Class: OmniAuth::Strategies::Ethereum

Inherits:

Object

• Object
• OmniAuth::Strategies::Ethereum

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth-ethereum.rb

Instance Method Summary

• #callback_phase ⇒ Object
• #request_phase ⇒ Object

Instance Method Details

#callback_phase ⇒ Object

# File 'lib/omniauth-ethereum.rb', line 44

def callback_phase
  message = request.params["eth_message"]
  unix_time = message.scan(/\d+/).last.to_i
  ten_min = 10 * 60
  return fail!(:invalid_time) unless unix_time + ten_min >= now && unix_time - ten_min <= now

  address = Eth::Address.new request.params["eth_address"]
  signature = request.params["eth_signature"]
  signature_pubkey = Eth::Signature.personal_recover message, signature
  signature_address = Eth::Util.public_key_to_address(signature_pubkey)
  return fail!(:invalid_credentials) unless signature_address.to_s == address.to_s

  super
end

#request_phase ⇒ Object

# File 'lib/omniauth-ethereum.rb', line 21

def request_phase
  form = OmniAuth::Form.new :title => "Ethereum Authentication", :url => callback_path
  form.html("<span class='custom_title'>#{options.custom_title}</span>")
  options.fields.each do |field|

    # these fields are read-only and will be filled by javascript in the process
    if field == :eth_message
      form.html("<input type='hidden' id='eth_message' name='eth_message' value='#{now}' />")
    else
      form.html("<input type='hidden' id='#{field.to_s}' name='#{field.to_s}' />")
    end
  end

  # the form button will be heavy on javascript, requesting account, nonce, and signature before submission
  form.button "Sign In"
  path = File.join(File.dirname(__FILE__), "new_session.js")
  js = File.read(path)
  mod = "<script type='module'>\n#{js}\n</script>"

  form.html(mod)
  form.to_response
end