safe-client-gateway icon indicating copy to clipboard operation
safe-client-gateway copied to clipboard

Published 20 hours ago verified publisher icon safe-global

Authorise recovery module adding/deleting with JWT authentication

Open iamacook opened this issue 9 months ago • 1 comments

Summary

Prior to this, adding/deleting a recovery module address required signing a message with each request. This migrates the suboptiomal authentication/authorisation to the new JWT/SIWE-based approach.

The user needs to have authenticated via SIWE in order to add/remove a recovery module address to their Safe.

Changes

  • Remove OnlySafeOwner, TimestampGuard, DisableRecoveryAlertsGuard and EnableRecoveryAlertsGuard and associated tests
  • Replace above guard usage AuthGuard
  • Checksum incoming require Safe/module addresses
  • Pass AuthPayload to domain and assert chain, signer and ownership before adding/deleting module
  • Add/update associated test coverage

iamacook avatar May 08 '24 15:05 iamacook

Pull Request Test Coverage Report for Build 9059200759

Details

  • 22 of 25 (88.0%) changed or added relevant lines in 3 files are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.002%) to 92.941%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/routes/recovery/recovery.service.ts 17 20 85.0%
<!-- Total: 22 25
Files with Coverage Reduction New Missed Lines %
src/routes/transactions/entities/tests/human-description.builder.ts 2 60.0%
<!-- Total: 2
Totals Coverage Status
Change from base Build 9002495810: 0.002%
Covered Lines: 6942
Relevant Lines: 7194
💛 - Coveralls

coveralls avatar May 08 '24 15:05 coveralls