Skip to content
This repository has been archived by the owner on Mar 1, 2019. It is now read-only.

Misleading error message when using wrong spendingPassword to perform various operations on the API #284

Open
piotr-iohk opened this issue Jan 30, 2019 · 0 comments
Open

Misleading error message when using wrong spendingPassword to perform various operations on the API #284

piotr-iohk opened this issue Jan 30, 2019 · 0 comments
Labels
BUG Something isn't working

Comments

@piotr-iohk
Copy link
Contributor

Release Operating System Cause
next Windows & OSX & Linux Code

Context

Currently spending password (set when creating/restoring a wallet) is used for several operations in the wallet. These are:

The error message for all those operations when the spendingPassword is incorrect (i.e. valid 64 char long hex string but does not match the actual wallet's password) is:

{
    "diagnostic": {
        "msg": "CreateAddressHdRndGenerationFailed HdAccountId { parent HdRootId 2cWKMJemoBajMeVA7hrZjnNtcA7AjAtbjtZ5iCNJBKfXJQksftC92hg44f5BXqMxNyjUe, ix     HdAccountIx 2147483648}"
    },
    "message": "CannotCreateAddress",
    "status": "error"
}

The message is not quite meaningful and informative what the actual issue is and even somewhat misleading as it indicates that there is a problem with creating an address (CannotCreateAddress)
That makes sense for the first operation when we actually attempt to create an address, it does not for the others though. The error message here should actually state that the spendingPassword provided is wrong.

Additionally when the spendingPassword is a valid hex string but NOT 64-char long the error messages are faulty (as described already in #193)

Steps to Reproduce

  1. Attempt to post transaction/redeem cert or create new address while using not correct spendingPassword (however valid 64-char length hex encoded string)
    e.g. generating address:
curl -X POST https://localhost:8090/api/v1/addresses \
  -H "Accept: application/json; charset=utf-8" \
  -H "Content-Type: application/json; charset=utf-8" \
  --cert ~/.local/share/Daedalus/testnet/tls/client/client.pem \
  --cacert ~/.local/share/Daedalus/testnet/tls/client/ca.crt  \
  -d '{
	"accountIndex": 2147483648,
	"walletId": "2cWKMJemoBajMeVA7hrZjnNtcA7AjAtbjtZ5iCNJBKfXJQksftC92hg44f5BXqMxNyjUe",
	"spendingPassword": "5416b2988745725998907addf4613c9b0764f04959030e1b81c603b920a115d0"
}'  --http1.1

or

put shorter or longer than 64 chars strings as spendingPassword (but valid hex) as in #193

Expected behavior

The error message returned by the API should state that password is incorrect. The message should not be misleading.

Actual behavior

See above and in #193

Resolution Plan

PR

Number Base
#? develop

QA
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
BUG Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@piotr-iohk