fix: Add VerifyDatabasePasswordV2 and deprecate VerifyDatabasePassword

status-im · Sep 23, 2024 · 195e460 · 195e460
1 parent a84f78f
commit 195e460
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 2 deletions.
diff --git a/mobile/status.go b/mobile/status.go
@@ -281,8 +281,27 @@ func verifyAccountPassword(keyStoreDir, address, password string) string {
 	return makeJSONResponse(err)
 }
 
+// Deprecated use VerifyDatabasePasswordV2 instead
 func VerifyDatabasePassword(keyUID, password string) string {
-	return logAndCallString(verifyDatabasePassword, keyUID, password)
+	return verifyDatabasePassword(keyUID, password)
+}
+
+func VerifyDatabasePasswordV2(requestJSON string) string {
+	return logAndCallString(verifyDatabasePasswordV2, requestJSON)
+}
+
+func verifyDatabasePasswordV2(requestJSON string) string {
+	var request requests.VerifyDatabasePasswordV2
+	err := json.Unmarshal([]byte(requestJSON), &request)
+	if err != nil {
+		return makeJSONResponse(err)
+	}
+
+	err = request.Validate()
+	if err != nil {
+		return makeJSONResponse(err)
+	}
+	return verifyDatabasePassword(request.KeyUID, request.Password)
 }
 
 // verifyDatabasePassword verifies database password.

diff --git a/mobile/status_request_log.go b/mobile/status_request_log.go
@@ -13,7 +13,7 @@ import (
 	"github.com/status-im/status-go/logutils/requestlog"
 )
 
-var sensitiveRegex = regexp.MustCompile(`(?i)(".*?(password|mnemonic|openseaAPIKey|poktToken|alchemyArbitrumMainnetToken|raribleTestnetAPIKey|alchemyOptimismMainnetToken|statusProxyBlockchainUser|alchemyEthereumSepoliaToken|alchemyArbitrumSepoliaToken|infuraToken|raribleMainnetAPIKey|alchemyEthereumMainnetToken).*?")\s*:\s*("[^"]*")`)
+var sensitiveRegex = regexp.MustCompile(`(?i)(".*?(password|mnemonic|openseaAPIKey|poktToken|alchemyArbitrumMainnetToken|raribleTestnetAPIKey|alchemyOptimismMainnetToken|statusProxyBlockchainUser|alchemyEthereumSepoliaToken|alchemyArbitrumSepoliaToken|infuraToken|raribleMainnetAPIKey|alchemyEthereumMainnetToken|alchemyOptimismSepoliaToken|verifyENSURL|verifyTransactionURL).*?")\s*:\s*("[^"]*")`)
 
 func getFunctionName(fn any) string {
 	return runtime.FuncForPC(reflect.ValueOf(fn).Pointer()).Name()

diff --git a/protocol/requests/verify_database_password_v2.go b/protocol/requests/verify_database_password_v2.go
@@ -0,0 +1,25 @@
+package requests
+
+import (
+	"errors"
+)
+
+// VerifyDatabasePasswordV2 represents a request to verify the database password.
+type VerifyDatabasePasswordV2 struct {
+	// KeyUID identifies the specific key in the database.
+	KeyUID string `json:"keyUID"`
+
+	// Password is the password to verify against the database entry.
+	Password string `json:"password"`
+}
+
+// Validate checks the validity of the VerifyDatabasePasswordV2 request.
+func (v *VerifyDatabasePasswordV2) Validate() error {
+	if v.KeyUID == "" {
+		return errors.New("verify-database-password-v2: KeyUID cannot be empty")
+	}
+	if v.Password == "" {
+		return errors.New("verify-database-password-v2: Password cannot be empty")
+	}
+	return nil
+}