Fix tox, docs

delneg · delneg · commit 8919b9c41f51 · 2018-08-13T10:47:27.000+03:00
Replace jQuery.trim in scatterauth.js
Added explanatory gif
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
@@ -77,7 +77,7 @@ Ready to contribute? Here's how to set up `django-scatter-auth` for local develo
 5. When you're done making changes, check that your changes pass flake8 and the
    tests, including testing other Python versions with tox::
 
-        $ flake8 web3auth tests
+        $ flake8 scatterauth tests
         $ python setup.py test
         $ tox
 
@@ -109,4 +109,4 @@ Tips
 
 To run a subset of tests::
 
-    $ python -m unittest tests.test_web3auth
+    $ python -m unittest tests.test_scatterauth
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -3,7 +3,7 @@
 History
 -------
 
-0.1.0 (2018-08-06)
+0.1.0 (2018-08-13)
 ++++++++++++++++++
 
 * First release on PyPi
diff --git a/README.rst b/README.rst
@@ -11,9 +11,9 @@ django-scatter-auth
 .. image:: https://codecov.io/gh/Bearle/django-scatter-auth/branch/master/graph/badge.svg
     :target: https://codecov.io/gh/Bearle/django-scatter-auth
 
-django-scatter-auth is a pluggable Django app that enables login/signup via an Ethereum wallet (a la CryptoKitties). The user authenticates themselves by digitally signing the session key with their wallet's private key.
+django-scatter-auth is a pluggable Django app that enables login/signup via Scatter (EOS extension wallet). The user authenticates themselves by digitally signing the hostname with their wallet's private key.
 
-.. image:: https://github.com/Bearle/django-scatter-auth/blob/master/docs/_static/web3_auth_test.gif?raw=true
+.. image:: https://github.com/Bearle/django-scatter-auth/blob/master/docs/_static/django_scatter_auth_test2.gif?raw=true
 
 Documentation
 -------------
@@ -32,10 +32,10 @@ There is a README file for you to check, also.
 Features
 --------
 
-* Web3 API login, signup
-* Web3 Django forms for signup, login
-* Checks ethereum address validity
-* Uses random token signing as proof of private key posession
+* Scatter API login, signup
+* Scatter Django forms for signup, login
+* Checks signature (validation)
+* Uses hostname signing as proof of private key posession
 * Easy to set up and use (just one click)
 * Custom auth backend
 * VERY customizable - uses Django settings, allows for custom User model
@@ -64,7 +64,7 @@ Set `'scatterauth.backend.ScatterAuthBackend'` as your authentication backend:
     'django.contrib.auth.backends.ModelBackend',
     'scatterauth.backend.ScatterAuthBackend'
     ]
-Set your User model's field to use as ETH address provider:
+Set your User model's field to use as public key storage:
 
 .. code-block:: python
 
@@ -100,26 +100,20 @@ Add some javascript to handle login:
 
 .. code-block:: javascript
 
-    function startLogin() {
-      if (typeof web3 !== 'undefined') {
-        checkWeb3(function (loggedIn) {
-          if (!loggedIn) {
-            alert("Please unlock your web3 provider (probably, Metamask)")
-          } else {
-            var login_url = '{% url 'scatterauth_login_api' %}';
-            web3Login(login_url, console.log, console.log, console.log, console.log, console.log, function (resp) {
-              console.log(resp);
-              window.location.replace(resp.redirect_url);
-            });
-          }
+    var login_url = '{% url 'scatterauth_login_api' %}';
+    document.addEventListener('scatterLoaded', scatterExtension => {
+      console.log('scatter loaded');
+      if (scatter.identity) {
+        console.log("Identity found");
+        loginWithAuthenticate(login_url,console.log,console.log,console.log,console.log, function (resp) {
+          window.location.replace(resp.redirect_url);
         });
-
       } else {
-        alert('web3 missing');
+        console.log('identity not found, have to signup');
       }
-    }
+    });
 
-You can access signup using {% url 'scatterauth_signup' %}.
+You can access signup using {% url 'scatterauth_signup' %} and API signup using {% url 'scatterauth_signup_api' %}.
 
 If you have any questions left, head to the example app https://github.com/Bearle/django-scatter-auth/tree/master/example
 
@@ -128,22 +122,22 @@ If you have any questions left, head to the example app https://github.com/Bearl
 Important details and FAQ
 -------------------------
 
-1. *If you set a custom address field (SCATTERAUTH_USER_PUBKEY_FIELD), it MUST be unique (unique=True).*
+1. *If you set a custom public key field (SCATTERAUTH_USER_PUBKEY_FIELD), it MUST be unique (unique=True).*
 
-This is needed because if it's not, the user can register a new account with the same address as the other one,
+This is needed because if it's not, the user can register a new account with the same public key as the other one,
 meaning that the user can now login as any of those accounts (sometimes being the wrong one).
 
 2. *How do i deal with user passwords or Password is not set*
+
 There should be some code in your project that generates a password using ``User.objects.make_random_password`` and sends it to a user email.
 Or, even better, sends them a 'restore password' link.
 Also, it's possible to copy signup_view to your project, assign it a url, and add the corresponding lines to set some password for a user.
 
-3. *Why do i have to sign a message? It's not needed in MyEtherWallet or other DApps!*
+3. *Why don't i have to sign a message? It's needed in django-web3-auth, how this app is secure?*
 
-The main reason is that when using a DApp, you most likely don't have an account on the website, it's accessible only with web3 (Metamask).
-When using web3 only to sign into user account, it is necessary to prove your identity with a private key (e.g. sign a random message),
-because when we have backend we can't trust any user just by his knowledge of the public address.
-Signed message proves that user possesses the private key, associated with the address.
+This app uses scatter's ``authenticate`` function to handle message signing - hostname being the signed message.
+This means that the user & the client share knowledge of the original message and the server can verify
+client's possession of the private key corresponding to the public key.
 
 
 Running Tests
diff --git a/docs/_static/django_scatter_auth_test2.gif b/docs/_static/django_scatter_auth_test2.gif
diff --git a/docs/index.rst b/docs/index.rst
@@ -3,7 +3,7 @@
    You can adapt this file completely to your liking, but it should at least
    contain the root `toctree` directive.
 
-Welcome to Django-Web3-Auth's documentation!
+Welcome to Django-Scatter-Auth's documentation!
 =================================================================
 
 Contents:
diff --git a/docs/modules.rst b/docs/modules.rst
@@ -1,7 +1,7 @@
-web3auth
-========
+scatterauth
+===========
 
 .. toctree::
    :maxdepth: 4
 
-   web3auth
+   scatterauth
diff --git a/docs/overview.rst b/docs/overview.rst
@@ -2,29 +2,30 @@
 Overview
 ========
 
-Django-web3-auth features 1 view for login (with JSON responses)
+Django-scatter-auth features 1 view for login (with JSON responses)
 and 2 views for Signup (one with JSON responses, and the other - using Django Forms and rendered templates).
 
 It also has 2 forms, SignupForm (rendered) and LoginForm (uses hidden inputs, used to validate data only).
 
-Possible configuration includes customizable address field (``SCATTERAUTH_USER_PUBKEY_FIELD``), additional fields for User model (``SCATTERAUTH_USER_SIGNUP_FIELDS``) and on/off switch for registration (``SCATTERAUTH_SIGNUP_ENABLED``).
-You can read more on that in the Configuration section.
+Possible configuration includes customizable address field (``SCATTERAUTH_USER_PUBKEY_FIELD``), additional fields for User model (``SCATTERAUTH_USER_SIGNUP_FIELDS``),on/off switch for registration (``SCATTERAUTH_SIGNUP_ENABLED``) and domain which will be used for signed message validation (``SCATTERAUTH_DOMAIN``).
+You can read more on that in the Settings section.
+You should also definitely check example app, it features most of the features needed.
 
 Sign up
 -------
 
 The signup process is as follows (signup_view example, signup_api is similar):
 
-1. User heads to the signup URL (``{% url 'web3auth_signup' %}``)
+1. User heads to the signup URL (``{% url 'scatterauth_signup' %}``)
 2. The signup view is rendered with a ``SignupForm`` which includes ``SCATTERAUTH_USER_SIGNUP_FIELDS`` and ``SCATTERAUTH_USER_PUBKEY_FIELD``
 3. The user enters required data and clicks the submit button and the POST request fires to the same URL with ``signup_view``
 4. Signup view does the following:
     4.1. Creates an instance of a ``SignupForm``.
     4.2. Checks if the registration is enabled.
     4.3. If the registration is closed or form has errors, returns form with errors
     4.4 If the form is valid, saves the user without saving to DB
-    4.5. Sets the user address from the form, saves it to DB
-    4.6. Logins the user using ``web3auth.backend.ScatterAuthBackend``
+    4.5. Sets the user public key from the form, saves it to DB
+    4.6. Logins the user using ``scatterauth.backend.ScatterAuthBackend``
     4.7. Redirects the user to ``LOGIN_REDIRECT_URL`` or 'next' in get or post params
 5. The user is signed up and logged in
 
@@ -33,14 +34,11 @@ Login
 
 The login process is as follows (login_api example):
 
-1. On some page of the website, there is Javascript which fires a GET request to the ``{% url 'web3auth_login_api' %}``
-2. The ``login_api`` view returns 32-char length login token
-3. Javascript on the page invites user to sign the token using web3 instance (probably Metamask)
-4. If the token is signed, the signature and address are sent ot he same ``login_api`` view
-5. The view validates signature & address against ``LoginForm`` to check that the token is signed correctly
-6. If the form is valid, the view tries to ``authenticate`` the user with given token,address and signature
-7. If the user is found, the user is signed in and the view responds with a ``redirect_url`` for Javascript to handle
-8. If the user is not found, the corresponding error is returned
-
+1. On some page of the website, there is Javascript which gets the user signature for the website's hostname.
+2. The signature is sent to the login_api url (``{% url 'scatterauth_login_api' %}``) alongside the public key.
+3. The view validates given parameters agains ``LoginForm``
+4. The view validates signature with the given public key, and then tries to ``authenticate`` the user
+5. If the user is found, the user is signed in and the view responds with a ``redirect_url`` for Javascript to handle
+6. If the user is not found, the corresponding error is returned
 
 The Javascript is included in the app, also you can check out example app if you are struggling with logging in the user.
diff --git a/docs/settings.rst b/docs/settings.rst
@@ -4,7 +4,7 @@ Settings
 
 You should specify settings in your settings.py like this::
 
-    SCATTERAUTH_USER_PUBKEY_FIELD = 'address'
+    SCATTERAUTH_USER_PUBKEY_FIELD = 'pubkey'
     SCATTERAUTH_USER_SIGNUP_FIELDS = ['email', 'username']
 
 
@@ -15,23 +15,23 @@ In the above example the following User model is used:
     from django.contrib.auth.models import AbstractUser
     from django.db import models
     from django.utils.translation import ugettext_lazy as _
-    from web3auth.utils import validate_eth_address
 
     class User(AbstractUser):
-        address = models.CharField(max_length=42, verbose_name=_("Ethereum wallet address"), unique=True,
-                               validators=[validate_eth_address], null=True, blank=True)
+        pubkey = models.CharField(max_length=53, verbose_name=_("Public key"), unique=True, null=True, blank=True)
 
         def __str__(self):
             return self.username
 
 Here's a list of available settings:
 
-+--------------------------------+------------+-------------------------------------------------------------------------+
-| Setting                        | Default    | Description                                                             |
-+================================+============+=========================================================================+
-| SCATTERAUTH_SIGNUP_ENABLED        | True       | If False, new users won't be able to sign up (used in ``signup_view``)  |
-+--------------------------------+------------+-------------------------------------------------------------------------+
-| SCATTERAUTH_USER_SIGNUP_FIELDS    | ['email']  | Specifies field to be used in signup form for a new User model          |
-+--------------------------------+------------+-------------------------------------------------------------------------+
-| SCATTERAUTH_USER_PUBKEY_FIELD    | 'username' | Field on the User model, which has ethereum address to check against.   |
-+--------------------------------+------------+-------------------------------------------------------------------------+
++-----------------------------------+------------+-----------------------------------------------------------------------------------------------+
+| Setting                           | Default    | Description                                                                                   |
++===================================+============+===============================================================================================+
+| SCATTERAUTH_SIGNUP_ENABLED        | True       | If False, new users won't be able to sign up (used in ``signup_view``)                        |
++-----------------------------------+------------+-----------------------------------------------------------------------------------------------+
+| SCATTERAUTH_USER_SIGNUP_FIELDS    | ['email']  | Specifies field to be used in signup form for a new User model                                |
++-----------------------------------+------------+-----------------------------------------------------------------------------------------------+
+| SCATTERAUTH_USER_PUBKEY_FIELD     | 'username' | Field on the User model, which has public key to check against.                               |
++-----------------------------------+------------+-----------------------------------------------------------------------------------------------+
+| SCATTERAUTH_DOMAIN                | ''         | Determines what domain to use for signature verification. If '' - request.get_host() is used  |
++-----------------------------------+------------+-----------------------------------------------------------------------------------------------+
diff --git a/scatterauth/static/scatterauth/js/scatterauth.js b/scatterauth/static/scatterauth/js/scatterauth.js
@@ -1,9 +1,16 @@
+function jtrim(text) {
+    var rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;
+    return text == null ?
+        "" :
+        (text + "").replace(rtrim, "");
+}
+
 function getCookie(name) {
     var cookieValue = null;
     if (document.cookie && document.cookie != '') {
         var cookies = document.cookie.split(';');
         for (var i = 0; i < cookies.length; i++) {
-            var cookie = jQuery.trim(cookies[i]);
+            var cookie = jtrim(cookies[i]);
             // Does this cookie string begin with the name we want?
             if (cookie.substring(0, name.length + 1) == (name + '=')) {
                 cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
@@ -102,7 +109,7 @@ function signupWithData(username, email, signup_url, onSignupRequestError, onSig
     request.send(formData);
 }
 
-async function requestIdentity(requiredFields,signup_url, network, onIdentityReject) {
+async function requestIdentity(requiredFields, signup_url, network, onIdentityReject) {
     let identitySettings = {
         personal: requiredFields,
     };
diff --git a/tox.ini b/tox.ini
@@ -9,10 +9,9 @@ setenv =
 commands = coverage run --source scatterauth runtests.py
 deps =
     django-111: Django>=1.11,<1.12
-    django-20: Django>=2.0,<2.1
+    django-20: Django>=2.0,<2.2
     -r{toxinidir}/requirements_test.txt
 basepython =
     py36: python3.6
     py35: python3.5
     py34: python3.4
-    py27: python2.7
