Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Password Specific to Web UI Instead of Wallet Password #7569

Merged
merged 5 commits into from
Oct 20, 2020
Merged

Use Password Specific to Web UI Instead of Wallet Password #7569

merged 5 commits into from
Oct 20, 2020

Conversation

rauljordan
Copy link
Contributor

@rauljordan rauljordan commented Oct 19, 2020
edited

As a security measure, we should not be using the wallet password for web UI authentication. Instead, we should have a specific password we use for web UI access, which we store as a password hash in our validator DB. This will prevent us from sending the wallet password via gRPC every single time we login to the dashboard.

This PR also removes the automatic opening of the web UI in a user's browser, and it also removes the restriction that validator clients with existing wallet cannot start without logging in with the --web flag.

@rauljordan rauljordan requested a review from a team as a code owner October 19, 2020 16:25
rauljordan
rauljordan commented Oct 19, 2020
View reviewed changes
validator/node/node.go
if err != nil {
return errors.Wrap(err, "could not open wallet")
}
if w != nil {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user already has a wallet, we shouldn't block the validator client from starting if using --web

validator/web/server.go
}
}()
time.Sleep(time.Second * 1)
cmd, err := browser.Command("http://" + s.http.Addr)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This caused a lot more problems than it solved, removing

This was referenced Oct 19, 2020
Closed
Closed
Closed
0xKiwi
0xKiwi previously approved these changes Oct 19, 2020
View reviewed changes
@prestonvanloon
Copy link
Member

Needs gazelle

@rauljordan rauljordan added the API Api related tasks label Oct 19, 2020
@rauljordan rauljordan added the Ready For Review A pull request ready for code review label Oct 20, 2020
@prylabs-bulldozer prylabs-bulldozer bot merged commit bec91d3 into master Oct 20, 2020
@delete-merged-branch delete-merged-branch bot deleted the web-specific-password branch October 20, 2020 02:26
@potuz potuz mentioned this pull request Oct 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prestonvanloon prestonvanloon prestonvanloon approved these changes

@0xKiwi 0xKiwi 0xKiwi left review comments

@terencechain terencechain Awaiting requested review from terencechain

@nisdas nisdas Awaiting requested review from nisdas

Assignees
No one assigned
Labels
API Api related tasks Ready For Review A pull request ready for code review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rauljordan @prestonvanloon @0xKiwi