[#4476]: Seed phrase is visible in logs during account recovery

src/status_im/ui/screens/accounts/recover/events.cljs

@@ -1,14 +1,15 @@
 (ns status-im.ui.screens.accounts.recover.events
   (:require
    status-im.ui.screens.accounts.recover.navigation
+   [clojure.string :as string]
    [re-frame.core :as re-frame]
    [status-im.native-module.core :as status]
    [status-im.ui.screens.accounts.events :as accounts-events]
    [status-im.utils.types :as types]
    [status-im.utils.identicon :as identicon]
-   [clojure.string :as string]
    [status-im.utils.handlers :as handlers]
    [status-im.utils.gfycat.core :as gfycat]
+   [status-im.utils.security :as security]
    [status-im.utils.signing-phrase.core :as signing-phrase]
    [status-im.utils.hex :as utils.hex]
    [status-im.constants :as constants]))
@@ -17,11 +18,18 @@
 
 (re-frame/reg-fx
  ::recover-account-fx
- (fn [[passphrase password]]
+ (fn [[masked-passphrase password]]
    (status/recover-account
-    (string/trim passphrase)
+    (security/unmask masked-passphrase)
     password
-    #(re-frame/dispatch [:account-recovered % password]))))
+    (fn [result]
+      ;; here we deserialize result, dissoc mnemonic and serialize the result again
+      ;; because we want to have information about the result printed in logs, but
+      ;; don't want secure data to be printed
+      (let [data (-> (types/json->clj result)
+                     (dissoc :mnemonic)
+                     (types/clj->json))]
+        (re-frame/dispatch [:account-recovered data password]))))))
 
 ;;;; Handlers
 
@@ -50,5 +58,5 @@
 
 (handlers/register-handler-fx
  :recover-account
- (fn [_ [_ passphrase password]]
+ (fn [_ [_ masked-passphrase password]]
-   {::recover-account-fx [passphrase password]}))
+   {::recover-account-fx [masked-passphrase password]}))

src/status_im/ui/screens/accounts/recover/views.cljs

@@ -1,6 +1,7 @@
 (ns status-im.ui.screens.accounts.recover.views
   (:require-macros [status-im.utils.views :refer [defview letsubs]])
-  (:require [re-frame.core :as re-frame]
+  (:require [clojure.string :as string]
+            [re-frame.core :as re-frame]
             [reagent.core :as reagent]
             [status-im.ui.components.text-input.view :as text-input]
             [status-im.ui.components.react :as react]
@@ -14,7 +15,8 @@
             [status-im.utils.config :as config]
             [status-im.react-native.js-dependencies :as js-dependencies]
             [cljs.spec.alpha :as spec]
-            [status-im.ui.components.common.common :as components.common]))
+            [status-im.ui.components.common.common :as components.common]
+            [status-im.utils.security :as security]))
 
 (defview passphrase-input [passphrase]
   (letsubs [error [:get-in [:accounts/recover :passphrase-error]]
@@ -65,4 +67,6 @@
          {:forward?  true
           :label     (i18n/label :t/sign-in)
           :disabled? (not valid-form?)
-          :on-press  #(re-frame/dispatch [:recover-account passphrase password])}]]])))
+          :on-press  (fn [_]
+                       (let [masked-passphrase (security/mask-data (string/trim passphrase))]
+                         (re-frame/dispatch [:recover-account masked-passphrase password])))}]]])))