[DEVOPS-1250] backport RCD-47 fix about 'hasSpendingPassword' metadata with extra sanity check

Since a few users have already ran the migration, they might have migrated wallet with incorrect metadata, wrongly stating that
their wallet has no spending password, and as a consequence, preventing them from doing anything with their wallet. So, we do now
run an extra sanity check upon every start to make sure that the wallet acid state metadata matches what we find in the keystore.

Author: KtorZ

wallet/src/Cardano/Wallet/Action.hs

@@ -22,7 +22,8 @@ import           Cardano.Wallet.Kernel (PassiveWallet)
 import qualified Cardano.Wallet.Kernel as Kernel
 import qualified Cardano.Wallet.Kernel.Internal as Kernel.Internal
 import qualified Cardano.Wallet.Kernel.Keystore as Keystore
-import           Cardano.Wallet.Kernel.Migration (migrateLegacyDataLayer)
+import           Cardano.Wallet.Kernel.Migration (migrateLegacyDataLayer,
+                     sanityCheckSpendingPassword)
 import qualified Cardano.Wallet.Kernel.Mode as Kernel.Mode
 import qualified Cardano.Wallet.Kernel.NodeStateAdaptor as NodeStateAdaptor
 import           Cardano.Wallet.Server.CLI (WalletBackendParams,
@@ -68,6 +69,7 @@ actionWithWallet params genesisConfig walletConfig txpConfig ntpConfig nodeParam
         let pm = configProtocolMagic genesisConfig
         WalletLayer.Kernel.bracketPassiveWallet pm dbMode logMessage' keystore nodeState (npFInjects nodeParams) $ \walletLayer passiveWallet -> do
             migrateLegacyDataLayer passiveWallet dbPath (getFullMigrationFlag params)
+            sanityCheckSpendingPassword passiveWallet
 
             let plugs = plugins (walletLayer, passiveWallet) dbMode
 

wallet/src/Cardano/Wallet/Kernel/Migration.hs

@@ -1,10 +1,17 @@
-module Cardano.Wallet.Kernel.Migration (migrateLegacyDataLayer) where
+{-# LANGUAGE LambdaCase #-}
+
+module Cardano.Wallet.Kernel.Migration
+    ( migrateLegacyDataLayer
+    , sanityCheckSpendingPassword
+    ) where
 
 import           Universum
 
+import           Data.Acid.Advanced (update')
 import           Data.Text (pack)
 import           Data.Time (defaultTimeLocale, formatTime, getCurrentTime,
                      iso8601DateFormat)
+import           Pos.Crypto.Signing (checkPassMatches)
 import           System.Directory (doesDirectoryExist, makeAbsolute, renamePath)
 
 import           Formatting ((%))
@@ -15,10 +22,15 @@ import           Pos.Crypto (EncryptedSecretKey)
 import           Pos.Util.Wlog (Severity (..))
 
 import qualified Cardano.Wallet.Kernel as Kernel
+import           Cardano.Wallet.Kernel.DB.AcidState (UpdateHdRootPassword (..))
 import qualified Cardano.Wallet.Kernel.DB.HdWallet as HD
+import           Cardano.Wallet.Kernel.DB.InDb (InDb (..))
+import qualified Cardano.Wallet.Kernel.DB.Read as Kernel
 import qualified Cardano.Wallet.Kernel.Internal as Kernel
 import           Cardano.Wallet.Kernel.Keystore as Keystore
+import qualified Cardano.Wallet.Kernel.Read as Kernel
 import           Cardano.Wallet.Kernel.Restore (restoreWallet)
+import           Cardano.Wallet.Kernel.Util.Core (getCurrentTimestamp)
 
 {-------------------------------------------------------------------------------
   Pure helper functions for migration.
@@ -104,9 +116,7 @@ restore pw forced esk = do
         rootId = HD.eskToHdRootId nm esk
 
     let -- DEFAULTS for wallet restoration
-        -- we don't have a spending password during migration
-        hasSpendingPassword   = False
-        -- we cannot derive an address without a spending password
+        hasSpendingPassword   = isNothing $ checkPassMatches mempty esk
         defaultAddress        = Nothing
         defaultWalletName     = HD.WalletName "<Migrated Wallet>"
         defaultAssuranceLevel = HD.AssuranceLevelStrict
@@ -132,3 +142,42 @@ restore pw forced esk = do
                 True  -> do
                     logMsg Error ("Migration failed! " <> msg <> " You are advised to delete the newly created db and try again.")
                     exitFailure
+
+-- | Verify that the spending password metadata are correctly set. We mistakenly
+-- forgot to port a fix from RCD-47 done on 2.0.x onto 3.0.0 and, for a few
+-- users, have migrated / restored their wallet with a wrong spending password
+-- metadata (arbitrarily set to `False`), making their wallet completely
+-- unusable.
+--
+-- This checks makes sure that the 'hasSpendingPassword' metadata correctly
+-- reflects the wallet condition. To be run on each start-up, unfortunately.
+sanityCheckSpendingPassword
+    :: Kernel.PassiveWallet
+    -> IO ()
+sanityCheckSpendingPassword pw = do
+    let nm = makeNetworkMagic (pw ^. Kernel.walletProtocolMagic)
+    wKeys <- Keystore.getKeys (pw ^. Kernel.walletKeystore)
+    db <- Kernel.getWalletSnapshot pw
+    lastUpdateNow <- InDb <$> getCurrentTimestamp
+    forM_ wKeys $ \esk -> do
+        let hasSpendingPassword = case checkPassMatches mempty esk of
+                Nothing -> HD.HasSpendingPassword lastUpdateNow
+                Just _  -> HD.NoSpendingPassword
+        let rootId = HD.eskToHdRootId nm esk
+        whenDiscrepancy db rootId hasSpendingPassword restoreTruth >>= \case
+            Left (HD.UnknownHdRoot _) ->
+                logMsg Error "Failed to update spending password status, HDRoot is gone?"
+            Right _ ->
+                return ()
+  where
+    logMsg = pw ^. Kernel.walletLogMessage
+    whenDiscrepancy db rootId hasSpendingPassword action = do
+        case (hasSpendingPassword, Kernel.lookupHdRootId db rootId) of
+            (_, Left e) ->
+                return $ Left e
+            (HD.HasSpendingPassword _, Right root) | root ^. HD.hdRootHasPassword == HD.NoSpendingPassword ->
+                action rootId hasSpendingPassword
+            _ -> -- Avoid making a DB update when there's no need
+                return $ Right ()
+    restoreTruth rootId hasSpendingPassword =
+        void <$> update' (pw ^. Kernel.wallets) (UpdateHdRootPassword rootId hasSpendingPassword)