Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #11560 - Implement EIP-4361 Sign-In With Ethereum #11883

Closed
wants to merge 21 commits into from
Closed

Issue #11560 - Implement EIP-4361 Sign-In With Ethereum #11883

wants to merge 21 commits into from

Conversation

lachlan-roberts
Copy link
Contributor

Issue #11560

Add new Jetty module called jetty-siwe, which implements EIP4361 Sign-In With Ethereum via the EthereumAuthenticator. This allows you to authenticate with a crypto wallet such as MetaMask.

See https://eips.ethereum.org/EIPS/eip-4361

@lachlan-roberts lachlan-roberts self-assigned this Jun 6, 2024
@lachlan-roberts
Copy link
Contributor Author

lachlan-roberts commented Jun 6, 2024
edited
Loading

This is ready for early reviews as the implementation is complete.

To test this yourself you can install MetaMask browser extension and run org.eclipse.jetty.security.siwe.example.SignInWithEthereumEmbeddedExample.

TODOs:

  • Write Javadoc.
  • Add jetty-home module.
  • Add new section in the documentation.
  • Extract out the multipart changes to separate PR and use application/x-www-form-urlencoded instead.
  • Fix issues with module-info.java

@lachlan-roberts lachlan-roberts mentioned this pull request Jun 6, 2024
Closed
lachlan-roberts added a commit that referenced this pull request Jun 7, 2024
@lachlan-roberts
PR #11883 - add support for login with application/x-www-form-urlencoded
478d6aa 
Signed-off-by: Lachlan Roberts <[email protected]>
@lachlan-roberts lachlan-roberts requested review from gregw, sbordet and janbartel and removed request for gregw June 11, 2024 14:13
@lachlan-roberts lachlan-roberts mentioned this pull request Jun 11, 2024
Merged
lachlan-roberts added a commit that referenced this pull request Jun 11, 2024
@lachlan-roberts
PR #11883 - remove Multipart usage from jetty-siwe
abba112 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this pull request Jun 11, 2024
@lachlan-roberts
PR #11883 - remove Multipart usage from jetty-siwe
0974f96 
Signed-off-by: Lachlan Roberts <[email protected]>
sbordet
sbordet requested changes Jun 17, 2024
View reviewed changes
Copy link
Contributor

@sbordet sbordet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't use LOG.warn() especially if you can default the value.

Also, try to make all classes internal if possible, and leave exported only those that are strictly necessary.

If possible, make it asynchronous.
I would prefer to avoid that half-sent messages to block threads for the whole idle timeout.

jetty-core/jetty-siwe/pom.xml Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/AnyUserLoginService.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Outdated Show resolved Hide resolved
...y-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/SignInWithEthereumToken.java Outdated Show resolved Hide resolved
...y-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/SignInWithEthereumToken.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/SignedMessage.java Outdated Show resolved Hide resolved
...-core/jetty-siwe/src/test/java/org/eclipse/jetty/security/siwe/util/EthereumCredentials.java Show resolved Hide resolved
...tty-siwe/src/test/java/org/eclipse/jetty/security/siwe/util/SignInWithEthereumGenerator.java Show resolved Hide resolved
lachlan-roberts added a commit that referenced this pull request Jun 19, 2024
@lachlan-roberts
PR #11883 - changes from review
5db8534 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this pull request Jun 19, 2024
@lachlan-roberts
PR #11883 - fix jetty-siwe pom.xml
0904759 
Signed-off-by: Lachlan Roberts <[email protected]>
janbartel
janbartel requested changes Jun 19, 2024
View reviewed changes
Copy link
Contributor

@janbartel janbartel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to do some doco as part of this pr too ;)

jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Show resolved Hide resolved
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Outdated Show resolved Hide resolved
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Outdated Show resolved Hide resolved
...y-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/EthereumSignatureVerifier.java Outdated Show resolved Hide resolved
...e/jetty-siwe/src/test/java/org/eclipse/jetty/security/siwe/SignInWithEthereumParserTest.java Show resolved Hide resolved
jetty-core/jetty-siwe/src/test/java/org/eclipse/jetty/security/siwe/SignInWithEthereumTest.java Outdated Show resolved Hide resolved
...src/test/java/org/eclipse/jetty/security/siwe/example/SignInWithEthereumEmbeddedExample.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/test/resources/login.html Outdated Show resolved Hide resolved
jetty-core/pom.xml Show resolved Hide resolved
lachlan-roberts added a commit that referenced this pull request Jun 20, 2024
@lachlan-roberts
PR #11883 - updated AnyUserLoginService to support nested login service
0040844 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this pull request Jun 20, 2024
@lachlan-roberts
PR #11883 - changes from review
78403ec 
Signed-off-by: Lachlan Roberts <[email protected]>
@gregw gregw mentioned this pull request Jul 3, 2024
Closed
@lachlan-roberts lachlan-roberts force-pushed the jetty-12.0.x-SignInWithEthereum branch from 78403ec to 436ca41 Compare July 5, 2024 05:47
@gregw
Copy link
Contributor

gregw commented Jul 8, 2024
edited
Loading

@lachlan-roberts forced push????? what??!?!?!?!? Now I've lost all my review context! IMNSHO you should only ever force push when you've screwed up.... or put the other way, if I see a forced push I KNOW you've screwed up !)

We went looking everywhere, but couldn’t find those commits.
Sometimes commits can disappear after a force-push. Head back to the latest changes here.

gregw
gregw requested changes Jul 8, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly good, but the agro from the forced push is making me set a high bar for javadoc, formatting, naming and layout.!

jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/SignedMessage.java Outdated Show resolved Hide resolved
...y-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/EthereumSignatureVerifier.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/EthereumUtil.java Show resolved Hide resolved
...ty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/SignInWithEthereumParser.java Outdated Show resolved Hide resolved
...tty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/SignInWithEthereumToken.java Show resolved Hide resolved
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Outdated Show resolved Hide resolved
...src/test/java/org/eclipse/jetty/security/siwe/example/SignInWithEthereumEmbeddedExample.java Outdated Show resolved Hide resolved
...-core/jetty-siwe/src/test/java/org/eclipse/jetty/security/siwe/util/EthereumCredentials.java Outdated Show resolved Hide resolved
...tty-siwe/src/test/java/org/eclipse/jetty/security/siwe/util/SignInWithEthereumGenerator.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/test/resources/login.html Outdated Show resolved Hide resolved
@lachlan-roberts
changes from review
9ea7431 
Signed-off-by: Lachlan Roberts <[email protected]>
@lachlan-roberts
add javadoc for test classes
32b7043 
Signed-off-by: Lachlan Roberts <[email protected]>
@lachlan-roberts lachlan-roberts marked this pull request as ready for review July 23, 2024 08:15
janbartel
janbartel requested changes Jul 24, 2024
View reviewed changes
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/module-info.java Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/EthereumAuthenticator.java
@SuppressWarnings("unchecked")
Set<String> attribute = (Set<String>)session.getAttribute(NONCE_SET_ATTR);
if (attribute == null)
session.setAttribute(NONCE_SET_ATTR, attribute = new FixedSizeSet<>(5));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need the FixedSizeSet class? Isn't this just setting a single element?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably, but I've had issues with openId where multiple authentication requests come in from the browser and then one of them fails because the nonce is forgotten and causes the other ones to fail.

...src/test/java/org/eclipse/jetty/security/siwe/example/SignInWithEthereumEmbeddedExample.java Outdated Show resolved Hide resolved
jetty-core/jetty-siwe/src/test/resources/login.html Outdated Show resolved Hide resolved
jetty-ee10/jetty-ee10-tests/jetty-ee10-test-siwe-webapp/src/main/webapp/login.html Outdated Show resolved Hide resolved
...est-ee10-distribution/src/test/java/org/eclipse/jetty/ee10/tests/distribution/SiweTests.java Show resolved Hide resolved
gregw
gregw requested changes Jul 24, 2024
View reviewed changes
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Outdated Show resolved Hide resolved
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Show resolved Hide resolved
...e/jetty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/AnyUserLoginService.java Show resolved Hide resolved
...ty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/SignInWithEthereumParser.java Outdated Show resolved Hide resolved
...tty-siwe/src/main/java/org/eclipse/jetty/security/siwe/internal/SignInWithEthereumToken.java Show resolved Hide resolved
...y-siwe/src/main/resources/META-INF/services/org.eclipse.jetty.security.Authenticator$Factory Outdated Show resolved Hide resolved
@lachlan-roberts
PR #11883 - fix build issue with poms
063e3fc 
Signed-off-by: Lachlan Roberts <[email protected]>
gregw
gregw reviewed Aug 21, 2024
View reviewed changes
documentation/jetty/modules/programming-guide/pages/security/index.adoc Outdated

= Jetty Security

TODO: introduction
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that TODO shown in the resulting documentation, or is it treated like a comment?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It shows the todo in the documentation, but the documentation is very incomplete and doesn't yet have any other security modules. And a bunch of the other main headers have the same TODOs for the introduction page.

But I will remove this index file and just have a header without an intro page for this.

gregw
gregw previously approved these changes Aug 21, 2024
View reviewed changes
@lachlan-roberts lachlan-roberts mentioned this pull request Aug 22, 2024
Merged
@lachlan-roberts
Copy link
Contributor Author

replaced by #12188

@lachlan-roberts lachlan-roberts deleted the jetty-12.0.x-SignInWithEthereum branch August 22, 2024 04:11
@olamy olamy mentioned this pull request Sep 29, 2024
Merged
@olamy olamy mentioned this pull request Oct 17, 2024
Merged
@olamy olamy mentioned this pull request Jan 31, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregw gregw gregw left review comments

@sbordet sbordet Awaiting requested review from sbordet

@janbartel janbartel Awaiting requested review from janbartel

Assignees

@lachlan-roberts lachlan-roberts

Labels
None yet
Projects
No open projects
Jetty 12.0.13 - FROZEN
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lachlan-roberts @gregw @janbartel @sbordet