Skip to content
Permalink
Browse files

[DDW-875] Improve password handling

  • Loading branch information...
nikolaglumac committed Sep 12, 2019
1 parent 5c8b426 commit 21a841721747f0505d63f247dde51a7d170b9013
@@ -41,7 +41,7 @@ Feature: Add Wallet via Sidebar
And I see the create wallet dialog
And I submit the create wallet with spending password dialog with the following inputs:
| walletName | password | repeatedPassword |
| New wallet | Secret123 | Secret123 |
| New wallet | Secret1234 | Secret1234 |
And I see the create wallet privacy dialog
And I click on "Please make sure nobody looks your screen" checkbox
And I submit the create wallet privacy dialog
@@ -38,7 +38,7 @@ Feature: Import Wallet via Sidebar
And I should see wallet spending password inputs
And I enter wallet spending password:
| password | repeatedPassword |
| Secret123 | Secret123 |
| Secret1234 | Secret1234 |
And I click on the import wallet button in import wallet dialog
Then I should not see the import wallet dialog anymore
And I should have newly created "Imported Wallet" wallet loaded
@@ -17,7 +17,7 @@ Feature: Add Wallet via Sidebar
And I see the restore wallet dialog
And I enter wallet name "Restored wallet" in restore wallet dialog
And I enter recovery phrase in restore wallet dialog:
| recoveryPhrase |
| recoveryPhrase |
| turkey size valley cross wear erase enjoy post vivid leisure sustain that twelve grow travel |
And I toggle "Spending password" switch on the restore wallet dialog
And I submit the restore wallet dialog
@@ -26,7 +26,7 @@ Feature: Add Wallet via Sidebar
And I should be on the "Restored wallet" wallet "summary" screen
And I should see the restore status notification while restore is running
And I should not see the restore status notification once restore is finished

Scenario: Successfully Restoring a Wallet with spending password
Given The sidebar shows the "wallets" category
When I click on the add wallet button in the sidebar
@@ -35,11 +35,11 @@ Feature: Add Wallet via Sidebar
And I see the restore wallet dialog
And I enter wallet name "Restored wallet" in restore wallet dialog
And I enter recovery phrase in restore wallet dialog:
| recoveryPhrase |
| recoveryPhrase |
| turkey size valley cross wear erase enjoy post vivid leisure sustain that twelve grow travel |
And I enter wallet password in restore wallet dialog:
| password | repeatedPassword |
| Secret123 | Secret123 |
| Secret1234 | Secret1234 |
And I submit the restore wallet dialog
Then I should not see the restore wallet dialog anymore
And I should have newly created "Restored wallet" wallet loaded
@@ -36,7 +36,7 @@ Feature: Send Money to Receiver
And the transaction fees are calculated
And I click on the next button in the wallet send form
And I see send money confirmation dialog
And I enter wallet spending password in confirmation dialog "Secret123"
And I enter wallet spending password in confirmation dialog "Secret1234"
And I submit the wallet send form
Then I should be on the "Imported Wallet" wallet "summary" screen
And the latest transaction should show:
@@ -100,7 +100,7 @@ const createWalletsAsync = async (table, context) => {
daedalus.api.ada.createWallet({
name: wallet.name,
mnemonic: daedalus.utils.crypto.generateMnemonic(),
spendingPassword: wallet.password || 'Secret123',
spendingPassword: wallet.password || 'Secret1234',
})
)
)
@@ -133,7 +133,7 @@ const createWalletsSequentially = async (wallets, context) => {
.createWallet({
name: wallet.name,
mnemonic: daedalus.utils.crypto.generateMnemonic(),
spendingPassword: wallet.password || 'Secret123',
spendingPassword: wallet.password || 'Secret1234',
})
.then(() =>
daedalus.stores.wallets.walletsRequest
@@ -43,7 +43,7 @@ Given(/^I have a "Imported Wallet" with funds$/, async function() {
Given(/^I have a "Imported Wallet" with funds and password$/, async function() {
await importWalletWithFunds(this.client, {
keyFilePath: defaultWalletKeyFilePath,
password: null, // 'Secret123',
password: null, // 'Secret1234',
});
const wallet = await waitUntilWalletIsLoaded.call(this, 'Imported Wallet');
addOrSetWalletsForScenario.call(this, wallet);
@@ -54,7 +54,7 @@ Given(/^I have a "Imported Wallet" with funds and password$/, async function() {
.updateSpendingPassword({
walletId,
oldPassword: null,
newPassword: 'Secret123',
newPassword: 'Secret1234',
})
.then(() =>
daedalus.stores.wallets
@@ -15,10 +15,10 @@ Feature: Generate Wallet Address

Scenario: Generating wallet address for a wallet with spending password
Given I have the following wallets:
| name | password |
| first | Secret123 |
| name | password |
| first | Secret1234 |
And I am on the "first" wallet "receive" screen
And I have one wallet address
And I enter spending password "Secret123"
And I enter spending password "Secret1234"
And I click on the "Generate new address" button
Then I should see newly generated address as active address on the wallet receive screen
@@ -4,9 +4,9 @@ Feature: Wallet Settings
Background:
Given I have completed the basic setup
And I have the following wallets:
| name | password |
| first | |
| second | Secret123 |
| name | password |
| first | |
| second | Secret1234 |

# It is not possible to set wallet password because it is always available and required in API v2
@skip
@@ -15,8 +15,8 @@ Feature: Wallet Settings
And I click on the "create" password label
And I should see the "create" wallet password dialog
And I enter wallet password:
| password | repeatedPassword |
| Secret123 | Secret123 |
| password | repeatedPassword |
| Secret1234 | Secret1234 |
And I submit the wallet password dialog
Then I should see "change" label in password field

@@ -39,8 +39,8 @@ Feature: Wallet Settings
And I click on the "change" password label
And I should see the "change" wallet password dialog
And I change wallet password:
| currentPassword | password | repeatedPassword |
| Secret123 | newSecret123 | newSecret123 |
| currentPassword | password | repeatedPassword |
| Secret1234 | newSecret1234 | newSecret1234 |
And I submit the wallet password dialog
Then I should not see the change password dialog anymore

@@ -49,28 +49,28 @@ Feature: Wallet Settings
And I click on the "change" password label
And I should see the "change" wallet password dialog
And I change wallet password:
| currentPassword | password | repeatedPassword |
| Secret123Wrong | newSecret123 | newSecret123 |
| currentPassword | password | repeatedPassword |
| Secret1234Wrong | newSecret1234 | newSecret1234 |
And I submit the wallet password dialog
Then I should see error message that old password is not correct

Scenario: User changes wallet password to one which contains only cyrillic characters and numbers
Given I am on the "second" wallet "settings" screen
And I click on the "change" password label
And I should see the "change" wallet password dialog
And I change wallet password:
| currentPassword | password | repeatedPassword |
| Secret123 | ЬнЫгзукЗфыыцщкв123 | ЬнЫгзукЗфыыцщкв123 |
| Secret1234 | ЬнЫгзукЗфыыцщкв123 | ЬнЫгзукЗфыыцщкв123 |
And I submit the wallet password dialog
Then I should not see the change password dialog anymore

Scenario: User changes wallet password to one which contains only japanese characters and numbers
Given I am on the "second" wallet "settings" screen
And I click on the "change" password label
And I should see the "change" wallet password dialog
And I change wallet password:
| currentPassword | password | repeatedPassword |
| Secret123 | 新しい秘密123 | 新しい秘密123 |
| Secret1234 | 新しい秘密123 | 新しい秘密123 |
And I submit the wallet password dialog
Then I should not see the change password dialog anymore

@@ -82,8 +82,8 @@ Feature: Wallet Settings
And I should see the "change" wallet password dialog
And I toggle "Check to deactivate password" switch on the change wallet password dialog
And I enter current wallet password:
| currentPassword |
| Secret123 |
| currentPassword |
| Secret1234 |
And I submit the wallet password dialog
Then I should see "create" label in password field

@@ -51,7 +51,7 @@ import {
} from '../ipc/cardano.ipc';
import patchAdaApi from './utils/patchAdaApi';
import { isValidMnemonic } from '../../../common/crypto/decrypt';
import { utcStringToDate, encryptPassphrase } from './utils';
import { utcStringToDate } from './utils';
import { Logger } from '../utils/logging';
import {
unscrambleMnemonics,
@@ -384,18 +384,15 @@ export default class AdaApi {
name,
mnemonic,
mnemonicPassphrase,
spendingPassword: passwordString,
spendingPassword,
addressPoolGap,
} = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
try {
const walletInitData = {
name,
mnemonic_sentence: split(mnemonic, ' '),
mnemonic_second_factor: mnemonicPassphrase,
passphrase: spendingPassword,
passphrase: spendingPassword || '',
address_pool_gap: addressPoolGap,
};
const wallet: AdaWallet = await createWallet(this.config, {
@@ -435,11 +432,8 @@ export default class AdaApi {
walletId,
address,
amount,
spendingPassword: passwordString,
spendingPassword,
} = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
try {
const data = {
source: {
@@ -453,7 +447,7 @@ export default class AdaApi {
},
],
groupingPolicy: 'OptimizeForSecurity',
spendingPassword,
spendingPassword: spendingPassword || '',
};
const response: Transaction = await createTransaction(this.config, {
data,
@@ -561,17 +555,10 @@ export default class AdaApi {
Logger.debug('AdaApi::createAddress called', {
parameters: filterLogData(request),
});
const {
accountIndex,
walletId,
spendingPassword: passwordString,
} = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
const { accountIndex, walletId, spendingPassword } = request;
try {
const address: Address = await createAddress(this.config, {
spendingPassword,
spendingPassword: spendingPassword || '',
accountIndex,
walletId,
});
@@ -677,18 +664,11 @@ export default class AdaApi {
Logger.debug('AdaApi::restoreWallet called', {
parameters: filterLogData(request),
});
const {
recoveryPhrase,
walletName,
spendingPassword: passwordString,
} = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
const { recoveryPhrase, walletName, spendingPassword } = request;
const walletInitData = {
mnemonic_sentence: split(recoveryPhrase, ' '),
name: walletName,
passphrase: spendingPassword,
passphrase: spendingPassword || '',
};
try {
const wallet: AdaWallet = await restoreWallet(this.config, {
@@ -722,14 +702,11 @@ export default class AdaApi {
Logger.debug('AdaApi::importWalletFromKey called', {
parameters: filterLogData(request),
});
const { filePath, spendingPassword: passwordString } = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
const { filePath, spendingPassword } = request;
try {
const importedWallet: AdaWallet = await importWalletAsKey(this.config, {
filePath,
spendingPassword,
spendingPassword: spendingPassword || '',
});
Logger.debug('AdaApi::importWalletFromKey success', { importedWallet });
return _createWalletFromServerData(importedWallet);
@@ -748,18 +725,18 @@ export default class AdaApi {
Logger.debug('AdaApi::importWalletFromFile called', {
parameters: filterLogData(request),
});
const { filePath, spendingPassword: passwordString } = request;
const spendingPassword = passwordString
? encryptPassphrase(passwordString)
: '';
const { filePath, spendingPassword } = request;
const isKeyFile =
filePath
.split('.')
.pop()
.toLowerCase() === 'key';
try {
const importedWallet: AdaWallet = isKeyFile
? await importWalletAsKey(this.config, { filePath, spendingPassword })
? await importWalletAsKey(this.config, {
filePath,
spendingPassword: spendingPassword || '',
})
: await importWalletAsJSON(this.config, filePath);
Logger.debug('AdaApi::importWalletFromFile success', { importedWallet });
return _createWalletFromServerData(importedWallet);
@@ -1,7 +1,7 @@
// @flow
import { size, has, get, omit, includes } from 'lodash';
import { size, omit, includes } from 'lodash';
import querystring from 'querystring';
import { encryptPassphrase, getContentLength } from '.';
import { getContentLength } from '.';

export type RequestOptions = {
hostname: string,
@@ -33,29 +33,9 @@ function typedRequest<Response>(
let hasRequestBody = false;
let requestBody = '';

let queryString = '';
if (queryParams && size(queryParams) > 0) {
// Handle passphrase
if (has(queryParams, 'passphrase')) {
const passphrase = get(queryParams, 'passphrase');

// If passphrase is present it must be encrypted and included in options.path
if (passphrase) {
const encryptedPassphrase = encryptPassphrase(passphrase);
queryString = `?passphrase=${encryptedPassphrase}`;
}

// Passphrase must be ommited from rest query params
queryParams = omit(queryParams, 'passphrase');

if (size(queryParams > 1) && passphrase) {
queryString += `&${querystring.stringify(queryParams)}`;
}
} else {
queryString = `?${querystring.stringify(queryParams)}`;
}

if (queryString) options.path += queryString;
const queryString = `?${querystring.stringify(queryParams)}`;
options.path += queryString;
}

// Handle raw body params

0 comments on commit 21a8417

Please sign in to comment.
You can’t perform that action at this time.