Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

R4R: validate sign tx request's body #3179

Merged
merged 5 commits into from
Jan 3, 2019

Conversation

alessio
Copy link
Contributor

@alessio alessio commented Dec 20, 2018

Closes: #3176

  • Linked to github-issue with discussion and accepted design OR link to spec that describes this work.
  • Wrote tests
  • Updated relevant documentation (docs/)
  • Added entries in PENDING.md with issue #
  • rereviewed Files changed in the github PR explorer

For Admin Use:

  • Added appropriate labels to PR (ex. wip, ready-for-review, docs)
  • Reviewers Assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @alessio -- a few minor remarks ^__^

client/utils/rest.go Outdated Show resolved Hide resolved
x/auth/client/rest/sign.go Outdated Show resolved Hide resolved
x/auth/client/rest/sign.go Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Dec 20, 2018

Codecov Report

Merging #3179 into develop will increase coverage by <.01%.
The diff coverage is 0%.

@@             Coverage Diff             @@
##           develop    #3179      +/-   ##
===========================================
+ Coverage    54.72%   54.73%   +<.01%     
===========================================
  Files          132      132              
  Lines         9425     9427       +2     
===========================================
+ Hits          5158     5160       +2     
  Misses        3949     3949              
  Partials       318      318

@codecov
Copy link

codecov bot commented Dec 20, 2018

Codecov Report

Merging #3179 into develop will increase coverage by 0.01%.
The diff coverage is 20%.

@@             Coverage Diff             @@
##           develop    #3179      +/-   ##
===========================================
+ Coverage    54.83%   54.84%   +0.01%     
===========================================
  Files          133      133              
  Lines         9559     9557       -2     
===========================================
  Hits          5242     5242              
+ Misses        3996     3994       -2     
  Partials       321      321

BaseReq: utils.BaseReq{
Name: name1,
Password: pw,
ChainID: viper.GetString(client.FlagChainID),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are we using a flag on the REST tests ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may find the answer in InitializeTestLCD()

client/lcd/lcd_test.go Outdated Show resolved Hide resolved
client/lcd/test_helpers.go Outdated Show resolved Hide resolved
@@ -189,7 +189,7 @@ func ReadRESTReq(w http.ResponseWriter, r *http.Request, cdc *codec.Codec, req i

err = cdc.UnmarshalJSON(body, req)
if err != nil {
WriteErrorResponse(w, http.StatusBadRequest, err.Error())
WriteErrorResponse(w, http.StatusBadRequest, "failed to decode JSON payload: "+err.Error())
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alexanderbez your request was only for signing or for all of the unmarshal errors ?

AppendSig bool `json:"append_sig"`
Tx auth.StdTx `json:"tx"`
AppendSig bool `json:"append_sig"`
utils.BaseReq
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add BaseReq and json:"base_req"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why? that would break the interface. Do we really need a nested object?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

were using it like that everywhere on the POST requests. But maybe we need to consider removing it. Thoughts @alexanderbez @jackzampolin @faboweb ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case, I'm fine with either

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, yes. So, me personally, I'd rather avoid having to use base_req. These are all primary/first-class-citizen fields of the request and not some inner resource, so I don't think it should be nested.

tl;dr I think we should leave this as-is and update the other REST requests (breaking, sorry I know).

Copy link
Contributor

@faboweb faboweb Dec 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm, currently the standard is to have base_req. I vote to keep this here to the standard and open an issue about changing this in all request to first class citizens. This should then probably also be discussed with others.
side note: I actually think this structure makes sense as it decouples the content and the meta information.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd also have the base_req for consistency, but I don't have a strong opinion on it since we weren't using it before on this request

x/auth/client/rest/sign.go Outdated Show resolved Hide resolved
Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK ☕️

@alessio alessio mentioned this pull request Dec 21, 2018
4 tasks
@jackzampolin
Copy link
Member

I think this requires a swagger.yaml update. Can you please add that @alessio

Copy link
Contributor

@rigelrozanski rigelrozanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty straight forward changes

Sequence: sequence,
Tx: msg,
BaseReq: utils.NewBaseReq(
name1, pw, "", viper.GetString(client.FlagChainID), "", "", accnum, sequence, nil, false, false,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

}

// validate tx
// discard error if it's CodeUnauthorized as the tx comes with no signatures
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little bit confused as to why CodeUnautherized implies that there tx comes with no signatures... maybe we should have CodeNoSignatures? Don't deal with this code a lot just an outsider's perspective

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeNoSignatures sounds good and self-explanatory to me 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amended, please review again

@rigelrozanski rigelrozanski changed the title validate sign tx request's body R4R validate sign tx request's body Dec 27, 2018
@alessio alessio force-pushed the alessio/3176-validate-sign-body-req branch from e342a32 to 1ebe184 Compare December 27, 2018 13:43
@alessio
Copy link
Contributor Author

alessio commented Jan 2, 2019

@jackzampolin changed applied, please review

Copy link
Member

@jackzampolin jackzampolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @alessio, this works for me locally!

Co-Authored-By: alessio <quadrispro@ubuntu.com>
@alessio alessio changed the title R4R validate sign tx request's body R4R: validate sign tx request's body Jan 2, 2019
@jackzampolin jackzampolin merged commit d1824ad into develop Jan 3, 2019
@jackzampolin jackzampolin deleted the alessio/3176-validate-sign-body-req branch January 3, 2019 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants