Skip to content

Commit

Permalink
Avoid passing secret details of recipient in transfer
Browse files Browse the repository at this point in the history
  • Loading branch information
sohkai committed Feb 10, 2017
1 parent 32c27b8 commit 5be8368
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 5 deletions.
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ PAYLOAD:
},
"to": {
"publicKey": "<base58 string>",
"privateKey": "<base58 string>"
"privateKey": null
}
}
Expand All @@ -336,6 +336,10 @@ RETURNS:
}
```

Note that the `to` field in the payload may avoid specifying the new holder's
private details (i.e. `signingKey`), but should still provide the keys needed to
conform to the [user model](#create-users).

To check if your POST was successful, follow the steps in [registering a
manifestation](#was-my-post-to-manifestations-successful) and use the returned
Right's data instead.
5 changes: 4 additions & 1 deletion tests/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@ def test_transfer_right(client, alice, bob, carly,
'action': 'loan',
},
'currentHolder': alice,
'to': bob,
'to': {
'publicKey': bob['publicKey'],
'privateKey': None,
}
}

expected = {
Expand Down
1 change: 1 addition & 0 deletions web/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@


user_model = parse_model(['publicKey', 'privateKey'])
public_user_model = parse_model(['publicKey'])
manifestation_model = parse_model(['name', 'datePublished', 'url'])
work_model = parse_model(['name', 'author'])
right_model = parse_model(['license'])
2 changes: 1 addition & 1 deletion web/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ def _parse_model(inputs):
value = inputs[field]
except KeyError:
raise KeyError('`{}` must be provided'.format(field))
if bool(value) is not True:
if not value:
raise ValueError("`{}`'s value must be defined".format(field))
return inputs
return _parse_model
4 changes: 2 additions & 2 deletions web/views/rights.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from coalaip import CoalaIp, ModelDataError, entities
from coalaip_bigchaindb.plugin import Plugin
from web.models import right_model, user_model
from web.models import right_model, public_user_model, user_model
from web.utils import get_bigchaindb_api_url


Expand Down Expand Up @@ -49,7 +49,7 @@ def post(self):
location='json')
parser.add_argument('currentHolder', type=user_model, required=True,
location='json')
parser.add_argument('to', type=user_model, required=True,
parser.add_argument('to', type=public_user_model, required=True,
location='json')
parser.add_argument('rightsAssignment', type=dict, location='json')
args = parser.parse_args()
Expand Down

0 comments on commit 5be8368

Please sign in to comment.