adding test case for issue 483, which *also* required fixing the app session schema to handle empty string methods a little bit more gracefully

2026-04-28 11:46:07 +08:00 · 2017-07-07 15:26:18 -04:00
parent 1488013b93
commit 32efc99d62
3 changed files with 26 additions and 8 deletions
--- a/blockstack_client/rpc.py
+++ b/blockstack_client/rpc.py
@@ -432,28 +432,33 @@ class BlockstackAPIEndpointHandler(SimpleHTTPRequestHandler):

        decoded_token = jsontokens.decode_token(token)
        legacy = False
+        decode_err = False
        try:
            assert isinstance(decoded_token, dict)
            assert decoded_token.has_key('payload')
-
            try:
                jsonschema.validate(decoded_token['payload'], APP_SESSION_REQUEST_SCHEMA )
            except ValidationError as ve2:
+                decode_err = ve2
                log.debug("Authentication request is not current; trying legacy")
                jsonschema.validate(decoded_token['payload'], APP_SESSION_REQUEST_SCHEMA_OLD )
                legacy = True

        except ValidationError as ve:
            if BLOCKSTACK_TEST or BLOCKSTACK_DEBUG:
-                log.exception(ve)
                if BLOCKSTACK_TEST:
                    log.debug("Invalid decoded token: {}".format(decoded_token['payload']))

-            log.debug("Invalid token")
+            log.error('Invalid authRequest token, tried legacy and current decode paths.')
+            if decode_err:
+                log.error('Current decode error:')
+                log.exception(decode_err)
+            log.error('Legacy decode error:')
+            log.exception(ve)
            return self._reply_json({'error': 'Invalid authRequest token: does not match any known request schemas'}, status_code=401)

        app_domain = str(decoded_token['payload']['app_domain'])
-        methods = [str(m) for m in decoded_token['payload']['methods']]
+        methods = [str(m) for m in decoded_token['payload']['methods'] if len(m) > 0]
        blockchain_id = None
        app_private_key = None
        app_public_key = None
--- a/blockstack_client/schemas.py
+++ b/blockstack_client/schemas.py
@@ -745,10 +745,16 @@ APP_INFO_PROPERTIES = {
    },
    'methods': {
        'type': 'array',
-        'items': {
-            'type': 'string',
-            'pattern': '^[a-zA-Z_][a-zA-Z0-9_.]+$'   # method name
-        },
+        'items':
+        {
+            'anyOf': [
+                {
+                    'type': 'string',
+                    'pattern': '^[a-zA-Z_][a-zA-Z0-9_.]+$'   # method name
+                },
+                {'type': 'string', 'pattern': '^$'}
+            ]
+        }
    },
    'app_public_keys': {
        'type': 'array',
--- a/integration_tests/blockstack_integration_tests/live_tests/api_tests.py
+++ b/integration_tests/blockstack_integration_tests/live_tests/api_tests.py
@@ -169,6 +169,13 @@ class AuthInternal(APITestCase):
        data = self.get_request(url, headers = auth_header, status_code=200)
        self.assertIn('token', data)

+    def test_auth_new_token_no_username_issue483(self):
+        auth_header = get_auth_header()
+        test_string = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJ2ZXJzaW9uIjoxLCJibG9ja2NoYWluX2lkIjpudWxsLCJhcHBfcHJpdmF0ZV9rZXkiOiIxNDYwYWIyY2RjZmE1NDQwNzc5YWYwZDA0NWIzZTFlMjE5MjY4OGRjZTA5NDk4YWMyNDBkMTdjNzA2YWRiOThkIiwiYXBwX2RvbWFpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMCIsIm1ldGhvZHMiOlsiIl0sImFwcF9wdWJsaWNfa2V5cyI6W3sicHVibGljX2tleSI6IjAzYTJhZmYyODhlYjI1NzVjZjE3ZTBjODc0NDZlNWExMDdmOTFkZjMzMjk5MjNkNDNmMDhmYTFmNzdlZDE0MTNmMCIsImRldmljZV9pZCI6IjAifV0sImRldmljZV9pZCI6IjAifQ.-uT-lOrvQDBZJWdg8p53LmEYBw1C8dVyGSAn96nR49MGSlNXP0vD7JsasjI6cbn9JSqGPFq1EpPLaHACkmyMcQ"
+        url = "/v1/auth?authRequest={}".format(test_string)
+        data = self.get_request(url, headers = auth_header, status_code=200)
+        self.assertIn('token', data)
+
 class UsersInternal(APITestCase):
    def test_get_users(self):
        user = "muneeb.id"