From b3213172a7fd2ed59c791613fbbe89a22275c5c2 Mon Sep 17 00:00:00 2001 From: frank Date: Thu, 21 Sep 2023 08:32:16 +0800 Subject: [PATCH] Prevent Logged In Account Local Pairing / Syncing With Another Account (#4044) * Prevent Logged In Account Local Pairing / Syncing With Another Account * addressed feedback from @siddarthkay * fixed `TestPairingThreeDevices` * replace `prepareBackendWithAccount` with `prepareBackendWithoutAccount` --- VERSION | 2 +- server/pairing/client.go | 6 ++ server/pairing/server.go | 1 + server/pairing/sync_device_test.go | 100 +++++++++++++++++++++++++++-- 4 files changed, 104 insertions(+), 5 deletions(-) diff --git a/VERSION b/VERSION index 88576a565..d6da4bb8f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.167.1 +0.167.2 diff --git a/server/pairing/client.go b/server/pairing/client.go index ced50333e..b39db1f74 100644 --- a/server/pairing/client.go +++ b/server/pairing/client.go @@ -493,6 +493,12 @@ func setupReceivingClient(backend *api.GethStatusBackend, cs, configJSON string) return nil, err } + // ignore err because we allow no active account here + activeAccount, _ := backend.GetActiveAccount() + if activeAccount != nil { + conf.ReceiverConfig.LoggedInKeyUID = activeAccount.KeyUID + } + conf.ReceiverConfig.DB = backend.GetMultiaccountDB() return NewReceiverClient(backend, ccp, conf) diff --git a/server/pairing/server.go b/server/pairing/server.go index ad3eb1d19..7e8c8bd27 100644 --- a/server/pairing/server.go +++ b/server/pairing/server.go @@ -245,6 +245,7 @@ func MakeFullReceiverServer(backend *api.GethStatusBackend, config *ReceiverServ return nil, err } + // ignore err because we allow no active account here activeAccount, _ := backend.GetActiveAccount() if activeAccount != nil { config.ReceiverConfig.LoggedInKeyUID = activeAccount.KeyUID diff --git a/server/pairing/sync_device_test.go b/server/pairing/sync_device_test.go index aa6bffd8f..b999ec08d 100644 --- a/server/pairing/sync_device_test.go +++ b/server/pairing/sync_device_test.go @@ -55,6 +55,7 @@ const ( seedKeypairMnemonic1 = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about abandon" path0 = "m/44'/60'/0'/0/0" path1 = "m/44'/60'/0'/0/1" + expectedKDFIterations = 1024 ) var paths = []string{pathWalletRoot, pathEIP1581, pathDefaultChat, pathDefaultWallet} @@ -192,7 +193,6 @@ func (s *SyncDeviceSuite) pairAccounts(serverBackend *api.GethStatusBackend, ser clientNodeConfig, err := defaultNodeConfig(uuid.New().String(), "") require.NoError(s.T(), err) - expectedKDFIterations := 2048 clientKeystoreDir := filepath.Join(clientDir, keystoreDir) clientPayloadSourceConfig := ReceiverClientConfig{ ReceiverConfig: &ReceiverConfig{ @@ -295,7 +295,6 @@ func (s *SyncDeviceSuite) TestPairingSyncDeviceClientAsSender() { require.NoError(s.T(), err) serverNodeConfig, err := defaultNodeConfig(uuid.New().String(), "") require.NoError(s.T(), err) - expectedKDFIterations := 1024 serverKeystoreDir := filepath.Join(serverTmpDir, keystoreDir) serverPayloadSourceConfig := &ReceiverServerConfig{ ReceiverConfig: &ReceiverConfig{ @@ -463,7 +462,6 @@ func (s *SyncDeviceSuite) TestPairingSyncDeviceClientAsReceiver() { require.NoError(s.T(), err) clientNodeConfig, err := defaultNodeConfig(uuid.New().String(), "") require.NoError(s.T(), err) - expectedKDFIterations := 2048 clientKeystoreDir := filepath.Join(clientTmpDir, keystoreDir) clientPayloadSourceConfig := ReceiverClientConfig{ ReceiverConfig: &ReceiverConfig{ @@ -551,7 +549,7 @@ func (s *SyncDeviceSuite) TestPairingThreeDevices() { alice2Backend := s.prepareBackendWithoutAccount(alice2TmpDir) alice3TmpDir := filepath.Join(s.pairThreeDevicesTmpdir, "alice3") - alice3Backend := s.prepareBackendWithAccount("", alice3TmpDir) + alice3Backend := s.prepareBackendWithoutAccount(alice3TmpDir) defer func() { require.NoError(s.T(), bobBackend.Logout()) @@ -1167,3 +1165,97 @@ func (s *SyncDeviceSuite) TestTransferringKeystoreFilesAfterStopUisngKeycard() { require.True(s.T(), containsKeystoreFile(clientKeystorePath, acc.Address.String()[2:])) } } + +func (s *SyncDeviceSuite) TestPreventLoggedInAccountLocalPairingClientAsReceiver() { + clientTmpDir := filepath.Join(s.clientAsSenderTmpdir, "client") + clientBackend := s.prepareBackendWithAccount("", clientTmpDir) + serverTmpDir := filepath.Join(s.clientAsSenderTmpdir, "server") + serverBackend := s.prepareBackendWithAccount("", serverTmpDir) + defer func() { + s.NoError(serverBackend.Logout()) + s.NoError(clientBackend.Logout()) + }() + + serverActiveAccount, err := serverBackend.GetActiveAccount() + s.NoError(err) + serverKeystorePath := filepath.Join(serverTmpDir, keystoreDir, serverActiveAccount.KeyUID) + var config = &SenderServerConfig{ + SenderConfig: &SenderConfig{ + KeystorePath: serverKeystorePath, + DeviceType: "desktop", + KeyUID: serverActiveAccount.KeyUID, + Password: s.password, + }, + ServerConfig: new(ServerConfig), + } + configBytes, err := json.Marshal(config) + s.NoError(err) + cs, err := StartUpSenderServer(serverBackend, string(configBytes)) + s.NoError(err) + + clientKeystoreDir := filepath.Join(clientTmpDir, keystoreDir) + clientNodeConfig, err := defaultNodeConfig(uuid.New().String(), "") + s.NoError(err) + clientPayloadSourceConfig := ReceiverClientConfig{ + ReceiverConfig: &ReceiverConfig{ + KeystorePath: clientKeystoreDir, + DeviceType: "iphone", + KDFIterations: expectedKDFIterations, + NodeConfig: clientNodeConfig, + SettingCurrentNetwork: currentNetwork, + }, + ClientConfig: new(ClientConfig), + } + clientNodeConfig.RootDataDir = clientTmpDir + clientConfigBytes, err := json.Marshal(clientPayloadSourceConfig) + s.NoError(err) + err = StartUpReceivingClient(clientBackend, cs, string(clientConfigBytes)) + s.ErrorIs(err, ErrLoggedInKeyUIDConflict) +} + +func (s *SyncDeviceSuite) TestPreventLoggedInAccountLocalPairingClientAsSender() { + clientTmpDir := filepath.Join(s.clientAsSenderTmpdir, "client") + clientBackend := s.prepareBackendWithAccount("", clientTmpDir) + serverTmpDir := filepath.Join(s.clientAsSenderTmpdir, "server") + serverBackend := s.prepareBackendWithAccount("", serverTmpDir) + defer func() { + s.NoError(serverBackend.Logout()) + s.NoError(clientBackend.Logout()) + }() + + serverNodeConfig, err := defaultNodeConfig(uuid.New().String(), "") + s.NoError(err) + serverKeystoreDir := filepath.Join(serverTmpDir, keystoreDir) + serverPayloadSourceConfig := &ReceiverServerConfig{ + ReceiverConfig: &ReceiverConfig{ + NodeConfig: serverNodeConfig, + KeystorePath: serverKeystoreDir, + DeviceType: "desktop", + KDFIterations: expectedKDFIterations, + SettingCurrentNetwork: currentNetwork, + }, + ServerConfig: new(ServerConfig), + } + serverNodeConfig.RootDataDir = serverTmpDir + serverConfigBytes, err := json.Marshal(serverPayloadSourceConfig) + s.NoError(err) + cs, err := StartUpReceiverServer(serverBackend, string(serverConfigBytes)) + s.NoError(err) + + clientActiveAccount, err := clientBackend.GetActiveAccount() + s.NoError(err) + clientKeystorePath := filepath.Join(clientTmpDir, keystoreDir, clientActiveAccount.KeyUID) + clientPayloadSourceConfig := SenderClientConfig{ + SenderConfig: &SenderConfig{ + KeystorePath: clientKeystorePath, + DeviceType: "android", + KeyUID: clientActiveAccount.KeyUID, + Password: s.password, + }, + ClientConfig: new(ClientConfig), + } + clientConfigBytes, err := json.Marshal(clientPayloadSourceConfig) + s.NoError(err) + err = StartUpSendingClient(clientBackend, cs, string(clientConfigBytes)) + s.ErrorContains(err, "[client] status not ok when sending account data, received '500 Internal Server Error'") +}