Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: enforces origin url to be verified to produce verify context #5327

Merged
merged 3 commits into from
Sep 5, 2024
Merged

fix: enforces origin url to be verified to produce verify context #5327

merged 3 commits into from
Sep 5, 2024

Conversation

ganchoradkov
Copy link
Member

@ganchoradkov ganchoradkov commented Sep 4, 2024
edited
Loading

Description

  • Added additional check for isVerified jwt payload to ensure only verified urls are presented with verify context
  • Disabled fetching public key on init

Context
https://walletconnect.slack.com/archives/C03TFK9BSGJ/p1725431068942349
https://walletconnect.slack.com/archives/C03TFK9BSGJ/p1725476737367669

Type of change

  • Chore (non-breaking change that addresses non-functional tasks, maintenance, or code quality improvements)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Draft PR (breaking/non-breaking change which needs more work for having a proper functionality [Mark this PR as ready to review only when completely ready])
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

How has this been tested?

reown-com/appkit#2795

Checklist

  • I have performed a self-review of my own code
  • My changes generate no new warnings
  • Any dependent changes have been merged and published in downstream modules

Additional Information (Optional)

Please include any additional information that may be useful for the reviewer.

@arein arein added the accepted label Sep 4, 2024
@ganchoradkov ganchoradkov marked this pull request as ready for review September 5, 2024 08:08
@ganchoradkov ganchoradkov requested a review from Cali93 September 5, 2024 08:10
@ganchoradkov ganchoradkov merged commit df36918 into v2.0 Sep 5, 2024
9 checks passed
@ganchoradkov ganchoradkov deleted the fix/enforce-isVerified-validation branch September 5, 2024 12:24
github-merge-queue bot referenced this pull request in valora-inc/wallet Sep 10, 2024
@renovate
chore(deps): update dependency @walletconnect/react-native-compat to …
75a7463 
…^2.16.0 (#5951)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@walletconnect/react-native-compat](https://redirect.github.com/walletconnect/walletconnect-monorepo)
| [`^2.15.2` ->
`^2.16.0`](https://renovatebot.com/diffs/npm/@walletconnect%2freact-native-compat/2.15.2/2.16.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@walletconnect%2freact-native-compat/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@walletconnect%2freact-native-compat/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@walletconnect%2freact-native-compat/2.15.2/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@walletconnect%2freact-native-compat/2.15.2/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>walletconnect/walletconnect-monorepo
(@&#8203;walletconnect/react-native-compat)</summary>

###
[`v2.16.0`](https://redirect.github.com/WalletConnect/walletconnect-monorepo/releases/tag/2.16.0)

[Compare
Source](https://redirect.github.com/walletconnect/walletconnect-monorepo/compare/2.15.3...2.16.0)

#### What's Changed

- chore: prep for 2.15.3 release by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5331](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5331)
- feat: link mode by
[@&#8203;ignaciosantise](https://redirect.github.com/ignaciosantise) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5141](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5141)

**Full Changelog**:
WalletConnect/walletconnect-monorepo@2.15.3...2.16.0

###
[`v2.15.3`](https://redirect.github.com/WalletConnect/walletconnect-monorepo/releases/tag/2.15.3)

[Compare
Source](https://redirect.github.com/walletconnect/walletconnect-monorepo/compare/2.15.2...2.15.3)

#### What's Changed

- chore: prep for `2.15.2` release by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5319](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5319)
- Fix getVerifyContext when onSessionAuthenticateRequest by
[@&#8203;quetool](https://redirect.github.com/quetool) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5324](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5324)
- fix: avoid deeplinking if document isn't in focus by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5229](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5229)
- fix: enforces origin url to be verified to produce verify context by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5327](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5327)
- feat: auto publish to npm by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5202](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5202)

**Full Changelog**:
WalletConnect/walletconnect-monorepo@2.15.2...2.15.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 5pm,every weekend" in timezone
America/Los_Angeles, Automerge - "after 5pm,every weekend" in timezone
America/Los_Angeles.

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/valora-inc/wallet).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsibnBtIiwicmVub3ZhdGUiXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: valora-bot <[email protected]>
github-merge-queue bot referenced this pull request in valora-inc/wallet Sep 10, 2024
@renovate @jeanregisser
chore(deps): update dependency @walletconnect/utils to ^2.16.0 (#5954)
3af19d4 
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@walletconnect/utils](https://redirect.github.com/walletconnect/walletconnect-monorepo)
| [`^2.15.2` ->
`^2.16.0`](https://renovatebot.com/diffs/npm/@walletconnect%2futils/2.15.2/2.16.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@walletconnect%2futils/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@walletconnect%2futils/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@walletconnect%2futils/2.15.2/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@walletconnect%2futils/2.15.2/2.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>walletconnect/walletconnect-monorepo
(@&#8203;walletconnect/utils)</summary>

###
[`v2.16.0`](https://redirect.github.com/WalletConnect/walletconnect-monorepo/releases/tag/2.16.0)

[Compare
Source](https://redirect.github.com/walletconnect/walletconnect-monorepo/compare/2.15.3...2.16.0)

#### What's Changed

- chore: prep for 2.15.3 release by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5331](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5331)
- feat: link mode by
[@&#8203;ignaciosantise](https://redirect.github.com/ignaciosantise) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5141](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5141)

**Full Changelog**:
WalletConnect/walletconnect-monorepo@2.15.3...2.16.0

###
[`v2.15.3`](https://redirect.github.com/WalletConnect/walletconnect-monorepo/releases/tag/2.15.3)

[Compare
Source](https://redirect.github.com/walletconnect/walletconnect-monorepo/compare/2.15.2...2.15.3)

#### What's Changed

- chore: prep for `2.15.2` release by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5319](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5319)
- Fix getVerifyContext when onSessionAuthenticateRequest by
[@&#8203;quetool](https://redirect.github.com/quetool) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5324](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5324)
- fix: avoid deeplinking if document isn't in focus by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5229](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5229)
- fix: enforces origin url to be verified to produce verify context by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5327](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5327)
- feat: auto publish to npm by
[@&#8203;ganchoradkov](https://redirect.github.com/ganchoradkov) in
[https://github.com/WalletConnect/walletconnect-monorepo/pull/5202](https://redirect.github.com/WalletConnect/walletconnect-monorepo/pull/5202)

**Full Changelog**:
WalletConnect/walletconnect-monorepo@2.15.2...2.15.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 5pm,every weekend" in timezone
America/Los_Angeles, Automerge - "after 5pm,every weekend" in timezone
America/Los_Angeles.

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/valora-inc/wallet).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsibnBtIiwicmVub3ZhdGUiXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jean Regisser <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Cali93 Cali93 Cali93 approved these changes

@chris13524 chris13524 Awaiting requested review from chris13524

Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ganchoradkov @Cali93 @arein