Update axon.py

[Barbariandev]

Possible security vulnerability

• I am acknowledging that I am opening this branch against staging

[basfroman]

Hi @Barbariandev, pls add more details to the PR description to explain why you consider this a potential security vulnerability.

[Barbariandev]

default_verify accepted signature="" or signature=None and only rejected requests that had signatures that were not None and which were invalid. As I understand it this is not the intended behavior

[thewhaleking]

Read CONTRIBUTING

[basfroman]

Hi @Barbariandev, thanks for catching this!
The fix itself is correct, and we’d like to merge it. However, there are a few things that need to be brought into compliance with the repository guidelines:

• pls rebase your pr to staging
• Please add tests to tests/unit_tests/test_axon.py. Minimum coverage:
  • request with signature=None -> raises Exception("Missing signature")
  • request with signature="" -> raises Exception("Missing signature")
  • request with an invalid signature -> raises Exception("Signature mismatch...")
  • request with a valid signature -> nonce is saved, no exceptions raised