Changeset 2649870

Timestamp:

12/28/2021 09:14:44 AM (4 years ago)

Author:

artpi

Message:

Update to version 0.2.1 from GitHub

Location:

dao-login

Files:

• tags/0.2.1 (copied) (copied from dao-login/trunk)
• tags/0.2.1/composer.json (added)
• tags/0.2.1/composer.lock (added)
• tags/0.2.1/dao-login.php (modified) (9 diffs)
• tags/0.2.1/dao-permissions.php (added)
• tags/0.2.1/members-only.php (added)
• tags/0.2.1/readme.txt (modified) (3 diffs)
• tags/0.2.1/vendor/kornrunner/keccak/.gitignore (deleted)
• tags/0.2.1/vendor/kornrunner/keccak/README.md (deleted)
• tags/0.2.1/vendor/simplito/bigint-wrapper-php/README.md (deleted)
• tags/0.2.1/vendor/simplito/bn-php/.gitignore (deleted)
• tags/0.2.1/vendor/simplito/bn-php/README.md (deleted)
• tags/0.2.1/vendor/simplito/elliptic-php/.gitignore (deleted)
• tags/0.2.1/vendor/simplito/elliptic-php/README.md (deleted)
• tags/0.2.1/vendor/symfony/polyfill-mbstring/README.md (deleted)
• tags/0.2.1/web3.php (added)
• trunk/composer.json (added)
• trunk/composer.lock (added)
• trunk/dao-login.php (modified) (9 diffs)
• trunk/dao-permissions.php (added)
• trunk/members-only.php (added)
• trunk/readme.txt (modified) (3 diffs)
• trunk/vendor/kornrunner/keccak/.gitignore (deleted)
• trunk/vendor/kornrunner/keccak/README.md (deleted)
• trunk/vendor/simplito/bigint-wrapper-php/README.md (deleted)
• trunk/vendor/simplito/bn-php/.gitignore (deleted)
• trunk/vendor/simplito/bn-php/README.md (deleted)
• trunk/vendor/simplito/elliptic-php/.gitignore (deleted)
• trunk/vendor/simplito/elliptic-php/README.md (deleted)
• trunk/vendor/symfony/polyfill-mbstring/README.md (deleted)
• trunk/web3.php (added)

dao-login/tags/0.2.1/dao-login.php

@@ -1 +1 @@
 <?php
 namespace Artpi\WPDAO;
-
-use Elliptic\EC;
-use kornrunner\Keccak;
-use WP_Error;
 
 /**
  * Plugin Name:     DAO Login
  * Description:     Make your site web3-ready: Log in with Ethereum or create users based on governance tokens.
- * Version:         0.1.2
+ * Version:         0.2.1
  * Author:          Artur Piszek (artpi)
  * Author URI:      https://piszek.com
@@ -19 +15 @@
  */
 
+require_once __DIR__ . '/dao-permissions.php';
+require_once __DIR__ . '/members-only.php';
+require_once __DIR__ . '/web3.php';
+
+register_activation_hook( __FILE__, __NAMESPACE__ . '\add_roles_on_plugin_activation' );
+
+class DaoLogin {
+    public static $settings;
+    public static $web3;
+
+    public static function init() {
+        self::$settings = new Settings();
+        self::$web3     = new Web3( self::$settings );
+    }
+}
+add_action( 'init', __NAMESPACE__ . '\DaoLogin::init' );
 
 add_action(
@@ -28 +40 @@
             array(
                 'methods'   => 'GET',
-                'callback'  => __NAMESPACE__ . '\generate_message',
+                'callback'  => __NAMESPACE__ . '\Web3::generate_message',
                 'arguments' => array(
                     'address' => array(
@@ -40 +52 @@
 );
 
-function generate_message( $request ) {
-    $nonce     = wp_create_nonce( 'eth_login' );
-    $uri       = get_site_url();
-    $domain    = parse_url( $uri, PHP_URL_HOST );
-    $statement = esc_attr__( 'Log In with your Ethereum wallet', 'dao-login' ); // TBD
-    $version   = 1; // Per https://github.com/ethereum/EIPs/blob/9a9c5d0abdaf5ce5c5dd6dc88c6d8db1b130e95b/EIPS/eip-4361.md#example-message-to-be-signed
-    $issued_at = gmdate( 'Y-m-d\TH:i:s\Z' );
-
-    // This is copy-pasted from https://github.com/ethereum/EIPs/blob/9a9c5d0abdaf5ce5c5dd6dc88c6d8db1b130e95b/EIPS/eip-4361.md#informal-message-template
-    $message = "{$domain} wants you to sign in with your Ethereum account:
-{$request['address']}
-
-{$statement}
-
-URI: {$uri}
-Version: {$version}
-Nonce: {$nonce}
-Issued At: {$issued_at}
-";
-    // This attempt will auto expire in 5 minutes. This way, we'll save the message server-side to check after the login attempt.
-    set_transient( 'wp_dao_message_' . $request['address'], $message, 60 * 5 );
-    return array(
-        'address' => $request['address'],
-        'message' => $message,
-        'nonce'   => $nonce,
-    );
-}
 
 /**
@@ -86 +71 @@
         return $user;
     }
-    $nonce = sanitize_title( $_POST['eth_login_nonce'] );
+    $nonce   = sanitize_title( $_POST['eth_login_nonce'] );
     $address = sanitize_title( $_POST['eth_login_address'] );
     // We stored the message in the DB before sending it to the client.
@@ -98 +83 @@
 
     // Now let's check the signature.
-    if ( ! verify_signature( $message, $signature, $address ) ) {
+    if ( ! Web3::verify_signature( $message, $signature, $address ) ) {
         return new \WP_Error( 'eth_login_sig', esc_attr__( 'ETH Signature doesent match!', 'dao-login' ) );
     }
@@ -112 +97 @@
         )
     );
-    $users = $user_query->get_results();
+    $users      = $user_query->get_results();
     if ( isset( $users[0] ) ) {
         return $users[0];
+    } elseif ( DaoLogin::$settings->is_registering_enabled() ) {
+        // Allow registering through the API.
+        $balances = DaoLogin::$web3->get_token_balances( $address, DaoLogin::$settings->get_token_list() );
+        $role     = balances_to_role( DaoLogin::$settings->get_tokens_array(), $balances );
+        if ( $role ) {
+            $user_id = wp_create_user( $address, wp_generate_password(), "{$address}@ethmail.cc" );
+            add_user_meta( $user_id, 'eth_address', $address, true );
+            $user = get_user_by( 'ID', $user_id );
+            $user->set_role( $role );
+            return $user;
+        } else {
+            return new \WP_Error( 'eth_login_insufficient_funds', esc_attr__( 'Insufficient tokens to register on this site.', 'dao-login' ) );
+        }
     } else {
         return new \WP_Error( 'eth_login_nouser', esc_attr__( 'No user connected to this Ethereum wallet.', 'dao-login' ) );
@@ -124 +122 @@
 
 
-/**
- * This will verify Ethereum signed message according to the specification.
- * From https://github.com/simplito/elliptic-php#verifying-ethereum-signature
- */
-function verify_signature( $message, $signature, $address ) {
-    require_once __DIR__ . '/vendor/autoload.php';
-    $msglen = strlen( $message );
-    $hash   = Keccak::hash( "\x19Ethereum Signed Message:\n{$msglen}{$message}", 256 );
-    $sign   = [
-        'r' => substr( $signature, 2, 64 ),
-        's' => substr( $signature, 66, 64 ),
-    ];
-    $recid  = ord( hex2bin( substr( $signature, 130, 2 ) ) ) - 27;
-    if ( $recid != ( $recid & 1 ) ) {
-        return false;
+function balances_to_role( $tokens, $balances ) {
+    $roles = wp_roles()->roles;
+    // I am assuming roles are going down with the order of importance.
+    foreach ( $roles as $role_id => $role ) {
+        foreach ( $tokens as $token_id => $token ) {
+            foreach ( $balances as $balance ) {
+                if (
+                    $balance->contractAddress === $token_id &&
+                    ! empty( $token[ "role_{$role_id}" ] ) &&
+                    $balance->tokenBalance >= $token[ "role_{$role_id}" ]
+                ) {
+                    return $role_id;
+                }
+            }
+        }
     }
-
-    $ec     = new EC( 'secp256k1' );
-    $pubkey = $ec->recoverPubKey( $hash, $sign, $recid );
-
-    return $address == pub_key_address( $pubkey );
+    return false;
 }
 
-function pub_key_address( $pubkey ) {
-    return '0x' . substr( Keccak::hash( substr( hex2bin( $pubkey->encode( 'hex' ) ), 1 ), 256 ), 24 );
-}
 
 
@@ -184 +175 @@
 add_action( 'personal_options_update', __NAMESPACE__ . '\save_profile_fields' );
 add_action( 'edit_user_profile_update', __NAMESPACE__ . '\save_profile_fields' );
+

dao-login/tags/0.2.1/readme.txt

@@ -1 +1 @@
 === DAO Login ===
 Contributors:      artpi
-Tags:              signin, web3, ethereum, login, sso
+Tags:              signin, web3, ethereum, login, sso, nft, dao
 Requires at least: 5.3.1
 Tested up to:      5.8.2
-Stable tag:        0.1.2
+Stable tag:        0.2.1
 Requires PHP:      7.0.0
 License:           GPL-2.0-or-later
 License URI:       https://www.gnu.org/licenses/gpl-2.0.html
 
-Enable signin with Ethereum on your site.
+Enable signin with Ethereum on your site and allow users to register based on Governance tokens, NFT, and token balance.
+[Demo site here](https://wpdao.artpi.net/)
 
 == Description ==
 
-This plugin enables "Sign-In with Ethereum" protocol on your WordPress site. Your users will be able to log in with their wallets - you never have to send them the password!
-Enable cryptographically secure login option now!
+DAO Login is a plugin that connects your site login system web3:
 
-- [More about sign-in with Ethereum protocol](https://login.xyz/)
-- [A video of this plugin in action](https://twitter.com/artpi/status/1462143739686699018)
+- Existing users can log in with their Ethereum Wallets using the [Sign in with Ethereum](https://login.xyz)
+- New users can create accounts based on their token balances
+- You can designate members-only areas for token holders
+- Works with existing WordPress user roles and other plugins. You can create a private forum, private store, DAO blog, etc.
 
-Future plans include:
-- Importing .eth username from ENS
-- Creating users based on them having a certain amount of governance tokens for a DAO, or a specific NFT
-- Disabling password / email options so that your users are 100% secured by private/public key pairs.
+
+= Automatic onboarding =
+
+DAO Login connects WordPress user roles to the token balances.
+
+Whenever somebody logs in with Ethereum on your site for the first time, the plugin checks their token balances on the Ethereum mainnet (or test network or L2 of your choosing).
+
+For any user role, you can specify the minimum amount of a token the user needs to have in order to create an account.
+
+Your token can be a DAO Governance token, NFT, coin, or any other contract.
+
+If you need a site for your DAO, just spin up a WordPress, install this plugin, and connect it to your governance structure. You don’t need to know the email address of anybody.
+
+= Built-in “Members only” area =
+
+DAO Login introduces a new “DAO Member” user role. You can mark posts or pages as “DAO Member only” and they will automatically be accessible only for users with this role, or higher.
+
+If you want to provide a secret page, resource manual, or a perk for your DAO, NFT, or other token holders – it’s a few seconds with this plugin.
+
+This opens a world of possibilities for your Airdrop.
+
+= Power of WordPress in web3 =
+
+WordPress plugins offer every functionality under the sun. By connecting user roles to tokens, you can create:
+
+- Private forums with bbPress
+- Private swag store with WooCommerce
+- Private courses with Sensei
 
 == Installation ==
@@ -28 +54 @@
 1. Upload the plugin files to the `/wp-content/plugins/dao-login` directory, or install the plugin through the WordPress plugins screen directly.
 1. Activate the plugin through the 'Plugins' screen in WordPress
-1. Now you can add Ethereum wallet addresses in the users screen (`/wp-admin/users.php`), in the "WP DAO" section
+1. In order to allow token holders to register on your site, you have to select contract addresses in the settings page (`/wp-admin/options-general.php?page=dao-login`)
+1. You can also add Ethereum wallet addresses in the users screen (`/wp-admin/users.php`), in the "WP DAO" section
 1. Every user that has that field filled out, can log in with their wallet
+
 
 
@@ -42 +70 @@
 = 0.1.1 =
 * Fix security issues pointed out in WordPress security review
+= 0.2.1 =
+* Add an option to create users using the account balance
+* A simple members-only area
 
+

dao-login/trunk/dao-login.php

@@ -1 +1 @@
 <?php
 namespace Artpi\WPDAO;
-
-use Elliptic\EC;
-use kornrunner\Keccak;
-use WP_Error;
 
 /**
  * Plugin Name:     DAO Login
  * Description:     Make your site web3-ready: Log in with Ethereum or create users based on governance tokens.
- * Version:         0.1.2
+ * Version:         0.2.1
  * Author:          Artur Piszek (artpi)
  * Author URI:      https://piszek.com
@@ -19 +15 @@
  */
 
+require_once __DIR__ . '/dao-permissions.php';
+require_once __DIR__ . '/members-only.php';
+require_once __DIR__ . '/web3.php';
+
+register_activation_hook( __FILE__, __NAMESPACE__ . '\add_roles_on_plugin_activation' );
+
+class DaoLogin {
+    public static $settings;
+    public static $web3;
+
+    public static function init() {
+        self::$settings = new Settings();
+        self::$web3     = new Web3( self::$settings );
+    }
+}
+add_action( 'init', __NAMESPACE__ . '\DaoLogin::init' );
 
 add_action(
@@ -28 +40 @@
             array(
                 'methods'   => 'GET',
-                'callback'  => __NAMESPACE__ . '\generate_message',
+                'callback'  => __NAMESPACE__ . '\Web3::generate_message',
                 'arguments' => array(
                     'address' => array(
@@ -40 +52 @@
 );
 
-function generate_message( $request ) {
-    $nonce     = wp_create_nonce( 'eth_login' );
-    $uri       = get_site_url();
-    $domain    = parse_url( $uri, PHP_URL_HOST );
-    $statement = esc_attr__( 'Log In with your Ethereum wallet', 'dao-login' ); // TBD
-    $version   = 1; // Per https://github.com/ethereum/EIPs/blob/9a9c5d0abdaf5ce5c5dd6dc88c6d8db1b130e95b/EIPS/eip-4361.md#example-message-to-be-signed
-    $issued_at = gmdate( 'Y-m-d\TH:i:s\Z' );
-
-    // This is copy-pasted from https://github.com/ethereum/EIPs/blob/9a9c5d0abdaf5ce5c5dd6dc88c6d8db1b130e95b/EIPS/eip-4361.md#informal-message-template
-    $message = "{$domain} wants you to sign in with your Ethereum account:
-{$request['address']}
-
-{$statement}
-
-URI: {$uri}
-Version: {$version}
-Nonce: {$nonce}
-Issued At: {$issued_at}
-";
-    // This attempt will auto expire in 5 minutes. This way, we'll save the message server-side to check after the login attempt.
-    set_transient( 'wp_dao_message_' . $request['address'], $message, 60 * 5 );
-    return array(
-        'address' => $request['address'],
-        'message' => $message,
-        'nonce'   => $nonce,
-    );
-}
 
 /**
@@ -86 +71 @@
         return $user;
     }
-    $nonce = sanitize_title( $_POST['eth_login_nonce'] );
+    $nonce   = sanitize_title( $_POST['eth_login_nonce'] );
     $address = sanitize_title( $_POST['eth_login_address'] );
     // We stored the message in the DB before sending it to the client.
@@ -98 +83 @@
 
     // Now let's check the signature.
-    if ( ! verify_signature( $message, $signature, $address ) ) {
+    if ( ! Web3::verify_signature( $message, $signature, $address ) ) {
         return new \WP_Error( 'eth_login_sig', esc_attr__( 'ETH Signature doesent match!', 'dao-login' ) );
     }
@@ -112 +97 @@
         )
     );
-    $users = $user_query->get_results();
+    $users      = $user_query->get_results();
     if ( isset( $users[0] ) ) {
         return $users[0];
+    } elseif ( DaoLogin::$settings->is_registering_enabled() ) {
+        // Allow registering through the API.
+        $balances = DaoLogin::$web3->get_token_balances( $address, DaoLogin::$settings->get_token_list() );
+        $role     = balances_to_role( DaoLogin::$settings->get_tokens_array(), $balances );
+        if ( $role ) {
+            $user_id = wp_create_user( $address, wp_generate_password(), "{$address}@ethmail.cc" );
+            add_user_meta( $user_id, 'eth_address', $address, true );
+            $user = get_user_by( 'ID', $user_id );
+            $user->set_role( $role );
+            return $user;
+        } else {
+            return new \WP_Error( 'eth_login_insufficient_funds', esc_attr__( 'Insufficient tokens to register on this site.', 'dao-login' ) );
+        }
     } else {
         return new \WP_Error( 'eth_login_nouser', esc_attr__( 'No user connected to this Ethereum wallet.', 'dao-login' ) );
@@ -124 +122 @@
 
 
-/**
- * This will verify Ethereum signed message according to the specification.
- * From https://github.com/simplito/elliptic-php#verifying-ethereum-signature
- */
-function verify_signature( $message, $signature, $address ) {
-    require_once __DIR__ . '/vendor/autoload.php';
-    $msglen = strlen( $message );
-    $hash   = Keccak::hash( "\x19Ethereum Signed Message:\n{$msglen}{$message}", 256 );
-    $sign   = [
-        'r' => substr( $signature, 2, 64 ),
-        's' => substr( $signature, 66, 64 ),
-    ];
-    $recid  = ord( hex2bin( substr( $signature, 130, 2 ) ) ) - 27;
-    if ( $recid != ( $recid & 1 ) ) {
-        return false;
+function balances_to_role( $tokens, $balances ) {
+    $roles = wp_roles()->roles;
+    // I am assuming roles are going down with the order of importance.
+    foreach ( $roles as $role_id => $role ) {
+        foreach ( $tokens as $token_id => $token ) {
+            foreach ( $balances as $balance ) {
+                if (
+                    $balance->contractAddress === $token_id &&
+                    ! empty( $token[ "role_{$role_id}" ] ) &&
+                    $balance->tokenBalance >= $token[ "role_{$role_id}" ]
+                ) {
+                    return $role_id;
+                }
+            }
+        }
     }
-
-    $ec     = new EC( 'secp256k1' );
-    $pubkey = $ec->recoverPubKey( $hash, $sign, $recid );
-
-    return $address == pub_key_address( $pubkey );
+    return false;
 }
 
-function pub_key_address( $pubkey ) {
-    return '0x' . substr( Keccak::hash( substr( hex2bin( $pubkey->encode( 'hex' ) ), 1 ), 256 ), 24 );
-}
 
 
@@ -184 +175 @@
 add_action( 'personal_options_update', __NAMESPACE__ . '\save_profile_fields' );
 add_action( 'edit_user_profile_update', __NAMESPACE__ . '\save_profile_fields' );
+

dao-login/trunk/readme.txt

@@ -1 +1 @@
 === DAO Login ===
 Contributors:      artpi
-Tags:              signin, web3, ethereum, login, sso
+Tags:              signin, web3, ethereum, login, sso, nft, dao
 Requires at least: 5.3.1
 Tested up to:      5.8.2
-Stable tag:        0.1.2
+Stable tag:        0.2.1
 Requires PHP:      7.0.0
 License:           GPL-2.0-or-later
 License URI:       https://www.gnu.org/licenses/gpl-2.0.html
 
-Enable signin with Ethereum on your site.
+Enable signin with Ethereum on your site and allow users to register based on Governance tokens, NFT, and token balance.
+[Demo site here](https://wpdao.artpi.net/)
 
 == Description ==
 
-This plugin enables "Sign-In with Ethereum" protocol on your WordPress site. Your users will be able to log in with their wallets - you never have to send them the password!
-Enable cryptographically secure login option now!
+DAO Login is a plugin that connects your site login system web3:
 
-- [More about sign-in with Ethereum protocol](https://login.xyz/)
-- [A video of this plugin in action](https://twitter.com/artpi/status/1462143739686699018)
+- Existing users can log in with their Ethereum Wallets using the [Sign in with Ethereum](https://login.xyz)
+- New users can create accounts based on their token balances
+- You can designate members-only areas for token holders
+- Works with existing WordPress user roles and other plugins. You can create a private forum, private store, DAO blog, etc.
 
-Future plans include:
-- Importing .eth username from ENS
-- Creating users based on them having a certain amount of governance tokens for a DAO, or a specific NFT
-- Disabling password / email options so that your users are 100% secured by private/public key pairs.
+
+= Automatic onboarding =
+
+DAO Login connects WordPress user roles to the token balances.
+
+Whenever somebody logs in with Ethereum on your site for the first time, the plugin checks their token balances on the Ethereum mainnet (or test network or L2 of your choosing).
+
+For any user role, you can specify the minimum amount of a token the user needs to have in order to create an account.
+
+Your token can be a DAO Governance token, NFT, coin, or any other contract.
+
+If you need a site for your DAO, just spin up a WordPress, install this plugin, and connect it to your governance structure. You don’t need to know the email address of anybody.
+
+= Built-in “Members only” area =
+
+DAO Login introduces a new “DAO Member” user role. You can mark posts or pages as “DAO Member only” and they will automatically be accessible only for users with this role, or higher.
+
+If you want to provide a secret page, resource manual, or a perk for your DAO, NFT, or other token holders – it’s a few seconds with this plugin.
+
+This opens a world of possibilities for your Airdrop.
+
+= Power of WordPress in web3 =
+
+WordPress plugins offer every functionality under the sun. By connecting user roles to tokens, you can create:
+
+- Private forums with bbPress
+- Private swag store with WooCommerce
+- Private courses with Sensei
 
 == Installation ==
@@ -28 +54 @@
 1. Upload the plugin files to the `/wp-content/plugins/dao-login` directory, or install the plugin through the WordPress plugins screen directly.
 1. Activate the plugin through the 'Plugins' screen in WordPress
-1. Now you can add Ethereum wallet addresses in the users screen (`/wp-admin/users.php`), in the "WP DAO" section
+1. In order to allow token holders to register on your site, you have to select contract addresses in the settings page (`/wp-admin/options-general.php?page=dao-login`)
+1. You can also add Ethereum wallet addresses in the users screen (`/wp-admin/users.php`), in the "WP DAO" section
 1. Every user that has that field filled out, can log in with their wallet
+
 
 
@@ -42 +70 @@
 = 0.1.1 =
 * Fix security issues pointed out in WordPress security review
+= 0.2.1 =
+* Add an option to create users using the account balance
+* A simple members-only area
 
+