New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core-api): prevent cold wallet response #1955

Merged
merged 2 commits into from Jan 10, 2019

Conversation

Projects
None yet
4 participants
@JeremiGendron
Copy link
Contributor

JeremiGendron commented Jan 8, 2019

  • When querying for /accounts?address, return error if account.publicKey === null (cold wallet)
  • Add test to check for bug

Ref: #1949

Proposed changes

I will test if the bug is also present on v2 today, I would like to get a review on whether this makes sense. All tests were done incrementally, initially the response (without account.publicKey === null) check was that of an empty cold wallet; now it simply returns an error "Account not found" (as wanted).

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (improve a current implementation without adding a new feature or fixing a bug)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Build (changes that affect the build system)
  • Docs (documentation only changes)
  • Test (adding missing tests or fixing existing tests)
  • Other... Please describe:

Checklist

  • I have read the CONTRIBUTING documentation
  • Lint and unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@supaiku0 supaiku0 self-requested a review Jan 9, 2019

@supaiku0
Copy link
Contributor

supaiku0 left a comment

Another solution I would prefer is to simply check wether the wallet manager has a specific address before trying to get one.

The PoolWalletManager has an exists function for exactly that purpose:
https://github.com/ArkEcosystem/core/blob/develop/packages/core-transaction-pool/src/pool-wallet-manager.ts#L45

Though the comment seems to be wrong, since the WalletManager has no such function.

So...

  1. Move exists from PoolWalletManager to WalletManager
  2. Add exists check here and return null otherwise:
    https://github.com/ArkEcosystem/core/blob/develop/packages/core-api/src/repositories/transactions.ts#L486

This way there's no need to change anything in the endpoint methods as they can
trust what the repository returns.

@JeremiGendron

This comment has been minimized.

Copy link
Contributor

JeremiGendron commented Jan 9, 2019

@supaiku0 Thanks for the feedback. I've done so and my editor is telling me that the function exists doesn't exist on type WalletManager. Do you know where I should add a typing for this?

@codecov-io

This comment has been minimized.

Copy link

codecov-io commented Jan 9, 2019

Codecov Report

Merging #1955 into develop will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           develop   #1955      +/-   ##
==========================================
- Coverage    38.61%   38.6%   -0.01%     
==========================================
  Files          354     354              
  Lines         7762    7764       +2     
  Branches      1143    1172      +29     
==========================================
  Hits          2997    2997              
- Misses        4751    4753       +2     
  Partials        14      14
Impacted Files Coverage Δ
...s/core-transaction-pool/src/pool-wallet-manager.ts 58.53% <ø> (+6.36%) ⬆️
packages/core-database/src/wallet-manager.ts 59.04% <0%> (-1.62%) ⬇️
packages/core-api/src/repositories/transactions.ts 0% <0%> (ø) ⬆️
packages/core-logger-winston/src/formatter.ts 38.88% <0%> (ø) ⬆️
packages/core-test-utils/src/generators/wallets.ts 14.28% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9b26df4...80e2406. Read the comment docs.

@faustbrian

This comment has been minimized.

Copy link
Collaborator

faustbrian commented Jan 9, 2019

The method needs to be removed here https://github.com/ArkEcosystem/core/blob/develop/packages/core-transaction-pool/src/pool-wallet-manager.ts#L45 as the pool manager extends the wallet manager.

@faustbrian faustbrian changed the title fix: Prevent cold wallet response in v1 api fix(core-api): prevent cold wallet response Jan 9, 2019

@JeremiGendron JeremiGendron force-pushed the JeremiGendron:fix/empty-wallet-creation-api branch from d808392 to 3481641 Jan 9, 2019

@JeremiGendron

This comment has been minimized.

Copy link
Contributor

JeremiGendron commented Jan 9, 2019

ill take care of the extra commits 😓

@JeremiGendron JeremiGendron force-pushed the JeremiGendron:fix/empty-wallet-creation-api branch from 0bd05d3 to 2c255a3 Jan 9, 2019

@JeremiGendron JeremiGendron force-pushed the JeremiGendron:fix/empty-wallet-creation-api branch 2 times, most recently from 3481641 to b4a47dd Jan 9, 2019

@JeremiGendron

This comment has been minimized.

Copy link
Contributor

JeremiGendron commented Jan 9, 2019

https://circleci.com/gh/ArkEcosystem/core/10033

error /home/circleci/ark-core/node_modules/integer: Command failed.
@faustbrian

This comment has been minimized.

Copy link
Collaborator

faustbrian commented Jan 10, 2019

changes made

@faustbrian faustbrian merged commit 7dcb256 into ArkEcosystem:develop Jan 10, 2019

6 checks passed

ci/circleci: test-node10-0 Your tests passed on CircleCI!
Details
ci/circleci: test-node10-1 Your tests passed on CircleCI!
Details
ci/circleci: test-node10-2 Your tests passed on CircleCI!
Details
ci/circleci: test-node11-0 Your tests passed on CircleCI!
Details
ci/circleci: test-node11-1 Your tests passed on CircleCI!
Details
ci/circleci: test-node11-2 Your tests passed on CircleCI!
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment