einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2026-05-24 14:25:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): route all nostrLoggedIn listeners through signed-event verification

Browse Source 
The previous commit only updated auth-button + the WithNostrAuth trait,
but six Volt pages (profile, benefits, election/*, members/admin) carry
their own handleNostrLoggedIn(string $pubkey) handlers. The dispatched
payload is now an array, so Livewire's container could not resolve the
string parameter and threw BindingResolutionException on every login.

- All six per-page handlers now accept the signed event and route it
  through NostrAuth::loginWithSignedEvent() like the trait does.
- NostrAuth: add currentOrIssueChallenge() so the sidebar + navbar
  auth-button mounts share one live session challenge instead of
  overwriting each other.
- verifySignedEvent: pass a normalized stdClass to swentel's verify()
  directly, skipping an unnecessary json_encode + json_decode round-trip.
- auth-button: gate the global Escape/Tab capture so it only intercepts
  keys while the overlay is actually visible.
- Update three test files that still called handleNostrLoggedIn with a
  raw pubkey to authenticate via NostrAuth::login() instead.
This commit is contained in:
HolgerHatGarKeineNode
2026-05-20 01:51:31 +02:00
parent 6bb7d93d1d
commit 52cf81abca
11 changed files with 68 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Feature/Livewire/Association/ElectionTest.php
+6 -3
View File
@@ -57,8 +57,9 @@ it('grants access to authorized users in election admin', function () {
$pleb = EinundzwanzigPleb::factory()->boardMember()->create();
$election = Election::factory()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.election.admin', ['election' => $election])
->call('handleNostrLoggedIn', $pleb->pubkey)
->assertSet('isAllowed', true);
});
@@ -94,8 +95,9 @@ it('can create vote event', function () {
$pleb = EinundzwanzigPleb::factory()->active()->create();
$candidatePubkey = 'test-candidate-pubkey';
NostrAuth::login($pleb->pubkey);
Livewire::test('association.election.show', ['election' => $election])
->call('handleNostrLoggedIn', $pleb->pubkey)
->call('vote', $candidatePubkey, 'presidency', false)
->assertSet('signThisEvent', function ($event) use ($candidatePubkey) {
return str_contains($event, $candidatePubkey);
@@ -116,8 +118,9 @@ it('displays log for authorized users', function () {
$pleb = EinundzwanzigPleb::factory()->active()->create();
$election = Election::factory()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.election.show', ['election' => $election])
->call('handleNostrLoggedIn', $pleb->pubkey)
->assertSet('isAllowed', true)
->assertSet('currentPubkey', $pleb->pubkey);
});
tests/Feature/Livewire/Association/Members/AdminTest.php
+8 -6
View File
@@ -34,26 +34,28 @@ it('grants access to authorized pubkeys', function () {
->assertSet('isAllowed', true);
});
it('handles nostr login for authorized user', function () {
it('reflects an authorized nostr session on mount', function () {
$allowedPubkey = '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033';
$pleb = EinundzwanzigPleb::factory()->create([
EinundzwanzigPleb::factory()->create([
'pubkey' => $allowedPubkey,
]);
NostrAuth::login($allowedPubkey);
Livewire::test('association.members.admin')
->call('handleNostrLoggedIn', $allowedPubkey)
->assertSet('isAllowed', true)
->assertSet('currentPubkey', $allowedPubkey);
});
it('handles nostr logout', function () {
it('clears state on nostr logout', function () {
$allowedPubkey = '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033';
$pleb = EinundzwanzigPleb::factory()->create([
EinundzwanzigPleb::factory()->create([
'pubkey' => $allowedPubkey,
]);
NostrAuth::login($allowedPubkey);
Livewire::test('association.members.admin')
->call('handleNostrLoggedIn', $allowedPubkey)
->call('handleNostrLoggedOut')
->assertSet('isAllowed', false)
->assertSet('currentPubkey', null);
tests/Feature/Livewire/Association/ProfileTest.php
+9 -6
View File
@@ -24,22 +24,24 @@ it('rejects non-string values for the nip05Handle field', function () {
->assertStatus(422);
});
it('handles nostr login correctly', function () {
it('reflects an authenticated nostr session on mount', function () {
$pleb = EinundzwanzigPleb::factory()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.profile')
->call('handleNostrLoggedIn', $pleb->pubkey)
->assertSet('currentPubkey', $pleb->pubkey)
->assertSet('currentPleb.pubkey', $pleb->pubkey);
});
it('handles nostr login for active member and initializes payment state', function () {
it('initializes payment state for an active member on mount', function () {
$pleb = EinundzwanzigPleb::factory()->active()->create();
expect($pleb->paymentEvents()->count())->toBe(0);
NostrAuth::login($pleb->pubkey);
Livewire::test('association.profile')
->call('handleNostrLoggedIn', $pleb->pubkey)
->assertSet('currentPubkey', $pleb->pubkey)
->assertSet('currentPleb.pubkey', $pleb->pubkey)
->assertSet('amountToPay', config('app.env') === 'production' ? 21000 : 1);
@@ -47,11 +49,12 @@ it('handles nostr login for active member and initializes payment state', functi
expect($pleb->paymentEvents()->count())->toBeGreaterThan(0);
});
it('handles nostr logout correctly', function () {
it('clears state on nostr logout', function () {
$pleb = EinundzwanzigPleb::factory()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.profile')
->call('handleNostrLoggedIn', $pleb->pubkey)
->call('handleNostrLoggedOut')
->assertSet('currentPubkey', null)
->assertSet('currentPleb', null);