Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: wallet-services and request() function added #16

Draft
wants to merge 19 commits into
base: master
Choose a base branch
from
Draft

feat: wallet-services and request() function added #16

wants to merge 19 commits into from

Conversation

grvgoel81
Copy link
Collaborator

@grvgoel81 grvgoel81 commented Dec 11, 2024
edited
Loading

Motivation and Context

  • Fetch config API added.
  • Wallet-services added.
  • request() function(signatures) added.

Jira Link: https://toruslabs.atlassian.net/browse/PD-4249 , https://toruslabs.atlassian.net/browse/PD-4255, https://toruslabs.atlassian.net/browse/PD-4252

Description

  • Fetch config API added.
  • Wallet-services added.
  • request() function(signatures) added.

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

grvgoel81 and others added 16 commits December 11, 2024 13:58
@grvgoel81
feat: wallet-services and request() function added. mid-commit
ad62906 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: sessionNameSpace added in b64Params
c4ee504 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: sessionNameSpace added in paramsMap in request()
dae7fa7 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: sessionNameSpace added in paramsMap in request()
7ce9a8c 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: call fetchProjectConfig() API in request() function
5b2ae1c 
Signed-off-by: Gaurav Goel <[email protected]>
feat: comment sessionNameSpace
65dcbfe 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: modified themes.xml
4c7f1f0 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: mid-commit
ee9d00e 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: add sessionNamespace in SessionData.kt
680b5fd 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: update session-manager deps and replace nameSpace with namespac…
84b87c9 
…e everywhere

Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: replace nameSpace with sessionNamespace everywhere
0c2a66f 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: replace privateKey with privKey
b4cf008 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: namespace change
60edb49 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: change signaturesData data type in SessionData.kt
b6e47ca 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: replace namespace with sessionNamespace in b64Params
0dae96e 
Signed-off-by: Gaurav Goel <[email protected]>
@grvgoel81
feat: idToken removed from UserInfo()
14cca0b 
Signed-off-by: Gaurav Goel <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2024
View reviewed changes
singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
super.onCreate(savedInstanceState)
supportActionBar?.hide()
setContentView(R.layout.activity_webview)
webView = findViewById(R.id.webView)

Check warning

Code scanning / CodeQL

Android WebView settings allows access to content links Medium

Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView.

Copilot Autofix AI 4 days ago

To fix the problem, we need to explicitly disable access to content:// URLs in the WebView settings. This can be done by calling setAllowContentAccess(false) on the WebSettings object of the WebView. This change should be made in the onCreate method where the WebView settings are configured.

Suggested changeset 1
singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt b/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
--- a/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
+++ b/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
@@ -78,2 +78,3 @@
             webSettings.setSupportMultipleWindows(true)
+            webSettings.setAllowContentAccess(false)
 
EOF
@@ -78,2 +78,3 @@
webSettings.setSupportMultipleWindows(true)
webSettings.setAllowContentAccess(false)

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
}

val webSettings: WebSettings = webView.settings
webSettings.javaScriptEnabled = true

Check warning

Code scanning / CodeQL

Android WebView JavaScript settings Medium

JavaScript execution enabled in WebView.

Copilot Autofix AI 4 days ago

To fix the problem, we need to disable JavaScript execution in the WebView settings. If JavaScript is necessary for the application's functionality, we should ensure that only content from trusted sources is loaded using encrypted channels (e.g., HTTPS with certificate verification). In this case, we will disable JavaScript execution by setting webSettings.javaScriptEnabled to false.

Suggested changeset 1
singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt b/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
--- a/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
+++ b/singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
@@ -74,3 +74,3 @@
             val webSettings: WebSettings = webView.settings
-            webSettings.javaScriptEnabled = true
+            webSettings.javaScriptEnabled = false
             webSettings.domStorageEnabled = true
EOF
@@ -74,3 +74,3 @@
val webSettings: WebSettings = webView.settings
webSettings.javaScriptEnabled = true
webSettings.javaScriptEnabled = false
webSettings.domStorageEnabled = true
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
singlefactorauth/src/main/java/com/web3auth/singlefactorauth/WebViewActivity.kt
}
}

webView.addJavascriptInterface(this, "JSBridge")

Check warning

Code scanning / CodeQL

Access Java object methods through JavaScript exposure Medium

JavaScript interface to Java object added in Android WebView.
@grvgoel81 grvgoel81 changed the title feat: wallet-services and request() function added. mid-commit feat: wallet-services and request() function added Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@grvgoel81