I'm implementing a Smart voting system using ethereum blockchain and using Ganache. As per the system, the election authority will authorize the people by using their public addresses in the blockchain. And then only they will be able to vote.
But the problem is, as per my code , every voting transaction is done by a single blockchain account, because it always gets the same credentials derived from the same private key.
What i want to do is, for each authorized voter, i want the app, to change the credentials to that particular voter's credentials of their blockchain account. So the voting transaction will be done by the relevant particular account. Is there a way to retrieve the credentials of each person. Or to change credentials for each logged in account? i'm struggling to do it.
It is a flutter app.
Here is my code, where i set the credentials for the transaction.
Future<String> authorize() async {
var addressone =
EthereumAddress.fromHex("0xc347C739ae787a0D9A182efDa9055FAe109F055C");
var response = await submit("authorize", [addressone]);
print("deposited");
return response;
}
Future<String> vote() async {
final addressone =
EthereumAddress.fromHex("0xc347C739ae787a0D9A182efDa9055FAe109F055C");
var candidate = BigInt.from(1);
var response = await submit("vote", [addressone, candidate]);
print("voted");
return response;
}
Future<String> submit(String functionName, List<dynamic> args) async {
EthPrivateKey credentials = EthPrivateKey.fromHex(
"968499dbee4f8b8491d9d0e02ff631347291a41e33dc95033c70758a2e99657b");
DeployedContract contract = await loadContract();
final ethfunction = contract.function(functionName);
final result = await ethclient.sendTransaction(
credentials,
Transaction.callContract(
contract: contract, function: ethfunction, parameters: args),
fetchChainIdFromNetworkId: true);
return result;
}
Can someone help me to solve this issue? :(
for each authorized voter, i want the app, to change the credentials to that particular voter's credentials of their blockchain account.
You can program any kind of rules for your voting smart contract using Solidity programming language. This includes how voting rights are distributed. However "how to create a smart contract based voting system" is too wide topic for StackOveflow answer, more of a material for University course or very long online tutorial.
Related
I have this block of code:
final cred = await FirebaseAuth.instance.signInWithEmailAndPassword(
email: email,
password: password,
);
print(cred.additionalUserInfo!.isNewUser);
as you see, it's a sign-in usual method from the Firebase auth.
in the cred.additionalUserInfo!.isNewUser, it seems it returns a bool based on of the user is new or not.
but what's the date range that it considers a user is new or not, I mean how long the Auth service takes to say that the user is now not new?
I checked it's documentation from the API and all I found is:
Whether the user account has been recently created.
and it doesn't give details about how much time it takes so the user is not new!
Simply, when you sign in with an email for the first time isNewUser = true.
Otherwise isNewUser = false
Goal: Make a signed request (SigV4) to AWS Lambda or API Gateway from a Flutter application (iOS, for the sake of this question).
For context, AWS introduced support for "native calls to AWS backends in [...] Flutter or Dart applications" back in May of 2022. There is an example of how to sign a request to Cognito to gather information about a User Pool, but I have not seen any application of this concept for Lambda or API Gateway calls, yet.
I'm wondering if anyone else has had success using AWS's official Dart packages to send signed requests or knows of another way to securely call AWS from a Flutter application.
EDIT:
I was able to accomplish the goal. Here's how I did it:
The code (all-caps denotes placeholders for your own values):
import 'dart:convert';
import 'package:aws_common/aws_common.dart';
import 'package:aws_signature_v4/aws_signature_v4.dart';
const signer = AWSSigV4Signer(
credentialsProvider: AWSCredentialsProvider.dartEnvironment(),
);
const region = 'REGION';
Future<void> yourFunction() async {
final scope = AWSCredentialScope(
region: region,
service: AWSService.apiGatewayV2,
dateTime: AWSDateTime(DateTime.now()),
);
final request = AWSHttpRequest(
method: AWSHttpMethod.post,
uri: Uri.https('HOST.execute-api.REGION.amazonaws.com','/STAGE_NAME'),
headers: const {
AWSHeaders.contentType: 'application/x-amz-json-1.1',
},
body: json.encode({
'EVENT_KEY':'EVENT_VALUE',
}).codeUnits,
);
final signedRequest = await signer.sign(
request,
credentialScope: scope,
);
final resp = await signedRequest.send();
final respBody = await resp.decodeBody();
print('\n\n${signedRequest.headers}\n\n${respBody}\n\n${resp.statusCode}\n\n');
}
Within a single AWS region (except where n/a):
create IAM user with execute-api:Invoke permission and programmatic access; store keys securely for later use.
create a Lambda function (can be the default, for testing).
create API in API Gateway:
REST (not private)
Regional endpoint
Add method (for me, POST)
IAM authorization type
Integration type is Lambda
select the target Lambda function, but
do not use Lambda proxy
deploy the newly created API to a new stage (give it a name)
Edit your dart file to include the new resources, including the stage name.
Test your API within API Gateway (I was getting 502 until I unchecked "Lambda proxy integration").
Run the following in your terminal after a successful API test; be sure to insert the keys for the IAM user you created.
flutter run --dart-define=AWS_ACCESS_KEY_ID=... --dart-define=AWS_SECRET_ACCESS_KEY=...
Summary:
In my case, I have a button that executes this function. If you keep the print statement in the above dart code, you should hopefully see {"statusCode": 200, "body": "\"Hello from Lambda!\""} as the response body.
Hope this helps others. Cannot make any guarantees that my approach will work in another environment. I also may have forgotten to include something relevant in the steps above. Still open to questions and suggestions.
Thank you.
I'm developing two different applications, I will name them A and B.
A is an internet platform, where you can logon only if you have a valid user account.
B is an intranet platform, where users can authenticate via Active Directory. An administrator using application B should be able to create new user accounts for application A.
After the creation of a new user account, I want to be able to realize different functions, for example to send an e-mail to the registered mail address, so the new user can change the default password.
All the functionalities that I want to implement, can be done by the UserManager (see section "Use another app to add users" in the following link: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-3.1&tabs=visual-studio#disable-register-page).
Based on this I implemented the following code:
public class ControllerClass : Controller
{
private readonly HelperClass _helper;
private readonly UserManager<IdentityUser> _userManager;
public ControllerClass (UserManager<IdentityUser> userManager)
{
_userManager = userManager;
_helper= new HelperClass (userManager);
}
}
public class HelperClass
{
private readonly DbContext _db;
private readonly UserManager<IdentityUser> _userManager;
public HelperClass (UserManager<IdentityUser> userManager)
{
_db = new DbContext ();
_userManager = userManager;
}
private async Task<string> EnsureUser(string userName, string userPassword)
{
var user = await _userManager.FindByNameAsync(userName);
if (user == null)
{
user = new IdentityUser()
{
UserName = userName
};
await _userManager.CreateAsync(user, userPassword);
}
return user.Id;
}
internal async void CreateUser(UserVM uvm, int id)
{
var userId = await EnsureUser(uvm.userName, uvm.userPassword);
// TODO ...
}
}
Unfortunately I didn't manage to include the UserManager into my application B. I got the following error message: "An unhandled exception occurred while processing the request.
InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.UserManager`1[IdentityUser]' while attempting to activate 'ControllerClass '."
Do you have an idea, how I can add the UserManager to manage the users for another application?
Well, the specific error you're getting is simply because UserManager<TUser> is not registered in the service collection. In order to inject anything, you must first register it. In your actual user-facing app, that's being done by services.AddIdentity(). However, that does a lot more than just register UserManager<TUser>, so you shouldn't just run off and add the same command to your second app.
You could add a registration for it specifically:
services.AddScoped<UserManager<ApplicationUser>>();
However, it actually has a ton of dependencies, each of which would also need to be registered. If you look at the constructor, there's seven services not registered out of the box, many of which have their own dependency trees. Long and short, it's a pain. There's also the matter of separation of concerns, here. This would require adding in the whole data layer from the other app.
Your best bet is to simply expose an API on the Identity app (and lock it down, of course). That way, all the logic of working with users stays with the rest of that logic. The administration app, then, can call out to the API to add, update, delete, etc. users without having to have knowledge of how that's actually done.
Answering after 2 years. For future reader, You can use
services.AddIdentityCore<IdentityUser>();
which adds necessary services that are for user-management add/delete etc. without adding Login service.
to add EntityFramework you can create context and use like this
services.AddDbContext<ApplicationAuthDbContext>(options =>
{
// Configure the context to use postgresql.
options.UseNpgsql(config.GetConnectionString("AuthDbContext"))
.UseSnakeCaseNamingConvention();
});
services.AddIdentityCore<IdentityUser>()
.AddEntityFrameworkStores<ApplicationAuthDbContext>();
For more information
https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.identityservicecollectionextensions.addidentitycore?view=aspnetcore-6.0
Problem:
Due to legislation I have to store personal information within the EU (Social security number). Therefore I can't store this information in Firebase since there is no guarantee of geographical datacenter location when using Google's cloud services.
My proposed solution:
Having a Redis key value store with the sensitive information that can be accessed via a simple REST api where user authentication would be achieved using the users ID token, sent via HTTP Headers.
Firebase allows for verification of a user via the verifyIdToken method in the NodeJS library. This would allow me to check if the user ID matches any user id in my /admin end point of my Firebase. (Or I could hardcode the userIDs that would be allowed into the server since there aren't that many.)
So, the flow of the request would be as follows:
User signs in client side using the Firebase SDK.
Whenever the user needs access to the sensitive information it first gets the user's ID token
let currentUser = FIRAuth.auth()?.currentUser
currentUser?.getTokenForcingRefresh(true) {idToken, error in
if let error = error {
return
}
let headers = [
"X-FBUser-Token":idToken
]
//build request here to https://myServer.com/myEndpoint
}
Then server side we would retrieve the request
app.get('/myEndpoint', function(req, res) {
let idToken = req.get('X-FBUser-Token')
verifyToken(idToken, function(isAdmin){
if (isAdmin) {
//Fetch the key value pair and send it back to the client here
}
})
})
function verifyToken(idToken, cb) {
firebase.auth().verifyIdToken(idToken).then(function(decodedToken) {
var uid = decodedToken.sub;
firebase.database().ref('admins/' + uid).on('value', function (snap){
cb(snap.val() !== null)
})
}).catch(function(error) {
// Handle error
});
}
And then the client would receive back the response and deal with it. Everything done over HTTPS ofcourse.
Note: I know that the code above is rather crude and would need some refinement, but hopefully you get the concept
My questions:
First of all, is this a safe way of doing things?
Is there a better, more straight forward approach?
Based on the Google Developers site, it looks like apps can store emails and passwords into Smart Lock. Is there a way to also store phone numbers in Smart Lock? Very important for messaging apps.
Yes, you can store any string as the identifier when constructing a credential object, including phone numbers and general usernames, not just email addresses. Ensure to store any phone number in a format your app understands and can use when you retreive it from the API; identifiers will not be normalized in any way.
Example on Android (similar for web):
String phoneNumber = "+1 (650) 253-0000";
Credential credential = new Credential.Builder(phoneNumber)
.setPassword(password)
.build();
Auth.CredentialsApi.save(apiClient, credential).setResultCallback(new ResultCallback() {
public void onResult(Result result) {
Status status = result.getStatus();
if (status.isSuccess()) {
Log.d(TAG, "SAVE: OK");
// updates to existing credentials will succeed immediately
} else if (status.hasResolution()) {
// confirmation is required to save a new phone number
status.startResolutionForResult(this, RC_SAVE);
...
Note that if your phone number-based accounts don't have passwords, you could set the "account type" to your own URL instead of password for the credentials (i.e. .setAccountType(YOUR_URL) when building a credential).
See the developer docs for saving and retrieving credentials with Smart Lock for more information, and leave any follow-up questions in the comments.