Skip to content

[WIP] Implement signature verification #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 4, 2021
Merged

[WIP] Implement signature verification #66

merged 3 commits into from
May 4, 2021

Conversation

@MurashovVen
Copy link
Contributor

@MurashovVen MurashovVen commented Apr 7, 2021

Implementation of signature authentication for operations with allocations.
Need to be merged with additional changes on gosdk client.

@MurashovVen MurashovVen linked an issue Apr 7, 2021 that may be closed by this pull request
Security issue: File lists can be queried and collaborators added without authentication #48
Closed
@MurashovVen
Copy link
Contributor Author

MurashovVen commented Apr 7, 2021

Verifying the signature by the owner's public key should solve the problem of a fake client id.
If we decide to remove the Client Key and Client ID headers, I'll make the appropriate changes.

@MurashovVen MurashovVen mentioned this pull request Apr 7, 2021
Merged
@guruhubb guruhubb requested a review from Sriep April 10, 2021 21:00
Sriep
Sriep reviewed Apr 18, 2021
View reviewed changes
Copy link
Contributor

@Sriep Sriep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently blobber is not unit test friendly. The best way to mock the database needs to be considered.

@MurashovVen
Merge remote-tracking branch 'origin/master' into feature/file_reques…
785a02b 
…ts_authentication

# Conflicts:
#	code/go/0chain.net/blobbercore/datastore/store.go
#	code/go/0chain.net/blobbercore/go.mod
#	code/go/0chain.net/blobbercore/go.sum
@MurashovVen
Refactore code:
7453db5 
- implement MockTheStore method
- remove duplicates tests methods
- minor fixes
@stewartie4
Copy link
Contributor

stewartie4 commented May 3, 2021

What's the status of this PR and 0chain/gosdk#30 ?

@guruhubb guruhubb requested a review from andrenerd May 4, 2021 00:26
@platsko platsko self-requested a review May 4, 2021 08:05
@MurashovVen MurashovVen mentioned this pull request May 4, 2021
Closed
@platsko platsko merged commit 538b6d9 into master May 4, 2021
@platsko platsko deleted the feature/file_requests_authentication branch May 4, 2021 12:10
This was referenced May 17, 2021
Closed
Merged
@stewartie4 stewartie4 mentioned this pull request Jul 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrenerd andrenerd Awaiting requested review from andrenerd

2 more reviewers

@Sriep Sriep Sriep left review comments

@platsko platsko platsko approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security issue: File lists can be queried and collaborators added without authentication

5 participants

@MurashovVen @stewartie4 @platsko @Sriep