fix: ensure blockchain hash determinism by refactoring UserName to string

btouchard · btouchard · commit d6dd3625a90a · 2025-10-02T18:22:40.000+02:00
Changed UserName field from *string to string to fix blockchain integrity
validation issues. The pointer was causing non-deterministic hash computation
due to memory address comparison instead of value comparison.

This change:
- Fixes blockchain validation for signatures with UserName
- Simplifies code by removing pointer dereferencing logic
- Maintains backward compatibility (NULL DB values map to empty string)
- Updates i18n templates to display values directly
diff --git a/internal/application/services/signature.go b/internal/application/services/signature.go
@@ -85,11 +85,6 @@ func (s *SignatureService) CreateSignature(ctx context.Context, request *models.
 		logger.Logger.Info("Creating genesis signature (no previous signature)")
 	}
 
-	var userName *string
-	if request.User.Name != "" {
-		userName = &request.User.Name
-	}
-
 	logger.Logger.Info("Creating signature",
 		"docID", request.DocID,
 		"userSub", request.User.Sub,
@@ -100,7 +95,7 @@ func (s *SignatureService) CreateSignature(ctx context.Context, request *models.
 		DocID:       request.DocID,
 		UserSub:     request.User.Sub,
 		UserEmail:   request.User.NormalizedEmail(),
-		UserName:    userName,
+		UserName:    request.User.Name,
 		SignedAtUTC: timestamp,
 		PayloadHash: payloadHash,
 		Signature:   signatureB64,
diff --git a/internal/domain/models/signature.go b/internal/domain/models/signature.go
@@ -15,7 +15,7 @@ type Signature struct {
 	DocID       string    `json:"doc_id" db:"doc_id"`
 	UserSub     string    `json:"user_sub" db:"user_sub"`
 	UserEmail   string    `json:"user_email" db:"user_email"`
-	UserName    *string   `json:"user_name,omitempty" db:"user_name"`
+	UserName    string    `json:"user_name,omitempty" db:"user_name"`
 	SignedAtUTC time.Time `json:"signed_at" db:"signed_at"`
 	PayloadHash string    `json:"payload_hash" db:"payload_hash"`
 	Signature   string    `json:"signature" db:"signature"`
@@ -47,7 +47,7 @@ type SignatureStatus struct {
 
 // ComputeRecordHash Stable record hash supports tamper-evident chaining and integrity checks across migrations.
 func (s *Signature) ComputeRecordHash() string {
-	data := fmt.Sprintf("%d|%s|%s|%s|%v|%s|%s|%s|%s|%s|%s",
+	data := fmt.Sprintf("%d|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s",
 		s.ID,
 		s.DocID,
 		s.UserSub,
diff --git a/internal/domain/models/signature_test.go b/internal/domain/models/signature_test.go
@@ -11,7 +11,6 @@ import (
 func TestSignature_JSONSerialization(t *testing.T) {
 	timestamp := time.Date(2024, 1, 15, 10, 30, 45, 123456789, time.UTC)
 	createdAt := time.Date(2024, 1, 15, 10, 30, 46, 0, time.UTC)
-	userName := "Test User"
 	referer := "https://github.com/user/repo"
 	prevHash := "abcd1234efgh5678"
 
@@ -20,7 +19,7 @@ func TestSignature_JSONSerialization(t *testing.T) {
 		DocID:       "test-doc-123",
 		UserSub:     "google-oauth2|123456789",
 		UserEmail:   "test@example.com",
-		UserName:    &userName,
+		UserName:    "Test User",
 		SignedAtUTC: timestamp,
 		PayloadHash: "SGVsbG8gV29ybGQ=",
 		Signature:   "c2lnbmF0dXJlLWRhdGE=",
@@ -53,11 +52,8 @@ func TestSignature_JSONSerialization(t *testing.T) {
 	if unmarshaled.UserEmail != signature.UserEmail {
 		t.Errorf("UserEmail mismatch: got %v, expected %v", unmarshaled.UserEmail, signature.UserEmail)
 	}
-	if (unmarshaled.UserName == nil) != (signature.UserName == nil) {
-		t.Errorf("UserName nil mismatch: got %v, expected %v", unmarshaled.UserName == nil, signature.UserName == nil)
-	}
-	if unmarshaled.UserName != nil && signature.UserName != nil && *unmarshaled.UserName != *signature.UserName {
-		t.Errorf("UserName mismatch: got %v, expected %v", *unmarshaled.UserName, *signature.UserName)
+	if unmarshaled.UserName != signature.UserName {
+		t.Errorf("UserName mismatch: got %v, expected %v", unmarshaled.UserName, signature.UserName)
 	}
 	if !unmarshaled.SignedAtUTC.Equal(signature.SignedAtUTC) {
 		t.Errorf("SignedAtUTC mismatch: got %v, expected %v", unmarshaled.SignedAtUTC, signature.SignedAtUTC)
@@ -97,7 +93,7 @@ func TestSignature_JSONSerializationWithNilFields(t *testing.T) {
 		DocID:       "minimal-doc",
 		UserSub:     "github|987654321",
 		UserEmail:   "minimal@example.com",
-		UserName:    nil,
+		UserName:    "",
 		SignedAtUTC: timestamp,
 		PayloadHash: "bWluaW1hbA==",
 		Signature:   "bWluaW1hbC1zaWc=",
@@ -129,8 +125,8 @@ func TestSignature_JSONSerializationWithNilFields(t *testing.T) {
 		t.Fatalf("Failed to unmarshal signature: %v", err)
 	}
 
-	if unmarshaled.UserName != nil {
-		t.Errorf("UserName should be nil, got %v", unmarshaled.UserName)
+	if unmarshaled.UserName != "" {
+		t.Errorf("UserName should be empty string, got %v", unmarshaled.UserName)
 	}
 	if unmarshaled.Referer != nil {
 		t.Errorf("Referer should be nil, got %v", unmarshaled.Referer)
@@ -242,15 +238,14 @@ func TestSignature_GetServiceInfo(t *testing.T) {
 func TestSignature_ComputeRecordHash(t *testing.T) {
 	timestamp := time.Date(2024, 1, 15, 10, 30, 45, 123456789, time.UTC)
 	createdAt := time.Date(2024, 1, 15, 10, 30, 46, 0, time.UTC)
-	userName := "Test User"
 	referer := "https://github.com/user/repo"
 
 	signature := &Signature{
 		ID:          123,
 		DocID:       "test-doc-123",
 		UserSub:     "google-oauth2|123456789",
 		UserEmail:   "test@example.com",
-		UserName:    &userName,
+		UserName:    "Test User",
 		SignedAtUTC: timestamp,
 		PayloadHash: "SGVsbG8gV29ybGQ=",
 		Signature:   "c2lnbmF0dXJlLWRhdGE=",
@@ -282,13 +277,13 @@ func TestSignature_ComputeRecordHash(t *testing.T) {
 	}
 	signature.ID = originalID
 
-	signature.UserName = nil
-	hashWithNilName := signature.ComputeRecordHash()
-	if hashWithNilName == hash1 {
-		t.Error("Hash should change when UserName becomes nil")
+	signature.UserName = ""
+	hashWithEmptyName := signature.ComputeRecordHash()
+	if hashWithEmptyName == hash1 {
+		t.Error("Hash should change when UserName becomes empty")
 	}
 
-	signature.UserName = &userName
+	signature.UserName = "Test User"
 	signature.Referer = nil
 	hashWithNilReferer := signature.ComputeRecordHash()
 	if hashWithNilReferer == hash1 {
@@ -300,15 +295,14 @@ func TestSignature_ComputeRecordHashDeterministic(t *testing.T) {
 	// Test that the same signature data produces the same hash
 	timestamp := time.Date(2024, 1, 15, 10, 30, 45, 123456789, time.UTC)
 	createdAt := time.Date(2024, 1, 15, 10, 30, 46, 0, time.UTC)
-	userName := "Test User"
 	referer := "https://github.com/user/repo"
 
 	sig1 := &Signature{
 		ID:          123,
 		DocID:       "test-doc-123",
 		UserSub:     "google-oauth2|123456789",
 		UserEmail:   "test@example.com",
-		UserName:    &userName,
+		UserName:    "Test User",
 		SignedAtUTC: timestamp,
 		PayloadHash: "SGVsbG8gV29ybGQ=",
 		Signature:   "c2lnbmF0dXJlLWRhdGE=",
@@ -322,7 +316,7 @@ func TestSignature_ComputeRecordHashDeterministic(t *testing.T) {
 		DocID:       "test-doc-123",
 		UserSub:     "google-oauth2|123456789",
 		UserEmail:   "test@example.com",
-		UserName:    &userName,
+		UserName:    "Test User",
 		SignedAtUTC: timestamp,
 		PayloadHash: "SGVsbG8gV29ybGQ=",
 		Signature:   "c2lnbmF0dXJlLWRhdGE=",
diff --git a/internal/infrastructure/database/testutils.go b/internal/infrastructure/database/testutils.go
@@ -125,14 +125,13 @@ type SignatureFactory struct{}
 
 func (f *SignatureFactory) CreateValidSignature() *models.Signature {
 	now := time.Now().UTC()
-	userName := "Test User"
 	referer := "https://example.com/doc"
 
 	return &models.Signature{
 		DocID:       "test-doc-123",
 		UserSub:     "user-123",
 		UserEmail:   "test@example.com",
-		UserName:    &userName,
+		UserName:    "Test User",
 		SignedAtUTC: now,
 		PayloadHash: "dGVzdC1wYXlsb2FkLWhhc2g=", // base64("test-payload-hash")
 		Signature:   "dGVzdC1zaWduYXR1cmU=",     // base64("test-signature")
@@ -176,7 +175,7 @@ func (f *SignatureFactory) CreateMinimalSignature() *models.Signature {
 		DocID:       "minimal-doc",
 		UserSub:     "minimal-user",
 		UserEmail:   "minimal@example.com",
-		UserName:    nil, // NULL
+		UserName:    "", // Empty string
 		SignedAtUTC: now,
 		PayloadHash: "bWluaW1hbA==", // base64("minimal")
 		Signature:   "bWluaW1hbA==", // base64("minimal")
@@ -202,8 +201,8 @@ func AssertSignatureEqual(t *testing.T, expected, actual *models.Signature) {
 		t.Errorf("UserEmail mismatch: got %s, want %s", actual.UserEmail, expected.UserEmail)
 	}
 
-	if !isStringPtrEqual(actual.UserName, expected.UserName) {
-		t.Errorf("UserName mismatch: got %v, want %v", actual.UserName, expected.UserName)
+	if actual.UserName != expected.UserName {
+		t.Errorf("UserName mismatch: got %s, want %s", actual.UserName, expected.UserName)
 	}
 
 	if actual.PayloadHash != expected.PayloadHash {
diff --git a/internal/presentation/handlers/oembed.go b/internal/presentation/handlers/oembed.go
@@ -95,12 +95,8 @@ func (h *OEmbedHandler) HandleOEmbed(w http.ResponseWriter, r *http.Request) {
 	signatories := make([]SignatoryInfo, len(signatures))
 	var lastSignedAt string
 	for i, sig := range signatures {
-		name := ""
-		if sig.UserName != nil {
-			name = *sig.UserName
-		}
 		signatories[i] = SignatoryInfo{
-			Name:     name,
+			Name:     sig.UserName,
 			Email:    sig.UserEmail,
 			SignedAt: sig.SignedAtUTC.Format("02/01/2006 à 15:04"),
 		}
@@ -173,12 +169,8 @@ func (h *OEmbedHandler) HandleEmbedView(w http.ResponseWriter, r *http.Request)
 	signatories := make([]SignatoryInfo, len(signatures))
 	var lastSignedAt string
 	for i, sig := range signatures {
-		name := ""
-		if sig.UserName != nil {
-			name = *sig.UserName
-		}
 		signatories[i] = SignatoryInfo{
-			Name:     name,
+			Name:     sig.UserName,
 			Email:    sig.UserEmail,
 			SignedAt: sig.SignedAtUTC.Format("02/01/2006 à 15:04"),
 		}
diff --git a/internal/presentation/handlers/signature.go b/internal/presentation/handlers/signature.go
@@ -233,8 +233,8 @@ func (h *SignatureHandlers) HandleStatusJSON(w http.ResponseWriter, r *http.Requ
 			"signed_at":  sig.SignedAtUTC,
 		}
 
-		if sig.UserName != nil && *sig.UserName != "" {
-			sigData["user_name"] = *sig.UserName
+		if sig.UserName != "" {
+			sigData["user_name"] = sig.UserName
 		}
 
 		if serviceInfo := sig.GetServiceInfo(); serviceInfo != nil {
diff --git a/locales/en.json b/locales/en.json
@@ -69,9 +69,9 @@
   "admin_doc.no_signatures_title": "No signatures",
   "admin_doc.no_signatures_desc": "This document has not been signed yet.",
   "admin_doc.chain_integrity_valid": "Blockchain integrity:",
-  "admin_doc.chain_integrity_count": "{{.ValidSigs}}/{{.TotalSigs}} valid signatures",
+  "admin_doc.chain_integrity_count": "valid signatures",
   "admin_doc.chain_integrity_invalid": "Integrity issue detected:",
-  "admin_doc.chain_integrity_errors": "{{.InvalidSigs}} invalid signature(s)",
+  "admin_doc.chain_integrity_errors": "invalid signature(s)",
   "admin_doc.chain_errors_title": "Detected errors:",
 
   "error.title": "Error",
diff --git a/locales/fr.json b/locales/fr.json
@@ -69,9 +69,9 @@
   "admin_doc.no_signatures_title": "Aucune signature",
   "admin_doc.no_signatures_desc": "Ce document n'a pas encore été signé.",
   "admin_doc.chain_integrity_valid": "Chaîne de blocs intègre :",
-  "admin_doc.chain_integrity_count": "{{.ValidSigs}}/{{.TotalSigs}} signatures valides",
+  "admin_doc.chain_integrity_count": "signatures valides",
   "admin_doc.chain_integrity_invalid": "Problème d'intégrité détecté :",
-  "admin_doc.chain_integrity_errors": "{{.InvalidSigs}} signature(s) invalide(s)",
+  "admin_doc.chain_integrity_errors": "signature(s) invalide(s)",
   "admin_doc.chain_errors_title": "Erreurs détectées :",
 
   "error.title": "Erreur",
diff --git a/templates/admin_doc_details.html.tpl b/templates/admin_doc_details.html.tpl
@@ -104,7 +104,7 @@
       </div>
       <div class="ml-3">
         <p class="text-sm text-green-700">
-          <strong>{{index .T "admin_doc.chain_integrity_valid"}}</strong> {{index .T "admin_doc.chain_integrity_count"}}
+          <strong>{{index .T "admin_doc.chain_integrity_valid"}}</strong> {{.ChainIntegrity.ValidSigs}}/{{.ChainIntegrity.TotalSigs}} {{index .T "admin_doc.chain_integrity_count"}}
         </p>
       </div>
     </div>
@@ -119,7 +119,7 @@
       </div>
       <div class="ml-3">
         <p class="text-sm text-red-700">
-          <strong>{{index .T "admin_doc.chain_integrity_invalid"}}</strong> {{index .T "admin_doc.chain_integrity_errors"}}
+          <strong>{{index .T "admin_doc.chain_integrity_invalid"}}</strong> {{.ChainIntegrity.InvalidSigs}} {{index .T "admin_doc.chain_integrity_errors"}}
         </p>
         {{if .ChainIntegrity.Errors}}
         <div class="mt-2">

Original file line number	Diff line number	Diff line change
`@@ -233,8 +233,8 @@ func (h SignatureHandlers) HandleStatusJSON(w http.ResponseWriter, r http.Requ`
`233`	`233`	`"signed_at": sig.SignedAtUTC,`
`234`	`234`	`}`
`235`	`235`
`236`		`- if sig.UserName != nil && *sig.UserName != "" {`
`237`		`- sigData["user_name"] = *sig.UserName`
	`236`	`+ if sig.UserName != "" {`
	`237`	`+ sigData["user_name"] = sig.UserName`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`if serviceInfo := sig.GetServiceInfo(); serviceInfo != nil {`