From 29a276f1806d838a9ba51ab786aba0e5999e571f Mon Sep 17 00:00:00 2001
From: sowle <crypto.sowle@gmail.com>
Date: Thu, 26 Dec 2019 18:08:57 +0300
Subject: [PATCH] do not allow watch-only wallets be opened by GUI +
 refactoring

---
 src/currency_core/account.cpp                 | 31 ++++++++++++++++---
 .../qt-daemon/application/daemon_backend.cpp  |  4 ++-
 src/gui/qt-daemon/application/view_iface.h    |  1 +
 src/gui/qt-daemon/html/assets/i18n/en.json    |  1 +
 src/gui/qt-daemon/html/main.js                |  3 ++
 .../app/_helpers/services/backend.service.ts  |  3 ++
 .../html_source/src/assets/i18n/en.json       |  1 +
 src/wallet/wallet2.cpp                        |  2 +-
 8 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/src/currency_core/account.cpp b/src/currency_core/account.cpp
index 39f6675e..0f8adc36 100644
--- a/src/currency_core/account.cpp
+++ b/src/currency_core/account.cpp
@@ -28,16 +28,21 @@ namespace currency
 
   //-----------------------------------------------------------------
   account_base::account_base()
-    :m_keys{}
-    ,m_creation_timestamp{}
-    ,m_seed{}
   {
     set_null();
   }
   //-----------------------------------------------------------------
   void account_base::set_null()
   {
+    // fill sensitive data with random bytes
+    crypto::generate_random_bytes(sizeof m_keys.m_spend_secret_key, &m_keys.m_spend_secret_key);
+    crypto::generate_random_bytes(sizeof m_keys.m_view_secret_key, &m_keys.m_view_secret_key);
+    crypto::generate_random_bytes(m_seed.size(), &m_seed[0]);
+    
+    // clear
     m_keys = account_keys();
+    m_creation_timestamp = 0;
+    m_seed.clear();
   }
   //-----------------------------------------------------------------
   void account_base::generate()
@@ -65,6 +70,8 @@ namespace currency
   std::string account_base::get_restore_braindata() const 
   {
     std::string restore_buff = get_restore_data();
+    if (restore_buff.empty())
+      return "";
     std::vector<unsigned char> v;
     v.assign((unsigned char*)restore_buff.data(), (unsigned char*)restore_buff.data() + restore_buff.size());
     std::string seed_brain_data = tools::mnemonic_encoding::binary2text(v);
@@ -124,7 +131,23 @@ namespace currency
   //-----------------------------------------------------------------
   void account_base::make_account_watch_only()
   {
-    m_keys.m_spend_secret_key = currency::null_skey;
+    // keep only:
+    // timestamp
+    // view pub & spend pub (public address)
+    // view sec
+    
+    // store to local tmp
+    uint64_t local_ts = m_creation_timestamp;
+    account_public_address local_addr = m_keys.m_account_address;
+    crypto::secret_key local_view_sec = m_keys.m_view_secret_key;
+
+    // clear
+    set_null();
+
+    // restore
+    m_creation_timestamp = local_ts;
+    m_keys.m_account_address = local_addr;
+    m_keys.m_view_secret_key = local_view_sec;
   }
   //-----------------------------------------------------------------
   std::string transform_addr_to_str(const account_public_address& addr)
diff --git a/src/gui/qt-daemon/application/daemon_backend.cpp b/src/gui/qt-daemon/application/daemon_backend.cpp
index b4bd319d..c707766b 100644
--- a/src/gui/qt-daemon/application/daemon_backend.cpp
+++ b/src/gui/qt-daemon/application/daemon_backend.cpp
@@ -676,7 +676,9 @@ std::string daemon_backend::open_wallet(const std::wstring& path, const std::str
   {
     try
     {
-      w->load(path, password);  
+      w->load(path, password);
+      if (w->is_watch_only())
+        return API_RETURN_CODE_WALLET_WATCH_ONLY_NOT_SUPPORTED;
       w->get_recent_transfers_history(owr.recent_history.history, 0, txs_to_return, owr.recent_history.total_history_items);
       //w->get_unconfirmed_transfers(owr.recent_history.unconfirmed);      
       w->get_unconfirmed_transfers(owr.recent_history.history);
diff --git a/src/gui/qt-daemon/application/view_iface.h b/src/gui/qt-daemon/application/view_iface.h
index d50cec72..52591e8e 100644
--- a/src/gui/qt-daemon/application/view_iface.h
+++ b/src/gui/qt-daemon/application/view_iface.h
@@ -736,6 +736,7 @@ public:
 #define API_RETURN_CODE_BAD_ARG_WRONG_PAYMENT_ID                "BAD_ARG_WRONG_PAYMENT_ID"
 #define API_RETURN_CODE_WRONG_PASSWORD                          "WRONG_PASSWORD"
 #define API_RETURN_CODE_WALLET_WRONG_ID                         "WALLET_WRONG_ID"
+#define API_RETURN_CODE_WALLET_WATCH_ONLY_NOT_SUPPORTED         "WALLET_WATCH_ONLY_NOT_SUPPORTED"
 #define API_RETURN_CODE_FILE_NOT_FOUND                          "FILE_NOT_FOUND"
 #define API_RETURN_CODE_ALREADY_EXISTS                          "ALREADY_EXISTS"
 #define API_RETURN_CODE_CANCELED                                "CANCELED"
diff --git a/src/gui/qt-daemon/html/assets/i18n/en.json b/src/gui/qt-daemon/html/assets/i18n/en.json
index 8376eef7..b720e948 100644
--- a/src/gui/qt-daemon/html/assets/i18n/en.json
+++ b/src/gui/qt-daemon/html/assets/i18n/en.json
@@ -581,6 +581,7 @@
     "TRANSACTION_ERROR": "Error. Transaction not completed.",
     "BAD_ARG": "Invalid argument",
     "WALLET_WRONG_ID": "Invalid wallet ID",
+    "WALLET_WATCH_ONLY_NOT_SUPPORTED": "Watch-only wallets can only be opened by simplewallet",
     "WRONG_PASSWORD": "Invalid password",
     "FILE_RESTORED": "The wallet file was corrupted. We have recovered the keys and the wallet from the blockchain",
     "FILE_NOT_FOUND": "File not found",
diff --git a/src/gui/qt-daemon/html/main.js b/src/gui/qt-daemon/html/main.js
index cdc633e6..34d33acd 100644
--- a/src/gui/qt-daemon/html/main.js
+++ b/src/gui/qt-daemon/html/main.js
@@ -1843,6 +1843,9 @@ var BackendService = /** @class */ (function () {
             case 'WALLET_WRONG_ID':
                 error_translate = 'ERRORS.WALLET_WRONG_ID';
                 break;
+            case 'WALLET_WATCH_ONLY_NOT_SUPPORTED':
+                error_translate = 'ERRORS.WALLET_WATCH_ONLY_NOT_SUPPORTED';
+                break;
             case 'WRONG_PASSWORD':
             case 'WRONG_PASSWORD:invalid password':
                 params = JSON.parse(params);
diff --git a/src/gui/qt-daemon/html_source/src/app/_helpers/services/backend.service.ts b/src/gui/qt-daemon/html_source/src/app/_helpers/services/backend.service.ts
index d4d4971f..eb90c830 100644
--- a/src/gui/qt-daemon/html_source/src/app/_helpers/services/backend.service.ts
+++ b/src/gui/qt-daemon/html_source/src/app/_helpers/services/backend.service.ts
@@ -109,6 +109,9 @@ export class BackendService {
       case 'WALLET_WRONG_ID':
         error_translate = 'ERRORS.WALLET_WRONG_ID';
         break;
+      case 'WALLET_WATCH_ONLY_NOT_SUPPORTED':
+        error_translate = 'ERRORS.WALLET_WATCH_ONLY_NOT_SUPPORTED';
+        break;
       case 'WRONG_PASSWORD':
       case 'WRONG_PASSWORD:invalid password':
         params = JSON.parse(params);
diff --git a/src/gui/qt-daemon/html_source/src/assets/i18n/en.json b/src/gui/qt-daemon/html_source/src/assets/i18n/en.json
index 8376eef7..b720e948 100644
--- a/src/gui/qt-daemon/html_source/src/assets/i18n/en.json
+++ b/src/gui/qt-daemon/html_source/src/assets/i18n/en.json
@@ -581,6 +581,7 @@
     "TRANSACTION_ERROR": "Error. Transaction not completed.",
     "BAD_ARG": "Invalid argument",
     "WALLET_WRONG_ID": "Invalid wallet ID",
+    "WALLET_WATCH_ONLY_NOT_SUPPORTED": "Watch-only wallets can only be opened by simplewallet",
     "WRONG_PASSWORD": "Invalid password",
     "FILE_RESTORED": "The wallet file was corrupted. We have recovered the keys and the wallet from the blockchain",
     "FILE_NOT_FOUND": "File not found",
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 8cf28801..d66fead1 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -2097,7 +2097,7 @@ void wallet2::store(const std::wstring& path_to_save, const std::string& passwor
 
   //prepare data
   std::string keys_buff;
-  bool r = store_keys(keys_buff, password);
+  bool r = store_keys(keys_buff, password, m_watch_only);
   WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(r, "failed to store_keys for wallet " << ascii_path_to_save);
 
   //store data