From 5099524a2c17faf395240b8f7e71fc6dc0ab24a5 Mon Sep 17 00:00:00 2001 From: Tyler van der Hoeven Date: Tue, 9 Jul 2024 21:11:34 -0400 Subject: [PATCH] set explicit timeouts --- PROPOSAL.md | 2 +- contracts/contract-webauthn-factory/src/lib.rs | 7 +++++++ contracts/contract-webauthn-secp256r1/src/lib.rs | 2 +- src/kit.ts | 8 ++++++-- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/PROPOSAL.md b/PROPOSAL.md index f954b13..bfec1c1 100644 --- a/PROPOSAL.md +++ b/PROPOSAL.md @@ -1,4 +1,4 @@ -# Smart Wallet Interface +# WebAuthn smart wallet contract interface With the release of [Protocol 21](https://stellar.org/blog/developers/announcing-protocol-21) (and specifically the inclusion of the secp256r1 verification curve) Soroban now has tremendous first class support for passkey powered smart wallets. diff --git a/contracts/contract-webauthn-factory/src/lib.rs b/contracts/contract-webauthn-factory/src/lib.rs index de83f06..290d704 100644 --- a/contracts/contract-webauthn-factory/src/lib.rs +++ b/contracts/contract-webauthn-factory/src/lib.rs @@ -3,6 +3,11 @@ use soroban_sdk::{ contract, contracterror, contractimpl, symbol_short, vec, Address, Bytes, BytesN, Env, Symbol, }; +// mod wallet { +// use soroban_sdk::auth::Context; +// soroban_sdk::contractimport!(file = "../target/wasm32-unknown-unknown/release/webauthn_secp256r1.wasm"); +// } + #[contract] pub struct Contract; @@ -58,6 +63,8 @@ impl Contract { let address = env.deployer().with_current_contract(salt).deploy(wasm_hash); + // wallet::Client::new(&env, &address).add(&id, &pk, &true); + let () = env.invoke_contract( &address, &symbol_short!("add"), diff --git a/contracts/contract-webauthn-secp256r1/src/lib.rs b/contracts/contract-webauthn-secp256r1/src/lib.rs index 53e3d9d..888dfe4 100644 --- a/contracts/contract-webauthn-secp256r1/src/lib.rs +++ b/contracts/contract-webauthn-secp256r1/src/lib.rs @@ -221,7 +221,7 @@ impl CustomAccountInterface for Contract { base64_url::encode(&mut expected_challenge, &signature_payload.to_array()); // Check that the challenge inside the client data JSON that was signed is identical to the expected challenge. - // TODO is this check actually necessary or is the secp256r1_verify enough? I think it's necessary + // TODO is this check actually necessary or is the secp256r1_verify enough? if client_data_json.challenge.as_bytes() != expected_challenge { return Err(Error::ClientDataJsonChallengeIncorrect); } diff --git a/src/kit.ts b/src/kit.ts index 5af96a9..e16b1e4 100644 --- a/src/kit.ts +++ b/src/kit.ts @@ -75,7 +75,7 @@ export class PasskeyKit extends PasskeyBase { public async createKey(app: string, user: string) { const now = new Date() const displayName = `${user} — ${now.toLocaleString()}` - const { id, response} = await startRegistration({ + const { id, response } = await startRegistration({ challenge: base64url("stellaristhebetterblockchain"), rp: { // id: undefined, @@ -93,6 +93,7 @@ export class PasskeyKit extends PasskeyBase { }, pubKeyCredParams: [{ alg: -7, type: "public-key" }], attestation: "none", + timeout: 120_000 }); if (!this.keyId) @@ -116,6 +117,7 @@ export class PasskeyKit extends PasskeyBase { challenge: base64url("stellaristhebetterblockchain"), // rpId: undefined, userVerification: "discouraged", + timeout: 120_000 }); console.log(response); @@ -151,7 +153,7 @@ export class PasskeyKit extends PasskeyBase { // TODO what is the error if the entry exists but is archived? await this.rpc.getContractData(contractId, xdr.ScVal.scvLedgerKeyContractInstance()) } - // if that fails look up from the factory mapper + // if that fails look up from the `getContractId` function catch { contractId = undefined @@ -203,6 +205,7 @@ export class PasskeyKit extends PasskeyBase { challenge: base64url(payload), // rpId: undefined, userVerification: "discouraged", + timeout: 120_000 } : { challenge: base64url(payload), @@ -216,6 +219,7 @@ export class PasskeyKit extends PasskeyBase { }, ], userVerification: "discouraged", + timeout: 120_000 } );