have verify_account_authority check passed-in keys #1384
Conversation
libraries/app/database_api.cpp
Outdated
| @@ -167,7 +167,7 @@ class database_api_impl : public std::enable_shared_from_this<database_api_impl> | |||
| vector<withdraw_permission_object> get_withdraw_permissions_by_giver(const std::string account_id_or_name, withdraw_permission_id_type start, uint32_t limit)const; | |||
| vector<withdraw_permission_object> get_withdraw_permissions_by_recipient(const std::string account_id_or_name, withdraw_permission_id_type start, uint32_t limit)const; | |||
|
|
|||
| //private: | |||
| // private: | |||
There was a problem hiding this comment.
we maybe just remove this comment ?
There was a problem hiding this comment.
Yes, I tried (hence the space I accidentally added). It did not compile due to _db being used outside, plus some others. I was thinking of fixing all of it, but resisted the urge because I was unsure why it was originally commented out.
|
IMHO this is not the correct approach, since you ignored multi-auth accounts at all. Correct approach would be to call |
|
Thank you @abitmore for partially answering a question I had. Is the purpose of this function to prove that the public keys are valid? Or is this function saying "If you send a transaction signed by the private keys related to these public keys, it will go through"? If you want to prove that those public keys are related to this account, well, I think I am done. If you want to take in to account multi-auth accounts, then more will need to be added. And now with projects being worked on that make keys more granular, I believe it would depend on what type of transaction you are doing as to if such a signature would pass or fail. If my thinking and assumptions on the last paragraph are correct, perhaps it would be best to pause working on this issue until those features are added. Thoughts? |
|
Doc comment says
IMO it is clear that multi-level signatures must be taken into account. |
|
In the latest approach, I am using graphene::chain::verify_authority with a transfer operation and the passed in account and keys. I have not tested with a multi-level signature account. I will take that on next, unless someone raises their hand and says this approach is also invalid. |
| std::vector<operation> ops; | ||
| ops.emplace_back(op); | ||
|
|
||
| try |
There was a problem hiding this comment.
why not just to create signed_transaction and call it's verify_authority method ?
So the full implementation of verify_account_authority might be like next:
bool database_api_impl::verify_account_authority( const string& account_name_or_id,
const flat_set<public_key_type>& keys )const
{
// create a dummy transfer
transfer_operation op;
op.from = get_account_from_string(account_name_or_id)->id;
std::vector<operation> ops;
ops.emplace_back(op);
signed_transaction trx;
trx.signees = keys;
trx.operations.push_back(op);
return verify_authority(trx);
}
It's less code and more simple IMHO.
There was a problem hiding this comment.
Nice idea, but IMO the signees field should be used as an internal cache only, not part of the tx struct's interface.
There was a problem hiding this comment.
graphene::chain::verify_authority will use signees returned by signed_transaction::get_signature_keys method, so it should work
|
I have added a muti-signature test (2 of 3) to wallet_test. Please let me know what you think. |
tests/tests/wallet_tests.cpp
Outdated
| try { | ||
| account_update_operation op; | ||
| op.account = nathan.id; | ||
| op.active = authority(2, public_key_type(nathan_key1.get_public_key()), 1, public_key_type(nathan_key2.get_public_key()), 1, public_key_type(nathan_key3.get_public_key()), 1); |
There was a problem hiding this comment.
this line is too long, please reduce it something like next example of code:
op.active = authority(
2,
public_key_type(nathan_key1.get_public_key()), 1,
public_key_type(nathan_key2.get_public_key()), 1,
public_key_type(nathan_key3.get_public_key()), 1
);
|
All tests ( |
|
IMHO just required little improvements with that line as commented above ... |
tests/tests/wallet_tests.cpp
Outdated
| edump((e.to_detail_string())); | ||
| throw; | ||
| } | ||
| } |
There was a problem hiding this comment.
Please add a test where nathan's account has a multisig from one key and two other accounts.
There was a problem hiding this comment.
Added what I think you are asking. It is not much different than the last, so I may be misunderstanding your request.
There was a problem hiding this comment.
IMHO we should check different combinations as in any_two_of_three test, perhaps the same combinations, but with 3 accounts, 1 key per 1 account, just my thoughts ...
tests/tests/wallet_tests.cpp
Outdated
| account_update_operation op; | ||
| op.account = nathan.id; | ||
| op.active = authority(3, public_key_type(nathan_key.get_public_key()), 1, | ||
| public_key_type(alice_key.get_public_key()), 1, public_key_type(bob_key.get_public_key()), 1); |
There was a problem hiding this comment.
Here you should use alice_id and bob_id, not their keys
tests/tests/wallet_tests.cpp
Outdated
| try { | ||
| fc::ecc::private_key nathan_key = fc::ecc::private_key::regenerate(fc::digest("key1")); | ||
| fc::ecc::private_key alice_key = fc::ecc::private_key::regenerate(fc::digest("key2")); | ||
| fc::ecc::private_key bob_key = fc::ecc::private_key::regenerate(fc::digest("key3")); |
tests/tests/wallet_tests.cpp
Outdated
| public_keys.emplace(bob_key.get_public_key()); | ||
| BOOST_CHECK(db_api.verify_account_authority("nathan", public_keys)); | ||
| } | ||
|
|
There was a problem hiding this comment.
Also need a negative test, e. g. alice_key missing.
tests/tests/wallet_tests.cpp
Outdated
| op.active = authority(3, public_key_type(nathan_key.get_public_key()), 1, | ||
| public_key_type(alice_key.get_public_key()), 1, public_key_type(bob_key.get_public_key()), 1); | ||
| op.active = authority(3, nathan_public_key, 1, | ||
| alice.id, 1, bob.id, 1); |
There was a problem hiding this comment.
IMHO we don't need to split this line, it isn't long now
|
Good, thanks! |
| @@ -663,9 +663,12 @@ class database_api | |||
| bool verify_authority( const signed_transaction& trx )const; | |||
|
|
|||
| /** | |||
| * @return true if the signers have enough authority to authorize an account | |||
| * @brief Verify that the public keys have enough authority to authorize a transaction | |||
There was a problem hiding this comment.
Why this change? There is no transaction in the API.
| * @brief Verify that the public keys have enough authority to authorize a transaction | ||
| * @param account_name_or_id the account to check | ||
| * @param signers the public keys | ||
| * @return true if the passed in keys have enough authority to authorize a transaction |
There was a problem hiding this comment.
Why this? There is no transaction in the API.
tests/tests/wallet_tests.cpp
Outdated
| try { | ||
|
|
||
| ACTORS( (nathan) ); | ||
| graphene::app::database_api db_api(db); |
There was a problem hiding this comment.
I think it's better to move these test cases to database_api_tests.cpp.
|
Code looks fine to me. |
| @@ -663,9 +663,12 @@ class database_api | |||
| bool verify_authority( const signed_transaction& trx )const; | |||
|
|
|||
| /** | |||
| * @return true if the signers have enough authority to authorize an account | |||
| * @brief Verify that the public keys have enough authority to approve an operation | |||
There was a problem hiding this comment.
I think we should mention the account in this sentence and the return
There was a problem hiding this comment.
I think the latest commit will be more to your liking. Please take a look.
Potential fix for #1366
The original code always returned false, due to not using the passed in keys to do anything.
This PR uses a different approach. Compare the public keys of what was passed in versus what is known.