Added logic to verify the AuthData within a group invite

SessionMessagingKit/Sending & Receiving/Message Handling/MessageReceiver+Groups.swift

@@ -94,6 +94,16 @@ extension MessageReceiver {
                     timestampMs: sentTimestampMs
                 ),
                 using: dependencies
+            ),
+            // Somewhat redundant because we know the sender was a group admin but this confirms the
+            // authData is valid so protects against invalid invite spam from a group admin
+            let userEd25519KeyPair: KeyPair = Identity.fetchUserEd25519KeyPair(db, using: dependencies),
+            dependencies[singleton: .crypto].verify(
+                .memberAuthData(
+                    groupSessionId: message.groupSessionId,
+                    ed25519SecretKey: userEd25519KeyPair.secretKey,
+                    memberAuthData: message.memberAuthData
+                )
             )
         else { throw MessageReceiverError.invalidMessage }
         

SessionMessagingKit/SessionUtil/Utilities/Crypto+SessionUtil.swift

@@ -88,3 +88,26 @@ public extension Crypto.Generator {
         }
     }
 }
+
+public extension Crypto.Verification {
+    static func memberAuthData(
+        groupSessionId: SessionId,
+        ed25519SecretKey: [UInt8],
+        memberAuthData: Data
+    ) -> Crypto.Verification {
+        return Crypto.Verification(
+            id: "memberAuthData",
+            args: [groupSessionId, ed25519SecretKey, memberAuthData]
+        ) {
+            var cGroupId: [CChar] = groupSessionId.hexString.cArray
+            var cEd25519SecretKey: [UInt8] = ed25519SecretKey
+            var cAuthData: [UInt8] = Array(memberAuthData)
+            
+            return groups_keys_swarm_verify_subaccount(
+                &cGroupId,
+                &cEd25519SecretKey,
+                &cAuthData
+            )
+        }
+    }
+}