eth.sign is replaced with eth.personal.sign

cvat-core/src/api-implementation.js

@@ -61,7 +61,6 @@
             lastName,
             email,
             walletAddress,
-            hashedEmail,
             signedEmail,
             userConfirmations,
         ) => {
@@ -71,16 +70,15 @@
                 lastName,
                 email,
                 walletAddress,
-                hashedEmail,
                 signedEmail,
                 userConfirmations,
             );
 
             return new User(user);
         };
 
-        cvat.server.login.implementation = async (email, walletAddress, hashedEmail, signedEmail) => {
-            await serverProxy.server.login(email, walletAddress, hashedEmail, signedEmail);
+        cvat.server.login.implementation = async (email, walletAddress, signedEmail) => {
+            await serverProxy.server.login(email, walletAddress, signedEmail);
         };
 
         cvat.server.logout.implementation = async () => {

cvat-core/src/api.js

@@ -123,31 +123,20 @@ function build() {
              * @param {string} lastName A last name for the new account
              * @param {string} email A email address for the new account
              * @param {string} walletAddress A wallet address for the new account
-             * @param {string} hashedEmail A hashed email for the new account
              * @param {string} signedEmail The signed email password for the new account
              * @param {Object} userConfirmations An user confirmations of terms of use if needed
              * @returns {Object} response data
              * @throws {module:API.cvat.exceptions.PluginError}
              * @throws {module:API.cvat.exceptions.ServerError}
              */
-            async register(
-                username,
-                firstName,
-                lastName,
-                email,
-                walletAddress,
-                hashedEmail,
-                signedEmail,
-                userConfirmations,
-            ) {
+            async register(username, firstName, lastName, email, walletAddress, signedEmail, userConfirmations) {
                 const result = await PluginRegistry.apiWrapper(
                     cvat.server.register,
                     username,
                     firstName,
                     lastName,
                     email,
                     walletAddress,
-                    hashedEmail,
                     signedEmail,
                     userConfirmations,
                 );
@@ -160,19 +149,12 @@ function build() {
              * @memberof module:API.cvat.server
              * @param {string} email An email of an account
              * @param {string} walletAddress A wallet address of an account
-             * @param {string} hashedEmail A hashed email of an account
              * @param {string} signedEmail The signed email password of an account
              * @throws {module:API.cvat.exceptions.PluginError}
              * @throws {module:API.cvat.exceptions.ServerError}
              */
-            async login(email, walletAddress, hashedEmail, signedEmail) {
-                const result = await PluginRegistry.apiWrapper(
-                    cvat.server.login,
-                    email,
-                    walletAddress,
-                    hashedEmail,
-                    signedEmail,
-                );
+            async login(email, walletAddress, signedEmail) {
+                const result = await PluginRegistry.apiWrapper(cvat.server.login, email, walletAddress, signedEmail);
                 return result;
             },
             /**

cvat-core/src/server-proxy.js

@@ -195,16 +195,7 @@
                 return response.data;
             }
 
-            async function register(
-                username,
-                firstName,
-                lastName,
-                email,
-                walletAddress,
-                hashedEmail,
-                signedEmail,
-                confirmations,
-            ) {
+            async function register(username, firstName, lastName, email, walletAddress, signedEmail, confirmations) {
                 let response = null;
                 try {
                     const data = JSON.stringify({
@@ -213,7 +204,6 @@
                         last_name: lastName,
                         email,
                         wallet_address: walletAddress,
-                        hashed_email: hashedEmail,
                         signed_email: signedEmail,
                         confirmations,
                     });
@@ -230,11 +220,10 @@
                 return response.data;
             }
 
-            async function login(email, walletAddress, hashedEmail, signedEmail) {
+            async function login(email, walletAddress, signedEmail) {
                 const authenticationData = [
                     `${encodeURIComponent('email')}=${encodeURIComponent(email)}`,
                     `${encodeURIComponent('wallet_address')}=${encodeURIComponent(walletAddress)}`,
-                    `${encodeURIComponent('hashed_email')}=${encodeURIComponent(hashedEmail)}`,
                     `${encodeURIComponent('signed_email')}=${encodeURIComponent(signedEmail)}`,
                 ]
                     .join('&')

cvat-ui/src/actions/auth-actions.ts

@@ -81,15 +81,14 @@ export const registerAsync = (
     dispatch(authActions.register());
 
     try {
-        const { address, hashedEmail, signedEmail } = await connectWallet(email);
+        const { address, signedEmail } = await connectWallet(email);
 
         const user = await cvat.server.register(
             username,
             firstName,
             lastName,
             email,
             address,
-            hashedEmail,
             signedEmail,
             confirmations,
         );
@@ -104,9 +103,9 @@ export const loginAsync = (email: string): ThunkAction => async (dispatch) => {
     dispatch(authActions.login());
 
     try {
-        const { address, hashedEmail, signedEmail } = await connectWallet(email);
+        const { address, signedEmail } = await connectWallet(email);
 
-        await cvat.server.login(email, address, hashedEmail, signedEmail);
+        await cvat.server.login(email, address, signedEmail);
 
         const users = await cvat.users.get({ self: true });
 

cvat-ui/src/utils/web3wallets.ts

@@ -1,22 +1,13 @@
 // Copyright (C) 2021 Intel Corporation
 //
 // SPDX-License-Identifier: MIT
-import * as ethUtil from 'ethereumjs-util';
-
 import Authereum from 'authereum';
 import MewConnect from '@myetherwallet/mewconnect-web-client';
 import WalletConnectProvider from '@walletconnect/web3-provider';
 
 import Web3 from 'web3';
 import Web3Modal from 'web3modal';
 
-function hashPersonalMessage(msg: string): string {
-    const buffer = Buffer.from(msg);
-    const result = ethUtil.hashPersonalMessage(buffer);
-    const hash = ethUtil.bufferToHex(result);
-    return hash;
-}
-
 const providerOptions = {
     mewconnect: {
         package: MewConnect, // required
@@ -55,8 +46,7 @@ export default async function connectWallet(email: string) {
     const accounts = await web3.eth.getAccounts();
 
     const [address] = accounts;
-    const hashedEmail = hashPersonalMessage(email);
-    const signedEmail = await web3.eth.sign(hashedEmail, address);
+    const signedEmail = await web3.eth.personal.sign(email, address);
 
-    return { address, hashedEmail, signedEmail };
+    return { address, signedEmail };
 }

cvat/apps/authentication/models.py

@@ -13,19 +13,19 @@ class User(AbstractUser):
    password = None
 
    def get_session_auth_hash(self):
-       return ''
-        # """
-        # Return an HMAC of the password field.
-        # """
-        # key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
-        # return salted_hmac(
-        #     key_salt,
-        #     self.email,
-        #     # RemovedInDjango40Warning: when the deprecation ends, replace
-        #     # with:
-        #     # algorithm='sha256',
-        #     algorithm=settings.DEFAULT_HASHING_ALGORITHM,
-        # ).hexdigest()
+       # TODO: rework this temporary solution
+        """
+        Return an HMAC of the email field.
+        """
+        key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
+        return salted_hmac(
+            key_salt,
+            self.email,
+            # RemovedInDjango40Warning: when the deprecation ends, replace
+            # with:
+            # algorithm='sha256',
+            algorithm=settings.DEFAULT_HASHING_ALGORITHM,
+        ).hexdigest()
 
 class WalletToUser(models.Model):
     user = models.ForeignKey(User, null=True, blank=True,

cvat/apps/authentication/serializers.py

@@ -20,7 +20,6 @@ class RegisterSerializerEx(RegisterSerializer):
     last_name = serializers.CharField(required=False)
     wallet_address = serializers.CharField(write_only=True, required=True)
     signed_email = serializers.CharField(write_only=True, required=True)
-    hashed_email = serializers.CharField(write_only=True, required=True)
     password1 = None
     password2 = None
 
@@ -31,7 +30,7 @@ def validate_password1(self, password):
         pass
 
     def validate(self, data):
-        validate_user_wallet_address(data['wallet_address'], data['hashed_email'], data['signed_email'])
+        validate_user_wallet_address(data['wallet_address'], data['email'], data['signed_email'])
         return data
 
     def get_cleaned_data(self):

cvat/apps/authentication/utils.py

@@ -3,9 +3,11 @@
 # SPDX-License-Identifier: MIT
 
 from web3.auto import w3
+from eth_account.messages import encode_defunct
 
-def validate_user_wallet_address(wallet_address, hashed_email, signed_email):
-    signer = w3.eth.account.recoverHash(hashed_email, signature=signed_email)
+def validate_user_wallet_address(wallet_address, email, signed_email):
+    message_hash = encode_defunct(text=email)
+    signer = w3.eth.account.recover_message(message_hash, signature=signed_email)
 
     assert wallet_address == signer