search

Grinnode-live / 2020-grin-bug-bash-challenge

Finding bugs in Grin-Wallet & Grin-nodes for a bounty prior to Grin fork v5.
3 stars 1 forks source link

[GRIN-Node] test if API v1 disabled #9

Closed MCM-Mike closed 3 years ago

MCM-Mike commented 3 years ago

Description: Test if the APIv1 is really disabled and can not be used anymore. APIv1 should be disabled now based on: https://github.com/mimblewimble/grin/pull/3503

Prerequisites: Setup your Grin-Node and try to access the API v1.

Some possible tests you could do:

/v1/status | Returns various information about the node and the network
/v1/blocks | Returns data about a specific block given a hash, a height or an unspent commit.
/v1/headers | Returns data about a block headers given either a hash or height or an output commit.

How to do a get request on grin API v1 : https://grinnode.live/v1/status (<-- not working anymore, just as an example)

Expected result: API v1 should be not reachable and the grin-node should not be answering any requests towards API v1

marekyggdrasil commented 3 years ago

Are we sure grin-node should not be answering any requests towards API v1? I think it should respond with a specific status code such as 404. I think we should double check that.

MCM-Mike commented 3 years ago

@marekyggdrasil if needed please rewrite this test-case and make it available.

JitrZ commented 3 years ago

For this test, grin-node must get connected to grinnode.live? or the APIs are accessible in own nodes and how?

marekyggdrasil commented 3 years ago

@AhmadRezaSaadatkhah no, this test has to be performed with the most recent version of the locally running and synced node.

JitrZ commented 3 years ago

Issue #9 Os: Windows 10 (Note that I'm using windows CMD and that's why cURL commands are a little different from linux!) Running Grin node: Version 5.0.0-rc.1

Couldn't find much docs about node api as it's not supported anymore in newer versions but according to this link in github and this one in forum, try these different things in cmd and the result was the same:

>curl --user grin:36HlaofOqeMNIzoJ3uvi http://127.0.0.1:3413/v1/status -v
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3413 (#0)
* Server auth using Basic with user 'grin'
> GET /v1/status HTTP/1.1
> Host: 127.0.0.1:3413
> Authorization: Basic Z3JpbjozNkhsYW9mT3FlTU5Jem9KM3V2aQ==
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< content-length: 0
< date: Thu, 31 Dec 2020 22:25:21 GMT
<
* Connection #0 to host 127.0.0.1 left intact
>curl http://127.0.0.1:3413/v1 --user grin:36HlaofOqeMNIzoJ3uvi -v -d "{\"jsonrpc\":\"2.0\",\"method\":\"get_status\",\"id\":1,\"params\":[]}"
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3413 (#0)
* Server auth using Basic with user 'grin'
> POST /v1 HTTP/1.1
> Host: 127.0.0.1:3413
> Authorization: Basic Z3JpbjozNkhsYW9mT3FlTU5Jem9KM3V2aQ==
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 58
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 58 out of 58 bytes
< HTTP/1.1 404 Not Found
< content-length: 0
< date: Thu, 31 Dec 2020 22:31:02 GMT
<
* Connection #0 to host 127.0.0.1 left intact
>curl http://127.0.0.1:3413/v1/status --user grin:36HlaofOqeMNIzoJ3uvi -v -d "{\"jsonrpc\":\"2.0\",\"method\":\"GET\",\"id\":1,\"params\":[]}"
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3413 (#0)
* Server auth using Basic with user 'grin'
> POST /v1/status HTTP/1.1
> Host: 127.0.0.1:3413
> Authorization: Basic Z3JpbjozNkhsYW9mT3FlTU5Jem9KM3V2aQ==
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 51
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 51 out of 51 bytes
< HTTP/1.1 404 Not Found
< content-length: 0
< date: Thu, 31 Dec 2020 22:30:38 GMT
<
* Connection #0 to host 127.0.0.1 left intact
marekyggdrasil commented 3 years ago

404 Not Found, looks like v1 is disabled, thanks for checking!