feat(ironfish): Check if wallet is encrypted when calling setAccount (#…

…5300) * feat(ironfish): Remove cached accounts when encrypting/decrypting * feat(ironfish): Check if wallet is encrypted when calling setAccount
iron-fish · Aug 19, 2024 · 93908a9 · 93908a9
1 parent f9fbde1
commit 93908a9
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 1 deletion.
diff --git a/ironfish/src/wallet/walletdb/__fixtures__/walletdb.test.ts.fixture b/ironfish/src/wallet/walletdb/__fixtures__/walletdb.test.ts.fixture
@@ -1150,5 +1150,36 @@
         "sequence": 1
       }
     }
+  ],
+  "WalletDB setAccount throws an error if existing accounts are encrypted": [
+    {
+      "value": {
+        "encrypted": false,
+        "version": 4,
+        "id": "1326265d-45b5-4646-8bf1-4434c896bcd1",
+        "name": "A",
+        "spendingKey": "d71768604bc37a2cd7b48e194b58c43bee3aeb398d11b9a0ef998ef759a6e08b",
+        "viewKey": "9a1e4d1d5ea401cb0454e95b4681ddd6acef636f3b406f8664f9d2bcccaa979d0495d1e8372407cbb4505a7167232f1d3436d5723bff554f911d96df1d0e2821",
+        "incomingViewKey": "64b66b4a68d8eaba6b7bfbd55d59abe794f598750b0dc9f136d2558502c64303",
+        "outgoingViewKey": "5d40218d1b4da92ec42c0538380b682c179d44fbd25ef999566539dac1d70d4f",
+        "publicAddress": "204b3270b44e987ba022b5b8eda7f41ebf55eb19ce61b7723a031bec9ed5bfcf",
+        "createdAt": {
+          "hash": {
+            "type": "Buffer",
+            "data": "base64:R5HXrp+X3xAO8VWOhHctagm0N2I4goP3XG8goyqIqoY="
+          },
+          "sequence": 1
+        },
+        "scanningEnabled": true,
+        "proofAuthorizingKey": "4ebcb8cbb3bb735f9421ea40538f24ada921c9736889e2a3384ddd3707c0ad05"
+      },
+      "head": {
+        "hash": {
+          "type": "Buffer",
+          "data": "base64:R5HXrp+X3xAO8VWOhHctagm0N2I4goP3XG8goyqIqoY="
+        },
+        "sequence": 1
+      }
+    }
   ]
 }
diff --git a/ironfish/src/wallet/walletdb/walletdb.test.ts b/ironfish/src/wallet/walletdb/walletdb.test.ts
@@ -1,7 +1,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-import { Asset, multisig } from '@ironfish/rust-nodejs'
+import { Asset, generateKey, multisig } from '@ironfish/rust-nodejs'
 import { randomBytes } from 'crypto'
 import { Assert } from '../../assert'
 import {
@@ -14,6 +14,7 @@ import { AsyncUtils } from '../../utils'
 import { Account } from '../account/account'
 import { EncryptedAccount } from '../account/encryptedAccount'
 import { AccountDecryptionFailedError } from '../errors'
+import { DecryptedAccountValue } from './accountValue'
 import { DecryptedNoteValue } from './decryptedNoteValue'
 
 describe('WalletDB', () => {
@@ -619,4 +620,53 @@ describe('WalletDB', () => {
       expect(await walletDb.accountsEncrypted()).toBe(false)
     })
   })
+
+  describe('setAccount', () => {
+    it('throws an error if existing accounts are encrypted', async () => {
+      const node = (await nodeTest.createSetup()).node
+      const walletDb = node.wallet.walletDb
+      const passphrase = 'foobar'
+
+      await useAccountFixture(node.wallet, 'A')
+      await walletDb.encryptAccounts(passphrase)
+
+      const key = generateKey()
+      const accountValue: DecryptedAccountValue = {
+        encrypted: false,
+        id: '0',
+        name: 'new-account',
+        version: 1,
+        createdAt: null,
+        scanningEnabled: false,
+        ...key,
+      }
+      const account = new Account({ accountValue, walletDb })
+
+      await expect(walletDb.setAccount(account)).rejects.toThrow()
+    })
+
+    it('saves the account', async () => {
+      const node = (await nodeTest.createSetup()).node
+      const walletDb = node.wallet.walletDb
+
+      const key = generateKey()
+      const accountValue: DecryptedAccountValue = {
+        encrypted: false,
+        id: '1',
+        name: 'new-account',
+        version: 1,
+        createdAt: null,
+        scanningEnabled: false,
+        ...key,
+      }
+      const account = new Account({ accountValue, walletDb })
+
+      await walletDb.setAccount(account)
+
+      expect(await walletDb.accounts.get(account.id)).not.toBeUndefined()
+      expect(
+        await walletDb.balances.get([account.prefix, Asset.nativeId()]),
+      ).not.toBeUndefined()
+    })
+  })
 })
diff --git a/ironfish/src/wallet/walletdb/walletdb.ts b/ironfish/src/wallet/walletdb/walletdb.ts
@@ -342,6 +342,10 @@ export class WalletDB {
 
   async setAccount(account: Account, tx?: IDatabaseTransaction): Promise<void> {
     await this.db.withTransaction(tx, async (tx) => {
+      if (await this.accountsEncrypted(tx)) {
+        throw new Error('Cannot save decrypted account when accounts are encrypted')
+      }
+
       await this.accounts.put(account.id, account.serialize(), tx)
 
       const nativeUnconfirmedBalance = await this.balances.get(