bugFix -- catch claims with different address
BugFix
Merge Request
Related Issue
Resolves #56 (closed)
Description of Bug and Fix
Bug was allowing user, signed in with one eth account, to create a claim that referenced a different eth account.
Bug was tracked to verify method in claim handler, in which existing address check compared address in claim form to address within claim data (e.g., address connected to github gist)...
let gistAddress:string = gist.files[Object.keys(gist.files)[0]].content
if (gistAddress.toLowerCase() !== msg.address.toLowerCase()){
return {
valid: false,
error: 'AddressDoesNotMatchGist'
}
}
However, there was no check to see if address in claim matched the address the user was signed into.
Initial solution attempt involved refactoring the claim handler's verify method to catch these cases. However, this had ripple effects, affecting the call signature of verify method in the Handler abstract class and all other claim handlers, and adding new values to Errors type in each. In addition, address would need to be passed in at all call sites.
async verify(msg: GithubMsg, signedInAddress: string): Promise<Result<Errors>> {
...
if (msg.address.toLowerCase() !== signedInAddress.toLowerCase()) {
return {
valid: false,
error: 'AddressMismatch'
}
}
Solution that was implemented, in the end, turned out to be much simpler -- just add a guard within the handleSubmit function, inside the ClaimForm component.
// app/components/Body/Create/ClaimForm.ts
...
// add a guard to catch any address mismatches
if (inputs.address.value.toLowerCase() !== address.toLowerCase()) {
return console.log('Address in form does not match your signed-in address')
}
...