Merge pull request #2252 from oasisprotocol/kostko/feature/siwe-any-domain

kostko · web-flow · commit 1630fe1098c3 · 2025-06-27T15:33:03.000+02:00
rofl-scheduler: Allow any domain in SIWE, change statement
diff --git a/rofl-scheduler/rofl.yaml b/rofl-scheduler/rofl.yaml
@@ -1,5 +1,5 @@
 name: rofl-scheduler
-version: 0.2.1
+version: 0.2.2
 repository: https://github.com/oasisprotocol/oasis-sdk
 tee: tdx
 kind: raw
@@ -43,7 +43,11 @@ deployments:
         - id: d8+W9SL9GLSjlox5EahAzQdb/ruz4Qb2al4l9+gsDfUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
           version: 0.2.0
         - id: aiLfTIGfj4Qb2utbgmxfWownULME4wRXz3lbvL7vWnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.2.1
         - id: 33R8MVGCGJg3CAYKDR87Zv2kvj65lbpcAHmZLKRA5FYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.2.1
+        - id: Sa0PyyZJsj4UpjE6IJOyqsi92iNMrwULpRbF2tq8YmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+        - id: zt08xPOoXhy1SWHNcBNalVDjf6EHAUu9x6Tvq7aOBrwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
       endorsements:
         - any: {}
       fees: endorsing_node
@@ -80,7 +84,11 @@ deployments:
         - id: JronXGA4H36ZRJsNQn0qRpWlinNIb7wvk/MhZqKF1S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
           version: 0.2.0
         - id: oo8dzG9hhkjKpY5G2/KozFXtpWncDNTMAYCSAMvWNFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.2.1
         - id: erQlwbWIEIx3WdLCqb7C/wWsDjDQgTW5VssQb9APrKMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.2.1
+        - id: Iq6cDWfVpHrAfgbFvaEqhnZ7YCDHfoXEWlU5n2xFnJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+        - id: e9QSiflGUzqJei84tKL8N81HOMKkOXLfU6X/M/p00N0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
       endorsements:
         - any: {}
       fees: endorsing_node
diff --git a/rofl-scheduler/src/serverd/auth.rs b/rofl-scheduler/src/serverd/auth.rs
@@ -102,13 +102,17 @@ impl AuthLoginRequest {
                     return Err(anyhow!("message is not yet valid or has expired"));
                 }
 
-                let expected_statement = format!("Provider: {}", provider.to_bech32());
+                let expected_statement = format!(
+                    "Authenticate to ROFL provider {} to manage your machines via API at {}.",
+                    provider.to_bech32(),
+                    domain,
+                );
                 if message.statement != Some(expected_statement) {
                     return Err(anyhow!("message does not have the expected statement"));
                 }
 
                 let verification_opts = siwe::VerificationOpts {
-                    domain: Some(domain.parse()?),
+                    // We currently allow any origin domain.
                     ..Default::default()
                 };
                 message.verify(&signature, &verification_opts).await?;
