PR #11883 - changes from review

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
jetty · Jun 20, 2024 · 78403ec · 78403ec
1 parent 0040844
commit 78403ec
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 3 deletions.
diff --git a/jetty-core/jetty-bom/pom.xml b/jetty-core/jetty-bom/pom.xml
@@ -95,6 +95,11 @@
         <artifactId>jetty-openid</artifactId>
         <version>12.0.11-SNAPSHOT</version>
       </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-siwe</artifactId>
+        <version>12.0.11-SNAPSHOT</version>
+      </dependency>
       <dependency>
         <groupId>org.eclipse.jetty</groupId>
         <artifactId>jetty-osgi</artifactId>

diff --git a/...-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java b/...-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java
@@ -92,9 +92,11 @@ public class EthereumAuthenticator extends LoginAuthenticator
     private String _errorPath;
     private String _errorQuery;
     private boolean _dispatch;
+    private boolean authenticateNewUsers = true;
 
     public EthereumAuthenticator()
     {
+        LOG.warn("Sign-In With Ethereum support is experimental and not suited for production use.");
     }
 
     public void includeDomains(String... domains)
@@ -144,9 +146,9 @@ public void setConfiguration(Authenticator.Configuration authConfig)
             setDispatch(Boolean.parseBoolean(dispatch));
 
         // If no LoginService is set we allow any user to log in.
-        if (authConfig.getLoginService() == null)
+        if (authConfig.getLoginService() == null || authenticateNewUsers)
         {
-            LoginService loginService = new AnyUserLoginService("MY_REALM");
+            LoginService loginService = new AnyUserLoginService(authConfig.getRealmName(), authConfig.getLoginService());
             authConfig = new Configuration.Wrapper(authConfig)
             {
                 @Override
@@ -166,6 +168,25 @@ public String getAuthenticationType()
         return Authenticator.SIWE_AUTH;
     }
 
+    public boolean isAuthenticateNewUsers()
+    {
+        return authenticateNewUsers;
+    }
+
+    /**
+     * This setting is only meaningful if a non-null {@link LoginService} has been set.
+     * <p>
+     * If set to true, any users not found by the {@link LoginService} will still
+     * be authenticated but with no roles, if set to false users will not be
+     * authenticated unless they are discovered by the wrapped {@link LoginService}.
+     * </p>
+     * @param authenticateNewUsers whether to authenticate users not found by a wrapping LoginService
+     */
+    public void setAuthenticateNewUsers(boolean authenticateNewUsers)
+    {
+        this.authenticateNewUsers = authenticateNewUsers;
+    }
+
     public void setLoginPath(String loginPath)
     {
         if (loginPath == null)
@@ -637,6 +658,7 @@ public AuthenticationState validateRequest(Request request, Response response, C
      * message will be logged and added to the error redirect URI if the error page is defined.
      * @param request the request.
      * @param response the response.
+     * @param callback the callback.
      * @param message the reason for the error or null.
      */
     private void sendError(Request request, Response response, Callback callback, String message)

diff --git a/...ty/siwe/SightInWithEthereumTokenTest.java → ...ity/siwe/SignInWithEthereumTokenTest.java b/...ty/siwe/SightInWithEthereumTokenTest.java → ...ity/siwe/SignInWithEthereumTokenTest.java
@@ -26,10 +26,11 @@
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
-public class SightInWithEthereumTokenTest
+public class SignInWithEthereumTokenTest
 {
     @Test
     public void testInvalidVersion()
@@ -234,4 +235,31 @@ public void testInvalidNonce()
             siwe.validate(signedMessage, nonceValidation, null, null, null));
         assertThat(error.getMessage(), containsString("invalid nonce"));
     }
+
+    @Test
+    public void testValidToken()
+    {
+        EthereumCredentials credentials = new EthereumCredentials();
+        LocalDateTime issuedAt = LocalDateTime.now();
+        String message = SignInWithEthereumGenerator.generateMessage(
+            "https",
+            "example.com",
+            credentials.getAddress(),
+            "hello this is the statement",
+            "https://example.com",
+            "1",
+            "1",
+            EthereumUtil.createNonce(),
+            issuedAt,
+            null, null, null, null
+        );
+
+        SignedMessage signedMessage = credentials.signMessage(message);
+        SignInWithEthereumToken siwe = SignInWithEthereumParser.parse(message);
+        assertNotNull(siwe);
+
+        Predicate<String> nonceValidation = nonce -> true;
+        assertDoesNotThrow(() ->
+            siwe.validate(signedMessage, nonceValidation, null, null, null));
+    }
 }
diff --git a/pom.xml b/pom.xml
@@ -729,6 +729,11 @@
         <artifactId>jetty-openid</artifactId>
         <version>${project.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-siwe</artifactId>
+        <version>${project.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.eclipse.jetty</groupId>
         <artifactId>jetty-osgi</artifactId>