From 40e70243a45b48898905f926f2ab9e8415bbe25e Mon Sep 17 00:00:00 2001
From: Matt Smith <matt.the.smith@gmail.com>
Date: Tue, 15 Mar 2016 16:54:22 -0700
Subject: [PATCH] Change with notes to the validation behavior for CREATE
 transactions: transform and ignore signature if the signature field is not
 present, otherwise validate the signature as well.

---
 bigchaindb/web/views.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/bigchaindb/web/views.py b/bigchaindb/web/views.py
index 589adfb7..3d8f824e 100644
--- a/bigchaindb/web/views.py
+++ b/bigchaindb/web/views.py
@@ -82,14 +82,21 @@ def validate_transaction():
 
     tx = request.get_json(force=True)
 
-    if tx['transaction']['operation'] == 'CREATE':
+    # Always validate TRANSFER signatures; but only validate CREATE signatures
+    # if present.
+    validate_sig = True
+
+    # If a CREATE doesn't have the signature populated, then we treat it as
+    # an input to the `create` function and transform it.
+    if tx['transaction']['operation'] == 'CREATE' and 'signature' not in tx:
+        validate_sig = False
         tx = util.transform_create(tx)
 
     try:
         bigchain.validate_transaction(tx)
     except exceptions.InvalidSignature as e:
         # We skipped signing CREATEs with the node's private key, so expect this
-        if tx['transaction']['operation'] != 'CREATE':
+        if validate_sig:
             return flask.jsonify({'valid': False, 'error': repr(e)})
     except Exception as e:
         return flask.jsonify({'valid': False, 'error': repr(e)})