From 417f869dead7140b3f56d6d41e133320a68d5d60 Mon Sep 17 00:00:00 2001 From: theoreticalbts Date: Tue, 30 Jun 2015 03:06:59 -0400 Subject: [PATCH] Revert "cli_wallet: Implement HTTP header for wallet unlocking" This reverts commit 8db1b930f338637727e76cc6a84e1f58ef1d390e. Since cli_wallet itself makes no effort to be stateless, we can simply unlock in a separate call. Removing the ability to use the header to unlock reduces the potential for user confusion about whether the HTTP API provides security (it does not). --- programs/cli_wallet/main.cpp | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/programs/cli_wallet/main.cpp b/programs/cli_wallet/main.cpp index af9ee011..8c78ba50 100644 --- a/programs/cli_wallet/main.cpp +++ b/programs/cli_wallet/main.cpp @@ -210,35 +210,6 @@ int main( int argc, char** argv ) std::shared_ptr< fc::rpc::http_api_connection > conn = std::make_shared< fc::rpc::http_api_connection>(); conn->register_api( wapi ); - // allow unlocking with password in HTTP header - std::string unlock_password = req.get_header( "Graphene-Wallet-Password" ); - if( unlock_password != "" ) - { - fc::optional< std::string > unlock_error; - fc::rpc::request unlock_request; - fc::variants args; - args.push_back( unlock_password ); - unlock_request.method = "unlock"; - unlock_request.params = args; - - try - { - conn->_rpc_state.local_call( unlock_request.method, unlock_request.params ); - } - catch ( const fc::exception& e ) - { - unlock_error = fc::json::to_string( fc::rpc::response( *unlock_request.id, - fc::rpc::error_object{ 1, e.to_detail_string(), fc::variant(e)} ) ); - } - if( unlock_error.valid() ) - { - // FC's IO framework doesn't allow write() in exception handler - resp.set_status( fc::http::reply::InternalServerError ); - resp.set_length( unlock_error->length() ); - resp.write( unlock_error->c_str(), unlock_error->length() ); - return; - } - } conn->on_request( req, resp ); } ); }