From 5785a15d3a64a82018529b98666379bcf169ad28 Mon Sep 17 00:00:00 2001 From: Lautaro Dragan Date: Tue, 21 May 2019 00:37:26 -0300 Subject: [PATCH] fix: proof of poe address case sensitivity (#956) --- src/helpers/ethereum.test.ts | 58 ++++++++++++++++++++++++++++++++++++ src/helpers/ethereum.ts | 2 +- tests/unit/index.ts | 1 + 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 src/helpers/ethereum.test.ts diff --git a/src/helpers/ethereum.test.ts b/src/helpers/ethereum.test.ts new file mode 100644 index 000000000..efb0ab9cc --- /dev/null +++ b/src/helpers/ethereum.test.ts @@ -0,0 +1,58 @@ +import { describe } from 'riteway' + +import { signatureIsValid } from './ethereum' + +describe('signatureIsValid()', async (assert) => { + const signedMessage = { + address: '0xBe7d20A0f75DbcCb82EFe6AE3aF1768E5E83D0B8', + msg: 'Proof of POE', + sig: '0x5e06a683754daa113774b42a1c3fd1f038b95e82eea918d404bab8d229df4ed0' + + '6a4f5497aa9969a55aa559b97a48655d99b08c6992134c2d5d65b3becb11cf2b1c', + version: '3', + signer: 'MEW', + } + + const secondAddress = '0xc2e359382B61356e37AF9523f20771fa6fc1C8fC' + + assert({ + given: 'a correct checksum-cased address, signature and message combination', + should: 'return true', + actual: signatureIsValid(signedMessage.address, signedMessage.msg, signedMessage.sig), + expected: true, + }) + + assert({ + given: 'a correct non-checksum-cased address, signature and message combination', + should: 'return true', + actual: signatureIsValid(signedMessage.address.toLowerCase(), signedMessage.msg, signedMessage.sig), + expected: true, + }) + + assert({ + given: 'a signature that matches the message but not the address', + should: 'return false', + actual: signatureIsValid(secondAddress, signedMessage.msg, signedMessage.sig), + expected: false, + }) + + assert({ + given: 'an empty signature', + should: 'return false', + actual: signatureIsValid(signedMessage.address, signedMessage.msg, ''), + expected: false, + }) + + assert({ + given: 'an empty message', + should: 'return false', + actual: signatureIsValid(signedMessage.address, '', signedMessage.sig), + expected: false, + }) + + assert({ + given: 'an invalid signature', + should: 'return false', + actual: signatureIsValid(signedMessage.address, signedMessage.msg, 'saywhat'), + expected: false, + }) +}) diff --git a/src/helpers/ethereum.ts b/src/helpers/ethereum.ts index 01cfa8b25..e0ab984ce 100644 --- a/src/helpers/ethereum.ts +++ b/src/helpers/ethereum.ts @@ -17,7 +17,7 @@ export function signatureIsValid(address: string, message: string, signature: st const addressBuffer = publicToAddress(publicKey) const addressVerified = bufferToHex(addressBuffer) - return addressVerified === address + return addressVerified.toLowerCase() === address.toLowerCase() } catch (exception) { if (exception.message === 'Invalid signature length') return false diff --git a/tests/unit/index.ts b/tests/unit/index.ts index 17e61631d..23925956a 100644 --- a/tests/unit/index.ts +++ b/tests/unit/index.ts @@ -5,6 +5,7 @@ import '../../src/decorators/injectDao/injectDao.test' import '../../src/emails/forgotPassword.test' import '../../src/emails/verify.test' import '../../src/extensions/Error.test' +import '../../src/helpers/ethereum.test' import '../../src/helpers/token.test' import '../../src/helpers/uuid.test' import '../../src/loadConfiguration.test'