bump gem and dependencies (#15)

q9f · web-flow · commit 73e67669076d · 2022-05-10T17:59:50.000+02:00
* gem: bump version

* lib: update eth to 0.5 apis
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,52 +1,60 @@
 PATH
   remote: .
   specs:
-    omniauth-ethereum (0.1.0)
-      eth (~> 0.4.16)
-      omniauth (~> 2.0)
+    omniauth-ethereum (0.2.0)
+      eth (~> 0.5)
+      omniauth (~> 2.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    diff-lcs (1.4.4)
-    eth (0.4.16)
-      ffi (~> 1.15)
-      keccak (~> 1.2)
-      money-tree (~> 0.10)
-      rlp (~> 0.7)
+    diff-lcs (1.5.0)
+    eth (0.5.2)
+      keccak (~> 1.3)
+      konstructor (~> 1.0)
+      openssl (~> 2.2)
+      rbsecp256k1 (~> 5.1)
       scrypt (~> 3.0)
-    ffi (1.15.4)
+    ffi (1.15.5)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
     hashie (5.0.0)
-    keccak (1.2.2)
-    money-tree (0.10.0)
-      ffi
-    omniauth (2.0.4)
+    ipaddr (1.2.4)
+    keccak (1.3.0)
+    konstructor (1.0.2)
+    mini_portile2 (2.8.0)
+    omniauth (2.1.0)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
+      rack (>= 2.2.3)
       rack-protection
+    openssl (2.2.1)
+      ipaddr
+    pkg-config (1.4.7)
     rack (2.2.3)
-    rack-protection (2.1.0)
+    rack-protection (2.2.0)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rake (13.0.6)
-    rlp (0.7.3)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rbsecp256k1 (5.1.0)
+      mini_portile2 (~> 2.7)
+      pkg-config (~> 1.4)
+      rubyzip (~> 2.3)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.3)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubyzip (2.3.2)
     scrypt (3.0.7)
       ffi-compiler (>= 1.0, < 2.0)
 
@@ -56,7 +64,7 @@ PLATFORMS
 DEPENDENCIES
   omniauth-ethereum!
   rack-test (~> 1.1)
-  rspec (~> 3.10)
+  rspec (~> 3.11)
 
 BUNDLED WITH
    2.2.28
diff --git a/lib/omniauth-ethereum.rb b/lib/omniauth-ethereum.rb
@@ -42,17 +42,17 @@ def request_phase
       end
 
       def callback_phase
-        address = request.params['eth_address'].downcase
-        message = request.params['eth_message']
-        signature = request.params['eth_signature']
-        signature_pubkey = Eth::Key.personal_recover message, signature
-        signature_address = (Eth::Utils.public_key_to_address signature_pubkey).downcase
 
+        message = request.params['eth_message']
         unix_time = message.scan(/\d+/).first.to_i
         ten_min = 10 * 60
         return fail!(:invalid_time) unless unix_time + ten_min >= now && unix_time - ten_min <= now
 
-        return fail!(:invalid_credentials) unless signature_address == address
+        address = Eth::Address.new request.params['eth_address']
+        signature = request.params['eth_signature']
+        signature_pubkey = Eth::Signature.personal_recover message, signature
+        signature_address = Eth::Util.public_key_to_address(signature_pubkey)
+        return fail!(:invalid_credentials) unless signature_address.to_s == address.to_s
 
         super
       end
diff --git a/omniauth-ethereum.gemspec b/omniauth-ethereum.gemspec
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name           = 'omniauth-ethereum'
-  spec.version        = '0.1.0'
+  spec.version        = '0.2.0'
   spec.summary        = "OmniAuth Strategy for Ethereum"
   spec.description    = "Authentication Strategy for OmniAuth to authenticate a user with an Ethereum account"
   spec.authors        = ["Afri Schoedon"]
@@ -25,12 +25,12 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.7", "< 4.0"
 
   # OmniAuth is what this strategy is providing
-  spec.add_dependency 'omniauth', '~> 2.0'
+  spec.add_dependency 'omniauth', '~> 2.1'
 
   # Use Ruby-Eth for signature recovery
-  spec.add_dependency 'eth', '~> 0.4.16'
+  spec.add_dependency 'eth', '~> 0.5'
 
   # Spec tests
-  spec.add_development_dependency 'rspec', '~> 3.10'
+  spec.add_development_dependency 'rspec', '~> 3.11'
   spec.add_development_dependency 'rack-test', '~> 1.1'
 end
diff --git a/spec/omniauth/strategies/ethereum_spec.rb b/spec/omniauth/strategies/ethereum_spec.rb
@@ -74,7 +74,7 @@
 
       it 'fails with invalid credentials' do
         expect(last_response.status).to eq(302)
-        expect(last_response.location).to eq('/auth/failure?message=invalid_credentials&strategy=ethereum')
+        expect(last_response.location).to eq('/auth/failure?message=Invalid+signature+v+byte+0+for+chain+ID+1%21&strategy=ethereum')
       end
     end
 
