diff --git a/td/generate/scheme/td_api.tl b/td/generate/scheme/td_api.tl index caea9b685..a4f366a54 100644 --- a/td/generate/scheme/td_api.tl +++ b/td/generate/scheme/td_api.tl @@ -3253,8 +3253,8 @@ resendEmailAddressVerificationCode = EmailAddressAuthenticationCodeInfo; checkEmailAddressVerificationCode code:string = Ok; -//@description Returns a Telegram Passport authorization form for sharing data with a service @bot_user_id User identified of the service's bot @scope Telegram Passport element types requested by the service @public_key Service's public_key @payload Authorization form payload provided by the service @password Password of the current user -getPassportAuthorizationForm bot_user_id:int32 scope:string public_key:string payload:string password:string = PassportAuthorizationForm; +//@description Returns a Telegram Passport authorization form for sharing data with a service @bot_user_id User identified of the service's bot @scope Telegram Passport element types requested by the service @public_key Service's public_key @nonce Authorization form nonce provided by the service @password Password of the current user +getPassportAuthorizationForm bot_user_id:int32 scope:string public_key:string nonce:string password:string = PassportAuthorizationForm; //@description Sends a Telegram Passport authorization form, effectively sharing data with the service @autorization_form_id Authorization form identifier @types Types of Telegram Passport elements chosen by user to complete the authorization form sendPassportAuthorizationForm autorization_form_id:int32 types:vector = Ok; diff --git a/td/generate/scheme/td_api.tlo b/td/generate/scheme/td_api.tlo index 1339cf0d5..c816c30a6 100644 Binary files a/td/generate/scheme/td_api.tlo and b/td/generate/scheme/td_api.tlo differ diff --git a/td/telegram/SecureManager.cpp b/td/telegram/SecureManager.cpp index fcd8cc07c..f8f1c3a5e 100644 --- a/td/telegram/SecureManager.cpp +++ b/td/telegram/SecureManager.cpp @@ -1032,7 +1032,7 @@ void SecureManager::set_secure_value_errors(Td *td, tl_object_ptr promise) { refcnt_++; auto authorization_form_id = ++max_authorization_form_id_; @@ -1040,7 +1040,7 @@ void SecureManager::get_passport_authorization_form(string password, UserId bot_ form.bot_user_id = bot_user_id; form.scope = scope; form.public_key = public_key; - form.payload = payload; + form.nonce = nonce; form.is_received = false; auto new_promise = PromiseCreator::lambda( [actor_id = actor_id(this), authorization_form_id, promise = std::move(promise)]( @@ -1113,7 +1113,9 @@ void SecureManager::send_passport_authorization_form(int32 authorization_form_id } } - auto r_encrypted_credentials = get_encrypted_credentials(credentials, it->second.payload, it->second.public_key); + auto r_encrypted_credentials = + get_encrypted_credentials(credentials, it->second.nonce, it->second.public_key, + it->second.scope[0] == '{' && it->second.scope.back() == '}'); if (r_encrypted_credentials.is_error()) { return promise.set_error(r_encrypted_credentials.move_as_error()); } diff --git a/td/telegram/SecureManager.h b/td/telegram/SecureManager.h index 05e30a071..65d562b13 100644 --- a/td/telegram/SecureManager.h +++ b/td/telegram/SecureManager.h @@ -46,7 +46,7 @@ class SecureManager : public NetQueryCallback { void on_get_secure_value(SecureValueWithCredentials value); void get_passport_authorization_form(string password, UserId bot_user_id, string scope, string public_key, - string payload, Promise promise); + string nonce, Promise promise); void send_passport_authorization_form(int32 authorization_form_id, std::vector types, Promise<> promise); @@ -60,7 +60,7 @@ class SecureManager : public NetQueryCallback { UserId bot_user_id; string scope; string public_key; - string payload; + string nonce; bool is_received; std::map options; }; diff --git a/td/telegram/SecureValue.cpp b/td/telegram/SecureValue.cpp index 35e90042f..4b475f103 100644 --- a/td/telegram/SecureValue.cpp +++ b/td/telegram/SecureValue.cpp @@ -1425,8 +1425,9 @@ static Slice secure_value_type_as_slice(SecureValueType type) { } } -static auto credentials_as_jsonable(const std::vector &credentials, Slice payload) { - return json_object([&credentials, payload](auto &o) { +static auto credentials_as_jsonable(const std::vector &credentials, Slice nonce, + bool rename_payload_to_nonce) { + return json_object([&credentials, nonce, rename_payload_to_nonce](auto &o) { o("secure_data", json_object([&credentials](auto &o) { for (auto &cred : credentials) { if (cred.type == SecureValueType::PhoneNumber || cred.type == SecureValueType::EmailAddress) { @@ -1455,13 +1456,15 @@ static auto credentials_as_jsonable(const std::vector &c })); } })); - o("payload", payload); + o(rename_payload_to_nonce ? "nonce" : "payload", nonce); }); } Result get_encrypted_credentials(const std::vector &credentials, - Slice payload, Slice public_key) { - auto encoded_credentials = json_encode(credentials_as_jsonable(credentials, payload)); + Slice nonce, Slice public_key, + bool rename_payload_to_nonce) { + auto encoded_credentials = + json_encode(credentials_as_jsonable(credentials, nonce, rename_payload_to_nonce)); LOG(INFO) << "Created credentials " << encoded_credentials; auto secret = secure_storage::Secret::create_new(); diff --git a/td/telegram/SecureValue.h b/td/telegram/SecureValue.h index ea705408e..66f41d573 100644 --- a/td/telegram/SecureValue.h +++ b/td/telegram/SecureValue.h @@ -195,7 +195,8 @@ struct SecureValueCredentials { }; Result get_encrypted_credentials(const std::vector &credentials, - Slice payload, Slice public_key); + Slice nonce, Slice public_key, + bool rename_payload_to_nonce); class SecureValue { public: diff --git a/td/telegram/Td.cpp b/td/telegram/Td.cpp index 3b830dbad..714a940e1 100644 --- a/td/telegram/Td.cpp +++ b/td/telegram/Td.cpp @@ -6460,17 +6460,17 @@ void Td::on_request(uint64 id, td_api::getPassportAuthorizationForm &request) { CLEAN_INPUT_STRING(request.password_); CLEAN_INPUT_STRING(request.public_key_); CLEAN_INPUT_STRING(request.scope_); - CLEAN_INPUT_STRING(request.payload_); + CLEAN_INPUT_STRING(request.nonce_); UserId bot_user_id(request.bot_user_id_); if (!bot_user_id.is_valid()) { return send_error_raw(id, 400, "Bot user identifier invalid"); } - if (request.payload_.empty()) { - return send_error_raw(id, 400, "Payload must be non-empty"); + if (request.nonce_.empty()) { + return send_error_raw(id, 400, "Nonce must be non-empty"); } CREATE_REQUEST_PROMISE(); send_closure(secure_manager_, &SecureManager::get_passport_authorization_form, std::move(request.password_), - bot_user_id, std::move(request.scope_), std::move(request.public_key_), std::move(request.payload_), + bot_user_id, std::move(request.scope_), std::move(request.public_key_), std::move(request.nonce_), std::move(promise)); }