From 24dc6e5415cb3be6e9de4d021df85f6ee46e8c3a Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@alhur.es>
Date: Fri, 12 Jun 2020 22:46:40 -0300
Subject: [PATCH] fix validation rules so description_hash works.

---
 lnbits/bolt11.py          | 5 ++---
 lnbits/core/crud.py       | 2 +-
 lnbits/core/views/api.py  | 4 ++--
 lnbits/decorators.py      | 4 ++--
 lnbits/wallets/lnbits.py  | 8 +-------
 lnbits/wallets/lntxbot.py | 3 +--
 6 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/lnbits/bolt11.py b/lnbits/bolt11.py
index bc3a7971e..81154be4c 100644
--- a/lnbits/bolt11.py
+++ b/lnbits/bolt11.py
@@ -2,7 +2,6 @@
 
 import bitstring
 import re
-from binascii import hexlify
 from bech32 import bech32_decode, CHARSET
 
 
@@ -51,9 +50,9 @@ def decode(pr: str) -> Invoice:
         if tag == "d":
             invoice.description = trim_to_bytes(tagdata).decode("utf-8")
         elif tag == "h" and data_length == 52:
-            invoice.description = hexlify(trim_to_bytes(tagdata)).decode("ascii")
+            invoice.description = trim_to_bytes(tagdata).hex()
         elif tag == "p" and data_length == 52:
-            invoice.payment_hash = hexlify(trim_to_bytes(tagdata)).decode("ascii")
+            invoice.payment_hash = trim_to_bytes(tagdata).hex()
 
     return invoice
 
diff --git a/lnbits/core/crud.py b/lnbits/core/crud.py
index a06e045b4..94ead322b 100644
--- a/lnbits/core/crud.py
+++ b/lnbits/core/crud.py
@@ -115,7 +115,7 @@ def get_wallet(wallet_id: str) -> Optional[Wallet]:
 def get_wallet_for_key(key: str, key_type: str = "invoice") -> Optional[Wallet]:
     with open_db() as db:
         row = db.fetchone(
-            f"""
+            """
             SELECT *, COALESCE((SELECT balance FROM balances WHERE wallet = wallets.id), 0) AS balance_msat
             FROM wallets
             WHERE adminkey = ? OR inkey = ?
diff --git a/lnbits/core/views/api.py b/lnbits/core/views/api.py
index ae2b84263..c66d873d5 100644
--- a/lnbits/core/views/api.py
+++ b/lnbits/core/views/api.py
@@ -28,8 +28,8 @@ def api_payments():
 @api_validate_post_request(
     schema={
         "amount": {"type": "integer", "min": 1, "required": True},
-        "memo": {"type": "string", "empty": False, "required": False},
-        "description_hash": {"type": "string", "empty": False, "required": False},
+        "memo": {"type": "string", "empty": False, "required": True, "excludes": "description_hash"},
+        "description_hash": {"type": "string", "empty": False, "required": True, "excludes": "memo"},
     }
 )
 def api_payments_create_invoice():
diff --git a/lnbits/decorators.py b/lnbits/decorators.py
index ef1ef66d7..9298d1e7d 100644
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@@ -36,7 +36,7 @@ def api_validate_post_request(*, schema: dict):
                 return jsonify({"message": "Content-Type must be `application/json`."}), HTTPStatus.BAD_REQUEST
 
             v = Validator(schema)
-            g.data = {key: (request.json[key] if key in request.json else None) for key in schema.keys()}
+            g.data = {key: request.json[key] for key in schema.keys() if key in request.json}
 
             if not v.validate(g.data):
                 return jsonify({"message": f"Errors in request data: {v.errors}"}), HTTPStatus.BAD_REQUEST
@@ -56,7 +56,7 @@ def check_user_exists(param: str = "usr"):
             allowed_users = getenv("LNBITS_ALLOWED_USERS", "all")
 
             if allowed_users != "all" and g.user.id not in allowed_users.split(","):
-                abort(HTTPStatus.UNAUTHORIZED, f"User not authorized.")
+                abort(HTTPStatus.UNAUTHORIZED, "User not authorized.")
 
             return view(**kwargs)
 
diff --git a/lnbits/wallets/lnbits.py b/lnbits/wallets/lnbits.py
index 2da71f591..4c3bc0167 100644
--- a/lnbits/wallets/lnbits.py
+++ b/lnbits/wallets/lnbits.py
@@ -1,6 +1,5 @@
 from os import getenv
 from requests import get, post
-from binascii import hexlify
 
 from .base import InvoiceResponse, PaymentResponse, PaymentStatus, Wallet
 
@@ -17,12 +16,7 @@ class LNbitsWallet(Wallet):
         r = post(
             url=f"{self.endpoint}/api/v1/payments",
             headers=self.auth_invoice,
-            json={
-                "out": False,
-                "amount": amount,
-                "memo": memo,
-                "description_hash": hexlify(description_hash).decode("ascii"),
-            },
+            json={"out": False, "amount": amount, "memo": memo, "description_hash": description_hash.hex(),},
         )
         ok, checking_id, payment_request, error_message = r.ok, None, None, None
 
diff --git a/lnbits/wallets/lntxbot.py b/lnbits/wallets/lntxbot.py
index 6611c8e02..0f73fa155 100644
--- a/lnbits/wallets/lntxbot.py
+++ b/lnbits/wallets/lntxbot.py
@@ -1,6 +1,5 @@
 from os import getenv
 from requests import post
-from binascii import hexlify
 
 from .base import InvoiceResponse, PaymentResponse, PaymentStatus, Wallet
 
@@ -18,7 +17,7 @@ class LntxbotWallet(Wallet):
         r = post(
             url=f"{self.endpoint}/addinvoice",
             headers=self.auth_invoice,
-            json={"amt": str(amount), "memo": memo, "description_hash": hexlify(description_hash).decode("ascii")},
+            json={"amt": str(amount), "memo": memo, "description_hash": description_hash.hex()},
         )
         ok, checking_id, payment_request, error_message = r.ok, None, None, None