true, "main": "electron.js", diff --git a/src/components/panels/settings/SettingsGeneral.vue b/src/components/panels/settings/SettingsGeneral.vue index e9326a93..225bc498 100644 --- a/src/components/panels/settings/SettingsGeneral.vue +++ b/src/components/panels/settings/SettingsGeneral.vue @@ -10,8 +10,8 @@ :red="needsUpdate" v-on:clicked="openUpdateLink" :text="needsUpdate - ? locale(langKeys.SETTINGS.GENERAL.UpdateAvailable) - : locale(langKeys.SETTINGS.GENERAL.NoUpdateAvailable)" + ? locale(langKeys.SETTINGS.GENERAL.UpdateAvailable) + : locale(langKeys.SETTINGS.GENERAL.NoUpdateAvailable)" /> @@ -74,7 +74,7 @@ }, mounted(){ UpdateService.needsUpdateNoPrompt().then(needsUpdate => { - this.needsUpdate = needsUpdate ? needsUpdate.url : false; + this.needsUpdate = !!needsUpdate; }) }, methods: { diff --git a/src/services/ApiService.js b/src/services/ApiService.js index 06aaadcb..d63c5213 100644 --- a/src/services/ApiService.js +++ b/src/services/ApiService.js @@ -408,16 +408,26 @@ export default class ApiService { if(!request.payload.hasOwnProperty('nonce')) return resolve({id:request, result:nonceError}); if(request.payload.nonce.length !== 12) return resolve({id:request, result:nonceError}); + const publicKey = request.payload.hasOwnProperty('publicKey') && request.payload.publicKey && request.payload.publicKey.length + ? request.payload.publicKey + : identity.publicKey; + + const keypair = KeyPairService.getKeyPairFromPublicKey(publicKey); + if(!keypair) return resolve({id:request.id, result:Error.noKeypair()}); + + const isHash = request.payload.hasOwnProperty('data') && request.payload.data && request.payload.data.length; + const toSign = isHash ? request.payload.data : origin; + // Prevention of origins being able to send data buffers to be // signed by the identity which could change to a real balance holding // key in the future. const data = Hasher.unsaltedQuickHash( - Hasher.unsaltedQuickHash(request.payload.origin) + + Hasher.unsaltedQuickHash(toSign) + Hasher.unsaltedQuickHash(request.payload.nonce) ); const plugin = PluginRepository.plugin(Blockchains.EOSIO); - const signed = await plugin.signer({data}, identity.publicKey, true); + const signed = await plugin.signer({data}, publicKey, true, !!isHash); resolve({id:request.id, result:signed}); }) } @@ -441,7 +451,7 @@ export default class ApiService { network = store.state.scatter.settings.networks.find(x => x.unique() === Network.fromJson(network).unique()); if(!network) return resolve({id:request.id, result:Error.noNetwork()}); - const keypair = scatter.keychain.keypairs.find(x => x.publicKeys.some(x => x.key === account.publicKey)); + const keypair = scatter.keychain.keypairs.find(x => x.publicKeys.some(y => y.key === account.publicKey)); if(!keypair) return resolve({id:request.id, result:Error.noKeypair()}); const newAccount = Account.fromJson({