[bisq-network/bisq] [dev] A consistent approach to wallet password protection & unlocking (#5398)

[jmacxx]

There are a couple of open PRs requesting wallet password prompts to be put in for Burn BSQ, Asset fee listing, Bonded Reputation, Unlock Bond, Make Proposal, Vote, and View Private Keys.  There is already a wallet password prompt at app startup, and when sending from BTC & BSQ wallets.  A previous [PR](https://github.com/bisq-network/bisq/pull/4780) was cited as an example of how to do it.  But actually a more consistent way to unlock the wallet would be better.  

The model used in other wallets like `monero-wallet-cli` and also Unix `sudo` is, upon a privileged action, to authenticate and keep that authentication for a certain period of time, e.g. 1 minute.  That way if you are doing repeated wallet actions you don't have to enter the password every time.  The wallet automatically locks itself after a minute of inactivity.

The other advantage is that you intercept the privilege escalation at the point it is used rather than spreading the same code all throughout the GUI.  This makes code cleaner, more robust, and devs don't have to remember to code a password prompt every time a new wallet feature is added (like the one recently added to the Multisig Payout Tool).

We already have some form of unlock and lock on timeout implemented in `CoreWalletsService.java`.  Perhaps this can be utilized.  I just need to figure out the details, and wanted to communicate that I'm working on it as an overall solution to https://github.com/bisq-network/bisq/issues/5152 and https://github.com/bisq-network/bisq/issues/5276

cc: @bisq-network/bisq-devs @pazza83

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/discussions/5398
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210406/a0157f76/attachment-0001.htm>