Merge pull request #3513 from derekpierre/eip4361-passthrough

Accept/Process EIP-4361 passthrough context variable used for single sign-on capabilities
2024-06-24 13:17:58 -04:00 · 2024-06-24 13:17:58 -04:00 · f5b8f18e39
parent 17dd57e6a1 28df8b851f
commit f5b8f18e39
3 changed files with 13 additions and 2 deletions
--- a/newsfragments/3513.feature.rst
+++ b/newsfragments/3513.feature.rst
@ -0,0 +1,2 @@
+Add ability for special context variable to handle Sign-In With Ethereum (EIP-4361)
+pre-existing sign-on signature to be reused as proof for validating a user address in conditions.
--- a/nucypher/policy/conditions/context.py
+++ b/nucypher/policy/conditions/context.py
@ -15,14 +15,16 @@ from nucypher.policy.conditions.exceptions import (
 USER_ADDRESS_CONTEXT = ":userAddress"
 USER_ADDRESS_EIP712_CONTEXT = ":userAddressEIP712"
 USER_ADDRESS_EIP4361_CONTEXT = ":userAddressEIP4361"
+USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT = ":userAddressExternalEIP4361"

 CONTEXT_PREFIX = ":"
 CONTEXT_REGEX = re.compile(":[a-zA-Z_][a-zA-Z0-9_]*")

 USER_ADDRESS_SCHEMES = {
-    USER_ADDRESS_CONTEXT: None,  # any of the available auth types
+    USER_ADDRESS_CONTEXT: None,  # TODO either EIP712 or EIP4361 for now, but should use the default that is eventually decided (likely EIP4361) - #tdec/178
    USER_ADDRESS_EIP712_CONTEXT: EvmAuth.AuthScheme.EIP712.value,
    USER_ADDRESS_EIP4361_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
 }


@ -90,6 +92,10 @@ _DIRECTIVES = {
        _resolve_user_address,
        user_address_context_variable=USER_ADDRESS_EIP4361_CONTEXT,
    ),
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: partial(
+        _resolve_user_address,
+        user_address_context_variable=USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
+    ),
 }


--- a/tests/unit/conditions/test_context.py
+++ b/tests/unit/conditions/test_context.py
@ -8,6 +8,7 @@ from nucypher.policy.conditions.auth.evm import EvmAuth
 from nucypher.policy.conditions.context import (
    USER_ADDRESS_EIP712_CONTEXT,
    USER_ADDRESS_EIP4361_CONTEXT,
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
    USER_ADDRESS_SCHEMES,
    _resolve_context_variable,
    _resolve_user_address,
@ -136,16 +137,18 @@ def test_user_address_context_invalid_typed_data(
            [
                USER_ADDRESS_EIP712_CONTEXT,
                USER_ADDRESS_EIP4361_CONTEXT,
+                USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
            ],
            [
                EvmAuth.AuthScheme.EIP4361.value,
                EvmAuth.AuthScheme.EIP712.value,
+                EvmAuth.AuthScheme.EIP712.value,
            ],
        )
    ),
    indirect=["valid_user_address_auth_message"],
 )
-def test_user_address_context_unexpected_scheme_data(
+def test_user_address_context_variable_with_incompatible_auth_message(
    context_variable_name, valid_user_address_auth_message
 ):
    # scheme in message is unexpected for context variable name