-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v2] eth address as account id #1053
base: master
Are you sure you want to change the base?
Conversation
core/auth/v2/authenticator.go
Outdated
accountId := header.PaymentMetadata.AccountID | ||
pubKey := crypto.PubkeyToAddress(*sigPublicKeyECDSA).Hex() | ||
|
||
if pubKey != accountId { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we're comparing strings, but this will fail if accountID
isn't checksummed string.
I think it's safer to convert accountID
to common.Address (common.HexToAddress()) and compare bytearrays using Address.Cmp()
Do we have a test capturing this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to use address type.
We have auth_test that check for authenticating the requests, but not as specific as whether it is checksum or not.
Why are these changes needed?
just for investigating account behaviors
Checks