keripy icon indicating copy to clipboard operation
keripy copied to clipboard
Published 2 months ago verified publisher icon WebOfTrust

Regex in Organizer prevents use of similar alias between contacts during IPEX Grant due do over eager regex value match on contact fields

Open kentbull opened this issue 7 months ago • 3 comments

Version

1.1, 1.2, main (all)

Environment

Python 3.12, Linux, though affects all

Expected behavior

Resolving an OOBI of a new contact with an alias similar to another alias should give me two usable contacts. IPEX Grant-ing to the new contact by alias should always work.

Actual behavior

When resolving the OOBI URL of a new contact and the new contact has a name similar to any existing contact, as in entirely contained within, starting with, or ending with the name of the new contact, then the error "invalid recipient" shows when doing IPEX Grant because more than one contact matches the regular expression in the Organizer.find() method as shown below.

class Organizer:
        ...
        def find(self, field, val):
        ...
        pres = []
        prog = re.compile(f".*{val}.*", re.I)  # <-- over eager regular expression not a good fit for aliases.
        for (pre, f), v in self.hby.db.cfld.getItemIter():
            if f == field and prog.match(v):
                pres.append(pre)

        return [self.get(pre) for pre in pres]

Steps to reproduce

  1. Create two contacts with similar names, as in "sally" and "sally-direct" via OOBI resolution
  2. Attempt an IPEX Grant to either of the contacts via the KLI with kli ipex grant ...
  3. View the error

kentbull avatar May 07 '25 16:05 kentbull

Organizer.find() is acting in exactly the way it should based on it's docs. So you could have a new function to find a contact by a specific value and not regex.

In general I always try to use prefixes over aliases outside of small tests for developing something to avoid these kinds of issues though.

iFergal avatar May 08 '25 13:05 iFergal

@iFergal

I don't think @kentbull was suggesting that the find implementation needs to change, but rather that the grant command could be improved:

IPEX Grant-ing to the new contact by alias should always work.

The key issue is that the grant command fails with a misleading error message (invalid recipient {self.recp}) when not exactly one match was found:

https://github.com/WebOfTrust/keripy/blob/e4f879671a9eb96da0327c036acb75bcfc4f2124/src/keri/app/cli/commands/ipex/grant.py#L101-L103

This should probably at least two cases be split up into two cases:

  • CASE 0: No recipient found for alias
  • CASE >1: Multiple recipient matched given alias (full or substring match)

And then it could be argued that substring-matching an alias has no benefit and it should simply do exact matching to avoid confusion or any false positive matches.

tsterker avatar May 08 '25 14:05 tsterker

@iFergal

Organizer.find() is acting in exactly the way it should based on it's docs.

What I am pointing out is that Organizer.find()'s behavior is not intuitive for aliases. This is because aliases are used as a name lookup, which usually functions best as either an exact match or a "starts with" regex, not an anywhere matching regex.

This should be a separate function because .find() does work well as a generic search function for all of a contact's fields.

kentbull avatar May 09 '25 02:05 kentbull