add Aaron's fix for verifying a signature

This commit is contained in:
Marco Salazar 2022-08-09 20:39:33 -06:00
parent 6f1939296d
commit 7bd5e4fa8d

View File

@ -57,19 +57,20 @@ def postSlate(receivingAddress, slate):
)
def getSlates(receivingAddress, signature):
try:
if receivingAddress is None:
if receivingAddress is None or signature is None:
return make_response(jsonify({'status': 'failure', 'error': str("missing correct arguments")}))
# Deserialize the base-58 address to hex, and then to an internal public key format
# Deserialize the base-58 address to an internal public key format
# NOTE: This assumes that the network version (which is not part of the key) is exactly 2 bytes
public_key = secp256k1.PublicKey(base58.b58decode_check(receivingAddress)[2:])
public_key = secp256k1.PublicKey(base58.b58decode_check(receivingAddress)[2:], raw=True)
# Prepare the message bound to the signature: a domain separator and the encoded address
# For some reason, the original client code calls this the "challenge"
message = 'SubscribeRequest_' + receivingAddress
# Deserialize and verify the provided signature against the message and address public key
if not public_key.ecdsa_verify(message, public_key.ecdsa_deserialize(signature)):
if not public_key.ecdsa_verify(message.encode(),
public_key.ecdsa_deserialize(bytes(bytearray.fromhex(signature)))):
return make_response(jsonify({'status': 'failure', 'error': str("bad signature")}))
slates = Slate.find_slates(address=receivingAddress)