Merge remote-tracking branch 'origin/feat/remove-modifier' into feat/…

…remove-modifier

packages/contracts/test/EmailAccountRecovery.t.sol

@@ -685,7 +685,7 @@ contract EmailAccountRecoveryTest is StructHelper {
         assertEq(simpleWallet.owner(), deployer);
         assertEq(simpleWallet.newSignerCandidate(), newSigner);
 
-        vm.startPrank(deployer);
+        vm.startPrank(someRelayer);
         vm.warp(4 days);
         simpleWallet.completeRecovery();
         vm.stopPrank();
@@ -704,7 +704,7 @@ contract EmailAccountRecoveryTest is StructHelper {
         assertEq(simpleWallet.owner(), deployer);
         assertEq(simpleWallet.newSignerCandidate(), address(0x0));
 
-        vm.startPrank(deployer);
+        vm.startPrank(someRelayer);
         vm.warp(4 days);
         vm.expectRevert(bytes("recovery not in progress"));
         simpleWallet.completeRecovery();
@@ -726,7 +726,7 @@ contract EmailAccountRecoveryTest is StructHelper {
 
         vm.warp(0);
 
-        vm.startPrank(deployer);
+        vm.startPrank(someRelayer);
         vm.expectRevert(bytes("timelock not expired"));
         simpleWallet.completeRecovery();
         vm.stopPrank();

packages/relayer/src/core.rs

@@ -28,14 +28,6 @@ pub async fn handle_email<P: EmailsPool>(
     trace!(LOG, "From address: {}", guardian_email_addr; "func" => function_name!());
     let subject = parsed_email.get_subject_all()?;
 
-    let account_code_str = db
-        .get_invitation_code_from_email_addr(&guardian_email_addr)
-        .await?
-        .ok_or(anyhow!(
-            "The user of email address {} is not registered.",
-            guardian_email_addr
-        ))?;
-
     let request_decomposed_def =
         serde_json::from_str(include_str!("./regex_json/request_def.json"))?;
     let request_idxes = extract_substr_idxes(&email, &request_decomposed_def)?;
@@ -44,17 +36,32 @@ pub async fn handle_email<P: EmailsPool>(
     }
     info!(LOG, "Request idxes: {:?}", request_idxes; "func" => function_name!());
     let request_id = &email[request_idxes[0].0..request_idxes[0].1];
-    let request_id_u64 = request_id
-        .parse::<u64>()
+    let request_id_u32 = request_id
+        .parse::<u32>()
         .map_err(|e| anyhow!("Failed to parse request_id to u64: {}", e))?;
-    let request_record = db.get_request(request_id_u64).await?;
+    let request_record = db.get_request(request_id_u32).await?;
     if request_record.is_none() {
         return Ok(EmailAuthEvent::Error {
             email_addr: guardian_email_addr,
             error: format!("Request {} not found", request_id),
         });
     }
     let request = request_record.unwrap();
+    if request.guardian_email_addr != guardian_email_addr {
+        return Err(anyhow!(
+            "Guardian email address in the request {} is not equal to the one in the email {}",
+            request.guardian_email_addr,
+            guardian_email_addr
+        ));
+    }
+    let account_code_str = db
+        .get_account_code_from_wallet_and_email(&request.wallet_eth_addr, &guardian_email_addr)
+        .await?
+        .ok_or(anyhow!(
+            "The user of the wallet address {} and the email address {} is not registered.",
+            request.wallet_eth_addr,
+            guardian_email_addr
+        ))?;
     check_and_update_dkim(
         &email,
         &parsed_email,
@@ -155,7 +162,7 @@ pub async fn handle_email<P: EmailsPool>(
                         is_set: true,
                     };
 
-                    db.update_credentials(&creds).await?;
+                    db.update_credentials_of_account_code(&creds).await?;
 
                     let updated_request = Request {
                         wallet_eth_addr: request.wallet_eth_addr.clone(),
@@ -176,7 +183,7 @@ pub async fn handle_email<P: EmailsPool>(
                     Ok(EmailAuthEvent::AcceptanceSuccess {
                         wallet_eth_addr: request.wallet_eth_addr,
                         guardian_email_addr,
-                        request_id: request_id_u64,
+                        request_id: request_id_u32,
                     })
                 }
                 Ok(false) => {
@@ -296,7 +303,7 @@ pub async fn handle_email<P: EmailsPool>(
                     Ok(EmailAuthEvent::RecoverySuccess {
                         wallet_eth_addr: request.wallet_eth_addr,
                         guardian_email_addr,
-                        request_id: request_id_u64,
+                        request_id: request_id_u32,
                     })
                 }
                 Ok(false) => {
@@ -418,7 +425,7 @@ pub async fn handle_email<P: EmailsPool>(
                     Ok(EmailAuthEvent::RecoverySuccess {
                         wallet_eth_addr: request.wallet_eth_addr,
                         guardian_email_addr,
-                        request_id: request_id_u64,
+                        request_id: request_id_u32,
                     })
                 }
                 Ok(false) => {

packages/relayer/src/database.rs

@@ -12,7 +12,7 @@ pub struct Credentials {
 
 #[derive(Debug, Clone)]
 pub struct Request {
-    pub request_id: u64,
+    pub request_id: u32,
     pub wallet_eth_addr: String,
     pub guardian_email_addr: String,
     pub is_for_recovery: bool,
@@ -96,20 +96,27 @@ impl Database {
         }
     }
 
-    pub(crate) async fn is_email_registered(&self, email_addr: &str) -> bool {
-        let row = sqlx::query("SELECT * FROM credentials WHERE guardian_email_addr = $1")
-            .bind(email_addr)
-            .fetch_optional(&self.db)
-            .await
-            .unwrap();
+    pub(crate) async fn is_wallet_and_email_registered(
+        &self,
+        wallet_eth_addr: &str,
+        email_addr: &str,
+    ) -> bool {
+        let row = sqlx::query(
+            "SELECT * FROM credentials WHERE wallet_eth_addr = $1 AND guardian_email_addr = $2",
+        )
+        .bind(wallet_eth_addr)
+        .bind(email_addr)
+        .fetch_optional(&self.db)
+        .await
+        .unwrap();
 
         match row {
             Some(_) => true,
             None => false,
         }
     }
 
-    pub(crate) async fn update_credentials(&self, row: &Credentials) -> Result<()> {
+    pub(crate) async fn update_credentials_of_account_code(&self, row: &Credentials) -> Result<()> {
         let res = sqlx::query("UPDATE credentials SET wallet_eth_addr = $1, guardian_email_addr = $2, is_set = $3 WHERE account_code = $4")
             .bind(&row.wallet_eth_addr)
             .bind(&row.guardian_email_addr)
@@ -120,6 +127,20 @@ impl Database {
         Ok(())
     }
 
+    pub(crate) async fn update_credentials_of_wallet_and_email(
+        &self,
+        row: &Credentials,
+    ) -> Result<()> {
+        let res = sqlx::query("UPDATE credentials SET account_code = $1, is_set = $2 WHERE wallet_eth_addr = $3, guardian_email_addr = $4")
+            .bind(&row.account_code)
+            .bind(row.is_set)
+            .bind(&row.wallet_eth_addr)
+            .bind(&row.guardian_email_addr)
+            .execute(&self.db)
+            .await?;
+        Ok(())
+    }
+
     #[named]
     pub(crate) async fn insert_credentials(&self, row: &Credentials) -> Result<()> {
         info!(LOG, "insert row {:?}", row; "func" => function_name!());
@@ -155,7 +176,7 @@ impl Database {
     }
 
     #[named]
-    pub(crate) async fn get_request(&self, request_id: u64) -> Result<Option<Request>> {
+    pub(crate) async fn get_request(&self, request_id: u32) -> Result<Option<Request>> {
         let row = sqlx::query("SELECT * FROM requests WHERE request_id = $1")
             .bind(request_id as i64)
             .fetch_optional(&self.db)
@@ -173,7 +194,7 @@ impl Database {
                 let email_nullifier: Option<String> = row.get("email_nullifier");
                 let account_salt: Option<String> = row.get("account_salt");
                 let requests_row = Request {
-                    request_id: request_id as u64,
+                    request_id: request_id as u32,
                     wallet_eth_addr,
                     guardian_email_addr,
                     is_for_recovery,
@@ -206,14 +227,18 @@ impl Database {
         Ok(())
     }
 
-    pub(crate) async fn get_invitation_code_from_email_addr(
+    pub(crate) async fn get_account_code_from_wallet_and_email(
         &self,
+        wallet_eth_addr: &str,
         email_addr: &str,
     ) -> Result<Option<String>> {
-        let row = sqlx::query("SELECT * FROM credentials WHERE guardian_email_addr = $1")
-            .bind(email_addr)
-            .fetch_optional(&self.db)
-            .await?;
+        let row = sqlx::query(
+            "SELECT * FROM credentials WHERE wallet_eth_addr = $1 AND guardian_email_addr = $2",
+        )
+        .bind(wallet_eth_addr)
+        .bind(email_addr)
+        .fetch_optional(&self.db)
+        .await?;
 
         match row {
             Some(row) => {

packages/relayer/src/modules/email_client/mail.rs

@@ -1,7 +1,4 @@
-use crate::{
-    error, render_html, EmailForwardSender,
-    EmailMessage, Future, Result, LOG,
-};
+use crate::{error, render_html, EmailForwardSender, EmailMessage, Future, Result, LOG};
 
 use std::pin::Pin;
 
@@ -10,7 +7,7 @@ pub enum EmailAuthEvent {
     AcceptanceRequest {
         wallet_eth_addr: String,
         guardian_email_addr: String,
-        request_id: u64,
+        request_id: u32,
         subject: String,
         account_code: String,
     },
@@ -25,18 +22,18 @@ pub enum EmailAuthEvent {
     RecoveryRequest {
         wallet_eth_addr: String,
         guardian_email_addr: String,
-        request_id: u64,
+        request_id: u32,
         subject: String,
     },
     AcceptanceSuccess {
         wallet_eth_addr: String,
         guardian_email_addr: String,
-        request_id: u64,
+        request_id: u32,
     },
     RecoverySuccess {
         wallet_eth_addr: String,
         guardian_email_addr: String,
-        request_id: u64,
+        request_id: u32,
     },
     GuardianNotSet {
         wallet_eth_addr: String,
@@ -46,7 +43,7 @@ pub enum EmailAuthEvent {
         wallet_eth_addr: String,
         guardian_email_addr: String,
         subject: String,
-        request_id: u64,
+        request_id: u32,
     },
 }