Class: OmniAuth::Strategies::Ethereum

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth-ethereum.rb

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject 



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/omniauth-ethereum.rb', line 42

def callback_phase
  address = request.params['eth_address'].downcase
  message = request.params['eth_message']
  signature = request.params['eth_signature']
  signature_pubkey = Eth::Key.personal_recover message, signature
  signature_address = (Eth::Utils.public_key_to_address signature_pubkey).downcase

  unix_time = message.scan(/\d+/).first.to_i
  ten_min = 10 * 60
  return fail!(:invalid_time) unless unix_time + ten_min >= now && unix_time - ten_min <= now

  return fail!(:invalid_credentials) unless signature_address == address

  super
end

#request_phaseObject 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/omniauth-ethereum.rb', line 20

def request_phase
  form = OmniAuth::Form.new :title => 'Ethereum Authentication', :url => callback_path
  options.fields.each do |field|

    # these fields are read-only and will be filled by javascript in the process
    if field == :eth_message
      form.html("<input type='hidden' id='eth_message' name='eth_message' value='#{now}' />")
    else
      form.html("<input type='hidden' id='#{field.to_s}' name='#{field.to_s}' />")
    end
  end

  # the form button will be heavy on javascript, requesting account, nonce, and signature before submission
  form.button 'Sign In'
  path = File.join( File.dirname(__FILE__), 'new_session.js')
  js = File.read(path)
  mod = "<script type='module'>\n#{js}\n</script>"

  form.html(mod)
  form.to_response
end