fix: Tier-1 UX robustness — backup/export integrity, verified installs, input validation
From the app-wide robustness audit (calibrated to the import-key dialog). These are the safety-critical fixes; several could cost users funds: - Backup/export false success (FUND LOSS): exportAllKeys pre-seeded a header, so a keyless result (the usual case when the wallet is encrypted+locked) still looked non-empty and backupWallet wrote a private-key-less file and reported "Backup saved". Now exportAllKeys returns an exported count; backupWallet and the export-all dialog refuse to write / report success on 0 keys, disclose the count, flag partial results as INCOMPLETE, and the backup dialog confirms before overwriting an existing file (+ trims the path). - Bootstrap: fail CLOSED — refuse to install an unverified multi-GB archive when no checksum is published (was `return true`), mirroring the xmrig/daemon updaters. - Restore-from-seed: require a valid BIP39 word count (12/15/18/21/24) with a live "should be 24 words — you have N" hint instead of accepting any non-empty text. - Encryption passphrase: detect leading/trailing whitespace and BLOCK with a warning (not a silent trim, which would change the passphrase and lock the user out). - Receive payment QR: emit the canonical `drgx:` scheme with a URL-encoded memo via a new shared util::buildPaymentUri (the request-payment dialog now routes through it too, so they can't diverge); the old "dragonx:" + raw memo was unparseable by the wallet's own scanner. Also clamps the receive "Recent Received" list to the 4 most recent (companion to the recent-lists commit). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1285,10 +1285,24 @@ void App::renderFirstRunWizard() {
|
||||
cy += captionFont->LegacySize + 6.0f * dp;
|
||||
}
|
||||
|
||||
// Warn + block if the passphrase has leading/trailing whitespace. Silently trimming it would
|
||||
// change the passphrase the user believes they set and lock them out on the next unlock.
|
||||
bool passEdgeSpace = false;
|
||||
if (size_t pl = strlen(encrypt_pass_buf_)) {
|
||||
char a = encrypt_pass_buf_[0], b = encrypt_pass_buf_[pl - 1];
|
||||
passEdgeSpace = (a == ' ' || a == '\t' || b == ' ' || b == '\t');
|
||||
}
|
||||
if (passEdgeSpace) {
|
||||
dl->AddText(captionFont, captionFont->LegacySize, ImVec2(cx, cy),
|
||||
ui::material::Error(), "Passphrase has leading/trailing spaces — remove them");
|
||||
cy += captionFont->LegacySize + 6.0f * dp;
|
||||
}
|
||||
|
||||
// Buttons
|
||||
{
|
||||
bool passValid = strlen(encrypt_pass_buf_) >= 8 &&
|
||||
strcmp(encrypt_pass_buf_, encrypt_confirm_buf_) == 0;
|
||||
strcmp(encrypt_pass_buf_, encrypt_confirm_buf_) == 0 &&
|
||||
!passEdgeSpace;
|
||||
// PIN is optional: if entered, must be valid + confirmed
|
||||
std::string pinStr(wizard_pin_buf_);
|
||||
bool pinEntered = !pinStr.empty();
|
||||
|
||||
Reference in New Issue
Block a user