mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
Merge #6209: chore: deprecate an option platform-user
in favour of whitelist
e2c66ae3e9
chore: deprecate a setting platform-user in favour of whitelist (Konstantin Akimov) Pull request description: ## Issue being fixed or feature implemented Hard-coded restrictions for platform-user are super-seeded by whitelist feature. ## What was done? Before actually removing feature, let's make it deprecated for now Split from https://github.com/dashpay/dash/pull/6105/ 6105 - to close and re-open for next major release. It deprecates old command line argument `-platform-user` by renaming to `-deprecated-platform-user` ## How Has This Been Tested? See new 2 functional tests: `rpc_deprecated_platform_filter.py` and `rpc_external_queue.py` which are split from `rpc_platform_filter.py` ## Breaking Changes Command line argument `-platform-user` is renamed to `-deprecated-platform-user` ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACKe2c66ae3e9
PastaPastaPasta: utACKe2c66ae3e9
Tree-SHA512: c237065304f5ba682bc381a202a17e1b7191bb02ba5e51d8eec3170315ee980e0c20fd3b6aa6d77f75095c1761d374a7139ef289b0c78d74809b233f15a1a04a
This commit is contained in:
commit
9272ae24ac
3
doc/release-notes-6209.md
Normal file
3
doc/release-notes-6209.md
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
## Command-line options
|
||||||
|
|
||||||
|
- `-platform-user` is deprecated in favor of the whitelist feature. In releases 22.x of Dash Core it has been renamed to `-deprecated-platform-user` and will be removed in version 23.x
|
@ -736,7 +736,7 @@ void SetupServerArgs(ArgsManager& argsman)
|
|||||||
argsman.AddArg("-llmq-data-recovery=<n>", strprintf("Enable automated quorum data recovery (default: %u)", llmq::DEFAULT_ENABLE_QUORUM_DATA_RECOVERY), ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
argsman.AddArg("-llmq-data-recovery=<n>", strprintf("Enable automated quorum data recovery (default: %u)", llmq::DEFAULT_ENABLE_QUORUM_DATA_RECOVERY), ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
||||||
argsman.AddArg("-llmq-qvvec-sync=<quorum_name>:<mode>", strprintf("Defines from which LLMQ type the masternode should sync quorum verification vectors. Can be used multiple times with different LLMQ types. <mode>: %d (sync always from all quorums of the type defined by <quorum_name>), %d (sync from all quorums of the type defined by <quorum_name> if a member of any of the quorums)", (int32_t)llmq::QvvecSyncMode::Always, (int32_t)llmq::QvvecSyncMode::OnlyIfTypeMember), ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
argsman.AddArg("-llmq-qvvec-sync=<quorum_name>:<mode>", strprintf("Defines from which LLMQ type the masternode should sync quorum verification vectors. Can be used multiple times with different LLMQ types. <mode>: %d (sync always from all quorums of the type defined by <quorum_name>), %d (sync from all quorums of the type defined by <quorum_name> if a member of any of the quorums)", (int32_t)llmq::QvvecSyncMode::Always, (int32_t)llmq::QvvecSyncMode::OnlyIfTypeMember), ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
||||||
argsman.AddArg("-masternodeblsprivkey=<hex>", "Set the masternode BLS private key and enable the client to act as a masternode", ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, OptionsCategory::MASTERNODE);
|
argsman.AddArg("-masternodeblsprivkey=<hex>", "Set the masternode BLS private key and enable the client to act as a masternode", ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, OptionsCategory::MASTERNODE);
|
||||||
argsman.AddArg("-platform-user=<user>", "Set the username for the \"platform user\", a restricted user intended to be used by Dash Platform, to the specified username.", ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
argsman.AddArg("-deprecated-platform-user=<user>", "Set the username for the \"platform user\", a restricted user intended to be used by Dash Platform, to the specified username.", ArgsManager::ALLOW_ANY, OptionsCategory::MASTERNODE);
|
||||||
|
|
||||||
argsman.AddArg("-acceptnonstdtxn", strprintf("Relay and mine \"non-standard\" transactions (%sdefault: %u)", "testnet/regtest only; ", !testnetChainParams->RequireStandard()), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::NODE_RELAY);
|
argsman.AddArg("-acceptnonstdtxn", strprintf("Relay and mine \"non-standard\" transactions (%sdefault: %u)", "testnet/regtest only; ", !testnetChainParams->RequireStandard()), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::NODE_RELAY);
|
||||||
argsman.AddArg("-dustrelayfee=<amt>", strprintf("Fee rate (in %s/kB) used to define dust, the value of an output such that it will cost more than its value in fees at this fee rate to spend it. (default: %s)", CURRENCY_UNIT, FormatMoney(DUST_RELAY_TX_FEE)), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::NODE_RELAY);
|
argsman.AddArg("-dustrelayfee=<amt>", strprintf("Fee rate (in %s/kB) used to define dust, the value of an output such that it will cost more than its value in fees at this fee rate to spend it. (default: %s)", CURRENCY_UNIT, FormatMoney(DUST_RELAY_TX_FEE)), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::NODE_RELAY);
|
||||||
|
@ -551,7 +551,7 @@ static bool ExecuteCommand(const CRPCCommand& command, const JSONRPCRequest& req
|
|||||||
{
|
{
|
||||||
const NodeContext& node = EnsureAnyNodeContext(request.context);
|
const NodeContext& node = EnsureAnyNodeContext(request.context);
|
||||||
// Before executing the RPC Command, filter commands from platform rpc user
|
// Before executing the RPC Command, filter commands from platform rpc user
|
||||||
if (node.mn_activeman && request.authUser == gArgs.GetArg("-platform-user", defaultPlatformUser)) {
|
if (node.mn_activeman && request.authUser == gArgs.GetArg("-deprecated-platform-user", defaultPlatformUser)) {
|
||||||
// replace this with structured binding in c++20
|
// replace this with structured binding in c++20
|
||||||
std::string command_name = command.name;
|
std::string command_name = command.name;
|
||||||
const auto& it = mapPlatformRestrictions.equal_range(command_name);
|
const auto& it = mapPlatformRestrictions.equal_range(command_name);
|
||||||
|
@ -114,24 +114,5 @@ class HTTPBasicsTest(BitcoinTestFramework):
|
|||||||
test_command("debug", ["1"], rpcuser_authpair_operator, 200)
|
test_command("debug", ["1"], rpcuser_authpair_operator, 200)
|
||||||
|
|
||||||
|
|
||||||
self.log.info("Restart node with -rpcexternaluser")
|
|
||||||
self.restart_node(0, extra_args=["-rpcexternaluser=platform-user"])
|
|
||||||
|
|
||||||
external_log_str = "HTTP: Calling handler for external user"
|
|
||||||
expected_log_str = "ThreadRPCServer method="
|
|
||||||
with self.nodes[0].assert_debug_log(expected_msgs=[expected_log_str, external_log_str]):
|
|
||||||
test_command("getbestblockhash", [], rpcuser_authpair_platform, 200)
|
|
||||||
with self.nodes[0].assert_debug_log(expected_msgs=[expected_log_str], unexpected_msgs = [external_log_str]):
|
|
||||||
test_command("getbestblockhash", [], rpcuser_authpair_operator, 200)
|
|
||||||
|
|
||||||
self.log.info("Restart node with multiple external users")
|
|
||||||
self.restart_node(0, extra_args=["-rpcexternaluser=platform-user,operator"])
|
|
||||||
with self.nodes[0].assert_debug_log(expected_msgs=[expected_log_str, external_log_str]):
|
|
||||||
test_command("getbestblockhash", [], rpcuser_authpair_platform, 200)
|
|
||||||
with self.nodes[0].assert_debug_log(expected_msgs=[expected_log_str, external_log_str]):
|
|
||||||
test_command("getbestblockhash", [], rpcuser_authpair_operator, 200)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
HTTPBasicsTest().main()
|
HTTPBasicsTest().main()
|
92
test/functional/rpc_external_queue.py
Normal file
92
test/functional/rpc_external_queue.py
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# Copyright (c) 2024 The Dash Core developers
|
||||||
|
# Distributed under the MIT software license, see the accompanying
|
||||||
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
"""Test that commands submitted by the platform user are filtered."""
|
||||||
|
|
||||||
|
from test_framework.test_framework import BitcoinTestFramework
|
||||||
|
from test_framework.util import str_to_b64str, assert_equal
|
||||||
|
|
||||||
|
import http.client
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import urllib.parse
|
||||||
|
|
||||||
|
|
||||||
|
class HTTPBasicsTest(BitcoinTestFramework):
|
||||||
|
def set_test_params(self):
|
||||||
|
self.num_nodes = 1
|
||||||
|
self.supports_cli = False
|
||||||
|
|
||||||
|
def setup_nodes(self):
|
||||||
|
self.add_nodes(self.num_nodes)
|
||||||
|
self.start_nodes()
|
||||||
|
|
||||||
|
def setup_chain(self):
|
||||||
|
super().setup_chain()
|
||||||
|
# Append rpcauth to dash.conf before initialization
|
||||||
|
rpcauthplatform = "rpcauth=platform-user:dd88fd676186f48553775d6fb5a2d344$bc1f7898698ead19c6ec7ff47055622dd7101478f1ff6444103d3dc03cd77c13"
|
||||||
|
# rpcuser : platform-user
|
||||||
|
# rpcpassword : password123
|
||||||
|
rpcauthoperator = "rpcauth=operator:e9b45dd0b61a7be72155535435365a3a$8fb7470bc6f74d8ceaf9a23f49b06127723bd563b3ed5d9cea776ef01803d191"
|
||||||
|
# rpcuser : operator
|
||||||
|
# rpcpassword : otherpassword
|
||||||
|
|
||||||
|
masternodeblskey="masternodeblsprivkey=58af6e39bb4d86b22bda1a02b134c2f5b71caffa1377540b02f7f1ad122f59e0"
|
||||||
|
|
||||||
|
with open(os.path.join(self.options.tmpdir+"/node0", "dash.conf"), 'a', encoding='utf8') as f:
|
||||||
|
f.write(masternodeblskey+"\n")
|
||||||
|
f.write(rpcauthplatform+"\n")
|
||||||
|
f.write(rpcauthoperator+"\n")
|
||||||
|
|
||||||
|
def run_test(self):
|
||||||
|
url = urllib.parse.urlparse(self.nodes[0].url)
|
||||||
|
|
||||||
|
def send_command(method, params, auth, expected_status, should_not_match=False):
|
||||||
|
conn = http.client.HTTPConnection(url.hostname, url.port)
|
||||||
|
conn.connect()
|
||||||
|
body = {"method": method}
|
||||||
|
if len(params):
|
||||||
|
body["params"] = params
|
||||||
|
conn.request('POST', '/', json.dumps(body), {"Authorization": "Basic " + str_to_b64str(auth)})
|
||||||
|
resp = conn.getresponse()
|
||||||
|
if should_not_match:
|
||||||
|
assert resp.status != expected_status
|
||||||
|
else:
|
||||||
|
assert_equal(resp.status, expected_status)
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
rpcuser_authpair_platform = "platform-user:password123"
|
||||||
|
rpcuser_authpair_operator = "operator:otherpassword"
|
||||||
|
rpcuser_authpair_wrong = "platform-user:rpcpasswordwrong"
|
||||||
|
|
||||||
|
external_log_str = "HTTP: Calling handler for external user"
|
||||||
|
always_expected_log_str = "ThreadRPCServer method="
|
||||||
|
|
||||||
|
self.log.info('Try using a incorrect password for platform-user...')
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_wrong, 401)
|
||||||
|
|
||||||
|
self.log.info("Check that there's no external queue by default")
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str], unexpected_msgs = [external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_platform, 200)
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str], unexpected_msgs = [external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_operator, 200)
|
||||||
|
|
||||||
|
self.log.info("Restart node with -rpcexternaluser")
|
||||||
|
self.restart_node(0, extra_args=["-rpcexternaluser=platform-user"])
|
||||||
|
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str, external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_platform, 200)
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str], unexpected_msgs = [external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_operator, 200)
|
||||||
|
|
||||||
|
self.log.info("Restart node with multiple external users")
|
||||||
|
self.restart_node(0, extra_args=["-rpcexternaluser=platform-user,operator"])
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str, external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_platform, 200)
|
||||||
|
with self.nodes[0].assert_debug_log(expected_msgs=[always_expected_log_str, external_log_str]):
|
||||||
|
send_command("getbestblockhash", [], rpcuser_authpair_operator, 200)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
HTTPBasicsTest().main()
|
@ -321,7 +321,8 @@ BASE_SCRIPTS = [
|
|||||||
'wallet_send.py --descriptors',
|
'wallet_send.py --descriptors',
|
||||||
'wallet_create_tx.py --descriptors',
|
'wallet_create_tx.py --descriptors',
|
||||||
'p2p_fingerprint.py',
|
'p2p_fingerprint.py',
|
||||||
'rpc_platform_filter.py',
|
'rpc_deprecated_platform_filter.py',
|
||||||
|
'rpc_external_queue.py',
|
||||||
'rpc_wipewallettxes.py',
|
'rpc_wipewallettxes.py',
|
||||||
'feature_dip0020_activation.py',
|
'feature_dip0020_activation.py',
|
||||||
'feature_uacomment.py',
|
'feature_uacomment.py',
|
||||||
|
Loading…
Reference in New Issue
Block a user