fix(rpc): remove character check blocking password input (#2287)

This commit removes check for <, >, & characters in RPC request bodies that was incorrectly blocking valid password characters in get_mnemonic RPC call. These special characters should be allowed in passwords. This aligns native behavior with WASM implementation.
KomodoPlatform · Dec 9, 2024 · df1077b · df1077b
1 parent 704731e
commit df1077b
Showing 1 changed file with 2 additions and 17 deletions.
diff --git a/mm2src/mm2_main/src/rpc.rs b/mm2src/mm2_main/src/rpc.rs
@@ -22,10 +22,10 @@
 
 use crate::rpc::rate_limiter::RateLimitError;
 use common::log::{error, info};
-use common::{err_to_rpc_json_string, err_tp_rpc_json, HttpStatusCode, APPLICATION_JSON};
+use common::{err_to_rpc_json_string, err_tp_rpc_json, HttpStatusCode};
 use derive_more::Display;
 use futures::future::{join_all, FutureExt};
-use http::header::{HeaderValue, ACCESS_CONTROL_ALLOW_ORIGIN, CONTENT_TYPE};
+use http::header::{HeaderValue, ACCESS_CONTROL_ALLOW_ORIGIN};
 use http::request::Parts;
 use http::{Method, Request, Response, StatusCode};
 use mm2_core::mm_ctx::MmArc;
@@ -203,8 +203,6 @@ async fn process_single_request(ctx: MmArc, req: Json, client: SocketAddr) -> Re
 
 #[cfg(not(target_arch = "wasm32"))]
 async fn rpc_service(req: Request<Body>, ctx_h: u32, client: SocketAddr) -> Response<Body> {
-    const NON_ALLOWED_CHARS: &[char] = &['<', '>', '&'];
-
     /// Unwraps a result or propagates its error 500 response with the specified headers (if they are present).
     macro_rules! try_sf {
         ($value: expr $(, $header_key:expr => $header_val:expr)*) => {
@@ -263,19 +261,6 @@ async fn rpc_service(req: Request<Body>, ctx_h: u32, client: SocketAddr) -> Resp
 
     let req_json = {
         let req_bytes = try_sf!(hyper::body::to_bytes(req_body).await, ACCESS_CONTROL_ALLOW_ORIGIN => rpc_cors);
-        let req_str = String::from_utf8_lossy(req_bytes.as_ref());
-        let is_invalid_input = req_str.chars().any(|c| NON_ALLOWED_CHARS.contains(&c));
-        if is_invalid_input {
-            return Response::builder()
-                .status(500)
-                .header(ACCESS_CONTROL_ALLOW_ORIGIN, rpc_cors)
-                .header(CONTENT_TYPE, APPLICATION_JSON)
-                .body(Body::from(err_to_rpc_json_string(&format!(
-                    "Invalid input: contains one or more of the following non-allowed characters: {:?}",
-                    NON_ALLOWED_CHARS
-                ))))
-                .unwrap();
-        }
         try_sf!(json::from_slice(&req_bytes), ACCESS_CONTROL_ALLOW_ORIGIN => rpc_cors)
     };