Problem: upsert-validator approve has no error handling for an unauthorized signing key

Solution: Raise an exception if the signature doesn't match one of the authorized keys
2024-10-13 13:34:05 +00:00 · 2018-08-23 14:18:13 +02:00 · 2018-08-23 14:18:13 +02:00 · 2ade51056e
commit 2ade51056e
parent 8c0bf8caa0
1 changed files with 9 additions and 3 deletions
--- a/bigchaindb/commands/bigchaindb.py
+++ b/bigchaindb/commands/bigchaindb.py
@ -16,7 +16,7 @@ import sys
 from bigchaindb.utils import load_node_key
 from bigchaindb.common.exceptions import (DatabaseAlreadyExists,
                                          DatabaseDoesNotExist,
-                                          OperationError)
+                                          OperationError, KeypairMismatchException)
 import bigchaindb
 from bigchaindb import (backend, ValidatorElection,
                        BigchainDB, ValidatorElectionVote)
@ -159,9 +159,15 @@ def run_upsert_validator_approve(args, bigchain):

    key = load_node_key(args.sk)
    tx = bigchain.get_transaction(args.election_id)
-    voting_power = [v.amount for v in tx.outputs if key.public_key in v.public_keys][0]
+    voting_powers = [v.amount for v in tx.outputs if key.public_key in v.public_keys]
+    if len(voting_powers) > 0:
+        voting_power = voting_powers[0]
+    else:
+        raise KeypairMismatchException(
+            'The key you provided does not match any of the eligible voters in this election.'
+        )

-    inputs = [input for input in tx.to_inputs() if key.public_key in input.owners_before]
+    inputs = [i for i in tx.to_inputs() if key.public_key in i.owners_before]
    approval = ValidatorElectionVote.generate(inputs, [
        ([key.public_key], voting_power)], tx.id).sign([key.private_key])
    approval.validate(bigchain)