Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(example): encrypted seed import #16

Merged
merged 4 commits into from
Dec 5, 2024
Merged

fix(example): encrypted seed import #16

merged 4 commits into from
Dec 5, 2024

Conversation

takenagain
Copy link
Collaborator

  • Fix EncryptedMnemonicData and Argon2Details parsing
  • Show a snackbar if there is an exception. The assumption is that the auth listener overrides the status message containing the exception immediately after it is thrown.
  • Validate wallet passwords in komodo_defi_sdk/example app. On native, an exception is thrown in the get_mnemonic RPC if the password contains '<', '>', or '&'

@takenagain
example: show a snackbar for login exceptions
77a6a32 
I'm assuming that auth state changes to a null user results in the error messages being cleared from the status bar
@takenagain
fix encrypted mnemonic json parsing
78ce8ba
@takenagain
validate passwords - remove non-allowed characters
39f56f0 
getMnemonic function fails upon registration if the password contains '<', '>', or '&'
@takenagain takenagain added the bug Something isn't working label Dec 5, 2024
@takenagain takenagain requested a review from CharlVS December 5, 2024 14:47
@takenagain takenagain self-assigned this Dec 5, 2024
@CharlVS
Copy link
Member

CharlVS commented Dec 5, 2024

  • On native, an exception is thrown in the get_mnemonic if the password contains '<', '>', or '&'

@takenagain is this difference observed only when using the get_mnemonic RPC, or is it present everywhere (including startup) where we have to provide wallet/rpc password?

@takenagain
Copy link
Collaborator Author

takenagain commented Dec 5, 2024
edited
Loading

  • On native, an exception is thrown in the get_mnemonic if the password contains '<', '>', or '&'

@takenagain is this difference observed only when using the get_mnemonic RPC, or is it present everywhere (including startup) where we have to provide wallet/rpc password?

It appears to only be the get_mnemonic RPC, and only on native (tested on macOS). On web/wasm, the '&' character in the wallet password does not return the same error, and both sign-in and registration work.

EDIT:
The invalid chars error on native platforms was last modified in the CORS fix PR #2191, and IIRC there was mention of it being for injection attack prevention.

It's implemented in the RPC dispatcher, so it won't throw an error in mm2_main, but for the next RPC request containing the password field, which is currently get_mnemonic (as part of BIP39 validation).

@CharlVS CharlVS merged commit 94b050b into dev Dec 5, 2024
1 check failed
@CharlVS CharlVS deleted the fix/encrypted-seed-import branch December 5, 2024 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CharlVS CharlVS CharlVS approved these changes

Assignees

@takenagain takenagain

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@takenagain @CharlVS