From ac69cd6966b59921e15599bc0ae212e403ff24d5 Mon Sep 17 00:00:00 2001
From: Oleg Silkin <o.silkin98@gmail.com>
Date: Tue, 18 Feb 2020 14:36:38 -0500
Subject: [PATCH] Requires credential input for comment creation

---
 src/database/writes.py   |  5 ++---
 src/server/validation.py | 28 +++++++++++++++-------------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/src/database/writes.py b/src/database/writes.py
index 0e7b17d..b9d4b98 100644
--- a/src/database/writes.py
+++ b/src/database/writes.py
@@ -18,8 +18,7 @@ logger = logging.getLogger(__name__)
 
 def create_comment_or_error(conn, comment, claim_id=None, channel_id=None, channel_name=None,
                             signature=None, signing_ts=None, parent_id=None) -> dict:
-    if channel_id and channel_name:
-        insert_channel_or_error(conn, channel_name, channel_id)
+    insert_channel_or_error(conn, channel_name, channel_id)
     fn = db.insert_comment if parent_id is None else db.insert_reply
     comment_id = fn(
         conn=conn,
@@ -65,7 +64,7 @@ async def _abandon_comment(app, comment_id):  # DELETE
 
 
 async def create_comment(app, params):
-    if is_valid_base_comment(**params) and is_valid_credential_input(**params):
+    if is_valid_base_comment(**params):
         job = await app['comment_scheduler'].spawn(_create_comment(app, params))
         comment = await job.wait()
         if comment:
diff --git a/src/server/validation.py b/src/server/validation.py
index ad99f0c..43f05f6 100644
--- a/src/server/validation.py
+++ b/src/server/validation.py
@@ -51,23 +51,25 @@ def claim_id_is_valid(claim_id: str) -> bool:
 
 
 def is_valid_base_comment(comment: str, claim_id: str, parent_id: str = None, **kwargs) -> bool:
-    return comment is not None and body_is_valid(comment) and \
-           ((claim_id is not None and claim_id_is_valid(claim_id)) or
-            (parent_id is not None and comment_id_is_valid(parent_id)))
+    return comment and body_is_valid(comment) and \
+           ((claim_id and claim_id_is_valid(claim_id)) or  # parentid is used in place of claimid in replies
+            (parent_id and comment_id_is_valid(parent_id))) \
+           and is_valid_credential_input(**kwargs)
 
 
 def is_valid_credential_input(channel_id: str = None, channel_name: str = None,
                               signature: str = None, signing_ts: str = None, **kwargs) -> bool:
-    if channel_id or channel_name or signature or signing_ts:
-        try:
-            assert channel_id and channel_name and signature and signing_ts
-            assert is_valid_channel(channel_id, channel_name)
-            assert len(signature) == 128
-            assert signing_ts.isalnum()
-
-        except Exception:
-            return False
-    return True
+    try:
+        assert channel_id and channel_name and signature and signing_ts
+        assert is_valid_channel(channel_id, channel_name)
+        assert len(signature) == 128
+        assert signing_ts.isalnum()
+    except Exception as e:
+        logger.exception(f'Failed to validate channel: lbry://{channel_name}#{channel_id}, '
+                         f'signature: {signature} signing_ts: {signing_ts}')
+        return False
+    finally:
+        return True
 
 
 def validate_signature_from_claim(claim: dict, signature: typing.Union[str, bytes],