Revert "Safely handle authentication requests (#1028)"

This reverts commit 425d586. This seems to be causing some issues with some dapps due to the fact that we're less lenient about what we accept.
dfinity · Nov 23, 2022 · b3f5962 · b3f5962
1 parent c2eaaac
commit b3f5962
Showing 1 changed file with 6 additions and 59 deletions.
diff --git a/src/frontend/src/flows/authenticate/postMessageInterface.ts b/src/frontend/src/flows/authenticate/postMessageInterface.ts
@@ -4,7 +4,6 @@ import { Principal } from "@dfinity/principal";
 import { fetchDelegation } from "./fetchDelegation";
 import { LoginData } from "../login/flowResult";
 import { validateDerivationOrigin } from "./validateDerivationOrigin";
-import { hasOwnProperty } from "../../utils/utils";
 
 export interface Delegation {
   delegation: {
@@ -37,56 +36,6 @@ export interface AuthRequest {
   derivationOrigin?: string;
 }
 
-/** Try to read unknown data as authentication request */
-const asAuthRequest = (msg: unknown): AuthRequest | undefined => {
-  if (typeof msg !== "object") {
-    return undefined;
-  }
-
-  if (msg === null) {
-    return undefined;
-  }
-
-  // Some extra conversions to take typescript by the hand
-  // eslint-disable-next-line
-  const tmp: {} = msg;
-  const obj: Record<string, unknown> = tmp;
-
-  if (!hasOwnProperty(obj, "kind") || obj.kind !== "authorize-client") {
-    return undefined;
-  }
-
-  if (
-    !hasOwnProperty(obj, "sessionPublicKey") ||
-    !(obj.sessionPublicKey instanceof Uint8Array)
-  ) {
-    return undefined;
-  }
-
-  const maxTimeToLive = obj.maxTimeToLive;
-  if (
-    typeof maxTimeToLive !== "undefined" &&
-    typeof maxTimeToLive !== "bigint"
-  ) {
-    return undefined;
-  }
-
-  const derivationOrigin = obj.derivationOrigin;
-  if (
-    typeof derivationOrigin !== "undefined" &&
-    typeof derivationOrigin !== "string"
-  ) {
-    return undefined;
-  }
-
-  return {
-    kind: obj.kind,
-    sessionPublicKey: obj.sessionPublicKey,
-    maxTimeToLive,
-    derivationOrigin,
-  };
-};
-
 /**
  * The postMessage-based authentication protocol.
  */
@@ -170,23 +119,21 @@ export async function authenticationProtocol({
 const waitForAuthRequest = (): Promise<AuthContext> =>
   new Promise<AuthContext>((resolve) => {
     const eventHandler = async (event: MessageEvent) => {
-      const message: unknown = event.data; // Drop assumptions about event.data (an 'any')
-      const authRequest = asAuthRequest(message);
-      if (authRequest !== undefined) {
+      const message = event.data;
+      if (message.kind === "authorize-client") {
         window.removeEventListener("message", eventHandler);
         console.log(
-          `Handling authorize-client request ${JSON.stringify(
-            authRequest,
-            (_, v) => (typeof v === "bigint" ? v.toString() : v)
+          `Handling authorize-client request ${JSON.stringify(message, (_, v) =>
+            typeof v === "bigint" ? v.toString() : v
           )}`
         );
         resolve({
-          authRequest,
+          authRequest: message,
           requestOrigin: event.origin,
         });
       } else {
         console.warn(
-          `Bad authentication request received: ${JSON.stringify(message)}`
+          `Message of unknown kind received: ${JSON.stringify(message)}`
         );
       }
     };