Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ABW-2746] Refactor ROLA signing #1076

Merged
merged 27 commits into from
Aug 6, 2024
Merged

Conversation

giannis-rdx
Copy link
Contributor

@giannis-rdx giannis-rdx commented Jul 18, 2024

Description

This PR refactors the proving ownership with ROLA (again signatures are required). In short:
When connect to a dApp wallet receives an AuthorizedRequest that can require persona login WithoutChallenge and login WithChallenge and at the latter is where ROLA takes place. Plus the request can contain other entities (accounts) that require proof of ownership.

Previously the implementation was like this (very simplified description):

  • An AuthorizedRequest is received and the wallet starts building the response by iterating through requested entities (accounts + personas) and asking for signature for each entity.

After refactor:

  • An AuthorizedRequest is received, wallet gathers all requested entities and ask for signatures. Once the signatures are collected wallet proceeds with the building of the response.

❗ This PR doesn't change the UI flow, the way/order of connect flow, but it adds a bottom sheet dialog when requiring proof of ownership. So for example, if previously wallet asked biometric prompt at the end of the connect flow, the same happens after refactor.
The only flow that changed is to not close the request screen when user rejects/cancel signing of an One Time Request.

How to test

Test several connect flows with Radix Sandbox (Data Requests and One Time Requests)

Test connect with any other dapp.

Video

check slack

PR submission checklist

  • I have tested account to account transfer flow and have confirmed that it works
  • I have written unit tests

@giannis-rdx giannis-rdx self-assigned this Jul 18, 2024
@giannis-rdx giannis-rdx marked this pull request as ready for review July 25, 2024 17:59
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this usecase can be improved but I didn't have time to do it, because it's not easy at all!
The auth requests can be very complicated and can have several combinations (requested entities to auth).

Comment on lines +52 to +53
var allEntitiesWithSignatures: Map<ProfileEntity, SignatureWithPublicKey> = entitiesWithSignatures
if (challenge != null && entitiesWithSignatures.isEmpty()) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a place that needs improvement. Maybe during MFA work

@giannis-rdx giannis-rdx marked this pull request as draft August 1, 2024 11:42
@giannis-rdx giannis-rdx marked this pull request as ready for review August 1, 2024 12:41
Copy link
Contributor

@sergiupuhalschi-rdx sergiupuhalschi-rdx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job!

A minor UI issue to note:

On 'Proving Ownership' bottom sheet there is a 'Retry' button which opens the biometric prompt. After a successful biometric authentication, there are a few seconds until the bottom sheet dismisses and the transaction result is shown when you can still press "Retry", but it doesn't make sense because in the background the transaction is being processed. Can we do something about it? Like replacing the Retry button with a loading or disabling it while the transaction is in progress?

@@ -71,6 +71,7 @@ import kotlinx.collections.immutable.ImmutableList
import kotlinx.coroutines.flow.Flow
import rdx.works.core.qr.QRCodeGenerator

// TODO rename status package to dialogs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just do it! :))

@giannis-rdx
Copy link
Contributor Author

On 'Proving Ownership' bottom sheet there is a 'Retry' button which opens the biometric prompt. After a successful biometric authentication, there are a few seconds until the bottom sheet dismisses and the transaction result is shown when you can still press "Retry", but it doesn't make sense because in the background the transaction is being processed. Can we do something about it? Like replacing the Retry button with a loading or disabling it while the transaction is in progress?

@sergiupuhalschi-rdx your argument is valid 👌🏽 I also noticed the same thing.

I pushed a fix to disable the Retry button when wallet collects the signature for device (right after the biometric prompt auth)

entitiesWithSignatures = entitiesWithSignaturesResult

val signatureForPersona = entitiesWithSignatures[selectedPersona.asProfileEntity()]
?: return Result.failure(RadixWalletException.DappRequestException.FailedToSignAuthChallenge())
Copy link
Contributor

@jakub-rdx jakub-rdx Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can return response declared above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not really because this return returns a type of WalletToDappInteractionResponse

Copy link
Contributor

@jakub-rdx jakub-rdx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One general question about collecting signatures in GetSignaturesViewModel, each device factor source that appear in results of getSigningEntitiesByFactorSource is translated into one DeviceRequest? I see in proceedToNextSigners that biometrics are displayed for every DeviceRequest. Does it mean that for single transaction that will have multiple device factor sources we will display biometrics many times?

@giannis-rdx
Copy link
Contributor Author

giannis-rdx commented Aug 6, 2024

One general question about collecting signatures in GetSignaturesViewModel, each device factor source that appear in results of getSigningEntitiesByFactorSource is translated into one DeviceRequest? I see in proceedToNextSigners that biometrics are displayed for every DeviceRequest. Does it mean that for single transaction that will have multiple device factor sources we will display biometrics many times?

I see in proceedToNextSigners that biometrics are displayed for every DeviceRequest.

Actually that was a bug that I had in the previous version of this viewmodel, and actually you can try now to see that you won't get multiple time the biometric prompt by restoring an existing profile (either from cloud or file) and skip the main seed phrase during restoring.
In the previous version of the viewmodel, before introducing the FactorSourceRequest you would get the biometric prompt twice. Now it's only once.

each device factor source that appear in results of getSigningEntitiesByFactorSource is translated into one DeviceRequest?

Yes and no 😄
yes getSigningEntitiesByFactorSource returns "a request per device factor source", but at the lines 61 to 74 we translate it to one DeviceRequest = biometric prompt only once.

Copy link

sonarcloud bot commented Aug 6, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 40%)

See analysis details on SonarCloud

@giannis-rdx giannis-rdx merged commit f2718f6 into main Aug 6, 2024
8 of 9 checks passed
@giannis-rdx giannis-rdx deleted the task/ABW-2746-rola-signing branch August 6, 2024 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants