Catch TypeError and ValueError in verify functions #309
Conversation
| @@ -2393,7 +2393,7 @@ def verify(self, message): | |||
| try: | |||
| verify_key.verify(message, subsig.signature) | |||
| verified_count += 1 | |||
| except BadSignatureError: | |||
| except (BadSignatureError, ValueError, TypeError): | |||
There was a problem hiding this comment.
I'm guessing that most users simply want to know that verify() has failed, deal with it, and won't really care why this has occurred (at least not in their runtime handling). For such users, swallowing these two exceptions makes life easier.
But could there be something about these different errors that could allow users to have more nuanced recovery strategies? I kind of doubt it, but it's worth knowing before we just add the blanket conversion from (BadSignatureError, ValueError, TypeError) to False.
There was a problem hiding this comment.
Thinking more about it, ValueError and TypeError sounds like they could be generated by bad user input/usage. If that is the case, then we really wouldn't want to swallow these errors.
There was a problem hiding this comment.
Good point - I also thought about this and couldn't reach a conclusive decision. Our current unit tests do seem to test the ValueError here by testing the wrong number of bytes:
Line 2694 in f0c9430
I'm not exactly sure how we want verify to behave in these cases so I wanted other people's inputs as well. If we choose to include this change, I can also add some test cases to check the two new error types.
There was a problem hiding this comment.
Summarizing a verbal with @algochoi, @tzaffi, and @jasonpaulos:
- We agreed the expedient path is to keep the PR's behavior and add unit tests validating behavior.
- We left with a loose agreement that revisiting the return type out-of-band is worthwhile. For example, moving from boolean to a richer data type will simplify disambiguating failure cases.
As of c3b94a2, I think the PR matches what we verbally agreed to. Since I didn't open the thread, I'll leave as is without resolving.
There was a problem hiding this comment.
@algochoi Thanks for the effort to clean up API inconsistencies here. ☕
pynacl'sVerifyKey()can now return aTypeErrororValueError(related PR). Our SDK should reflect this change by catching those errors as well, or users may encounter an unexpected exception.Picked some major release versions and set that as boundaries. Hopefully users are using
venvorcondaas well...Also added the
blackformatter updates so CI can run normally.I didn't change the v1
transactionmethods, but the problem is there as well (I hope no one uses them because we haven't updated them for a very long time).