Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix get_account fail case, RPC endpoint for is_valid_account #591

Closed
n13 opened this issue Dec 22, 2022 · 3 comments · Fixed by #912
Closed

Fix get_account fail case, RPC endpoint for is_valid_account #591

n13 opened this issue Dec 22, 2022 · 3 comments · Fixed by #912
Assignees
@heifner
Labels
actionable discussion 👍 lgtm OCI Work exclusive to OCI team

Comments

@n13
Copy link

n13 commented Dec 22, 2022

Use case:

Any app creating a user account must check if the account exists.

Current solution:
Calling get_account - get_account is relatively expensive when it succeeds but assumes that the account passed in is valid.

get_account does not handle non-existing account well: It crashes with a 500 internal server error, which might be a bug and exploitable by malicious actors.

Fixing get_account is likely also a good idea, so it fails gracefully on a non-existing account

This is a fail case trace:

❯ cleosm --print-request --print-response get account nnnnn       
REQUEST:
---------------------
POST /v1/chain/get_account HTTP/1.1
Host: node.hypha.earth
content-length: 29
Accept: */*
Connection: close

{
  "account_name": "nnnnn"
}
---------------------
RESPONSE:
---------------------
{
  "code": 500,
  "message": "Internal Service Error",
  "error": {
    "code": 0,
    "name": "exception",
    "what": "unspecified",
    "details": [{
        "message": "unknown key (boost::tuples::tuple<bool, eosio::chain::name, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type>): (0 nnnnn)",
        "file": "http_plugin.cpp",
        "line_number": 936,
        "method": "handle_exception"
      }
    ]
  }
}
---------------------
error 2022-12-22T03:39:42.285 thread-0  main.cpp:4371                 operator()           ] Failed with error: unspecified (0)
unknown key (boost::tuples::tuple<bool, eosio::chain::name, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type, boost::tuples::null_type>): (0 nnnnn)
@enf-ci-bot enf-ci-bot moved this to Todo in Team Backlog Dec 22, 2022
@heifner
Copy link
Member

heifner commented Dec 22, 2022
edited
Loading

Related: #188
500 does not indicate a crash, it is just an unfortunate http error code chosen in nodeos for this.

@heifner
Copy link
Member

heifner commented Dec 22, 2022
edited
Loading

This looks like another request for a is_valid_account RPC endpoint. eosnetworkfoundation/mandel#33

cmadh pushed a commit to cmadh/leap that referenced this issue Jan 2, 2023
@heifner
Merge pull request AntelopeIO#591 from eosnetworkfoundation/AntelopeI…
6e17696 
…OGH-590-shutdown-race

[3.1] Fix race condition on trace_api_plugin shutdown
@spoonincode spoonincode mentioned this issue Jan 6, 2023
Closed
@stephenpdeos
Copy link
Member

stephenpdeos commented Feb 16, 2023
edited
Loading

Alignment that we should verify this is still throwing a 500 error and if so, it should be updated to a 400 or 200 error. We do not plan to add an is_valid endpoint at this time.

@heifner heifner self-assigned this Mar 27, 2023
@heifner heifner added the OCI Work exclusive to OCI team label Mar 27, 2023
@heifner heifner moved this from Todo to In Progress in Team Backlog Mar 27, 2023
heifner added a commit that referenced this issue Mar 27, 2023
@heifner
GH-591 Change from 500 to 400 http error code for exceptions during p…
6d9dff6 
…rocessing of http requests
@heifner heifner mentioned this issue Mar 27, 2023
Closed
@heifner heifner moved this from In Progress to Awaiting Review in Team Backlog Mar 27, 2023
heifner added a commit that referenced this issue Mar 27, 2023
@heifner
GH-591 Fix expected http error code
32daed0
heifner added a commit that referenced this issue Mar 28, 2023
@heifner
GH-591 Return 400 http error for unknown account
9ec3b79
@heifner heifner mentioned this issue Mar 28, 2023
Merged
heifner added a commit that referenced this issue Mar 28, 2023
@heifner
GH-591 fix expected http code
ce8c1b7
heifner added a commit that referenced this issue Mar 31, 2023
@heifner
GH-591 Fix spelling
1043b9c
heifner added a commit that referenced this issue Apr 3, 2023
@heifner
Merge branch 'main' into GH-591-get-account-http
db54a5c
heifner added a commit that referenced this issue Apr 4, 2023
@heifner
Merge pull request #912 from AntelopeIO/GH-591-get-account-http
50a4728 
Return 400 http error for unknown account
@github-project-automation github-project-automation bot moved this from Awaiting Review to Done in Team Backlog Apr 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heifner heifner

Labels
actionable discussion 👍 lgtm OCI Work exclusive to OCI team
Projects
Team Backlog
Archived in project
Milestone
No milestone
4 participants
@n13 @heifner @stephenpdeos @enf-ci-bot