From 3b1721dd0d63bb4b0ddfd8d697cf81fbfec6c096 Mon Sep 17 00:00:00 2001 From: Aleksandr Pantiukhov Date: Mon, 28 May 2018 11:47:31 +0200 Subject: [PATCH] [#4476]: Seed phrase is visible in logs during account recovery --- .../ui/screens/accounts/recover/events.cljs | 20 +++++++++++++------ .../ui/screens/accounts/recover/views.cljs | 10 +++++++--- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/status_im/ui/screens/accounts/recover/events.cljs b/src/status_im/ui/screens/accounts/recover/events.cljs index e21baa3eca..d9c5c5c4cb 100644 --- a/src/status_im/ui/screens/accounts/recover/events.cljs +++ b/src/status_im/ui/screens/accounts/recover/events.cljs @@ -1,14 +1,15 @@ (ns status-im.ui.screens.accounts.recover.events (:require status-im.ui.screens.accounts.recover.navigation + [clojure.string :as string] [re-frame.core :as re-frame] [status-im.native-module.core :as status] [status-im.ui.screens.accounts.events :as accounts-events] [status-im.utils.types :as types] [status-im.utils.identicon :as identicon] - [clojure.string :as string] [status-im.utils.handlers :as handlers] [status-im.utils.gfycat.core :as gfycat] + [status-im.utils.security :as security] [status-im.utils.signing-phrase.core :as signing-phrase] [status-im.utils.hex :as utils.hex] [status-im.constants :as constants])) @@ -17,11 +18,18 @@ (re-frame/reg-fx ::recover-account-fx - (fn [[passphrase password]] + (fn [[masked-passphrase password]] (status/recover-account - (string/trim passphrase) + (security/unmask masked-passphrase) password - #(re-frame/dispatch [:account-recovered % password])))) + (fn [result] + ;; here we deserialize result, dissoc mnemonic and serialize the result again + ;; because we want to have information about the result printed in logs, but + ;; don't want secure data to be printed + (let [data (-> (types/json->clj result) + (dissoc :mnemonic) + (types/clj->json))] + (re-frame/dispatch [:account-recovered data password])))))) ;;;; Handlers @@ -50,5 +58,5 @@ (handlers/register-handler-fx :recover-account - (fn [_ [_ passphrase password]] - {::recover-account-fx [passphrase password]})) + (fn [_ [_ masked-passphrase password]] + {::recover-account-fx [masked-passphrase password]})) diff --git a/src/status_im/ui/screens/accounts/recover/views.cljs b/src/status_im/ui/screens/accounts/recover/views.cljs index e28d2b465e..a934a07477 100644 --- a/src/status_im/ui/screens/accounts/recover/views.cljs +++ b/src/status_im/ui/screens/accounts/recover/views.cljs @@ -1,6 +1,7 @@ (ns status-im.ui.screens.accounts.recover.views (:require-macros [status-im.utils.views :refer [defview letsubs]]) - (:require [re-frame.core :as re-frame] + (:require [clojure.string :as string] + [re-frame.core :as re-frame] [reagent.core :as reagent] [status-im.ui.components.text-input.view :as text-input] [status-im.ui.components.react :as react] @@ -14,7 +15,8 @@ [status-im.utils.config :as config] [status-im.react-native.js-dependencies :as js-dependencies] [cljs.spec.alpha :as spec] - [status-im.ui.components.common.common :as components.common])) + [status-im.ui.components.common.common :as components.common] + [status-im.utils.security :as security])) (defview passphrase-input [passphrase] (letsubs [error [:get-in [:accounts/recover :passphrase-error]] @@ -65,4 +67,6 @@ {:forward? true :label (i18n/label :t/sign-in) :disabled? (not valid-form?) - :on-press #(re-frame/dispatch [:recover-account passphrase password])}]]]))) + :on-press (fn [_] + (let [masked-passphrase (security/mask-data (string/trim passphrase))] + (re-frame/dispatch [:recover-account masked-passphrase password])))}]]])))