R4R: Implement command/REST endpoint for offline signing #1953 #2216
Conversation
a278464 to
4105de8
Compare
Codecov Report
@@ Coverage Diff @@
## develop #2216 +/- ##
===========================================
- Coverage 63.95% 63.73% -0.23%
===========================================
Files 140 140
Lines 8611 8641 +30
===========================================
Hits 5507 5507
- Misses 2725 2755 +30
Partials 379 379 |
5b12981 to
c59dac6
Compare
|
CLI tests are fixed now. |
e53cbe4 to
0ada320
Compare
0ada320 to
052bb1f
Compare
There was a problem hiding this comment.
@alessio left some surface level feedback. I'll want to play around with this a bit later today before an approval 👍 otherwise, great job!
x/auth/client/context/context.go
Outdated
|
|
||
| // SignStdTx attach a signature to a StdTx and returns a copy of a it. If overwriteSigs is true, | ||
| // it replaces the signatures already attached if there's any with the given signature. | ||
| func SignStdTx(stdTx auth.StdTx, stdSignature auth.StdSignature, overwriteSigs bool) auth.StdTx { |
There was a problem hiding this comment.
Should we take an array/slice of signatures here instead to be more flexible?
There was a problem hiding this comment.
It could work. I'll make it take a slice and either append or replace the sigs
b95da66 to
20a22ea
Compare
There was a problem hiding this comment.
@alessio just a few more minor bits of feedback.
Also, I've also tested it and seems to be functional! But I have question. I can generate a tx with a --from and that would be the designated signer/account. Now, I can sign this generated tx JSON with a completely different signer. I know this allows for offline signing, but I think generating a tx with an intended signer and signing it with a completely different one would lead to a weird "UX". We should check the generated txs signer address against the signee address and at the very least print a warning if they don't match. Thoughts @jackzampolin @cwgoes?
Thank you!
client/utils/utils.go
Outdated
|
|
||
| // Check whether the address is a signer | ||
| if !isTxSigner(sdk.AccAddress(addr), stdTx.GetSigners()) { | ||
| fmt.Fprintf(os.Stderr, "warning: the transaction is not supposed to be signed by the key '%v'\n", name) |
There was a problem hiding this comment.
Thanks @alessio! I think something along the lines of the following might read better. Thoughts?
WARNING: The generated transaction's intended signer does not match the given signer: '%v'
|
ACKd and incorporated.
Thanks!
…On Thu, Sep 6, 2018 at 8:14 PM, Alexander Bezobchuk < ***@***.***> wrote:
***@***.**** requested changes on this pull request.
One small remark @alessio <https://github.com/alessio>, otherwise LGTM 👍
------------------------------
In client/utils/utils.go
<#2216 (comment)>:
> +func SignStdTx(txCtx authctx.TxContext, cliCtx context.CLIContext, name string, stdTx auth.StdTx, appendSig bool) (auth.StdTx, error) {
+ var signedStdTx auth.StdTx
+
+ keybase, err := keys.GetKeyBase()
+ if err != nil {
+ return signedStdTx, err
+ }
+ info, err := keybase.Get(name)
+ if err != nil {
+ return signedStdTx, err
+ }
+ addr := info.GetPubKey().Address()
+
+ // Check whether the address is a signer
+ if !isTxSigner(sdk.AccAddress(addr), stdTx.GetSigners()) {
+ fmt.Fprintf(os.Stderr, "warning: the transaction is not supposed to be signed by the key '%v'\n", name)
Thanks @alessio <https://github.com/alessio>! I think something along the
lines of the following might read better. Thoughts?
WARNING: The generated transaction's intended signer does not match the given signer: '%v'
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2216 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAN_7GrGx-gTIkZuD-nALU68OsrfGhUrks5uYXQJgaJpZM4WW0yM>
.
--
Alessio Treglia | alessio@tendermint.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A
|
13f76e4 to
21b00a8
Compare
|
This looks great. Happy with how this has come together. LGTM! |
21b00a8 to
8e8208b
Compare
* Add sign CLI command to sign transactions generated with the --generate-only flag. * Add /sign REST endpoint for Voyager support. Redirect password prompt to STDERR to avoid messing up cli commands output. As a rule of thumb, program's output should always go to STDOUT, whilst errors&diagnostics go to STDERR as per POSIX's philosophy and specs.
8e8208b to
e6a8a4d
Compare
Makefile
Outdated
| @@ -179,7 +179,7 @@ test_cover: | |||
|
|
|||
| test_lint: | |||
| gometalinter.v2 --config=tools/gometalinter.json ./... | |||
| !(gometalinter.v2 --disable-all --enable='errcheck' --vendor ./... | grep -v "client/") | |||
| !(gometalinter.v2 --disable-all --enable='errcheck' --vendor ./... | grep -v -e "client/" -e "fmt\.Fprintf") | |||
There was a problem hiding this comment.
This has since been fixed, and this is the wrong way to fix it anyways (the linter is right) - #2257
There was a problem hiding this comment.
Well, by definition linter is correct, but I wonder how helpful it would be to check errors reported by fprintf() :). I'll revert my changes nonetheless, thanks
Add
signcommand to sign transactions generated with the--generate-onlyflag.Closes: #1953
docs/)PENDING.mdwith issue #Files changedin the github PR explorerFor Admin Use: