Add a cli option for creating a new transaction

[akegalj]

Issue Number

#96

Overview

• I have add a CLI option for creating and sending a new transaction

Comments

[rvl]

Good start :-)

[rvl]

This applies the password validation rules (e.g. 10 chars). But if the password was set through an API call with curl, then it might not validate.

[KtorZ]

@rvl Not sure to understand what you mean here? What API call with cURL? To the wallet server API ?

[akegalj]

I believe this is fixed by Matthias

[rvl]

The code is now asking for the encryption password twice when submitting a transaction.

[akegalj]

@rvl I am not sure are you ok with this change?

This applies the password validation rules (e.g. 10 chars). But if the password was set through an API call with curl, then it might not validate.

password wouldn't validate with curl as well because validation rules are enforced in core (have a look at FromText and FromJSON). So this 10 char password isn't enforced only on cardano-wallet CLI client (as I think you might thought)

[KtorZ]

There are two things here:

1/ We do indeed perform validation at the API-level too. Whether we should allow empty passwords from the CLI or the API is another question, out-of-scope for this PR.

2/ Rodney's second remark is about the small refactoring you did, moving getPassphrase into the where section. This is actually wrong for sending transaction, as we would prompt the passphase twice in that case! We only need to prompt it once when creating transaction. This needs fix.

[akegalj]

2. Ah true - didn't understand what Rodney meant to say

[rvl]

I did not realise the API enforces a 10 char minimum encryption password (weird idea), therefore I thought the CLI was incorrectly using different validation rules to the API.

[KtorZ]

That's what I thought! We completely share the same decoders in the CLI and API, so any rules applied to decoding values in the API should apply in the CLI.
In the future, we would even enforce some deeper validation rules for the passphrase (comparing against a list of mostly used and enforcing some good entropy in the passphrase) because that's the first step towards securing your wallet as a user.

Truth is, if we don't do that, people put an empty mnemonic and an empty passphrase and then, ask the support and their lawyers why their funds disappeared from their wallet 😞

[KtorZ]

Some minor changes, after what, we're good to go I believe (haven't tested that in the terminal yet, we may likely have to do some fiddling with the API handler, but that's for later).

[KtorZ]

What about:

• Putting the --payment on a new line with a \
• Using either a Yoroi address, or an arbitrary shorter string in base58, just to convey the idea, it doesn't have to be a real address
• Make sure the last digit of the amount isn't the same digit as the address 😅 ... for enhanced readability

[akegalj]

Make sure the last digit of the amount isn't the same digit as the address sweat_smile ... for enhanced readability

makes sense - didn't notice

Putting the --payment on a new line with a \

👍

Using either a Yoroi address, or an arbitrary shorter string in base58, just to convey the idea, it doesn't have to be a real address

👍

[KtorZ]

Side-note: for this kind of comment, the reason why we are sure is really what we're interested in 😉

comments were addressed

[KtorZ]

Changes look good 👍