verify_user_signature returning false when true is expected #65
Comments
|
Thank you for reporting! I'll take a look soon (likely tomorrow). There is probably a bug (or a change) in the result parsing. |
|
It looks like your previous iteration of the code was using the FCLCrypto smart contract to verify the user signatures. The python sdk does not use FCLCrypto, but instead runs similar logic in the script body. The major difference I can see and that probably applies here, is this part from the FCLCrypto contract: // Non-custodial users can only generate a weight of 999
return totalWeight >= 999.0(shouldn't the comment say "Custodial users ..."?) So since you are doing verification on dapper wallets this might apply. Can you give me an address you tested this on so I can confirm this theory? If it is correct I think I might add a optional parameter for the case of custodial users. |
|
Hi, Here is the address I use: 0xdf26376de6cba19e I know that several users have the same issue with other addresses. My case is not isolated. Thanks for all this. Regards, |
|
Thanks! It looks like the 999 weight is not a problem for that particular scenario. I'll try to replicate the scenario. |
|
@alexisprunier In your code can you try signature_is_valid = await utils.verify_user_signature(
- message=bytes(fields.hex(), "utf-8"),
+ message=fields,
client=client,
composite_signatures=[signer],
)FCLCrypto expects a hex encoded message, but the python-sdk currently expects utf-8 bytes. See these lines in the example: |
|
Hi, I have this error with the suggested change: |
|
To bring more context: I am using this javacript library to handle the login:
All the users of the app gets identified via the Dapper wallet. It looks like, when you get logged, you get a signature based on a message composed of the wallet address, the app name (in this case, "mfl-assistant" and the nonce, generated by the backend of the app. In our case, the message seems to be wrong. The content of it, in this flow.py file, hasn't changed. It has been working properly. The element that has change is the version of Flow and the version of the flow-py-sdk that has been upgraded. Is that possible that:
Would you have any suggestions? Thanks in advance for your reply. Regards, |
|
Hey, just a little up on that topic. Btw, you can reproduce quite easily with docker by executing "docker compose up" from the ".docker" directory of the project on this branch: https://github.com/alexisprunier/mfl-assistant/tree/home Then you can go on the webapp and click the "login" button on the bottom left to trigger the piece of code. Regards |
Hi,
At first, thanks for the SDK you put at disposal! Very useful!
I have an issue with the recent v2 of the library. I have adapted my backend python code to keep having the signature verification of Dapper wallets.
My code with v1: https://github.com/alexisprunier/mfl-assistant/blob/main/api/utils/flow.py
My code with v2: https://github.com/alexisprunier/mfl-assistant/blob/home/api/utils/flow.py
Since the usage of the v2, I only get the false value from the flow_py_sdk.utils.verify_user_signature function.
The parameters seems to be very similar. The PY objects also seems to do the same work. I see that the major modification for this feature is the script, probably due to the flow network upgrade.
I can ensure that I reach the following piece of code.
return script_result.as_type(cadence.Bool).valueIs there any hint you could give to me about this?
Regards,
Alexis
The text was updated successfully, but these errors were encountered: