Skip to content

Added Nonce Enforcer as Caveat in Delegation Core#44

Merged
hanzel98 merged 2 commits into
mainfrom
feat/nonce-caveat-delegation-core2
Jul 31, 2025
Merged

Added Nonce Enforcer as Caveat in Delegation Core#44
hanzel98 merged 2 commits into
mainfrom
feat/nonce-caveat-delegation-core2

Conversation

@hanzel98

@hanzel98 hanzel98 commented Jul 30, 2025

Copy link
Copy Markdown
Contributor

📝 Description

Added the nonce caveat createNonceTerms to the delegation-core

🔄 What Changed?

List the specific changes made:

  • Added the function createNonceTerms to the delegation-core
  • Replaced the old terms creation logic in the nonce caveat builder
  • Updated the tests
  • Fixed an issue with the error messages in the e2e tests

🚀 Why?

Explain the motivation behind these changes:

  • The nonce enforcer terms needed to be part of the delegation-core
  • The e2e were broken because an unnecessary function for the errors.

🧪 How to Test?

Describe how to test these changes:

  • Automated tests added/updated
  • All existing tests pass

⚠️ Breaking Changes

List any breaking changes:

  • No breaking changes
  • Breaking changes (describe below):

📋 Checklist

Check off completed items:

  • Code follows the project's coding standards
  • Self-review completed
  • Documentation updated (if needed)
  • Tests added/updated
  • Changelog updated (if needed)
  • All CI checks pass

🔗 Related Issues

Link to related issues: https://app.zenhub.com/workspaces/readable-permissions-67982ce51eb4360029b2c1a1/issues/gh/metamask/delegator-readable-permissions/305

📚 Additional Notes

This changed required to tests the e2e tests related to the nonce caveat. After testing that an error was found for the e2e related to the function stringToUnprefixedHex so it got deleted for all e2e tests. At this point other non-related e2e are failling

@hanzel98 hanzel98 requested a review from a team as a code owner July 30, 2025 20:55
@hanzel98 hanzel98 self-assigned this Jul 30, 2025
@hanzel98 hanzel98 requested a review from jeffsmale90 July 30, 2025 20:56
Comment on lines +57 to +59
if (typeof nonce !== 'string' || !nonce.startsWith('0x')) {
throw new Error('Invalid nonce: must be a valid hex string');
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to accept ArrayBuffer also, as that's included in the BytesLike type. The intention is the caller can decide whether to use ArrayBuffer or string - ideally we would perform the operation in whatever data type was specified - unless there's performance / overhead benefits to doing type conversion.

We could either:

  • convert ArrayBuffer to string (and do the length fixing with the string)
  • convert string to ArrayBuffer (and do the length fixing with the ArrayBuffer)
  • add a length parameter to the prepareResult function, so that we can just pass the raw nonce after validation

Also, can we drop this check entirely, as line 61 does the same check, but also validates the "body" of the hex string?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added, please take a look

Comment on lines +53 to +55
if (!nonce || nonce === '0x') {
throw new Error('Invalid nonce: must be a non-empty hex string');
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because this needs to accept ArrayBuffer, we should consider how we want to validate that - should we throw if the value is a zero-length ArrayBuffer, or should we consider that 0x00 - "0x" has a specific meaning (null) which I don't think zero-length ArrayBuffer does?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added, please take a look

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we please add some tests for ArrayBuffer input ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added, please take a look

@jeffsmale90 jeffsmale90 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great!

@hanzel98 hanzel98 merged commit c392873 into main Jul 31, 2025
17 checks passed
@hanzel98 hanzel98 deleted the feat/nonce-caveat-delegation-core2 branch July 31, 2025 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants