Fix inconsistency between interactive and file based passwords (#589)

* Trim password when read in from file Right now leading and trailing whitespace characters aren't being trimmed. This leads to an issue where the same password provided interactively vs. using a file may not match up (e.g because there was a trailing newline character in the file based version). * Bump `rpassword` to `v7.3.1` * Add `CHANGELOG` entry * Fix typo
entropyxyz · Jan 12, 2024 · 75f07d4 · 75f07d4
1 parent e9c0bc1
commit 75f07d4
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,9 @@ At the moment this project **does not** adhere to
 - Additional `hash` field in `/sign_tx` JSON body indicates which hashing algorithm to use for signing ([#553](https://github.com/entropyxyz/entropy-core/pull/553))
 - Additive aux data ([#577](https://github.com/entropyxyz/entropy-core/pull/577))
 
+### Fixed
+- Fix inconsistency between interactive and file based passwords ([#589](https://github.com/entropyxyz/entropy-core/pull/589))
+
 ### Removed
 - Remove pallet-helpers ([#581](https://github.com/entropyxyz/entropy-core/pull/581/))
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/kvdb/Cargo.toml b/crates/kvdb/Cargo.toml
@@ -19,7 +19,7 @@ sp-core={ version="21.0.0", default-features=false }
 
 # Crypto
 zeroize         ={ version="1.4", features=["zeroize_derive"], default-features=false }
-rpassword       ={ version="5.0", default-features=false }
+rpassword       ={ version="7.3.1", default-features=false }
 scrypt          ={ version="0.11.0", default-features=false, features=["std"] }
 chacha20poly1305={ version="0.9", features=["alloc"], default-features=false }
 synedrion       ="0.1"

diff --git a/crates/threshold-signature-server/src/helpers/launch.rs b/crates/threshold-signature-server/src/helpers/launch.rs
@@ -96,8 +96,10 @@ pub async fn load_kv_store(
     };
 
     let password = if let Some(password_path) = password_path {
-        String::from_utf8(fs::read(password_path).expect("error reading password file"))
+        std::str::from_utf8(&fs::read(password_path).expect("error reading password file"))
             .expect("failed to convert password to string")
+            .trim()
+            .to_string()
             .into()
     } else {
         PasswordMethod::Prompt.execute().unwrap()