Added new condition to verify signature. Updated logs. (#577)

* Added new condition to verify signature. Updated logs. * Resolved requested changes. --------- Co-authored-by: Calina Cenan <[email protected]>
oceanprotocol · Mar 14, 2023 · adae5e4 · adae5e4
1 parent 8b4a0f8
commit adae5e4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/ocean_provider/utils/accounts.py b/ocean_provider/utils/accounts.py
@@ -31,6 +31,7 @@ def verify_signature(signer_address, signature, original_msg, nonce):
     :return: True if signature is valid, throws InvalidSignatureError otherwise
     """
     verify_nonce(signer_address, nonce)
+    old_signature = signature
 
     message = f"{original_msg}{str(nonce)}"
     signature_bytes = Web3.toBytes(hexstr=signature)
@@ -42,6 +43,16 @@ def verify_signature(signer_address, signature, original_msg, nonce):
         new_signature = signature_bytes
 
     signature = keys.Signature(signature_bytes=new_signature)
+
+    if old_signature != str(signature):
+        msg = (
+            f"Invalid signature. Please check the nonce or documentId from the original message."
+            f" In case of compute endpoints, check also the job ID."
+            f" Got: {old_signature}\n."
+        )
+        logger.error(msg)
+        raise InvalidSignatureError(msg)
+
     message_hash = Web3.solidityKeccak(
         ["bytes"],
         [Web3.toBytes(text=message)],

diff --git a/ocean_provider/validation/provider_requests.py b/ocean_provider/validation/provider_requests.py
@@ -13,7 +13,7 @@
 
 from ocean_provider.exceptions import InvalidSignatureError
 from ocean_provider.file_types.file_types_factory import FilesTypeFactory
-from ocean_provider.utils.accounts import verify_signature, verify_nonce
+from ocean_provider.utils.accounts import verify_signature, verify_nonce, sign_message
 from ocean_provider.utils.util import get_request_data
 from ocean_provider.user_nonce import is_token_valid
 from ocean_provider.validation.RBAC import RBACValidator
@@ -77,6 +77,14 @@ def __init__(
         headers=None,
         **kwargs,
     ):
+        messages["signature.signature"] += f" Please check the nonce or documentId."
+        messages[
+            "signature.download_signature"
+        ] += f" Please check the nonce or documentId."
+        messages[
+            "signature.decrypt_signature"
+        ] += f" Please check the nonce or documentId."
+
         super(CustomValidator, self).__init__(
             rules, request, custom_handlers, messages, **kwargs
         )

diff --git a/tests/test_compute.py b/tests/test_compute.py
@@ -280,8 +280,8 @@ def test_compute(client, publisher_wallet, consumer_wallet, free_c2d_env):
     )
     assert result_without_signature.status_code == 400
     assert (
-        result_without_signature.json["errors"]["signature"][0]
-        == "Invalid signature provided."
+        "Invalid signature provided."
+        in result_without_signature.json["errors"]["signature"][0]
     ), "Signature should be required"
 
     nonce, signature = get_compute_signature(client, consumer_wallet, index, job_id)