-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4R: validate sign tx request's body #3179
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @alessio -- a few minor remarks ^__^
Codecov Report
@@ Coverage Diff @@
## develop #3179 +/- ##
===========================================
+ Coverage 54.72% 54.73% +<.01%
===========================================
Files 132 132
Lines 9425 9427 +2
===========================================
+ Hits 5158 5160 +2
Misses 3949 3949
Partials 318 318 |
Codecov Report
@@ Coverage Diff @@
## develop #3179 +/- ##
===========================================
+ Coverage 54.83% 54.84% +0.01%
===========================================
Files 133 133
Lines 9559 9557 -2
===========================================
Hits 5242 5242
+ Misses 3996 3994 -2
Partials 321 321 |
client/lcd/lcd_test.go
Outdated
BaseReq: utils.BaseReq{ | ||
Name: name1, | ||
Password: pw, | ||
ChainID: viper.GetString(client.FlagChainID), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are we using a flag on the REST tests ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You may find the answer in InitializeTestLCD()
client/utils/rest.go
Outdated
@@ -189,7 +189,7 @@ func ReadRESTReq(w http.ResponseWriter, r *http.Request, cdc *codec.Codec, req i | |||
|
|||
err = cdc.UnmarshalJSON(body, req) | |||
if err != nil { | |||
WriteErrorResponse(w, http.StatusBadRequest, err.Error()) | |||
WriteErrorResponse(w, http.StatusBadRequest, "failed to decode JSON payload: "+err.Error()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexanderbez your request was only for signing or for all of the unmarshal errors ?
x/auth/client/rest/sign.go
Outdated
AppendSig bool `json:"append_sig"` | ||
Tx auth.StdTx `json:"tx"` | ||
AppendSig bool `json:"append_sig"` | ||
utils.BaseReq |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add BaseReq
and json:"base_req"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why? that would break the interface. Do we really need a nested object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
were using it like that everywhere on the POST
requests. But maybe we need to consider removing it. Thoughts @alexanderbez @jackzampolin @faboweb ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case, I'm fine with either
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, yes. So, me personally, I'd rather avoid having to use base_req
. These are all primary/first-class-citizen fields of the request and not some inner resource, so I don't think it should be nested.
tl;dr I think we should leave this as-is and update the other REST requests (breaking, sorry I know).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm, currently the standard is to have base_req
. I vote to keep this here to the standard and open an issue about changing this in all request to first class citizens. This should then probably also be discussed with others.
side note: I actually think this structure makes sense as it decouples the content and the meta information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd also have the base_req
for consistency, but I don't have a strong opinion on it since we weren't using it before on this request
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK ☕️
I think this requires a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty straight forward changes
Sequence: sequence, | ||
Tx: msg, | ||
BaseReq: utils.NewBaseReq( | ||
name1, pw, "", viper.GetString(client.FlagChainID), "", "", accnum, sequence, nil, false, false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++
x/auth/client/rest/sign.go
Outdated
} | ||
|
||
// validate tx | ||
// discard error if it's CodeUnauthorized as the tx comes with no signatures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little bit confused as to why CodeUnautherized implies that there tx comes with no signatures... maybe we should have CodeNoSignatures
? Don't deal with this code a lot just an outsider's perspective
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeNoSignatures
sounds good and self-explanatory to me 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amended, please review again
e342a32
to
1ebe184
Compare
@jackzampolin changed applied, please review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @alessio, this works for me locally!
Co-Authored-By: alessio <quadrispro@ubuntu.com>
Closes: #3176
docs/
)PENDING.md
with issue #Files changed
in the github PR explorerFor Admin Use: