Browse Source

add nopasswd

activeAddress
Matias Alejo Garcia 10 years ago
parent
commit
2c88e49e96
  1. 1
      bit-wallet/bit-create
  2. 1
      bit-wallet/bit-genkey
  3. 1
      bit-wallet/bit-join
  4. 22
      bit-wallet/cli-utils.js
  5. 64
      lib/client/api.js
  6. 29
      lib/walletutils.js
  7. 1
      package.json
  8. 96
      test/integration/clientApi.js

1
bit-wallet/bit-create

@ -8,6 +8,7 @@ program = utils.configureCommander(program);
program program
.option('-t, --testnet', 'Create a Testnet Wallet') .option('-t, --testnet', 'Create a Testnet Wallet')
.option('-n, --nopasswd [level]', 'Set access for no password usage: none(default), readonly, readwrite, full', 'none')
.usage('[options] <walletName> <m-n> [copayerName]') .usage('[options] <walletName> <m-n> [copayerName]')
.parse(process.argv); .parse(process.argv);

1
bit-wallet/bit-genkey

@ -8,6 +8,7 @@ program = utils.configureCommander(program);
program program
.option('-t, --testnet', 'Create a Testnet Extended Private Key') .option('-t, --testnet', 'Create a Testnet Extended Private Key')
.option('-n, --nopasswd [level]', 'Set access for no password usage: none(default), readonly, readwrite, full', 'none')
.parse(process.argv); .parse(process.argv);
var args = program.args; var args = program.args;

1
bit-wallet/bit-join

@ -7,6 +7,7 @@ program = utils.configureCommander(program);
program program
.usage('[options] <secret> [copayerName]') .usage('[options] <secret> [copayerName]')
.option('-n, --nopasswd [level]', 'Set access for no password usage: none(default), readonly, readwrite, full', 'none')
.parse(process.argv); .parse(process.argv);
var args = program.args; var args = program.args;

22
bit-wallet/cli-utils.js

@ -1,5 +1,6 @@
var _ = require('lodash'); var _ = require('lodash');
var Client = require('../lib/client'); var Client = require('../lib/client');
var read = require('read')
var Utils = function() {}; var Utils = function() {};
@ -38,12 +39,27 @@ Utils.getClient = function(args) {
var storage = new Client.FileStorage({ var storage = new Client.FileStorage({
filename: args.file || process.env['BIT_FILE'], filename: args.file || process.env['BIT_FILE'],
}); });
return new Client({ var c = new Client({
storage: storage, storage: storage,
baseUrl: args.host || process.env['BIT_HOST'], baseUrl: args.host || process.env['BIT_HOST'],
verbose: args.verbose verbose: args.verbose,
password: args.password,
}); });
if (args.nopasswd)
c.setNopasswdAccess(args.nopasswd);
c.on('needPassword', function(cb) {
if (args.password) {
return cb(args.password);
} else {
read({ prompt: 'Password: ', silent: true }, function(er, password) {
return cb(password);
})
}
});
return c;
} }
Utils.findOneTxProposal = function(txps, id) { Utils.findOneTxProposal = function(txps, id) {

64
lib/client/api.js

@ -6,6 +6,7 @@ var util = require('util');
var async = require('async'); var async = require('async');
var log = require('npmlog'); var log = require('npmlog');
var request = require('request') var request = require('request')
var events = require('events');
log.debug = log.verbose; log.debug = log.verbose;
var Bitcore = require('bitcore') var Bitcore = require('bitcore')
@ -111,6 +112,7 @@ function API(opts) {
this.request = request || opts.request; this.request = request || opts.request;
this.baseUrl = opts.baseUrl || BASE_URL; this.baseUrl = opts.baseUrl || BASE_URL;
this.basePath = this.baseUrl.replace(/http.?:\/\/[a-zA-Z0-9:-]*\//, '/'); this.basePath = this.baseUrl.replace(/http.?:\/\/[a-zA-Z0-9:-]*\//, '/');
this.noPasswdAccess = opts.noPasswdAccess || 'full';
if (this.verbose) { if (this.verbose) {
log.level = 'debug'; log.level = 'debug';
} else { } else {
@ -118,7 +120,7 @@ function API(opts) {
} }
}; };
util.inherits(API, events.EventEmitter);
API.prototype._tryToCompleteFromServer = function(wcd, cb) { API.prototype._tryToCompleteFromServer = function(wcd, cb) {
@ -143,7 +145,7 @@ API.prototype._tryToCompleteFromServer = function(wcd, cb) {
wcd.publicKeyRing = _.pluck(wallet.copayers, 'xPubKey') wcd.publicKeyRing = _.pluck(wallet.copayers, 'xPubKey')
self.storage.save(wcd, function(err) { self.save(wcd, function(err) {
return cb(err, wcd); return cb(err, wcd);
}); });
}); });
@ -163,7 +165,7 @@ API.prototype._tryToCompleteFromData = function(wcd, toComplete, cb) {
return cb(ex); return cb(ex);
} }
this.storage.save(wcd, function(err) { this.save(wcd, function(err) {
return cb(err, wcd); return cb(err, wcd);
}); });
}; };
@ -202,8 +204,16 @@ API.prototype._processWcdAfterRead = function(rawData, requiredAccess, cb) {
// Decrypt it and try again // Decrypt it and try again
this.emit('needPassword', function(password) { this.emit('needPassword', function(password) {
if (!password) return cb('No password'); if (!password) return cb('No password');
rawData = WE.decryptWallet(rawData, password);
var access = WU.accessFromData(rawData); try {
rawData = WU.decryptWallet(rawData, password);
} catch (e) {};
if (!rawData)
return cb('NOTAUTH');
access = WU.accessFromData(rawData);
accessLevel = WU.accessNameToLevel(access);
// Is the data available? // Is the data available?
if (requiredAccessLevel <= accessLevel) if (requiredAccessLevel <= accessLevel)
@ -213,16 +223,25 @@ API.prototype._processWcdAfterRead = function(rawData, requiredAccess, cb) {
}); });
}; };
API.prototype._processWcdBeforeWrite = function(wcd, accessWithoutEncrytion, cb) {
API.prototype.setNopasswdAccess = function(noPasswdAccess) {
if (!_.contains(['none', 'readonly', 'readwrite', 'full'], noPasswdAccess))
throw new Error('Bad nopasswd access:' + noPasswdAccess);
this.noPasswdAccess = noPasswdAccess;
};
API.prototype._processWcdBeforeWrite = function(wcd, cb) {
var self = this;
// Is any encrypted? // Is any encrypted?
if (encryptedAccess) { if (this.noPasswdAccess == 'full') {
return cb(null, wcd);
} else {
this.emit('needPassword', function(password) { this.emit('needPassword', function(password) {
if (!password) return cb('No password'); if (!password) return cb('No password given');
rawdata = WE.encryptWallet(wcd, accessWithoutEncrytion, password); var ewcd = WalletUtils.encryptWallet(wcd, self.noPasswdAccess, password);
return cb(null, rawdata); return cb(null, ewcd);
}); });
} else {
return rawdata;
} }
}; };
@ -326,6 +345,18 @@ API.prototype._doJoinWallet = function(walletId, walletPrivKey, xPubKey, copayer
}); });
}; };
API.prototype.save = function(inWcd, cb) {
var self = this;
self._processWcdBeforeWrite(inWcd, function(err, wcd) {
if (err) return cb(err);
self.storage.save(wcd, function(err) {
return cb(err, null);
});
});
}
API.prototype.generateKey = function(network, cb) { API.prototype.generateKey = function(network, cb) {
var self = this; var self = this;
network = network || 'livenet'; network = network || 'livenet';
@ -337,7 +368,8 @@ API.prototype.generateKey = function(network, cb) {
return cb(self.storage.getName() + ' already contains a wallet'); return cb(self.storage.getName() + ' already contains a wallet');
var wcd = _initWcd(network); var wcd = _initWcd(network);
self.storage.save(wcd, function(err) {
self.save(wcd, function(err) {
return cb(err, null); return cb(err, null);
}); });
}); });
@ -378,7 +410,7 @@ API.prototype.createWallet = function(walletName, copayerName, m, n, network, cb
self._doJoinWallet(walletId, walletPrivKey, wcd.publicKeyRing[0], copayerName, self._doJoinWallet(walletId, walletPrivKey, wcd.publicKeyRing[0], copayerName,
function(err, wallet) { function(err, wallet) {
if (err) return cb(err); if (err) return cb(err);
self.storage.save(wcd, function(err) { self.save(wcd, function(err) {
return cb(err, n > 1 ? secret : null); return cb(err, n > 1 ? secret : null);
}); });
}); });
@ -439,7 +471,7 @@ API.prototype.joinWallet = function(secret, copayerName, cb) {
function(err, joinedWallet) { function(err, joinedWallet) {
if (err) return cb(err); if (err) return cb(err);
_addWalletToWcd(wcd, secretData.walletPrivKey, joinedWallet.m, joinedWallet.n); _addWalletToWcd(wcd, secretData.walletPrivKey, joinedWallet.m, joinedWallet.n);
self.storage.save(wcd, cb); self.save(wcd, cb);
}); });
}); });
}; };
@ -639,7 +671,7 @@ API.prototype.import = function(str, cb) {
return cb('Invalid source wallet'); return cb('Invalid source wallet');
wcd.network = wcd.publicKeyRing[0].substr(0, 4) == 'tpub' ? 'testnet' : 'livenet'; wcd.network = wcd.publicKeyRing[0].substr(0, 4) == 'tpub' ? 'testnet' : 'livenet';
self.storage.save(wcd, function(err) { self.save(wcd, function(err) {
return cb(err, WalletUtils.accessFromData(wcd)); return cb(err, WalletUtils.accessFromData(wcd));
}); });
}); });

29
lib/walletutils.js

@ -40,7 +40,10 @@ WalletUtils.accessFromData = function(data) {
if (data.rwPrivKey) if (data.rwPrivKey)
return 'readwrite'; return 'readwrite';
if (data.roPrivKey)
return 'readonly'; return 'readonly';
return 'none';
}; };
WalletUtils.accessNameToLevel = function(name) { WalletUtils.accessNameToLevel = function(name) {
@ -51,13 +54,12 @@ WalletUtils.accessNameToLevel = function(name) {
return 20; return 20;
if (name === 'readonly') if (name === 'readonly')
return 10; return 10;
if (name === 'none')
return 0;
throw new Error('Bad access name:' + name); throw new Error('Bad access name:' + name);
}; };
WalletUtils.isAccessEncrypted = function(name) {};
WalletUtils.verifyMessage = function(text, signature, pubKey) { WalletUtils.verifyMessage = function(text, signature, pubKey) {
$.checkArgument(text); $.checkArgument(text);
$.checkArgument(pubKey); $.checkArgument(pubKey);
@ -160,7 +162,8 @@ WalletUtils.privateKeyToAESKey = function(privKey) {
WalletUtils.decryptWallet = function(data, password) { WalletUtils.decryptWallet = function(data, password) {
$.checkArgument(data.enc); $.checkArgument(data.enc);
var extraFields = sjcl.decrypt(password, data.enc); var extraFields = JSON.parse(sjcl.decrypt(password, data.enc));
delete data.enc;
return _.extend(data, extraFields); return _.extend(data, extraFields);
}; };
@ -171,24 +174,26 @@ WalletUtils.sjclOpts = {
WalletUtils.encryptWallet = function(data, accessWithoutEncrytion, password) { WalletUtils.encryptWallet = function(data, accessWithoutEncrytion, password) {
var toEncryptByLevel = { // Fields to encrypt, given the NOPASSWD access level
readwrite: [], var fieldsEncryptByLevel = {
readonly: [], none: _.keys(data),
readonly: ['xPrivKey', 'rwPrivKey', 'publicKeyRing' ],
readwrite: ['xPrivKey', ],
full: [], full: [],
}; };
var toEncrypt = whatToEncryptByLevel[accessWithoutEncrytion]; var fieldsEncrypt = fieldsEncryptByLevel[accessWithoutEncrytion];
$.checkState(!_.isUndefined(fieldsEncrypt));
if (!_.every(toEncrypt, function(k) { if (!_.every(fieldsEncrypt, function(k) {
return data[k]; return data[k];
})) throw new Error('Wallet does not contain necesary info to encrypt'); })) throw new Error('Wallet does not contain necesary info to encrypt');
var toEncrypt = _.pick(data, whatToEncrypt); var toEncrypt = _.pick(data, fieldsEncrypt);
var enc = sjcl.encrypt(password, JSON.stringify(toEncrypt), WalletUtils.sjclOpts); var enc = sjcl.encrypt(password, JSON.stringify(toEncrypt), WalletUtils.sjclOpts);
var ret = _.omit(data, toEncrypt); var ret = _.omit(data, fieldsEncrypt);
ret.enc = enc; ret.enc = enc;
console.log('[walletutils.js.191:ret:]',ret); //TODO
return ret; return ret;
}; };

1
package.json

@ -33,6 +33,7 @@
"npmlog": "^0.1.1", "npmlog": "^0.1.1",
"preconditions": "^1.0.7", "preconditions": "^1.0.7",
"qr-image": "*", "qr-image": "*",
"read": "^1.0.5",
"request": "^2.53.0", "request": "^2.53.0",
"sjcl": "^1.0.2", "sjcl": "^1.0.2",
"uuid": "*" "uuid": "*"

96
test/integration/clientApi.js

@ -221,21 +221,106 @@ describe('client API ', function() {
}); });
describe.skip('Storage Encryption', function() { describe('Storage Encryption', function() {
it('should check balance in a 1-1 ', function(done) { beforeEach(function() {
_.each(_.range(3), function(i) {
clients[i].on('needPassword', function(cb) {
return cb('1234#$@#%F,./.**');
});
});
});
it('full encryption roundtrip', function(done) {
clients[0].setNopasswdAccess('none');
helpers.createAndJoinWallet(clients, 1, 1, function(err) { helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err); should.not.exist(err);
clients[0].getBalance(function(err, x) { // Load it
var wcd = JSON.parse(fsmock._get('client0'));
fsmock._set('client1', wcd);
clients[1].getBalance(function(err, bal0) {
should.not.exist(err);
done();
});
});
});
it('should fail if wrong password', function(done) {
clients[0].setNopasswdAccess('none');
helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err); should.not.exist(err);
// Load it
var wcd = JSON.parse(fsmock._get('client0')); var wcd = JSON.parse(fsmock._get('client0'));
console.log('[clientApi.js.236]', wcd); //TODO fsmock._set('client4', wcd);
clients[4].on('needPassword', function(cb) {
return cb('1');
});
clients[4].getBalance(function(err, bal0) {
err.should.equal('NOTAUTH');
done();
});
});
});
it('should encrypt everything', function(done) {
clients[0].setNopasswdAccess('none');
helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err);
var wcd = JSON.parse(fsmock._get('client0'));
_.keys(wcd).should.deep.equal(['enc']);
done();
});
});
it('should encrypt xpriv access', function(done) {
clients[0].setNopasswdAccess('readwrite');
helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err);
var wcd = JSON.parse(fsmock._get('client0'));
should.exist(wcd.enc);
should.not.exist(wcd.xpriv);
done();
});
});
it('should encrypt rwkey', function(done) {
clients[0].setNopasswdAccess('readonly');
helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err);
var wcd = JSON.parse(fsmock._get('client0'));
should.exist(wcd.enc);
should.not.exist(wcd.xpriv);
should.not.exist(wcd.rwPrivKey);
done();
});
});
_.each(['full', 'readwrite', 'readonly', 'none'], function(k) {
it('full encryption roundtrip: type:' + k, function(done) {
clients[0].setNopasswdAccess(k);
helpers.createAndJoinWallet(clients, 1, 1, function(err) {
should.not.exist(err);
// Load it
var wcd = JSON.parse(fsmock._get('client0'));
fsmock._set('client1', wcd);
clients[1].getBalance(function(err, bal0) {
should.not.exist(err);
done(); done();
})
}); });
}); });
}); });
});
it.skip('should not ask for password if not needed (readonly)', function(done) {});
it.skip('should not ask for password if not needed (readwrite)', function(done) {});
});
describe('Wallet Creation', function() { describe('Wallet Creation', function() {
@ -460,7 +545,6 @@ describe('client API ', function() {
}; };
clients[1].signTxProposal(x, function(err, tx) { clients[1].signTxProposal(x, function(err, tx) {
console.log('[clientApi.js.456:err:]',err); //TODO
err.code.should.be.equal('BADSIGNATURES'); err.code.should.be.equal('BADSIGNATURES');
clients[1].getTxProposals({}, function(err, txs) { clients[1].getTxProposals({}, function(err, txs) {
should.not.exist(err); should.not.exist(err);

Loading…
Cancel
Save