Merge pull request nucypher#3513 from derekpierre/eip4361-passthrough

Accept/Process EIP-4361 passthrough context variable used for single sign-on capabilities
KPrasch · Jun 24, 2024 · f5b8f18 · f5b8f18
2 parents 17dd57e + 28df8b8
commit f5b8f18
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/newsfragments/3513.feature.rst b/newsfragments/3513.feature.rst
@@ -0,0 +1,2 @@
+Add ability for special context variable to handle Sign-In With Ethereum (EIP-4361)
+pre-existing sign-on signature to be reused as proof for validating a user address in conditions.
diff --git a/nucypher/policy/conditions/context.py b/nucypher/policy/conditions/context.py
@@ -15,14 +15,16 @@
 USER_ADDRESS_CONTEXT = ":userAddress"
 USER_ADDRESS_EIP712_CONTEXT = ":userAddressEIP712"
 USER_ADDRESS_EIP4361_CONTEXT = ":userAddressEIP4361"
+USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT = ":userAddressExternalEIP4361"
 
 CONTEXT_PREFIX = ":"
 CONTEXT_REGEX = re.compile(":[a-zA-Z_][a-zA-Z0-9_]*")
 
 USER_ADDRESS_SCHEMES = {
- USER_ADDRESS_CONTEXT: None, # any of the available auth types
+ USER_ADDRESS_CONTEXT: None, # TODO either EIP712 or EIP4361 for now, but should use the default that is eventually decided (likely EIP4361) - #tdec/178
  USER_ADDRESS_EIP712_CONTEXT: EvmAuth.AuthScheme.EIP712.value,
  USER_ADDRESS_EIP4361_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
+ USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
 }
 
 
@@ -90,6 +92,10 @@ def _resolve_user_address(user_address_context_variable, **context) -> ChecksumA
  _resolve_user_address,
  user_address_context_variable=USER_ADDRESS_EIP4361_CONTEXT,
  ),
+ USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: partial(
+ _resolve_user_address,
+ user_address_context_variable=USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
+ ),
 }
 
 

diff --git a/tests/unit/conditions/test_context.py b/tests/unit/conditions/test_context.py
@@ -8,6 +8,7 @@
 from nucypher.policy.conditions.context import (
  USER_ADDRESS_EIP712_CONTEXT,
  USER_ADDRESS_EIP4361_CONTEXT,
+ USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
  USER_ADDRESS_SCHEMES,
  _resolve_context_variable,
  _resolve_user_address,
@@ -136,16 +137,18 @@ def test_user_address_context_invalid_typed_data(
  [
  USER_ADDRESS_EIP712_CONTEXT,
  USER_ADDRESS_EIP4361_CONTEXT,
+ USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
  ],
  [
  EvmAuth.AuthScheme.EIP4361.value,
  EvmAuth.AuthScheme.EIP712.value,
+ EvmAuth.AuthScheme.EIP712.value,
  ],
  )
  ),
  indirect=["valid_user_address_auth_message"],
 )
-def test_user_address_context_unexpected_scheme_data(
+def test_user_address_context_variable_with_incompatible_auth_message(
  context_variable_name, valid_user_address_auth_message
 ):
  # scheme in message is unexpected for context variable name