Skip to content

Commit

Permalink
feat: error when using insecure identity on mainnet (#4005)
Browse files Browse the repository at this point in the history
* error when using insecure identity on mainnet

no warning on non-mainnet (playground, local replica)

* changelog

* surpress the error in irrelevant tests

* fix typo
  • Loading branch information
lwshang authored Nov 20, 2024
1 parent a5e8144 commit 06afa6f
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 18 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

# UNRELEASED

### feat: error when using insecure identity on mainnet

This used to be a warning. A hard error can abort the command so that no insecure state will be on the mainnet.

Users can surpress this error by setting `export DFX_WARNING=-mainnet_plaintext_identity`.

The warning won't display when executing commands like `dfx deploy --playground`.

# 0.24.3

### feat: Bitcoin support in PocketIC
Expand Down
6 changes: 4 additions & 2 deletions e2e/tests-dfx/canister_url.bash
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ load ../utils/_

setup() {
standard_setup

# some of the tests run on mainnet with default plaintext identity
# so we need to set this to avoid the error
export DFX_WARNING=-mainnet_plaintext_identity
dfx_new_assets hello
}

Expand Down Expand Up @@ -58,7 +60,7 @@ teardown() {
echo "{}" > canister_ids.json
jq '.hello_frontend.ic = "qsgof-4qaaa-aaaan-qekqq-cai"' canister_ids.json | sponge canister_ids.json
frontend_id=$(dfx canister id hello_frontend --ic)

assert_command dfx canister url hello_frontend --ic
assert_match "https://${frontend_id}.icp0.io"

Expand Down
2 changes: 2 additions & 0 deletions e2e/tests-dfx/fabricate_cycles.bash
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ teardown() {

@test "ledger fabricate-cycles fails on real IC" {
install_asset greet
# without DFX_WARNING, the command would fail with different error (Failed to create AgentEnvironment...)
export DFX_WARNING=-mainnet_plaintext_identity
assert_command_fail dfx ledger fabricate-cycles --all --network ic
assert_match "Cannot run this on the real IC."
assert_command_fail dfx ledger fabricate-cycles --all --ic
Expand Down
12 changes: 6 additions & 6 deletions e2e/tests-dfx/identity.bash
Original file line number Diff line number Diff line change
Expand Up @@ -186,15 +186,15 @@ teardown() {
assert_eq '(blob "hello")' "$stdout"
}

@test "using an unencrypted identity on mainnet provokes a warning" {
assert_command dfx ledger balance --network ic
assert_match "WARN: The default identity is not stored securely." "$stderr"
@test "using an unencrypted identity on mainnet provokes a hard error which can be suppressed" {
assert_command_fail dfx ledger balance --network ic
assert_match "The default identity is not stored securely." "$stderr"
assert_command "${BATS_TEST_DIRNAME}/../assets/expect_scripts/init_alice_with_pw.exp"
assert_command "${BATS_TEST_DIRNAME}/../assets/expect_scripts/get_ledger_balance.exp"
dfx identity new bob --storage-mode plaintext
assert_command dfx ledger balance --network ic --identity bob
assert_match "WARN: The bob identity is not stored securely." "$stderr"

assert_command_fail dfx ledger balance --network ic --identity bob
assert_match "The bob identity is not stored securely." "$stderr"
# can suppress the error
export DFX_WARNING=-mainnet_plaintext_identity
assert_command dfx ledger balance --network ic --identity bob
assert_not_contains "not stored securely" "$stderr"
Expand Down
8 changes: 4 additions & 4 deletions e2e/tests-dfx/network.bash
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,13 @@ teardown() {

assert_command_fail dfx diagnose --network ic
assert_contains "The test_id identity is not stored securely."
assert_contains "use it in mainnet-facing commands"
assert_contains "No wallet found; nothing to do"
assert_contains "in mainnet-facing commands"
assert_contains "you can suppress this warning"

assert_command_fail dfx diagnose --ic
assert_contains "The test_id identity is not stored securely."
assert_contains "use it in mainnet-facing commands"
assert_contains "No wallet found; nothing to do"
assert_contains "in mainnet-facing commands"
assert_contains "you can suppress this warning"

assert_command dfx diagnose
assert_not_contains "identity is not stored securely"
Expand Down
3 changes: 2 additions & 1 deletion e2e/tests-dfx/sign_send.bash
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ teardown() {
cd "$E2E_TEMP_DIR"
mkdir not-a-project-dir
cd not-a-project-dir

# suppress the error
export DFX_WARNING=-mainnet_plaintext_identity
assert_command dfx canister sign --query rwlgt-iiaaa-aaaaa-aaaaa-cai read --network ic
assert_match "Query message generated at \[message.json\]"
}
Expand Down
22 changes: 17 additions & 5 deletions src/dfx/src/lib/environment.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ use crate::config::dfx_version;
use crate::lib::error::DfxResult;
use crate::lib::progress_bar::ProgressBar;
use crate::lib::warning::{is_warning_disabled, DfxWarning::MainnetPlainTextIdentity};
use anyhow::anyhow;
use anyhow::{anyhow, bail};
use candid::Principal;
use dfx_core::config::cache::Cache;
use dfx_core::config::model::canister_id_store::CanisterIdStore;
use dfx_core::config::model::dfinity::{Config, NetworksConfig};
use dfx_core::config::model::network_descriptor::NetworkDescriptor;
use dfx_core::config::model::network_descriptor::{NetworkDescriptor, NetworkTypeDescriptor};
use dfx_core::error::canister_id_store::CanisterIdStoreError;
use dfx_core::error::identity::NewIdentityManagerError;
use dfx_core::error::load_dfx_config::LoadDfxConfigError;
Expand All @@ -17,7 +17,7 @@ use dfx_core::identity::identity_manager::{IdentityManager, InitializeIdentity};
use fn_error_context::context;
use ic_agent::{Agent, Identity};
use semver::Version;
use slog::{warn, Logger, Record};
use slog::{Logger, Record};
use std::borrow::Cow;
use std::cell::RefCell;
use std::path::PathBuf;
Expand Down Expand Up @@ -288,11 +288,23 @@ impl<'a> AgentEnvironment<'a> {
identity_manager.instantiate_selected_identity(&logger)?
};
if network_descriptor.is_ic
&& !matches!(
network_descriptor.r#type,
NetworkTypeDescriptor::Playground { .. }
)
&& identity.insecure
&& !is_warning_disabled(MainnetPlainTextIdentity)
{
warn!(logger, "The {} identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` \
and use it in mainnet-facing commands with the `--identity` flag", identity.name());
bail!(
"The {} identity is not stored securely. Do not use it to control a lot of cycles/ICP.
- For enhanced security, create a new identity using the command:
dfx identity new
Then, specify the new identity in mainnet-facing commands with the `--identity` flag.
- If you understand the risks and still wish to use the insecure plaintext identity, you can suppress this warning by running:
export DFX_WARNING=-mainnet_plaintext_identity
After setting this environment variable, re-run the command.",
identity.name()
);
}
let url = network_descriptor.first_provider()?;
let effective_canister_id = if let Some(d) = &network_descriptor.local_server_descriptor {
Expand Down

0 comments on commit 06afa6f

Please sign in to comment.