Development mode for Signer UI (#1788)

* Development mode for Signer * CLI option for signer-dev * Renaming CLI option * Make obvious that CLI option is insecure. [ci:skip] * Additional warning over security
2016-08-02 18:53:53 +02:00
parent 9de579366a
commit 0c7ab34c32
6 changed files with 52 additions and 10 deletions
--- a/parity/cli.rs
+++ b/parity/cli.rs
@@ -74,6 +74,9 @@ Account Options:
                           [default: 8180].
  --signer-path PATH       Specify directory where Signer UIs tokens should
                           be stored. [default: $HOME/.parity/signer]
+  --signer-no-validation   Disable Origin and Host headers validation for
+                           Trusted Signer. WARNING: INSECURE. Used only for
+                           development.

 Networking Options:
  --no-network             Disable p2p networking.
@@ -212,7 +215,7 @@ Footprint Options:
                           the entire system, overrides other cache and queue
                           options.
  --fast-and-loose         Disables DB WAL, which gives a significant speed up
-                           but means an unclean exit is unrecoverable. 
+                           but means an unclean exit is unrecoverable.
  --db-compaction TYPE     Database compaction type. TYPE may be one of:
                           ssd - suitable for SSDs and fast HDDs;
                           hdd - suitable for slow HDDs [default: ssd].
@@ -337,6 +340,7 @@ pub struct Args {
 	pub flag_no_signer: bool,
 	pub flag_signer_port: u16,
 	pub flag_signer_path: String,
+	pub flag_signer_no_validation: bool,
 	pub flag_force_sealing: bool,
 	pub flag_reseal_on_txs: String,
 	pub flag_reseal_min_period: u64,
--- a/parity/configuration.rs
+++ b/parity/configuration.rs
@@ -303,6 +303,7 @@ impl Configuration {
 			enabled: self.signer_enabled(),
 			port: self.args.flag_signer_port,
 			signer_path: self.directories().signer,
+			skip_origin_validation: self.args.flag_signer_no_validation,
 		}
 	}

@@ -789,6 +790,19 @@ mod tests {
 		assert_eq!(conf0.signer_enabled(), false);
 	}

+	#[test]
+	fn should_parse_signer_allow_all_flag() {
+		// given
+
+		// when
+		let conf0 = parse(&["parity", "--signer-no-validation"]);
+		let conf1 = parse(&["parity"]);
+
+		// then
+		assert_eq!(conf0.args.flag_signer_no_validation, true);
+		assert_eq!(conf1.args.flag_signer_no_validation, false);
+	}
+
 	#[test]
 	fn should_not_bail_on_empty_line_in_reserved_peers() {
 		let temp = RandomTempPath::new();
--- a/parity/signer.rs
+++ b/parity/signer.rs
@@ -32,6 +32,7 @@ pub struct Configuration {
 	pub enabled: bool,
 	pub port: u16,
 	pub signer_path: String,
+	pub skip_origin_validation: bool,
 }

 impl Default for Configuration {
@@ -40,6 +41,7 @@ impl Default for Configuration {
 			enabled: true,
 			port: 8180,
 			signer_path: replace_home("$HOME/.parity/signer"),
+			skip_origin_validation: false,
 		}
 	}
 }
@@ -89,6 +91,11 @@ fn do_start(conf: Configuration, deps: Dependencies) -> Result<SignerServer, Str
 			deps.apis.signer_queue.clone(),
 			codes_path(conf.signer_path),
 		);
+		if conf.skip_origin_validation {
+			warn!("{}", Colour::Red.bold().paint("*** INSECURE *** Running Trusted Signer with no origin validation."));
+			info!("If you do not intend this, exit now.");
+		}
+		let server = server.skip_origin_validation(conf.skip_origin_validation);
 		let server = rpc_apis::setup_rpc(server, deps.apis, rpc_apis::ApiSet::SafeContext);
 		server.start(addr)
 	};