Skip to content

Respect disableoutputsubstitution in payjoin-cli#239

Merged
DanGould merged 1 commit intopayjoin:masterfrom
spacebear21:pjcli-output-substitution
May 1, 2024
Merged

Respect disableoutputsubstitution in payjoin-cli#239
DanGould merged 1 commit intopayjoin:masterfrom
spacebear21:pjcli-output-substitution

Conversation

@spacebear21
Copy link
Copy Markdown
Collaborator

@spacebear21 spacebear21 commented May 1, 2024

Fix for #238

@spacebear21 spacebear21 changed the title Respect disableoutputsubstitution Respect disableoutputsubstitution in payjoin-cli May 1, 2024
@spacebear21 spacebear21 mentioned this pull request May 1, 2024
Closed
2 tasks
@spacebear21
respect disableoutputsubstitution
d0e93e2 
payjoin-cli receiver should not substitute its output address if
explicitly disallowed by the sender.
@spacebear21 spacebear21 force-pushed the pjcli-output-substitution branch from 1807b73 to d0e93e2 Compare May 1, 2024 13:55
@DanGould
Copy link
Copy Markdown
Contributor

DanGould commented May 1, 2024
edited
Loading

This looks correct to me but I wonder if it makes sense to combine separate is_output_substitution_disabled() and substitute_output_address into a try_substitute_output[_address] that always errored if disableoutputsubstitution were true.

My concern with such a change is requiring one to go through all the trouble of getting a substitute address, or worse, a channel open contract address, and never using it. I'm inclined to approve what you have and also request the substitute_output_address function is fallable in case output substitution is in fact disabled.

The substitution in this implementation is mostly so that a static payjoin-cli server which only posted a single bip21 didn't receive a bunch of payments to one address, so I think this change is appropriate.

@DanGould DanGould merged commit 83db024 into payjoin:master May 1, 2024
@DanGould DanGould mentioned this pull request May 1, 2024
Closed
@spacebear21
Copy link
Copy Markdown
Collaborator Author

spacebear21 commented May 2, 2024

I wonder if it makes sense to combine separate is_output_substitution_disabled() and substitute_output_address into a try_substitute_output[_address] that always errored if disableoutputsubstitution were true.

I considered this approach as well but shared your concern about never using a generated address. How about if substitute_output_address takes a callable instead of an address? Something like this:

    pub fn substitute_output_address(
        &mut self,
        generate_address: impl Fn() -> Result<bitcoin::Address, Error>,
    ) -> Result<(), Error> {
        if self.params.disable_output_substitution {
            return Error();
        }
        let substitute_address = generate_address()?;
        self.payjoin_psbt.unsigned_tx.output[self.owned_vouts[0]].script_pubkey =
            substitute_address.script_pubkey();
        Ok(())
    }

@DanGould
Copy link
Copy Markdown
Contributor

DanGould commented Jun 2, 2024

This looks like a fix if I've ever seem one 👍

@spacebear21 spacebear21 mentioned this pull request Jun 2, 2024
Merged
DanGould added a commit that referenced this pull request Jun 27, 2024
@DanGould
Refactor output substitution (#277)
1f87e82 
As per discussion in
#239 (comment),
never allow output substitution if `disable_output_substitution` is
true.
node-smithxby72w added a commit to node-smithxby72w/rust-payjoin that referenced this pull request Sep 28, 2025
@node-smithxby72w
Refactor output substitution (#277)
f7efb3e 
As per discussion in
payjoin/rust-payjoin#239 (comment),
never allow output substitution if `disable_output_substitution` is
true.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DanGould DanGould DanGould approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spacebear21 @DanGould