Merge pull request #6700 from smartcontractkit/bug/sc-41637

Bugfixing
smartcontractkit · May 31, 2022 · 2e0863d · 2e0863d
2 parents 1e8a676 + 970e70f
commit 2e0863d
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/core/cmd/key_store_authenticator.go b/core/cmd/key_store_authenticator.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/pkg/errors"
 	clipkg "github.com/urfave/cli"
@@ -10,6 +11,8 @@ import (
 	"github.com/smartcontractkit/chainlink/core/utils"
 )
 
+var ErrPasswordWhitespace = errors.New("leading/trailing whitespace detected in password")
+
 // TerminalKeyStoreAuthenticator contains fields for prompting the user and an
 // exit code.
 type TerminalKeyStoreAuthenticator struct {
@@ -26,6 +29,9 @@ func (auth TerminalKeyStoreAuthenticator) authenticate(c *clipkg.Context, keySto
 	if err != nil {
 		return errors.Wrap(err, "error reading password from file")
 	}
+	if strings.TrimSpace(password) != password {
+		return ErrPasswordWhitespace
+	}
 	if len(password) != 0 {
 		// Because we fixed password requirements to have 3+ symbols,
 		// to not break backward compatibility we enforce this only for empty key stores.
@@ -63,6 +69,9 @@ func (auth TerminalKeyStoreAuthenticator) promptNewPassword() (string, error) {
 		if err := auth.validatePasswordStrength(password); err != nil {
 			return "", err
 		}
+		if strings.TrimSpace(password) != password {
+			return "", ErrPasswordWhitespace
+		}
 		clearLine()
 		passwordConfirmation := auth.Prompter.PasswordPrompt("Confirm password: ")
 		clearLine()

diff --git a/core/cmd/local_client.go b/core/cmd/local_client.go
@@ -328,7 +328,7 @@ func passwordFromFile(pwdFile string) (string, error) {
 		return "", nil
 	}
 	dat, err := ioutil.ReadFile(pwdFile)
-	return strings.TrimSpace(string(dat)), err
+	return string(dat), err
 }
 
 // RebroadcastTransactions run locally to force manual rebroadcasting of

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -21,6 +21,7 @@ Must comprise at least 3 of:
 	symbols
 Must not comprise:
 	More than three identical consecutive characters
+	Leading or trailing whitespace
 ```
 For backward compatibility all insecure passwords will continue to work, however in a future version of Chainlink insecure passwords will prevent application boot.
 - `MIN_OUTGOING_CONFIRMATIONS` has been removed and no longer has any effect. `EVM_FINALITY_DEPTH` is now used as the default for `ethtx` confirmations instead. You may override this on a per-task basis by setting `minConfirmations` in the task definition e.g. `foo [type=ethtx minConfirmations=42 ...]`. NOTE: This may have a minor impact on performance on very high throughput chains. If you don't care about reporting task status in the UI, it is recommended to set `minConfirmations=0` in your job specs. For more details, see the [relevant section of the performance tuning guide](https://www.notion.so/chainlink/EVM-performance-configuration-handbook-a36b9f84dcac4569ba68772aa0c1368c#e9998c2f722540b597301a640f53cfd4).