search

hyperledger / aries-cloudagent-python

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.
https://wiki.hyperledger.org/display/aries
Apache License 2.0
405 stars 511 forks source link

Problems with TAA acceptance handling #1346

Open mloepfe opened 3 years ago

mloepfe commented 3 years ago

I'm just implementing the TAA acceptance handling in an acapy controller (Django Web App).

I found some problems in how acapy is handling the acceptance:

1.) there is no proper input validation of the json body in the "ledger_accept_taa()" function. If the Input json body does not contain the expected three values (version, text, mechanism) an exception will be raised which results in an 500 Server Error. I think it should return a proper 400 Bad Request error.

2.) I can call the "ledger_accept_taa()" function with an invalid (or old) text. There is no validation that one really accepts the latest taa with the correct digest. The digest get's calculated but not compared to the one of the current taa. I would expect to get an error (you have not accepted the latest TAA) instead of a success reply.

3.) When I call the "ledger_get_taa()" function, I also get the latest acceptance (taa_info["taa_accepted"]). This object does only contain the mechanism and time, but not version and digest. Unfortunately on the client side (my controller) I have with only this informations no means to check if this acceptance is up-to-date. I would expect to also get back version and digest (which are stored and retrieved, but just not returned).

Does this sound reasonable?

swcurran commented 3 years ago

Yup...those are all reasonable complaints. I assume if 2 is accepted with bad data, you get an error when do actually go to write to the ledger?

A PR would be great :-)

mloepfe commented 3 years ago

Ok, I try to get a dev env for acapy up and running and implement some unit tests and fixes.

Am 09.08.2021 um 17:41 schrieb Stephen Curran @.***>:

Yup...those are all reasonable complaints. I assume if 2 is accepted with bad data, you get an error when do actually go to write to the ledger?

A PR would be great :-)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/hyperledger/aries-cloudagent-python/issues/1346#issuecomment-895329761, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEHKGYGMMVCMVWNWZNPMODT37ZLHANCNFSM5BXHWYIA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email.

esune commented 9 months ago

Related: https://github.com/hyperledger/aries-cloudagent-python/issues/2668