search

pactus-project / pactus

Pactus blockchain
https://pactus.org
MIT License
213 stars 141 forks source link

Should return error if gRPC has no password, but calls with username and password #1376

Open b00f opened 4 months ago

b00f commented 4 months ago

Description

If basic_auth for gRPC is not set, calling any method with a password works, such as:

./build/pactus-shell blockchain get-blockchain-info --auth-username foo --auth-password bar

It should warn the user that no password is set.

How To Reproduce

Create a localnet or connect to testnet, and call any gRPC API with basic auth credentials.

What Happened

The API call succeeds, even though it should not.

b00f commented 4 months ago

It is still not fixed. Run node without the basic_auth and then run this command:

./build/pactus-shell blockchain get-blockchain-info --auth-username foo --auth-password bar
Ja7ad commented 4 months ago 
./build/pactus-shell blockchain get-blockchain-info --auth-username foo --auth-password bar

Showed error for invalid username or password, It's normal message for basic auth error.

 ./pactus-shell blockchain get-blockchain-info --auth-username foo --auth-password bar                   

Error: rpc error: code = Unauthenticated desc = username or password is invalid
Usage:
  shell blockchain get-blockchain-info [flags]

Flags:
  -h, --help   help for get-blockchain-info

Global Flags:
      --auth-password string       password for gRPC basic authentication
      --auth-username string       username for gRPC basic authentication
  -f, --request-file string        client request file; use "-" for stdin
  -i, --request-format string      request format (json, xml) (default "json")
  -o, --response-format string     response format (json, prettyjson, prettyxml, xml) (default "prettyjson")
  -s, --server-addr string         server address in the form host:port (default "localhost:50051")
      --timeout duration           client connection timeout (default 10s)
      --tls                        enable TLS
      --tls-ca-cert-file string    CA certificate file
      --tls-cert-file string       client certificate file
      --tls-insecure-skip-verify   INSECURE: skip TLS checks
      --tls-key-file string        client key file
      --tls-server-name string     TLS server name override

[ERROR] rpc error: code = Unauthenticated desc = username or password is invalid
b00f commented 4 months ago

@Ja7ad

Make sure the gRPC in localnet has no cerdential. then run:

./build/pactus-shell blockchain get-blockchain-info --auth-username foo --auth-password bar --server-addr localhost:50052
{
  "lastBlockHeight": 4,
  "lastBlockHash": "59c78ff69fbed29403a8372b9c7d2ca42a4fabb1eee8602ea60b47e1ea910c96",
  "totalAccounts": 4,
  "totalValidators": 4,
  "totalPower": "4",
  "committeePower": "4",
  "committeeValidators": [
    {
      "hash": "67c4fe75fb1254262a99e744e297d8748796f0df7a81cff3bf4d7df53f1d5101",
      "data": "998138537835b1588d84dce4d2331fcfffea65570c7a792080595cacdc822842fd40e4ecb4e81081ab880240ac3202c417a78e9b0a73e3a79ba360dfc04cdcc2b679359030327e27e6d285fcbf13c61becd2f1086782cebeb70bf21107491069000000000000000000000000000000000000000000000000",
      "publicKey": "tpublic1pnxqns5mcxkc43rvymnjdyvclell75e2hp3a8jgyqt9w2ehyz9pp06s8yaj6wsyyp4wyqys9vxgpvg9a836ds5ulr57d6xcxlcpxdes4k0y6eqvpj0cn7d559ljl383smanf0zzr8st8tadct7ggswjgsdy9aswzn",
      "address": "tpc1pu8rj238m60c4hg6mztlveqs5rregktuq8jkkn9",
      "availabilityScore": 1
    },
    {
      "hash": "06e62d6dcb892a1a4a792d743c16521f8cbffe99d12a8dfeea135fe8bdf02074",
      "data": "94544736cc2840630859d377f0457d9e1b74d3fa2a51d738e1af7e0c221dcce4cf1f05e6139325d592e0eec35d4d0435112da74f6b7721faf044b998e936e659469cf136333a1e6be11729977a728d330fe0f3955c2f9cb2f4872c8ff640d1bd010000000000000000000000000000000000000000000000",
      "publicKey": "tpublic1pj32ywdkv9pqxxzze6dmlq3tancdhf5l69fgaww8p4alqcgsaenjv78c9ucfexfw4jtswas6af5zr2yfd5a8kkaepltcyfwvcaymwvk2xnncnvve6re47z9efjaa89rfnpls0892u97wt9ay89j8lvsx3h54jlxj0",
      "number": 1,
      "address": "tpc1pktt35pqsrj6yxkzl7ddc4hnjqlc85hge30r7rs",
      "availabilityScore": 1
    },
    {
      "hash": "0bc590544e2f14169623ca87dad317c322f112d9dd9ba358ec9c651daf4758b9",
      "data": "973b4a6765def64f815e632731909067c762eb86c37b48e4feb67391e93ef1fcc1531232d4f335edbc8817ee2b30a065147535d4686ca5c0e568b024144f7afab0d8262135e9085af90ec12140c0c6f16fe931d48fa9d421ac3d9bb97b2c0c24020000000000000000000000000000000000000000000000",
      "publicKey": "tpublic1pjua55em9mmmylq27vvnnryysvlrk96uxcda53e87keeer6f7787vz5cjxt20xd0dhjyp0m3txzsx29r4xh2xsm99crjk3vpyz38h474smqnzzd0fppd0jrkpy9qvp3h3dl5nr4y0482zrtpanwuhktqvys26d9kc",
      "number": 2,
      "address": "tpc1pfg0230tvqy3njdafsxzksaawfe44kkp67upj3j",
      "availabilityScore": 1
    },
    {
      "hash": "bf524ab134c9ab5a23ec366f03215bb5bd884dcc0c6cd0c418bb8ea023df1e12",
      "data": "ab3bfc72f03fa66efae9100617d4155c75ada0f53fc92f524d05867bd661e37f7f23c29af9703c9a6ada1866e59de37406cb95c0009fdc32e4dc5145e5806cb144ee0bfed856ef113051a1ff5073cbfdba710f1c583e611901c4bff73e1e502d030000000000000000000000000000000000000000000000",
      "publicKey": "tpublic1p4valcuhs87nxa7hfzqrp04q4t366mg848lyj75jdqkr8h4npudlh7g7zntuhq0y6dtdpseh9nh3hgpktjhqqp87uxtjdc529ukqxev2yac9lakzkaugnq5dplag88jlahfcs78zc8es3jqwyhlmnu8js95c64edv",
      "number": 3,
      "address": "tpc1pcf9np0aaf0kavdvj0m65qkzfnzuhqvueahwjll"
    }
  ]
}%