-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a cli option for creating a new transaction #225
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good start :-)
exe/wallet/Main.hs
Outdated
(wPwd, _) <- do | ||
let prompt = "Please enter a passphrase: " | ||
let parser = fromText @(Passphrase "encryption") | ||
getSensitiveLine prompt Nothing parser |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This applies the password validation rules (e.g. 10 chars). But if the password was set through an API call with curl, then it might not validate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rvl Not sure to understand what you mean here? What API call with cURL? To the wallet server API ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this is fixed by Matthias
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code is now asking for the encryption password twice when submitting a transaction.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rvl I am not sure are you ok with this change?
This applies the password validation rules (e.g. 10 chars). But if the password was set through an API call with curl, then it might not validate.
password wouldn't validate with curl as well because validation rules are enforced in core (have a look at FromText
and FromJSON
). So this 10 char password isn't enforced only on cardano-wallet CLI client (as I think you might thought)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two things here:
1/ We do indeed perform validation at the API-level too. Whether we should allow empty passwords from the CLI or the API is another question, out-of-scope for this PR.
2/ Rodney's second remark is about the small refactoring you did, moving getPassphrase
into the where
section. This is actually wrong for sending transaction, as we would prompt the passphase twice in that case! We only need to prompt it once when creating transaction. This needs fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Ah true - didn't understand what Rodney meant to say
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not realise the API enforces a 10 char minimum encryption password (weird idea), therefore I thought the CLI was incorrectly using different validation rules to the API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's what I thought! We completely share the same decoders in the CLI and API, so any rules applied to decoding values in the API should apply in the CLI.
In the future, we would even enforce some deeper validation rules for the passphrase (comparing against a list of mostly used and enforcing some good entropy in the passphrase) because that's the first step towards securing your wallet as a user.
Truth is, if we don't do that, people put an empty mnemonic and an empty passphrase and then, ask the support and their lawyers why their funds disappeared from their wallet 😞
301fc60
to
d6a821d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor changes, after what, we're good to go I believe (haven't tested that in the terminal yet, we may likely have to do some fiddling with the API handler, but that's for later).
19edc64
to
e575e62
Compare
exe/wallet/Main.hs
Outdated
--payment <PAYMENT> address to send to and amount to send separated by @: '<amount>@<address>' | ||
|
||
Examples: | ||
cardano-wallet transaction create --wallet-id 2512a00e9653fe49a44a5886202e24d77eeb998f --payment 22@2cWKMJemoBam7gg1y5K2aFDhAm5L8fVc96NfxgcGhdLMFTsToNAU9t5HVdBBQKy4iDswL # Create a transaction and send 22 lovelace from wallet-id to specified addres |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about:
- Putting the
--payment
on a new line with a\
- Using either a Yoroi address, or an arbitrary shorter string in base58, just to convey the idea, it doesn't have to be a real address
- Make sure the last digit of the amount isn't the same digit as the address 😅 ... for enhanced readability
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sure the last digit of the amount isn't the same digit as the address sweat_smile ... for enhanced readability
makes sense - didn't notice
Putting the --payment on a new line with a \
👍
Using either a Yoroi address, or an arbitrary shorter string in base58, just to convey the idea, it doesn't have to be a real address
👍
exe/wallet/Main.hs
Outdated
wPwd <- getPassphrase | ||
runClient @Transaction Aeson.encodePretty $ createTransaction (ApiT wId) $ | ||
PostTransactionData | ||
-- NOTE: we are sure this will be non-empty |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Side-note: for this kind of comment, the reason why we are sure is really what we're interested in 😉
This PR also adds NonEmpty to few functions where approriate.
comments were addressed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good 👍
Issue Number
#96
Overview
Comments