search

Grinnode-live / 2020-grin-bug-bash-challenge

Finding bugs in Grin-Wallet & Grin-nodes for a bounty prior to Grin fork v5.
3 stars 1 forks source link

[GRIN-Wallet][Owner API] Testing change_parameter method with wrong old password #40

Closed stakervali closed 3 years ago

stakervali commented 3 years ago

Description Testing the change password method from the Owner API with wrong old password

Prerequisites

GRIN-Node GRIN-Wallet

Test procedure

Change wallet password using owner_api::change_password method. For old password parameter use any non-blank password different from existing password

Expected result: It should fail. Wallet should stay be openable with existing password.

Include the output of command

grin-wallet -V

and your environment

uname -a
marekyggdrasil commented 3 years ago

@AhmadRezaSaadatkhah please try to use this python script and run this method. It should prepare a valid request with valid encrypted payload for you. Let me know if you need more help!

JitrZ commented 3 years ago

OS: Windows 10

I opened 3 CMDs! all go to the path of grin folder with 3 files in: grin.exe, grin-wallet.exe and wallet_v3.py Running the grin node in one CMD and grin node window appears: grin

Then in another CMD, Checking the grin wallet version: grin-wallet -V grin-wallet 5.0.0-beta.4 Then opening grin wallet owner api that ask your wallet password and the listener will start (If you haven't already initialized, must initialize it with grin-wallet init command): grin-wallet owner_api Password: 20201227 02:51:37.028 WARN grin_wallet_controller::controller - Starting HTTP Owner API server at 127.0.0.1:3420. 20201227 02:51:37.029 WARN grin_wallet_controller::controller - HTTP Owner listener started.

Then in the last CMD work with wallet_v3.py file and checking the change password method. In the python file at the end of codes where if __name__ == '__main__': is, two variable must change as it mentioned in the comment part above them too. changing the api_sercet_file variable as it's the path of this file in your system and the wallet_password as it's your password. After that comment other pprint codes and add these 3 lines:

    old = "s"
    new = "wHH2"
    pp.pprint(wallet.change_password(old,new,None))

Tested this method with a wrong old password different than existing password and it gives the fail error as expected because it couldn't open the seed file with the wrong old password.

python wallet_v3.py

Traceback (most recent call last): File "wallet_v3.py", line 466, in <module> pp.pprint(wallet.change_password(old,new,None)) File "wallet_v3.py", line 269, in change_password resp = self.post_encrypted('change_password', params) File "wallet_v3.py", line 94, in post_encrypted raise WalletError(method, params, response_json["error"]["code"], response_json["error"]["message"]) __main__.WalletError: Callng change_password with params {'name': None, 'old': 's', 'new': 'wHH2'} failed with error code -32099 because: Lifecycle: Error opening wallet seed file

marekyggdrasil commented 3 years ago

Great work! Thanks for checking that!