remove rpc_get_zonefiles_by_names(); remove deprecated profile-verification-by-hash (we now use timestamp+signature to stop replay attacks)

blockstack/blockstackd.py

@@ -1034,7 +1034,7 @@ class BlockstackdRPC( SimpleXMLRPCServer):
 
         if len(zonefile_hashes) > 100:
             log.error("Too many requests (%s)" % len(zonefile_hashes))
-            return {'error': 'Too many requests'}
+            return {'error': 'Too many requests (no more than 100 allowed)'}
 
         ret = {}
         for zonefile_hash in zonefile_hashes:
@@ -1054,45 +1054,6 @@ class BlockstackdRPC( SimpleXMLRPCServer):
         return self.success_response( {'zonefiles': ret} )
 
 
-    def rpc_get_zonefiles_by_names( self, names, **con_info ):
-        """
-        Get a users' zonefiles from the local cache,
-        or (on miss), from upstream storage.
-        Only return at most 100 zonefiles.
-        Return {'status': True, 'zonefiles': {name: zonefile}]} on success
-        Return {'error': ...} on error
-
-        zonefiles will be serialized to string
-        """
-        conf = get_blockstack_opts()
-        if not conf['serve_zonefiles']:
-            return {'error': 'No data'}
-
-        if type(names) != list:
-            return {'error': 'Invalid data'}
-
-        if len(names) > 100:
-            return {'error': 'Too many requests'}
-        
-        ret = {}
-        for name in names:
-            if type(name) not in [str, unicode]:
-                return {'error': 'Invalid name'}
-
-            if not is_name_valid(name):
-                return {'error': 'Invalid name'}
-
-        for name in names:
-            zonefile_data = self.get_zonefile_data_by_name( conf, name )
-            if zonefile_data is None:
-                continue
-
-            else:
-                ret[name] = base64.b64encode(zonefile_data)
-
-        return self.success_response( {'zonefiles': ret} )
-
-
     def rpc_put_zonefiles( self, zonefile_datas, **con_info ):
         """
         Replicate one or more zonefiles, given as serialized strings.
@@ -1298,49 +1259,6 @@ class BlockstackdRPC( SimpleXMLRPCServer):
             return {'status': True}
 
 
-    def verify_profile_hash( self, name, name_rec, zonefile_dict, profile_txt, prev_profile_hash, sigb64, user_data_pubkey ):
-        """
-        DEPRECATED
-
-        Verify that the uploader signed the profile's previous hash.
-        Return {'status': True} on success
-        Return {'error': ...} on error
-        """
-
-        conf = get_blockstack_opts()
-        if not conf['serve_profiles']:
-            return {'error': 'No data'}
-
-        profile_storage_drivers = conf['profile_storage_drivers'].split(",")
-        zonefile_storage_drivers = conf['zonefile_storage_drivers'].split(",")
-
-        # verify that the previous profile actually does have this hash 
-        try:
-            old_profile_txt, zonefile = blockstack_client.get_profile(name, profile_storage_drivers=profile_storage_drivers, zonefile_storage_drivers=zonefile_storage_drivers,
-                                                                       user_zonefile=zonefile_dict, name_record=name_rec, use_zonefile_urls=False, decode_profile=False)
-        except Exception, e:
-            log.exception(e)
-            log.debug("Failed to load profile for '%s'" % name)
-            return {'error': 'Failed to load profile'}
-
-        if old_profile_txt is None:
-            # no profile yet (or error)
-            old_profile_txt = ""
-
-        old_profile_hash = hex_hash160(old_profile_txt)
-        if old_profile_hash != prev_profile_hash:
-            log.debug("Invalid previous profile hash")
-            return {'error': 'Invalid previous profile hash'}
-
-        # finally, verify the signature over the previous profile hash and this new profile
-        rc = blockstack_client.storage.verify_raw_data( "%s%s" % (prev_profile_hash, profile_txt), user_data_pubkey, sigb64 )
-        if not rc:
-            log.debug("Invalid signature")
-            return {'error': 'Invalid signature'}
-
-        return {'status': True}
-
-
     def load_mutable_data( self, name, data_txt, max_len=RPC_MAX_PROFILE_LEN, storage_drivers=None ):
         """
         Parse and authenticate user-given data
@@ -1474,19 +1392,7 @@ class BlockstackdRPC( SimpleXMLRPCServer):
 
         data_info = self.load_mutable_data(name, profile_txt, max_len=RPC_MAX_PROFILE_LEN)
         if 'error' in data_info:
-            if data_info.has_key('reason') and data_info['reason'] == 'timestamp' and data_info.has_key('data_pubkey') and data_info.has_key('zonefile'):
-
-                user_data_pubkey = data_info['data_pubkey']
-                zonefile_dict = data_info['zonefile']
-
-                # try hash-based verification (deprecated)
-                res = self.verify_profile_hash( name, name_rec, zonefile_dict, profile_txt, prev_profile_hash_or_ignored, sigb64_or_ignored, user_data_pubkey )
-                if 'error' in res:
-                    log.debug("Failed to verify profile by owner hash")
-                    return {'error': 'Failed to validate profile: invalid or missing timestamp and/or previous hash'}
-
-            else:
-                return data_info
+            return data_info
        
         res = storage_enqueue_profile( name, str(profile_txt) )
         if not res:
@@ -1558,7 +1464,6 @@ class BlockstackdRPC( SimpleXMLRPCServer):
         return {'status': True, 'servers': servers}
 
 
-
     def rpc_get_zonefiles_by_block( self, from_block, to_block, offset, count, **con_info ):
         """
         Get information about zonefiles announced in blocks [@from_block, @to_block]
@@ -1581,6 +1486,7 @@ class BlockstackdRPC( SimpleXMLRPCServer):
 
         return self.success_response( {'zonefile_info': zonefile_info } )
 
+
     def rpc_get_atlas_peers( self, **con_info ):
         """
         Get the list of peer atlas nodes.