Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loaded JSON files accept any password to create account; cannot send funds from this account #3765

Closed
laboon opened this issue Sep 25, 2020 · 5 comments · Fixed by #3767
Closed

Loaded JSON files accept any password to create account; cannot send funds from this account #3765

laboon opened this issue Sep 25, 2020 · 5 comments · Fixed by #3767
Labels
bug

Comments

@laboon
Copy link
Contributor

laboon commented Sep 25, 2020
edited

DESCRIPTION:
User can load JSON file to account with any password. No matter what they type in, an account will be generated.

However, users will be unable to sign transactions from that account.

TO REPRODUCE:

  1. Create a new account on Polkadot-JS
  2. Give password 'password'
  3. Forget account
  4. Load account from JSON file
  5. Enter password '123456'

EXPECTED BEHAVIOR:
Error

OBSERVED BEHAVIOR:
Account is loaded into polkadot-JS

TO REPRODUCE:

  1. Try to send funds from that account
  2. Enter correct password

EXPECTED BEHAVIOR:
Funds sent

OBSERVED BEHAVIOR:
Appears as though password is rejected
@laboon
Copy link
Contributor Author

laboon commented Sep 25, 2020

After loading this JSON file with the incorrect password (123456), I cannot send from it even using the correct password (password). The UI just freezes momentarily.

If I try to send and enter the incorrect password 123456 it is correctly seen as an invalid password.

Essentially, if you mistype the password when loading the JSON file, you will not be able to send from that account.

@laboon
Copy link
Contributor Author

laboon commented Sep 25, 2020

Even after loading the JSON file with the correct password, I am unable to send any DOT from that account.

@laboon laboon changed the title User can load JSON file to account with any password Loaded JSON files accept any password to create account; cannot send funds from this account Sep 25, 2020
@Tbaut
Copy link
Contributor

Tbaut commented Sep 25, 2020
edited

Thanks for the details Bill, taking a look.

edit: the problem is in the keyring keyring.isPassValid return true for any password.

apps/packages/page-accounts/src/modals/Import.tsx

Line 55 in eb6b82e

(password: string) => setPass({ isPassValid: keyring.isPassValid(password), password }),

edit2: This sounds like a confusion, isPassValid is indeed only checking for password length https://github.com/polkadot-js/ui/blob/64f630d904d2f32dd9e7624da376d57ac8bbe5b7/packages/ui-keyring/src/Base.ts#L92

@Tbaut Tbaut mentioned this issue Sep 25, 2020
Closed
@Tbaut
Copy link
Contributor

Tbaut commented Sep 25, 2020
edited

Seeing this PR a little late, that's where things went wrong: #3758

This was referenced Sep 25, 2020
Merged
Merged
@polkadot-js-bot
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue if you think you have a related problem or query.

@polkadot-js polkadot-js locked as resolved and limited conversation to collaborators Jun 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump API, Keyring polkadot-js/apps
Fix account JSON import polkadot-js/apps
3 participants
@laboon @Tbaut @polkadot-js-bot