diff --git a/account/src/auth/jwt.rs b/account/src/auth/jwt.rs index 9249330..5147182 100644 --- a/account/src/auth/jwt.rs +++ b/account/src/auth/jwt.rs @@ -16,15 +16,12 @@ static AUD_KEY_MAP: Map<&'static str, &'static str> = phf_map! { // GA - Testnet - Test project "project-test-5ae234a7-6b74-46af-a7b7-969f3df38cc0" => "4ia1pODcj-BPNblyJ1ao1etK0VltRWQEmeoQtHaCWrOES-2BCFbcOBsDDxrXPzkTUK5j15fpMFbg36vDqXiYDNPHTp7WxUrOKOSyONk4gZUd626GZwKJBryMAhU7mBMByO56sLUHdDPajykYIlpHut75gDqipDI5QY9fh_piLh7OMy-MORaWdmkv1zFqLfjAr2GUKFmd7xiUAYTsjDClTTMn1rGskjBF8qPK9jDrPz9SEwN1n7N0JPsJVRqP6m5Yf_l9JWSKarSLbV9O0qMC7Nl0MpBKTw8HTVlwaBWF-5aGbg3dMQl8Cbn4vNUv-pPjrlvrpw2m_r0Gr5N9CBEKFQ;AQAB", // GA - Testnet - Live project - "project-live-7e4a3221-79cd-4f34-ac1d-fedac4bde13e" => "7DEDs11mtM85pjdpELjoNBqBPcPf3rUU7llkoycaUfhlQF3ghMVBrIoVs4ivaBGJiBGBEnM64lKeCMYDaTDa67AUsUIahyBtKTHvZ_tEgOiqX6feWg-z6MsoA7HFoxbIzgwTGEVcFzy5y0BQEqffPstSBLUeZRfh7NGSXbGoo5zXPx1oEgrFtzfpnBgz-OP2rg1JLdycMP3YoKFIu5v2nnRobvlEraXil3ETJ-c6TLcaOctd1T4HSFNk5xy7HqiqMqU4Ixy5HfzC7gJqo1g1ppPrkSY36hpPgtpa6xR161cPr9Acvejqt8LK5xpoeW8oS67r1_m-TkKjTOhKzjbVNw;AQAB", + "project-live-7e4a3221-79cd-4f34-ac1d-fedac4bde13e" => "qm5TbnKO8tCEVdwQK1Zit0_ig2nitUzA4V_m7oePByX1oSMismJOpbgEY2xjLVCMl_JdZOUIBQvaoFx169GS0-PrKEA8sXS-20Dp8rjiEG1hSaHapRfrDPjyN5TvPPp_xNAi8YBpZ5-msK0TZmG13Rcwn9xcu74AVW0PE19s0xWGAeukoaALfgk66RdwA7_C3KKeFkaEk9VpTtVJS7e-H815L2utXaqMC7uf-Qg93l0ifVBqaJj318BdV1dBj4cliMd1k7LlSD_qmcrqYUdggJB5FquVHjSj6-j5SMBne2IzWh4GLMneS_HGoTclRCHsOGi_3BhsjgkaZt6QCLr0_fafWUinJYrnEcIjojFlWuDvzPfoSV3bRefe_IQT4-Ht8fvwVcw5wEDhBiE2lfjHjMyRG-knlM910xnEJjJjxYWbyb_fLW-NVWULFH-L91DhxlXjDwO7hbbMlGlviTcsEa3ahwszNooQ63JJdp96iSA2JgWY6JPvWHG0mNrEU3AC6UMHLUtI2Hpg1ij6tiieFUMvFLvjj7dCozpDnZr2z6msCyTgUAmO3KQHaQ3Rvo2WwyuJPzOJLBnefLZIqZzAOXHAjI_bPTTOte1vPYkfLJxLKncdd-1OCwoLMyWAdCpD4gpIsam3jPhhQfAOio1XI1BXtDMxqIyXtCQD94ycwtU;AQAB", // Exodvs - Test project "project-test-185e9a9f-8bab-42f2-a924-953a59e8ff94" => "sQKkA829tzjU2VA-INHvdrewkbQzjpsMn0PNM7KJaBODbB4ItZM4x1NVSWBiy2DGHkaDDvADRbbq1BZsC1iXVtIYm0AoD7x4QC1w89kp2_s0wmvUOSPiQZlYrgJqRDXirXJZX3MNku2McXbwdyPajDaR4nBBQOoUOF21CHqLDqBHs2R6tHyL80R_8mgueiqQ-4wg6SSVcB_6ZOh59vRcjKr34upKPWGQzvMGCkeTO9whzbIWbA1j-8ykiS63EhjWBZU_sSolsf1ZGq8peVrADDLhOvHtZxCZLKwB46k2kb8GKAWlO4wRP6BDVjzpnea7BsvZ6JwULKg3HisH9gzaiQ;AQAB", "integration-test-project" => "olg7TF3aai-wR4HTDe5oR-WRhEsdW3u-O3IJHl0BiHkmR4MLskHG9HzivWoXsloUBnBMrFNxOH0x5cNMI07oi4PeRbHySiogRW9CXPjJaNlTi-pT_IgKFsyJNXsLyzrnajLkDbQU6pRsHmNeL0hAOUv48rtXv8VVWWN8okJehD2q9N7LHoFAOmIUEPg_VTHTt8K__O-9eMZKN4eMjh_4-sxRX6NXPSPT87XRlrK4GZ4pUdp86K0tOFLhwO4Uj0JkMNfI82eVZ1tAbDlqjd8jFnAb8fWm8wtdaTNbL_AAXmbDhswwJOyrw8fARZIhrXSdKBWa6e4k7sLwTIy-OO8saebnlARsjGst7ZCzmw5KCm2ctEVl3hYhHwyXu_A5rOblMrV3H0G7WqeKMCMVSJ11ssrlsmfVhNIwu1Qlt5GYmPTTJiCgGUGRxZkgDyOyjFNHglYpZamCGyJ9oyofsukEGoqMQ6WzjFi_hjVapzXi7Li-Q0OjEopIUUDDgeUrgjbGY0eiHI6sAz5hoaD0Qjc9e3Hk6-y7VcKCTCAanZOlJV0vJkHB98LBLh9qAoVUei_VaLFe2IcfVlrL_43aXlsHhr_SUQY5pHPlUMbQihE_57dpPRh31qDX_w6ye8dilniP8JmpKM2uIwnJ0x7hfJ45Qa0oLHmrGlzY9wi-RGP0YUk;AQAB", }; -// The average block time of 2 blocks. -const AVERAGE_BLOCK_TIME_OF_TWO_BLOCKS: u64 = 12; - #[derive(Debug, Serialize, Deserialize)] struct Claims { aud: Box<[String]>, // Optional. Audience @@ -94,26 +91,20 @@ pub fn verify( return Err(InvalidToken); } - // complete the time checks - // because the provided time is the completion of the the last block, we add - // the average block time to allow for a more realistic timestamp. this has - // implications for the "not before" and "expiration" timestamps, in that we - // are more forgiving for "not before" and less forgiving for "expiration" - let working_time = ¤t_time.plus_seconds(AVERAGE_BLOCK_TIME_OF_TWO_BLOCKS); - let expiration = Timestamp::from_seconds(claims.exp as u64); - if expiration.lt(working_time) { + // complete the time check + // + // timing in cosmos is unstable to say the least. therefore we have noticed + // that the perceived time in the chain can swing quite a bit, and is almost + // exclusively in the past. Therefore, NBF (not before) checks, which are + // primarily set at time of JWT creation, almost always fail. Knowing this, + // we have decided to only check expiration + let expiration = Timestamp::from_seconds(claims.exp); + if expiration.lt(current_time) { return Err(InvalidTime { current: current_time.seconds(), received: expiration.seconds(), }); } - let not_before = Timestamp::from_seconds(claims.nbf as u64); - if not_before.gt(working_time) { - return Err(InvalidTime { - current: current_time.seconds(), - received: not_before.seconds(), - }); - } // make sure the provided hash matches the one from the tx if tx_hash.eq(&claims.transaction_hash) { Ok(true) diff --git a/account/src/contract.rs b/account/src/contract.rs index 9c45af5..1d1f226 100644 --- a/account/src/contract.rs +++ b/account/src/contract.rs @@ -4,8 +4,9 @@ use cosmwasm_std::{ use absacc::AccountSudoMsg; +use crate::error::ContractError; use crate::execute::{add_auth_method, assert_self, remove_auth_method}; -use crate::msg::ExecuteMsg; +use crate::msg::{ExecuteMsg, MigrateMsg}; use crate::{ error::ContractResult, execute, @@ -68,3 +69,9 @@ pub fn query(deps: Deps, _env: Env, msg: QueryMsg) -> StdResult { } } } + +#[entry_point] +pub fn migrate(_deps: DepsMut, _env: Env, _msg: MigrateMsg) -> Result { + // No state migrations performed, just returned a Response + Ok(Response::default()) +} diff --git a/account/src/msg.rs b/account/src/msg.rs index 210c49f..fd9907f 100644 --- a/account/src/msg.rs +++ b/account/src/msg.rs @@ -23,3 +23,6 @@ pub enum QueryMsg { #[returns(Binary)] AuthenticatorByID { id: u8 }, } + +#[cw_serde] +pub enum MigrateMsg {}