search

openethereum / parity-ethereum

The fast, light, and robust client for Ethereum-like networks.
Other
6.82k stars 1.69k forks source link

Parity UI using Kovan Network connects when secure token is bypassed by providing `--ui-no-validation` Flag but not when equivalent UI Option in TOML config provided #7393

Closed ltfschoen closed 6 years ago

ltfschoen commented 6 years ago

INFO

Which Parity version?: 1.8.4-beta Which operating system?: MacOS How installed?: homebrew Are you fully synchronized?: no, N/A Did you try to restart the node?: yes

actual behaviour

I am using a custom Parity Configuration file (i.e. kovan-config.toml) to run the Parity UI connected to the Kovan Test Network.

When I run parity ui --config ./kovan-config.toml it opens the Google Chrome browser, shows some warnings saying that it blocked connection to WebSockets from an untrusted origin, and that I was using an invalid token. But it's helpful and tells me to generate a Secure Token via the command line with parity signer new-token, and to then paste the output as the value of the "secure token" input field in the UI. But when I do that it just shows the same errors again the in terminal Parity logs. I thought that providing the following in my kovan-config.toml file would help bypass the requirement for the secure token:

[ui]
force = true
...
no_validation = true

But the only way I can actually bypass the security window (i.e. connect to the Parity Secure API) and the warnings and get it to load Parity is to provide the flag --ui-no-validation

parity ui --config ./kovan-config.toml --ui-no-validation

But I want know what configuration option I need to add to kovan-config.toml that will achieve the same outcome, but without using the flag --ui-no-validation. Note hat I have tried changing it to ui_no_validation = true but it still doesn't work

expected behavior

We should be able to run the Parity UI using the Kovan Network by adding a appropriate configuration options to kovan-config.toml file that would help bypass the requirement for the secure token, such as with the following options, without the need for providing any additional flags such as --ui-no-validation:

[ui]
force = true
...
no_validation = true

steps to reproduce

I configure Parity to use a Kovan network Node. I created a custom kovan-config.toml file by following the Parity Configuration Guide.

I create a signer account for this Kovan network to satisfy the Mining Options with the following command and provided a password for it.

parity account new --chain kovan --keys-path "/Users/Me/Library/Application Support/io.parity.ethereum/testnet/keys" --db-path "Users/Me/Library/Application Support/io.parity.ethereum/testnet/chains"

This returned a random address: i.e. 0xrandom0000000000000000000000000000000000, and it created a key in my folder Users/Me/Library/Application Support/io.parity.ethereum/testnet/keys/kovan/UTC--2017-12-28T00-09-16Z--000-000

I then edited my Parity Configuration file for the Kovan Node kovan-config.toml, and changed the address I had used in the Account Options and Mining Options. i.e. 

...
[account] 
unlock = ["0xrandom0000000000000000000000000000000000"]
...
[mining]
author = "0xrandom0000000000000000000000000000000000"
engine_signer = "0xrandom0000000000000000000000000000000000"
...

So the file became:

# Operating Options:
[parity]
mode = "last"
mode_timeout = 300
mode_alarm = 3600
# OPTIONS: "all", "critical", "none"
auto_update = "none"
# OPTIONS: "stable", "beta", "nightly", "testing", "current"
release_track = "current"
public_node = false
no_download = false
no_consensus = false
# force_direct = false
# OPTIONS:
# (1) JSON chain specification file
# (2) "olympic", "frontier", "homestead", "mainnet", "morden", 
#     "ropsten", "classic", "expanse", "testnet", "kovan", "dev"
chain = "kovan"
base_path = "$HOME/Library/Application Support/io.parity.ethereum/testnet"
db_path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/chains"
keys_path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/keys"
# NOTE: Specify node name
identity = ""
light = false

# SEALING/MINING OPTIONS
no_persistent_txqueue = false

# Account Options:
[account]    
unlock = ["0xrandom0000000000000000000000000000000000"]
password = ["/Users/Me/Library/Application Support/io.parity.ethereum/testnet/passwords/node.pwds"]
keys_iterations = 10240
no_hardware_wallets = false
fast_unlock = false

# UI Options:
[ui]
force = false
# no_ui = false
disable = false
port = 8180
interface = "127.0.0.1"
# Allowed Host header values
# OPTIONS: "all", "none"
hosts = []
path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/signer"
# WARNING: only use in development
no_validation = true

# Networking Options:
[network]
port = 30303
min_peers = 25
max_peers = 50
snapshot_peers = 0
nat = "any"
# Override network identifier from the chain we are on
# Note: Kovan has ID of 42
id = 42
bootnodes = []
# no_discovery = false
discovery = true
# no_warp = false
warp = true
# Filter outbound connections 
# OPTIONS: "private", "public", "all"
allow_ips = "all"
max_pending_peers = 64
no_serve_light = false

# node_key = "None"
reserved_only = false
# reserved_peers = "$HOME/Library/Application Support/io.parity.ethereum/testnet/enodes"

# API and Console Options:
[rpc]
# no_jsonrpc = false
disable = false
port = 8545
# OPTIONS:
# (1) Interface IP Address
# (2) "all", "local"
interface = "local"
# CORS Header for JSON-RPC API responses
# Default: "None"
cors = "null"
# APIs available through the JSONRPC
# Available: "all", "safe", "web3", "eth", "net", "personal", "parity", "parity_set", "traces", "rpc", "parity_accounts"
# Default: "web3", "eth", "pubsub", "net", "parity", "parity_pubsub", "traces", "rpc", "secretstore"
# Note: Inconsistent since "Default" list includes values that are not in "Available" list
apis = ["web3", "eth", "net", "parity", "traces", "rpc", "secretstore"]
# OPTIONS: "all", "none"
hosts = ["none"]
# Note: Requires DApps server to be disabled using `--no-dapps`
# server_threads = "None"
# threads = 0

# WebSockers Server Options:
[websockets]
# no_ws = false
disable = false
port = 8546
# OPTIONS: "all", "local"
interface = "local"
# APIs available through the WebSockets
# Available: "web3", "eth", "pubsub", "net", "personal", "parity", "parity_set", "traces", "rpc", "parity_accounts"
# Default: "web3", "eth", "pubsub", "net", "parity", "parity_pubsub", "traces", "rpc", "secretstore"
# Note: Inconsistent since "Default" list includes values that are not in "Available" list
apis = ["web3", "eth", "net", "parity", "traces", "rpc", "secretstore"]
# OPTIONS: "all", "none"
origins = ["none"]
# OPTIONS: "all", "none"
hosts = ["none"]

# JSON-RPC over IPC Service Options
[ipc]
# no_ipc = false
disable = false
path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/jsonrpc.ipc"
# APIs available through the JSON-RPC over IPC
# Default: "web3", "eth", "pubsub", "net", "parity", "parity_pubsub", "traces", "rpc", "secretstore"
# Note: Inconsistent since no "Available" list provided
apis = ["web3", "eth", "net", "parity", "parity_accounts", "personal", "traces", "rpc", "secretstore"]

# DApps Server Options
[dapps]
# no_dapps = false
disable = false
path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/dapps"

# Secret Store Key Server Options:
[secretstore]
# no_secretstore = false
disable = false
# Note: Highlighted as "required" in https://github.com/paritytech/parity/wiki/Configuring-Parity#cli-options, but not included in the Sample config.toml file
# secret = "None"
# Note: Default not shown properly in https://github.com/paritytech/parity/wiki/Configuring-Parity#cli-options
nodes = []
http_interface = "local"
http_port = 8082
interface = "local"
port = 8083
path = "$HOME/Library/Application Support/io.parity.ethereum/testnet/secretstore"

# IPFS API Server Options:
[ipfs]
enable = false
port = 5001
interface = "local"
# Note: Inconsistent as shows Default value of "None" in CLI Options but "null" in Sample config.toml
cors = "null"
# OPTIONS: "all", "none"
hosts = ["none"]

# Mining Options:
[mining]
# Default: "None"
author = "0xrandom0000000000000000000000000000000000"
# Default: "None"
engine_signer = "0xrandom0000000000000000000000000000000000"
# Default: false
force_sealing = true
# OPTIONS: "none", "own", "ext", "all"
reseal_on_txs = "all"
reseal_on_uncle = false
# Note: Differs from Defaults
reseal_min_period = 4000
reseal_max_period = 60000
work_queue_size = 20
# Default: "None"
tx_gas_limit = "6283184"
# Default: "None"
tx_time_limit = 100 #ms
# OPTIONS: "cheap", "strict", "lenient"
relay_set = "cheap"
usd_per_tx = "0.0025"
# Note: May be an amount in USD, or "auto"
usd_per_eth = "auto"
# OPTIONS: "daily", "hourly", or of the form "2 days", "30 minutes"
price_update_period = "hourly"
gas_floor_target = "4700000"
gas_cap = "6283184"
# OPTIONS: Disable with 0
tx_queue_mem_limit = 2
tx_queue_size = 8192
# OPTIONS: "off", an amount of gas, or "auto" (limit of 20x current block gas limit)
tx_queue_gas = "off"
# OPTIONS: "gas", "gas_price", "gas_factor"
tx_queue_strategy = "gas_factor"
tx_queue_ban_count = 1
tx_queue_ban_time = 180 #s
# Default: "None"
extra_data = "Parity"
# no_persistent_txqueue = false
remove_solved = false
# Default: "None"
notify_work = ["http://localhost:3001"]
refuse_service_transactions = false

# Stratum Server Options
[stratum]
enable = false
interface = "local"
port = 8008
secret = "None"

# Footprint Options
[footprint]
# OPTIONS: "auto", "on", "off"
tracing = "auto"
# OPTIONS: "auto", "fast", "archive"
pruning = "auto"
pruning_history = 64
# Note: Differs from Default of 32 in CLI Options
pruning_memory = 500
# Note: Differs from Default of 32 in CLI Options
cache_size_db = 64
cache_size_blocks = 8
# Note: Differs from Default of 40 in CLI Options
cache_size_queue = 50
cache_size_state = 25
# Overrides other caches with and queue options with this total size
# Default: "None"
cache_size = 128
fast_and_loose = false
# OPTIONS: "ssd", "hdd", "auto"
db_compaction = "ssd"
# OPTIONS: "auto", "on", "off"
fat_db = "auto"
# Default: false
scale_verifiers = true
# Default: "None"
num_verifiers = 6

# Import/Export Options:
# ONLY SHOWN IN CLI OPTIONS

# Snapshot Options:
[snapshots]
# OPTIONS: An index, hash, or "latest"
# at = "latest"
disable_periodic = false

# Virtual Machine Options:
[vm]
jit = false

# Legacy Options:
# ONLY SHOWN IN CLI OPTIONS

# Internal Options:
# ONLY SHOWN IN CLI OPTIONS

# Miscellaneous Options:
[misc]
# ntp_server = "None"
logging = "own_tx=trace"
log_file = "/Users/Me/Library/Application Support/io.parity.ethereum/testnet/log/parity.log"
color = true
version = true

Then I ran the Kovan Node using my custom config

parity --config ./kovan-config.toml

This works successfully without any UI.

But if I want to run it in the UI at http://127.0.0.1:8180/#/home, I first have to change the UI Options in my configuration file to force = true, i.e. :

[ui]
...
force = true

I then run the Parity Node with Kovan Network with:

parity ui --config ./kovan-config.toml

This opens Google Chrome browser and displays the following:

screen shot 2017-12-28 at 1 27 48 pm

In the Bash Terminal it displays:

...
Open: http://127.0.0.1:8180/#/auth?token=PLmx-T4pw-KZE8-KXcO
to authorize your browser.
Or use the generated token:
PLmx-T4pw-KZE8-KXcO
2017-12-28 13:29:33   INFO miner  Updated conversion rate to Ξ1 = US$732.21 (162586700 wei/gas)
2017-12-28 13:29:35   WARN jsonrpc_ws_server::session  Blocked connection to WebSockets server from untrusted origin: Some("http://127.0.0.1:8180")
2017-12-28 13:29:35   WARN jsonrpc_ws_server::session  Blocked connection to WebSockets server from untrusted origin: Some("http://127.0.0.1:8180")
2017-12-28 13:29:35   WARN parity_rpc::v1::extractors  Blocked connection from http://127.0.0.1:8180 using invalid token.
2017-12-28 13:29:35   WARN jsonrpc_ws_server::session  Blocked connection to WebSockets server from untrusted origin: Some("http://127.0.0.1:8180")

If I copy and paste the generated token PLmx-T4pw-KZE8-KXcO into the input field where it asks for the "secure token" in the UI, or if I go to http://127.0.0.1:8180/#/auth?token=PLmx-T4pw-KZE8-KXcO, it just shows those warnings again.

So I try and just do what it says and I run the following to generate a token from my computer and paste the output into the browser, but doing that also just shows those warnings again.

parity signer new-token --config /Users/Me/code/blockchain/parity-docker/kovan-config.toml --db-path "Users/Me/Library/Application Support/io.parity.ethereum/testnet/chains"

I can only get it to work when I provide the CLI flag --ui-no-validation, but I want to avoid having to pass these flags. Instead I want to know how I can achieve the same thing and get it to work without those warnings by just providing the configuring the TOML configuration file.

parity ui --config ./kovan-config.toml --ui-no-validation

screen shot 2017-12-28 at 1 44 04 pm

tomusdrw commented 6 years ago

--ui-no-validation is development option and should never be used. That's also the reason why it's not present in a config file.

You're config file states:

[websockets]
...
origins = ["none"]

You should leave it default or allow connections from 127.0.0.1:8180:

[websockets]
origins = ["http://127.0.0.1:8180"]