class OmniAuth::Strategies::Ethereum

Public Instance Methods

callback_phase() click to toggle source
Calls superclass method
# File lib/omniauth-ethereum.rb, line 42
def callback_phase
  address = request.params['eth_address'].downcase
  message = request.params['eth_message']
  signature = request.params['eth_signature']
  signature_pubkey = Eth::Key.personal_recover message, signature
  signature_address = (Eth::Utils.public_key_to_address signature_pubkey).downcase

  unix_time = message.scan(/\d+/).first.to_i
  ten_min = 10 * 60
  return fail!(:invalid_time) unless unix_time + ten_min >= now && unix_time - ten_min <= now

  return fail!(:invalid_credentials) unless signature_address == address

  super
end
request_phase() click to toggle source
# File lib/omniauth-ethereum.rb, line 20
def request_phase
  form = OmniAuth::Form.new :title => 'Ethereum Authentication', :url => callback_path
  options.fields.each do |field|

    # these fields are read-only and will be filled by javascript in the process
    if field == :eth_message
      form.html("<input type='hidden' id='eth_message' name='eth_message' value='#{now}' />")
    else
      form.html("<input type='hidden' id='#{field.to_s}' name='#{field.to_s}' />")
    end
  end

  # the form button will be heavy on javascript, requesting account, nonce, and signature before submission
  form.button 'Sign In'
  path = File.join( File.dirname(__FILE__), 'new_session.js')
  js = File.read(path)
  mod = "<script type='module'>\n#{js}\n</script>"

  form.html(mod)
  form.to_response
end

Private Instance Methods

now() click to toggle source
# File lib/omniauth-ethereum.rb, line 64
def now
  Time.now.utc.to_i
end