From bac0c46c2fa96e5e6e0dd1cebd8b486e9d2638b6 Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 07:09:13 +0000 Subject: [PATCH 1/7] Updating embed with new hash --- src/embed.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/embed.js b/src/embed.js index 3729c5e0..c79dc752 100644 --- a/src/embed.js +++ b/src/embed.js @@ -24,7 +24,7 @@ const defaultVerifiers = { [DISCORD]: true, } -const iframeIntegrity = 'sha384-btRwcg4LktFqO6QVQ4Zx/KVdl00+B6GhLQnDnrgXsJdfwgsPF7hsHDBnzlmFrn0J' +const iframeIntegrity = 'sha384-KEl7sToHiOS6/ebve/Fk/vf9rL259Px3fPw9k5n5Uk8x86Bs9MrtA/iOnC7jVF74' const expectedCacheControlHeader = 'max-age=3600' From 57732ca471fc5376454cb33aafeb6cf98ff4139e Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 07:09:14 +0000 Subject: [PATCH 2/7] Updating iframe integrity and publish 1.7.0 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index ae69ed8b..efbee095 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.6.0", + "version": "1.7.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 47211e7e..8c10028e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.6.0", + "version": "1.7.0", "description": "Embed script for Torus", "main": "dist/torus.cjs.js", "unpkg": "dist/torus.umd.min.js", From c5da4798ecbc170c736f62423748f25c93aa3de2 Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 13:20:45 +0000 Subject: [PATCH 3/7] Updating embed with new hash --- src/embed.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/embed.js b/src/embed.js index c79dc752..479fb131 100644 --- a/src/embed.js +++ b/src/embed.js @@ -24,7 +24,7 @@ const defaultVerifiers = { [DISCORD]: true, } -const iframeIntegrity = 'sha384-KEl7sToHiOS6/ebve/Fk/vf9rL259Px3fPw9k5n5Uk8x86Bs9MrtA/iOnC7jVF74' +const iframeIntegrity = 'sha384-KqsaS8Y6ndmV1UpTt5dvfGoKhNB8WgkGdycA2+yz9F1hfZ0cB9OYo46AyNNugijT' const expectedCacheControlHeader = 'max-age=3600' From 3f25ef9fbfde492886037fc67878c955e07d70bb Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 13:20:46 +0000 Subject: [PATCH 4/7] Updating iframe integrity and publish 1.7.1 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index efbee095..4f4c1540 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.7.0", + "version": "1.7.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 8c10028e..a2b20672 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.7.0", + "version": "1.7.1", "description": "Embed script for Torus", "main": "dist/torus.cjs.js", "unpkg": "dist/torus.umd.min.js", From c95f7634611c40f306dd283f7201a96b6720f1b3 Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 15:15:19 +0000 Subject: [PATCH 5/7] Updating embed with new hash --- src/embed.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/embed.js b/src/embed.js index 479fb131..e6506954 100644 --- a/src/embed.js +++ b/src/embed.js @@ -24,7 +24,7 @@ const defaultVerifiers = { [DISCORD]: true, } -const iframeIntegrity = 'sha384-KqsaS8Y6ndmV1UpTt5dvfGoKhNB8WgkGdycA2+yz9F1hfZ0cB9OYo46AyNNugijT' +const iframeIntegrity = 'sha384-IJtUuEbDKeZYgTiIYP7LThDKjS0VorW4j9BJXJm8G4cc7I8ngrN9lh/OxA+1wbMw' const expectedCacheControlHeader = 'max-age=3600' From 3aefdd2667376a5a19f1a4e308c243396ec78db1 Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Mon, 6 Jul 2020 15:15:20 +0000 Subject: [PATCH 6/7] Updating iframe integrity and publish 1.7.2 --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4f4c1540..59366e4a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.7.1", + "version": "1.7.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index a2b20672..3748837b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@toruslabs/torus-embed", - "version": "1.7.1", + "version": "1.7.2", "description": "Embed script for Torus", "main": "dist/torus.cjs.js", "unpkg": "dist/torus.umd.min.js", From c792ce0f69dbab52b0bf8772ba740ec8d688eac4 Mon Sep 17 00:00:00 2001 From: chaitanyapotti Date: Thu, 9 Jul 2020 15:35:29 +0800 Subject: [PATCH 7/7] - Update deps - Allow non-secure contexts --- package-lock.json | 83 +++++++++++++++++++++++++---------------------- package.json | 2 +- src/embed.js | 1 - 3 files changed, 45 insertions(+), 41 deletions(-) diff --git a/package-lock.json b/package-lock.json index 59366e4a..70f9fdb7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2561,6 +2561,39 @@ "@ethersproject/signing-key": "^5.0.0" } }, + "@toruslabs/eccrypto": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@toruslabs/eccrypto/-/eccrypto-1.1.3.tgz", + "integrity": "sha512-hoLACz9Z6RP/ZH41Ba0iImJpl1f4Zx7pi/d3R7UIrOyt4IOgnWrlkzh2IqQYw4ouae4WZQYSZlyeYv81EWkoxQ==", + "requires": { + "acorn": "^7.3.1", + "elliptic": "^6.5.3", + "es6-promise": "^4.2.8", + "nan": "^2.14.1", + "secp256k1": "^3.8.0" + }, + "dependencies": { + "elliptic": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz", + "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==", + "requires": { + "bn.js": "^4.4.0", + "brorand": "^1.0.1", + "hash.js": "^1.0.0", + "hmac-drbg": "^1.0.0", + "inherits": "^2.0.1", + "minimalistic-assert": "^1.0.0", + "minimalistic-crypto-utils": "^1.0.0" + } + }, + "nan": { + "version": "2.14.1", + "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz", + "integrity": "sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw==" + } + } + }, "@toruslabs/fetch-node-details": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/@toruslabs/fetch-node-details/-/fetch-node-details-2.3.0.tgz", @@ -2571,12 +2604,12 @@ } }, "@toruslabs/torus.js": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@toruslabs/torus.js/-/torus.js-2.2.1.tgz", - "integrity": "sha512-WpGp5EtIx/bhQ5b6PbizW9oN1DCJBrUeKfbAy0kRQ9QeSWiAnDLhjH1NTgmABFB+LY7uevI6IGdiCTodeBqx+Q==", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/@toruslabs/torus.js/-/torus.js-2.2.2.tgz", + "integrity": "sha512-Ta5I82fe1tBScrtGmLaGDcYrh9t6tdUBswvAmrUWa3XABps7Lrg/uMeYuqWCOa7u7b6nRQkMF2ODoZ1ElHHq7w==", "requires": { + "@toruslabs/eccrypto": "^1.1.3", "bn.js": "^5.1.2", - "eccrypto": "^1.1.3", "elliptic": "^6.5.3", "json-stable-stringify": "^1.0.1", "loglevel": "^1.6.8", @@ -2850,9 +2883,9 @@ } }, "acorn": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.1.0.tgz", - "integrity": "sha512-kL5CuoXA/dgxlBbVrflsflzQ3PAas7RYZB52NOm/6839iVYJgKMJ3cQJD+t2i5+qFa8h3MDpEOJiS64E8JLnSQ==" + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.3.1.tgz", + "integrity": "sha512-tLc0wSnatxAQHVHUapaHdz72pi9KUyHjq5KyHjGg9Y8Ifdc79pTh2XvI6I1/chZbnM7QtNKzh66ooDogPZSleA==" }, "acorn-jsx": { "version": "5.2.0", @@ -4288,34 +4321,6 @@ "integrity": "sha1-EskbMIWjfwuqM26UhurEv5Tj54g=", "dev": true }, - "eccrypto": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/eccrypto/-/eccrypto-1.1.3.tgz", - "integrity": "sha512-Xtyj039Xp2NDZwoe9IcD7pT1EwM4DILdxPCN2H7Rk1wgJNtTkFpk+cpX1QpuHTMaIhkatOBlGGKzGw/DUCDdqg==", - "requires": { - "acorn": "7.1.0", - "elliptic": "6.5.1", - "es6-promise": "4.2.8", - "nan": "2.14.0", - "secp256k1": "3.7.1" - }, - "dependencies": { - "elliptic": { - "version": "6.5.1", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.1.tgz", - "integrity": "sha512-xvJINNLbTeWQjrl6X+7eQCrIy/YPv5XCpKW6kB5mKvtnGILoLDcySuwomfdzt0BMdLNVnuRNTuzKNHj0bva1Cg==", - "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", - "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" - } - } - } - }, "ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", @@ -10042,9 +10047,9 @@ } }, "secp256k1": { - "version": "3.7.1", - "resolved": "https://registry.npmjs.org/secp256k1/-/secp256k1-3.7.1.tgz", - "integrity": "sha512-1cf8sbnRreXrQFdH6qsg2H71Xw91fCCS9Yp021GnUNJzWJS/py96fS4lHbnTnouLp08Xj6jBoBB6V78Tdbdu5g==", + "version": "3.8.0", + "resolved": "https://registry.npmjs.org/secp256k1/-/secp256k1-3.8.0.tgz", + "integrity": "sha512-k5ke5avRZbtl9Tqx/SA7CbY3NF6Ro+Sj9cZxezFzuBlLDmyqPiL8hJJ+EmzD8Ig4LUDByHJ3/iPOVoRixs/hmw==", "optional": true, "requires": { "bindings": "^1.5.0", @@ -10052,7 +10057,7 @@ "bn.js": "^4.11.8", "create-hash": "^1.2.0", "drbg.js": "^1.0.1", - "elliptic": "^6.4.1", + "elliptic": "^6.5.2", "nan": "^2.14.0", "safe-buffer": "^5.1.2" } diff --git a/package.json b/package.json index 3748837b..925cf427 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "dependencies": { "@chaitanyapotti/random-id": "^1.0.3", "@toruslabs/fetch-node-details": "^2.3.0", - "@toruslabs/torus.js": "^2.2.1", + "@toruslabs/torus.js": "^2.2.2", "create-hash": "^1.2.0", "deepmerge": "^4.2.2", "eth-json-rpc-errors": "^2.0.2", diff --git a/src/embed.js b/src/embed.js index 9d6e336a..7e4d1213 100644 --- a/src/embed.js +++ b/src/embed.js @@ -82,7 +82,6 @@ class Torus { }, whiteLabel = {}, } = {}) { - if (!window.isSecureContext) throw new Error('Torus can only be used in secure contexts') if (this.isInitalized) throw new Error('Already initialized') const { torusUrl, logLevel } = await getTorusUrl(buildEnv, integrity) log.info(torusUrl, 'url loaded')