walletunlocker: don't utilize the macaroon authentication service
In this commit we remove all instances of the macaroon authentication service from the UnlockerService struct. We do this, as in the future, the macaroons themselves will be encrypted using the user’s passphrase, therefore we wouldn’t be able to _verify_ the macaroon unless the wallet itself was encrypted.
This commit is contained in:
parent
8de0a4cb24
commit
08940b43d5
@ -5,7 +5,6 @@ import (
|
|||||||
|
|
||||||
"github.com/lightningnetwork/lnd/lnrpc"
|
"github.com/lightningnetwork/lnd/lnrpc"
|
||||||
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
|
"github.com/lightningnetwork/lnd/lnwallet/btcwallet"
|
||||||
"github.com/lightningnetwork/lnd/macaroons"
|
|
||||||
"github.com/roasbeef/btcd/chaincfg"
|
"github.com/roasbeef/btcd/chaincfg"
|
||||||
"github.com/roasbeef/btcwallet/wallet"
|
"github.com/roasbeef/btcwallet/wallet"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
@ -16,19 +15,15 @@ import (
|
|||||||
// with a password for wallet encryption at startup.
|
// with a password for wallet encryption at startup.
|
||||||
type UnlockerService struct {
|
type UnlockerService struct {
|
||||||
// CreatePasswords is a channel where passwords provided by the rpc
|
// CreatePasswords is a channel where passwords provided by the rpc
|
||||||
// client to be used to initially create and encrypt a wallet will
|
// client to be used to initially create and encrypt a wallet will be
|
||||||
// be sent.
|
// sent.
|
||||||
CreatePasswords chan []byte
|
CreatePasswords chan []byte
|
||||||
|
|
||||||
// UnlockPasswords is a channel where passwords provided by the rpc
|
// UnlockPasswords is a channel where passwords provided by the rpc
|
||||||
// client to be used to unlock and decrypt an existing wallet will
|
// client to be used to unlock and decrypt an existing wallet will be
|
||||||
// be sent.
|
// sent.
|
||||||
UnlockPasswords chan []byte
|
UnlockPasswords chan []byte
|
||||||
|
|
||||||
// authSvc is the authentication/authorization service backed by
|
|
||||||
// macaroons.
|
|
||||||
authSvc *bakery.Service
|
|
||||||
|
|
||||||
chainDir string
|
chainDir string
|
||||||
netParams *chaincfg.Params
|
netParams *chaincfg.Params
|
||||||
}
|
}
|
||||||
@ -39,26 +34,17 @@ func New(authSvc *bakery.Service, chainDir string,
|
|||||||
return &UnlockerService{
|
return &UnlockerService{
|
||||||
CreatePasswords: make(chan []byte, 1),
|
CreatePasswords: make(chan []byte, 1),
|
||||||
UnlockPasswords: make(chan []byte, 1),
|
UnlockPasswords: make(chan []byte, 1),
|
||||||
authSvc: authSvc,
|
|
||||||
chainDir: chainDir,
|
chainDir: chainDir,
|
||||||
netParams: params,
|
netParams: params,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateWallet will read the password provided in the CreateWalletRequest
|
// CreateWallet will read the password provided in the CreateWalletRequest and
|
||||||
// and send it over the CreatePasswords channel in case no wallet already
|
// send it over the CreatePasswords channel in case no wallet already exist in
|
||||||
// exist in the chain's wallet database directory.
|
// the chain's wallet database directory.
|
||||||
func (u *UnlockerService) CreateWallet(ctx context.Context,
|
func (u *UnlockerService) CreateWallet(ctx context.Context,
|
||||||
in *lnrpc.CreateWalletRequest) (*lnrpc.CreateWalletResponse, error) {
|
in *lnrpc.CreateWalletRequest) (*lnrpc.CreateWalletResponse, error) {
|
||||||
|
|
||||||
// Check macaroon to see if this is allowed.
|
|
||||||
if u.authSvc != nil {
|
|
||||||
if err := macaroons.ValidateMacaroon(ctx, "createwallet",
|
|
||||||
u.authSvc); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
|
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
|
||||||
loader := wallet.NewLoader(u.netParams, netDir)
|
loader := wallet.NewLoader(u.netParams, netDir)
|
||||||
|
|
||||||
@ -81,19 +67,11 @@ func (u *UnlockerService) CreateWallet(ctx context.Context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// UnlockWallet sends the password provided by the incoming UnlockWalletRequest
|
// UnlockWallet sends the password provided by the incoming UnlockWalletRequest
|
||||||
// over the UnlockPasswords channel in case it successfully decrypts an existing
|
// over the UnlockPasswords channel in case it successfully decrypts an
|
||||||
// wallet found in the chain's wallet database directory.
|
// existing wallet found in the chain's wallet database directory.
|
||||||
func (u *UnlockerService) UnlockWallet(ctx context.Context,
|
func (u *UnlockerService) UnlockWallet(ctx context.Context,
|
||||||
in *lnrpc.UnlockWalletRequest) (*lnrpc.UnlockWalletResponse, error) {
|
in *lnrpc.UnlockWalletRequest) (*lnrpc.UnlockWalletResponse, error) {
|
||||||
|
|
||||||
// Check macaroon to see if this is allowed.
|
|
||||||
if u.authSvc != nil {
|
|
||||||
if err := macaroons.ValidateMacaroon(ctx, "unlockwallet",
|
|
||||||
u.authSvc); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
|
netDir := btcwallet.NetworkDir(u.chainDir, u.netParams)
|
||||||
loader := wallet.NewLoader(u.netParams, netDir)
|
loader := wallet.NewLoader(u.netParams, netDir)
|
||||||
|
|
||||||
|
@ -88,9 +88,9 @@ func TestCreateWallet(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestUnlockWallet checks that trying to unlock non-existing wallet fail,
|
// TestUnlockWallet checks that trying to unlock non-existing wallet fail, that
|
||||||
// that unlocking existing wallet with wrong passphrase fails, and that
|
// unlocking existing wallet with wrong passphrase fails, and that unlocking
|
||||||
// unlocking existing wallet with correct passphrase succeeds.
|
// existing wallet with correct passphrase succeeds.
|
||||||
func TestUnlockWallet(t *testing.T) {
|
func TestUnlockWallet(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user