fix: SEP-10, value of first op should not be null (#394)

StellarCN · Oct 29, 2020 · 0a033b3 · 0a033b3
1 parent 8683f76
commit 0a033b3
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/stellar_sdk/sep/stellar_web_authentication.py b/stellar_sdk/sep/stellar_web_authentication.py
@@ -172,6 +172,11 @@ def read_challenge_transaction(
     if not client_account:
         raise InvalidSep10ChallengeError("Operation should have a source account.")
 
+    if manage_data_op.data_value is None:
+        raise InvalidSep10ChallengeError(
+            "Operation value should not be null."
+        )
+
     if len(manage_data_op.data_value) != 64:
         raise InvalidSep10ChallengeError(
             "Operation value encoded as base64 should be 64 bytes long."

diff --git a/tests/sep/test_stellar_web_authentication.py b/tests/sep/test_stellar_web_authentication.py
@@ -200,6 +200,40 @@ def test_verify_challenge_tx_operation_does_not_contain_the_source_account(self)
                 network_passphrase,
             )
 
+    def test_verify_challenge_tx_operation_value_is_none(self):
+        server_kp = Keypair.random()
+        client_kp = Keypair.random()
+        network_passphrase = Network.PUBLIC_NETWORK_PASSPHRASE
+        domain_name = "example.com"
+        now = int(time.time())
+        nonce_encoded = None
+        server_account = Account(server_kp.public_key, -1)
+        challenge_te = (
+            TransactionBuilder(server_account, network_passphrase, 100)
+            .append_manage_data_op(
+                data_name="{} auth".format(domain_name),
+                data_value=nonce_encoded,
+                source=client_kp.public_key,
+            )
+            .add_time_bounds(now, now + 900)
+            .build()
+        )
+
+        challenge_te.sign(server_kp)
+        challenge_te.sign(client_kp)
+        challenge_tx_signed = challenge_te.to_xdr()
+
+        with pytest.raises(
+            InvalidSep10ChallengeError,
+            match="Operation value should not be null.",
+        ):
+            verify_challenge_transaction(
+                challenge_tx_signed,
+                server_kp.public_key,
+                domain_name,
+                network_passphrase,
+            )
+
     def test_verify_challenge_tx_operation_value_is_not_a_64_bytes_base64_string(self):
         server_kp = Keypair.random()
         client_kp = Keypair.random()