-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(wallet): add change mnemonic password rpc #2317
base: dev
Are you sure you want to change the base?
Conversation
mm2src/mm2_main/src/lp_wallet.rs
Outdated
let encrypted_data = encrypt_mnemonic(&mnemonic, &req.new_password)?; | ||
// save new encrypted mnemonic data with new password | ||
save_encrypted_passphrase(&ctx, &wallet_name, &encrypted_data).await?; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could u actually verify whether this would play well in wasm?
this call eventually does table.add_item
, which if the item already exists will error ConstraintError
(as per this).
We should use table.replace_item
to be able to supported updates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done thank you 9e50c9f
One thing I need @CharlVS's opinion on regarding this PR: Should we update the password using an RPC or during KDF initialization? I think the GUI will provide users the option to update the password before starting KDF. Also, some CLI users will not want to pass the encryption password through RPC at all. Can we have the two modes if possible @borngraced? |
For the GUI, I'd strongly prefer it to be via RPC. Doing via startup-config for GUI is not ideal because:
This is outside my domain, but I'd expect it to be a non-issue for CLI users since they face a similar issue with private key RPCs. Those concerned about this would/should be using HTTPS mode. However, the damage from a single coin's leaked private key could be far less than that from a leaked password. If you implement startup-config password changes, it's worth considering either terminating KDF after the password is updated, or make the fields named |
seems to be a good reason why we would want to have the both.
|
Why would the GUI want to provide such a feat considering that RPC comm is internal on the same device (well if you want a GUI to re-launch KDF with different config, this means that GUI runs KDF internally).
If KDF is on the same device that shouldn't be an issue for a CLI user. If it's on a different device, they could log into the device/machine hosting KDF and do the RPC there (well if they wanted to go with changing the config route, this means they must have access to that device hosting KDF). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! LGTM
non-blocking comments inline.
@@ -217,6 +217,7 @@ async fn dispatcher_v2(request: MmRpcRequest, ctx: MmArc) -> DispatcherResult<Re | |||
"trade_preimage" => handle_mmrpc(ctx, request, trade_preimage_rpc).await, | |||
"trezor_connection_status" => handle_mmrpc(ctx, request, trezor_connection_status).await, | |||
"update_nft" => handle_mmrpc(ctx, request, update_nft).await, | |||
"update_seed_storage_password" => handle_mmrpc(ctx, request, update_seed_storage_password_rpc).await, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we better drop the word storage
here.
storage
makes it feel as if the whole seed store (multiple seeds) is encrypted using a single pass and not just the single seed in question.
better alternatives imo: update_seed_password
or update_seedphrase/passphrase_password
that's a non-blocking comment though since im not a certified linguist.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should use the word mnemonic
not seed
since we have get_mnemonic
RPC. How about change_mnemonic_password
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aha better
mm2src/mm2_main/src/lp_wallet.rs
Outdated
))))?; | ||
// encrypt mnemonic with new passphrase. | ||
let encrypted_data = encrypt_mnemonic(&mnemonic, &req.new_password)?; | ||
// save new encrypted mnemonic data::default() with new password |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
data::default()
what?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, thanks for the catch
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well actually this is blocking 🤦♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
I thought that updating password flow will be like some websites where you do it without logging in, but @CharlVS cleared that.
It's shouldn't be in the config file, it should be passed as args with the start KDF command. |
No need to, let's have the RPC command only for now like it is now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments from my side!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Only one nit.
Can you please add test coverage for the new RPC?
#[display(fmt = "Invalid request error: {}", _0)] | ||
InvalidRequest(String), | ||
#[display(fmt = "Wallets storage error: {}", _0)] | ||
WalletsStorageError(String), | ||
#[display(fmt = "Internal error: {}", _0)] | ||
Internal(String), | ||
#[display(fmt = "Invalid password error: {}", _0)] | ||
#[from_stringify("MnemonicError")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have MnemonicError
and now MnemonicsError
, which are too similar.
Maybe MnemonicsError
-> ApiMnemonicError
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be MnemonicRpcError
... thanks
update: done c782372
implement functionality to update the password for seed storage in the wallet in kdf with it's
rpc
methodExample JSON Request
Example JSON Response