def test_read_challenge_transaction_fee_bump_transaction_raise(self):
inner_keypair = Keypair.from_secret(
"SBKTIFHJSS3JJWEZO2W74DZSA45WZU56LOL3AY7GAW63BXPEJQFYV53E"
)
inner_source = Account(inner_keypair.public_key, 7)
destination = "GDQERENWDDSQZS7R7WKHZI3BSOYMV3FSWR7TFUYFTKQ447PIX6NREOJM"
amount = "2000.0000000"
inner_tx = (
TransactionBuilder(
inner_source, Network.TESTNET_NETWORK_PASSPHRASE, 200, v1=True
)
.append_payment_op(destination=destination, amount=amount, asset_code="XLM")
.add_time_bounds(0, 0)
.build()
)
inner_tx.sign(inner_keypair)
fee_source = Keypair.from_secret(
"SB7ZMPZB3YMMK5CUWENXVLZWBK4KYX4YU5JBXQNZSK2DP2Q7V3LVTO5V"
)
base_fee = 200
fee_bump_tx = TransactionBuilder.build_fee_bump_transaction(
fee_source.public_key,
base_fee,
inner_tx,
Network.TESTNET_NETWORK_PASSPHRASE,
)
fee_bump_tx.sign(fee_source)
challenge = fee_bump_tx.to_xdr()
with pytest.raises(
ValueError,
match="Invalid challenge, expected a TransactionEnvelope but received a FeeBumpTransactionEnvelope.",
):
read_challenge_transaction(
challenge, inner_keypair.public_key, Network.TESTNET_NETWORK_PASSPHRASE
)
def example_verify_challenge_tx_threshold():
# Server builds challenge transaction
challenge_tx = build_challenge_transaction(
server_keypair.secret, client_master_keypair.public_key, home_domain,
web_auth_domain, network_passphrase, 300)
# Client reads and signs challenge transaction
tx, tx_client_account_id, _ = read_challenge_transaction(
challenge_tx, server_keypair.public_key, home_domain, web_auth_domain,
network_passphrase)
if tx_client_account_id != client_master_keypair.public_key:
print("Error: challenge tx is not for expected client account")
return
tx.sign(client_signer_keypair1)
tx.sign(client_signer_keypair2)
signed_challenge_tx = tx.to_xdr()
# Server verifies signed challenge transaction
_, tx_client_account_id, _ = read_challenge_transaction(
challenge_tx, server_keypair.public_key, home_domain, web_auth_domain,
network_passphrase)
client_account_exists = False
horizon_client_account = None
try:
horizon_client_account = server.load_account(
client_master_keypair.public_key)
client_account_exists = True
except NotFoundError:
print("Account does not exist, use master key to verify")
if client_account_exists:
# gets list of signers from account
signers = horizon_client_account.load_ed25519_public_key_signers()
# chooses the threshold to require: low, med or high
threshold = horizon_client_account.thresholds.med_threshold
try:
signers_found = verify_challenge_transaction_threshold(
signed_challenge_tx, server_keypair.public_key, home_domain,
web_auth_domain, network_passphrase, threshold, signers)
except InvalidSep10ChallengeError as e:
print("You should handle possible exceptions:")
print(e)
return
print("Client Signers Verified:")
for signer in signers_found:
print("Signer: {}, weight: {}".format(signer.account_id,
signer.weight))
else:
# verifies that master key has signed challenge transaction
try:
verify_challenge_transaction_signed_by_client_master_key(
signed_challenge_tx, server_keypair.public_key, home_domain,
web_auth_domain, network_passphrase)
print("Client Master Key Verified.")
except InvalidSep10ChallengeError as e:
print("You should handle possible exceptions:")
print(e)
def _generate_jwt(envelope_xdr: str) -> str:
"""
Generates the JSON web token from the challenge transaction XDR.
See: https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#token
"""
issued_at = time.time()
transaction_envelope, source_account, _ = read_challenge_transaction(
challenge_transaction=envelope_xdr,
server_account_id=settings.SIGNING_KEY,
home_domains=settings.SEP10_HOME_DOMAINS,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
logger.info(
f"Challenge verified, generating SEP-10 token for account {source_account}"
)
hash_hex = binascii.hexlify(transaction_envelope.hash()).decode()
jwt_dict = {
"iss": os.path.join(settings.HOST_URL, "auth"),
"sub": source_account,
"iat": issued_at,
"exp": issued_at + 24 * 60 * 60,
"jti": hash_hex,
}
encoded_jwt = jwt.encode(jwt_dict,
settings.SERVER_JWT_KEY,
algorithm="HS256")
return encoded_jwt.decode("ascii")
def test_get_client_attribution_optional_not_allowed_client_domain(
mock_fetch_stellar_toml, client):
kp = Keypair.random()
response = client.get(AUTH_PATH, {
"account": kp.public_key,
"client_domain": "test.com"
})
content = response.json()
assert response.status_code == 200, json.dumps(content, indent=2)
challenge, _, _ = read_challenge_transaction(
challenge_transaction=content["transaction"],
server_account_id=settings.SIGNING_KEY,
home_domains=urlparse(settings.HOST_URL).netloc,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
assert content["network_passphrase"] == settings.STELLAR_NETWORK_PASSPHRASE
mock_fetch_stellar_toml.assert_not_called()
client_domain = None
client_domain_signing_key = None
for op in challenge.transaction.operations:
if isinstance(op, ManageData) and op.data_name == "client_domain":
client_domain = op.data_value.decode()
client_domain_signing_key = op.source
assert client_domain is None
assert client_domain_signing_key is None
def _generate_jwt(envelope_xdr: str, client_domain: str = None) -> str:
"""
Generates the JSON web token from the challenge transaction XDR.
See: https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#token
"""
transaction_envelope, source_account, _ = read_challenge_transaction(
challenge_transaction=envelope_xdr,
server_account_id=settings.SIGNING_KEY,
home_domains=settings.SEP10_HOME_DOMAINS,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
logger.info(
f"Challenge verified, generating SEP-10 token for account {source_account}"
)
# set iat value to minimum timebound of the challenge so that the JWT returned
# for a given challenge is always the same.
# https://github.com/stellar/stellar-protocol/pull/982
issued_at = transaction_envelope.transaction.time_bounds.min_time
jwt_dict = {
"iss": os.path.join(settings.HOST_URL, "auth"),
"sub": source_account,
"iat": issued_at,
"exp": issued_at + 24 * 60 * 60,
"jti": transaction_envelope.hash().hex(),
"client_domain": client_domain,
}
encoded_jwt = jwt.encode(jwt_dict,
settings.SERVER_JWT_KEY,
algorithm="HS256")
return encoded_jwt.decode("ascii")
def _validate_challenge_xdr(envelope_xdr: str):
"""
Validate the provided TransactionEnvelope XDR (base64 string).
If the source account of the challenge transaction exists, verify the weight
of the signers on the challenge are signers for the account and the medium
threshold on the account is met by those signers.
If the source account does not exist, verify that the keypair used as the
source for the challenge transaction has signed the challenge. This is
sufficient because newly created accounts have their own keypair as signer
with a weight greater than the default thresholds.
"""
server_key = settings.SIGNING_KEY
net = settings.STELLAR_NETWORK_PASSPHRASE
logger.info("Validating challenge transaction")
try:
tx_envelope, account_id = read_challenge_transaction(
envelope_xdr, server_key, DOMAIN_NAME, net)
except InvalidSep10ChallengeError as e:
err_msg = f"Error while validating challenge: {str(e)}"
logger.error(err_msg)
raise ValueError(err_msg)
try:
account = settings.HORIZON_SERVER.load_account(account_id)
except NotFoundError:
logger.warning(
"Account does not exist, using client's master key to verify")
try:
verify_challenge_transaction_signed_by_client_master_key(
envelope_xdr, server_key, DOMAIN_NAME, net)
if len(tx_envelope.signatures) != 2:
raise InvalidSep10ChallengeError(
"There is more than one client signer on a challenge "
"transaction for an account that doesn't exist")
except InvalidSep10ChallengeError as e:
logger.info(
f"Missing or invalid signature(s) for {account_id}: {str(e)}"
)
raise ValueError(str(e))
else:
logger.info("Challenge verified using client's master key")
return
signers = account.load_ed25519_public_key_signers()
threshold = account.thresholds.med_threshold
try:
signers_found = verify_challenge_transaction_threshold(
envelope_xdr, server_key, DOMAIN_NAME, net, threshold, signers)
except InvalidSep10ChallengeError as e:
logger.info(str(e))
raise ValueError(str(e))
logger.info(
f"Challenge verified using account signers: {signers_found}")
def _check_server_transaction(transaction_xdr, anchor_name):
LOGGER.info("Validating challenge transaction")
try:
transaction_envelope, account_id = read_challenge_transaction(
transaction_xdr,
anchor_name['SIGNING_KEY'],
_get_network_passphrase(),
)
except InvalidSep10ChallengeError as error:
raise ValueError(error)
return transaction_envelope
def test_get_success(client):
kp = Keypair.random()
response = client.get(AUTH_PATH, {"account": kp.public_key})
content = response.json()
assert response.status_code == 200, json.dumps(content, indent=2)
challenge, _, _ = read_challenge_transaction(
challenge_transaction=content["transaction"],
server_account_id=settings.SIGNING_KEY,
home_domains=urlparse(settings.HOST_URL).netloc,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
assert content["network_passphrase"] == settings.STELLAR_NETWORK_PASSPHRASE
def test_read_challenge_transaction_mux_server_id_raise(self):
server_kp = Keypair.random()
client_account_id = "GBDIT5GUJ7R5BXO3GJHFXJ6AZ5UQK6MNOIDMPQUSMXLIHTUNR2Q5CFNF"
timeout = 600
network_passphrase = Network.TESTNET_NETWORK_PASSPHRASE
anchor_name = "SDF"
challenge = build_challenge_transaction(
server_secret=server_kp.secret,
client_account_id=client_account_id,
anchor_name=anchor_name,
network_passphrase=network_passphrase,
timeout=timeout,
)
with pytest.raises(
ValueError,
match=
"Invalid server_account_id, multiplexed account are not supported.",
):
read_challenge_transaction(
challenge,
"MAAAAAAAAAAAJURAAB2X52XFQP6FBXLGT6LWOOWMEXWHEWBDVRZ7V5WH34Y22MPFBHUHY",
network_passphrase,
)
def test_get_success_client_attribution_is_allowed(mock_fetch_stellar_toml,
client):
client_kp = Keypair.random()
client_domain_kp = Keypair.random()
request_client_domain = "test.com"
mock_fetch_stellar_toml.return_value = {
"SIGNING_KEY": client_domain_kp.public_key
}
response = client.get(
AUTH_PATH,
{
"account": client_kp.public_key,
"client_domain": request_client_domain
},
)
content = response.json()
assert response.status_code == 200, json.dumps(content, indent=2)
challenge, _, _ = read_challenge_transaction(
challenge_transaction=content["transaction"],
server_account_id=settings.SIGNING_KEY,
home_domains=urlparse(settings.HOST_URL).netloc,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
assert content["network_passphrase"] == settings.STELLAR_NETWORK_PASSPHRASE
mock_fetch_stellar_toml.assert_called_once()
args, kwargs = mock_fetch_stellar_toml.call_args
assert args[0] == request_client_domain
assert isinstance(kwargs.get("client"), RequestsClient)
assert (kwargs["client"].request_timeout ==
settings.SEP10_CLIENT_ATTRIBUTION_REQUEST_TIMEOUT)
client_domain = None
client_domain_signing_key = None
for op in challenge.transaction.operations:
if isinstance(op, ManageData) and op.data_name == "client_domain":
client_domain = op.data_value.decode()
client_domain_signing_key = op.source
assert client_domain == request_client_domain
assert client_domain_signing_key == client_domain_kp.public_key
def _validate_challenge_xdr(envelope_xdr: str):
"""
Validate the provided TransactionEnvelope XDR (base64 string).
If the source account of the challenge transaction exists, verify the weight
of the signers on the challenge are signers for the account and the medium
threshold on the account is met by those signers.
If the source account does not exist, verify that the keypair used as the
source for the challenge transaction has signed the challenge. This is
sufficient because newly created accounts have their own keypair as signer
with a weight greater than the default thresholds.
"""
logger.info("Validating challenge transaction")
generic_err_msg = gettext("error while validating challenge: %s")
try:
tx_envelope, account_id, _ = read_challenge_transaction(
challenge_transaction=envelope_xdr,
server_account_id=settings.SIGNING_KEY,
home_domains=settings.SEP10_HOME_DOMAINS,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
except InvalidSep10ChallengeError as e:
return None, render_error_response(generic_err_msg % (str(e)))
client_domain = None
for operation in tx_envelope.transaction.operations:
if (isinstance(operation, ManageData)
and operation.data_name == "client_domain"):
client_domain = operation.data_value.decode()
break
try:
account = settings.HORIZON_SERVER.load_account(account_id)
except NotFoundError:
logger.info(
"Account does not exist, using client's master key to verify")
try:
verify_challenge_transaction_signed_by_client_master_key(
challenge_transaction=envelope_xdr,
server_account_id=settings.SIGNING_KEY,
home_domains=settings.SEP10_HOME_DOMAINS,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
)
if (client_domain and len(tx_envelope.signatures) != 3) or (
not client_domain
and len(tx_envelope.signatures) != 2):
raise InvalidSep10ChallengeError(
gettext(
"There is more than one client signer on a challenge "
"transaction for an account that doesn't exist"))
except InvalidSep10ChallengeError as e:
logger.info(
f"Missing or invalid signature(s) for {account_id}: {str(e)}"
)
return None, render_error_response(generic_err_msg % (str(e)))
else:
logger.info("Challenge verified using client's master key")
return client_domain, None
signers = account.load_ed25519_public_key_signers()
threshold = account.thresholds.med_threshold
try:
signers_found = verify_challenge_transaction_threshold(
challenge_transaction=envelope_xdr,
server_account_id=settings.SIGNING_KEY,
home_domains=settings.SEP10_HOME_DOMAINS,
web_auth_domain=urlparse(settings.HOST_URL).netloc,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE,
threshold=threshold,
signers=signers,
)
except InvalidSep10ChallengeError as e:
return None, render_error_response(generic_err_msg % (str(e)))
logger.info(
f"Challenge verified using account signers: {[s.account_id for s in signers_found]}"
)
return client_domain, None
