-
Notifications
You must be signed in to change notification settings - Fork 499
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
txnbuild: ignore txhash (preauth) and xhash signers in sep-10 (#2215)
### What Ignore txhash (T...) signers, used for preauth transactions, xhash (X...) signers, and other future types of signers the server might not know about, during SEP-10 verification. ### Why Developers will likely pass through to the verification functions the signers on accounts as provided by Horizon. Accounts can have other non-ed25519 signers and they're likely going to be passed through verbatim. The verification logic's goal is to confirm the transaction has been signed by the signers and so ignoring unsupported types like txhash and xhash seems like a safe thing to do given that the verification function will also ignore ed25519 signers that don't match a signature. Without this in a typical SEP-10 implementation any account with a txhash or xhash signer will likely fail SEP-10 verification. Issues that might be caused by this new behavior is if a user passes in an account seed (S...) or some other string they won't see an error. I think that's unlikely and hopefully a smaller impact than is worth making this solution more complex. This issue was first identified by @overcat in lightsail-network/java-stellar-sdk#264, but solved in a way that depends on data from Horizon. This solution does not depend on data from Horizon and should be portable to all our SDKs. This was previously discussed at: lightsail-network/java-stellar-sdk#264 (comment).
- Loading branch information
1 parent
e7a481a
commit a29b5ca
Showing
2 changed files
with
102 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters