rpc: Undeprecate rpcuser/rpcpassword, store all credentials hashed in memory #32423

pull laanwj wants to merge 4 commits into bitcoin:master from laanwj:2025-05-remove-rpcpassword-deprecation changing 3 files +75 −48
  1. laanwj commented at 9:31 AM on May 6, 2025: member

    This PR does two things:

    Undeprecate rpcuser/rpcpassword, change message to security warning

    Back in 2015, in #7044, we added configuration option rpcauth for multiple RPC users. At the same time the old settings for single-user configuration rpcuser and rpcpassword were "soon" to be deprecated.

    The main reason for this deprecation is that while rpcpassword stores the password in plain text, rpcauth stores a hash, so it doesn't appear in the configuration in plain text.

    As the options are still in active use, actually removing them is expected to be a hassle to many, and it's not clear that is worth it. As for the security risk, in many kinds of setups (no wallet, containerized, single-user-single-application, local-only, etc) it is an unlikely point of escalation.

    In the end, it is good to encourage secure practices, but it is the responsibility of the user. Log a clear warning but remove the deprecation notice (this is also the only place where the options appear as deprecated, they were never marked as such in the -help output).

    <hr>

    Store all credentials hashed in memory

    This gets rid of the special-casing of strRPCUserColonPass by hashing cookies as well as manually provided -rpcuser/-rpcpassword with a random salt before storing them.

    Also take the opportunity to modernize the surrounding code a bit. There should be no end-user visible differences in behavior.

    <hr>

    Closes #29240.

  2. laanwj added the label RPC/REST/ZMQ on May 6, 2025
  3. DrahtBot commented at 9:31 AM on May 6, 2025: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32423.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK 1440000bytes, janb84, vasild
    Concept ACK Sjors

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #29641 (scripted-diff: Use LogInfo over LogPrintf [WIP, NOMERGE, DRAFT] by maflcko)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  4. laanwj force-pushed on May 6, 2025
  5. in src/httprpc.cpp:318 in 1b28314259 outdated 
     313 | @@ -314,7 +314,8 @@ static bool InitRPCAuthentication()
 314 |              LogInfo("Using random cookie authentication.");
 315 |          }
 316 |      } else {
 317 | -        LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcauth for rpcauth auth generation.\n");
 318 | +        LogInfo("Using rpcuser/rpcpassword authentication.");
 319 | +        LogWarning("The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth for more information.\n");
    maflcko commented at 9:46 AM on May 6, 2025:

    nit in 1b28314259952b70071eeeae11867e921729c4c7: Can drop the trailing newline, if you retouch.

  6. in src/httprpc.cpp:329 in 2392b43247 outdated 
     328 | +        GetStrongRandBytes(raw_salt);
 329 | +        std::string salt = HexStr(raw_salt);
 330 | +
 331 | +        // Compute HMAC.
 332 | +        std::array<unsigned char,  CHMAC_SHA256::OUTPUT_SIZE> out;
 333 | +        CHMAC_SHA256(reinterpret_cast<const unsigned char*>(salt.data()), salt.size()).Write(reinterpret_cast<const unsigned char*>(pass.data()), pass.size()).Finalize(out.data());
    maflcko commented at 9:51 AM on May 6, 2025:

    nit in 2392b4324777e002dc5363bac7f85cc6f8586818: For new code, UCharCast may be better than a "raw" cast, but only if you re-touch.

  7. maflcko commented at 9:56 AM on May 6, 2025: member

    concept ack

  8. in src/httprpc.cpp:102 in 2392b43247 outdated 
      98 | @@ -101,31 +99,27 @@ static void JSONErrorReply(HTTPRequest* req, UniValue objError, const JSONRPCReq
  99 |  
 100 |  //This function checks username and password against -rpcauth
 101 |  //entries from config file.
 102 | -static bool multiUserAuthorized(std::string strUserPass)
 103 | +static bool CheckUserAuthorized(std::string user_pass)
    laanwj commented at 10:14 AM on May 6, 2025:

    self-nit: This could be std::string_view as well. Or const std::string& at least.

  9. laanwj force-pushed on May 6, 2025
  10. laanwj commented at 10:28 AM on May 6, 2025: member

    2392b4324777e002dc5363bac7f85cc6f8586818 → 3b0366d1775d6c00844ff0c90542814bf641bb18 Use UCharCast, no newline on log message, pass in std::string_view, some & code formatting

  11. in src/httprpc.cpp:104 in 3b0366d177 outdated 
      98 | @@ -101,31 +99,27 @@ static void JSONErrorReply(HTTPRequest* req, UniValue objError, const JSONRPCReq
  99 |  
 100 |  //This function checks username and password against -rpcauth
 101 |  //entries from config file.
 102 | -static bool multiUserAuthorized(std::string strUserPass)
 103 | +static bool CheckUserAuthorized(std::string_view user_pass)
 104 |  {
 105 | -    if (strUserPass.find(':') == std::string::npos) {
 106 | +    if (user_pass.find(':') == std::string::npos) {
    laanwj commented at 11:43 AM on May 6, 2025:

    i intentionally kept this as-is (eg converting to use Split slightly changes semantics), but thinking of it, calling user_pass.find(':')three times in a row is maybe a bit much.

    Edit: heck, in the calling function it already does user_pass.find(':'), might as well do it there and pass in user and password seperately.

  12. Sjors commented at 12:14 PM on May 6, 2025: member

    Hah, I was planning on doing this undeprecating this morning, but couldn't find the deprecation message, so I figured someone already did it.

    Concept ACK

  13. laanwj force-pushed on May 6, 2025
  14. yancyribbens commented at 4:59 PM on May 6, 2025: contributor

    As for the security risk, in many kinds of setups (no wallet, containerized, single-user-single-application, local-only, etc) it is an unlikely point of escalation

    This probably applies to testnet and regtest too.

  15. laanwj commented at 10:15 AM on May 8, 2025: member

    This probably applies to testnet and regtest too.

    Yes, for quick testing, not having to use an external script to create credentials is more convenient too. Usually cookie-based auth will suffice, but not always when dealing with external applications that need a username/password.

  16. janb84 commented at 11:48 AM on May 8, 2025: contributor

    tACK 3acfc07

    • code review ✅
    • compiled, run all tests ✅
    • tested on regtest with user/pass & did remote curl call to test rpc user&pass func. ✅
  17. DrahtBot requested review from Sjors on May 8, 2025
  18. in src/httprpc.cpp:306 in 3acfc071c3 outdated 
     306 |          }
 307 |      } else {
 308 | -        LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcauth for rpcauth auth generation.\n");
 309 | -        strRPCUserColonPass = gArgs.GetArg("-rpcuser", "") + ":" + gArgs.GetArg("-rpcpassword", "");
 310 | +        LogInfo("Using rpcuser/rpcpassword authentication.");
 311 | +        LogWarning("The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth for more information.");
    vasild commented at 11:47 AM on May 9, 2025:

    It is like this in master, but the meaning of share/rpcauth may not be obvious. Especially considering that some distros may not install it in their packages. Is not installed by our cmake --install BUILDDIR either. Maybe change to "See share/rpcauth in the source directory for more information".

    vasild commented at 11:51 AM on May 9, 2025:

    Maybe also worth adding the warning in the descriptions of -rpcuser and -rpcpassword in init.cpp:

    https://github.com/bitcoin/bitcoin/blob/5b8752198e979ea4987d8b6238f42f8ed9a38846/src/init.cpp#L668

    and

    https://github.com/bitcoin/bitcoin/blob/5b8752198e979ea4987d8b6238f42f8ed9a38846/src/init.cpp#L664

    laanwj commented at 2:23 PM on May 9, 2025:

    Maybe; we never added the deprecation notice there, so i'm not convinced i should touch that now.

    laanwj commented at 2:28 PM on May 9, 2025:

    Agree.

  19. in src/httprpc.cpp:326 in 3acfc071c3 outdated 
     326 | +        std::array<unsigned char, 16> raw_salt;
 327 | +        GetStrongRandBytes(raw_salt);
 328 | +        std::string salt = HexStr(raw_salt);
 329 | +
 330 | +        // Compute HMAC.
 331 | +        std::array<unsigned char,  CHMAC_SHA256::OUTPUT_SIZE> out;
    vasild commented at 12:19 PM on May 9, 2025:

    nit:

            std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE> out;
  20. in src/httprpc.cpp:104 in 3acfc071c3 outdated 
     109 | -    std::string strPass = strUserPass.substr(strUserPass.find(':') + 1);
 110 | -
 111 | -    for (const auto& vFields : g_rpcauth) {
 112 | -        std::string strName = vFields[0];
 113 | -        if (!TimingResistantEqual(strName, strUser)) {
 114 | +    for (const auto& fields : g_rpcauth) {
    vasild commented at 12:26 PM on May 9, 2025:

    Just noting: the way this works (unchanged by this PR) is that it allows duplicate usernames with different passwords (e.g. joe:123 and joe:456) and would allow login with either password (123 or 456).

    (just a comment, feel free to resolve right away)

    laanwj commented at 2:25 PM on May 9, 2025:

    Yes, this was and is still alllowed. Not sure it's a problem, if people want multiple passwords for one username they can do so, it doesn't open any security hole. In any case doesn't seem in scope of this change, which intentionally doesn't change user-visible behavior.

  21. in src/httprpc.cpp:318 in 3acfc071c3 outdated 
     304 |          } else {
 305 |              LogInfo("Using random cookie authentication.");
 306 |          }
 307 |      } else {
 308 | -        LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcauth for rpcauth auth generation.\n");
 309 | -        strRPCUserColonPass = gArgs.GetArg("-rpcuser", "") + ":" + gArgs.GetArg("-rpcpassword", "");
    vasild commented at 12:46 PM on May 9, 2025:

    I did not test to confirm this, just read the code, but before this PR if -rpcuser=joe -rpcpassword=abc:def was configured, it would have been possible to login with user joe:abc and password def.

    (just a comment, feel free to resolve right away)

    laanwj commented at 2:26 PM on May 9, 2025:

    Agree, it's no longer possible to have : in -rpcpassword after this due to the choice to split them using Split(). I could change that code, though : in -rpcuser should really be invalid as the spec doesn't allow it.

  22. in src/httprpc.cpp:318 in 3acfc071c3 outdated 
     318 | +        if (fields.size() != 2) {
 319 | +            LogError("Unable to parse RPC credentials. The configured rpcuser or rpcpassword cannot contain a \":\".");
 320 | +            return false;
 321 | +        }
 322 | +        const std::string& user = fields[0];
 323 | +        const std::string& pass = fields[1];
    vasild commented at 1:25 PM on May 9, 2025:

    This looks like a new restriction. Could it introduce a breakage for users that have -rpcpassword=contains:colon?

    It is sub-optimal to join/craft the string "user:pass" and to split/parse it a few lines later. Better store the user and pass in separate variables, like this:

    <details> <summary>[patch] use separate variables for user and pass</summary>

    diff --git i/src/httprpc.cpp w/src/httprpc.cpp
index ed5a0253c6..493f1b0320 100644
--- i/src/httprpc.cpp
+++ w/src/httprpc.cpp
@@ -275,13 +275,14 @@ static bool HTTPReq_JSONRPC(const std::any& context, HTTPRequest* req)
     }
     return true;
 }
 
 static bool InitRPCAuthentication()
 {
-    std::string user_colon_pass;
+    std::string user;
+    std::string pass;
 
     if (gArgs.GetArg("-rpcpassword", "") == "")
     {
         std::optional<fs::perms> cookie_perms{std::nullopt};
         auto cookie_perms_arg{gArgs.GetArg("-rpccookieperms")};
         if (cookie_perms_arg) {
@@ -290,36 +291,31 @@ static bool InitRPCAuthentication()
                 LogError("Invalid -rpccookieperms=%s; must be one of 'owner', 'group', or 'all'.", *cookie_perms_arg);
                 return false;
             }
             cookie_perms = *perm_opt;
         }
 
-        if (!GenerateAuthCookie(&user_colon_pass, cookie_perms)) {
+        switch (GenerateAuthCookie(cookie_perms, user, pass)) {
+        case GenerateAuthCookieResult::ERROR:
             return false;
-        }
-        if (user_colon_pass.empty()) {
+        case GenerateAuthCookieResult::DISABLED:
             LogInfo("RPC authentication cookie file generation is disabled.");
-        } else {
+            break;
+        case GenerateAuthCookieResult::OK:
             LogInfo("Using random cookie authentication.");
+            break;
         }
     } else {
         LogInfo("Using rpcuser/rpcpassword authentication.");
         LogWarning("The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth for more information.");
-        user_colon_pass = gArgs.GetArg("-rpcuser", "") + ":" + gArgs.GetArg("-rpcpassword", "");
+        user = gArgs.GetArg("-rpcuser", "");
+        pass = gArgs.GetArg("-rpcpassword", "");
     }
 
     // If there is a plaintext credential, hash it with a random salt before storage.
-    if (!user_colon_pass.empty()) {
-        std::vector<std::string> fields{SplitString(user_colon_pass, ':')};
-        if (fields.size() != 2) {
-            LogError("Unable to parse RPC credentials. The configured rpcuser or rpcpassword cannot contain a \":\".");
-            return false;
-        }
-        const std::string& user = fields[0];
-        const std::string& pass = fields[1];
-
+    if (!user.empty() || !pass.empty()) {
         // Generate a random 16 byte hex salt.
         std::array<unsigned char, 16> raw_salt;
         GetStrongRandBytes(raw_salt);
         std::string salt = HexStr(raw_salt);
 
         // Compute HMAC.
diff --git i/src/rpc/request.cpp w/src/rpc/request.cpp
index 30f4a4f51b..249c6cb621 100644
--- i/src/rpc/request.cpp
+++ w/src/rpc/request.cpp
@@ -94,56 +94,59 @@ static fs::path GetAuthCookieFile(bool temp=false)
     }
     return AbsPathForConfigVal(gArgs, arg);
 }
 
 static bool g_generated_cookie = false;
 
-bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms)
+GenerateAuthCookieResult GenerateAuthCookie(const std::optional<fs::perms>& cookie_perms,
+                                            std::string& user,
+                                            std::string& pass)
 {
     const size_t COOKIE_SIZE = 32;
     unsigned char rand_pwd[COOKIE_SIZE];
     GetRandBytes(rand_pwd);
-    std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
+    const std::string rand_pwd_hex{HexStr(rand_pwd)};
+    std::string cookie = COOKIEAUTH_USER + ":" + rand_pwd_hex;
 
     /** the umask determines what permissions are used to create this file -
      * these are set to 0077 in common/system.cpp.
      */
     std::ofstream file;
     fs::path filepath_tmp = GetAuthCookieFile(true);
     if (filepath_tmp.empty()) {
-        return true; // -norpccookiefile
+        return GenerateAuthCookieResult::DISABLED; // -norpccookiefile
     }
     file.open(filepath_tmp);
     if (!file.is_open()) {
         LogWarning("Unable to open cookie authentication file %s for writing", fs::PathToString(filepath_tmp));
-        return false;
+        return GenerateAuthCookieResult::ERROR;
     }
     file << cookie;
     file.close();
 
     fs::path filepath = GetAuthCookieFile(false);
     if (!RenameOver(filepath_tmp, filepath)) {
         LogWarning("Unable to rename cookie authentication file %s to %s", fs::PathToString(filepath_tmp), fs::PathToString(filepath));
-        return false;
+        return GenerateAuthCookieResult::ERROR;
     }
     if (cookie_perms) {
         std::error_code code;
         fs::permissions(filepath, cookie_perms.value(), fs::perm_options::replace, code);
         if (code) {
             LogWarning("Unable to set permissions on cookie authentication file %s", fs::PathToString(filepath));
-            return false;
+            return GenerateAuthCookieResult::ERROR;
         }
     }
 
     g_generated_cookie = true;
     LogInfo("Generated RPC authentication cookie %s\n", fs::PathToString(filepath));
     LogInfo("Permissions used for cookie: %s\n", PermsToSymbolicString(fs::status(filepath).permissions()));
 
-    if (cookie_out)
-        *cookie_out = cookie;
-    return true;
+    user = COOKIEAUTH_USER;
+    pass = rand_pwd_hex;
+    return GenerateAuthCookieResult::OK;
 }
 
 bool GetAuthCookie(std::string *cookie_out)
 {
     std::ifstream file;
     std::string cookie;
diff --git i/src/rpc/request.h w/src/rpc/request.h
index 24887e8691..e93df02ba6 100644
--- i/src/rpc/request.h
+++ w/src/rpc/request.h
@@ -20,14 +20,31 @@ enum class JSONRPCVersion {
 
 /** JSON-RPC 2.0 request, only used in bitcoin-cli **/
 UniValue JSONRPCRequestObj(const std::string& strMethod, const UniValue& params, const UniValue& id);
 UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional<UniValue> id, JSONRPCVersion jsonrpc_version);
 UniValue JSONRPCError(int code, const std::string& message);
 
-/** Generate a new RPC authentication cookie and write it to disk */
-bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms=std::nullopt);
+enum class GenerateAuthCookieResult : uint8_t {
+    DISABLED, // -norpccookiefile
+    ERROR,
+    OK,
+};
+
+/**
+ * Generate a new RPC authentication cookie and write it to disk
+ * [@param](/bitcoin-bitcoin/contributor/param/)[in] cookie_perms Filesystem permissions to use for the cookie file.
+ * [@param](/bitcoin-bitcoin/contributor/param/)[out] user Generated username, only set if `OK` is returned.
+ * [@param](/bitcoin-bitcoin/contributor/param/)[out] pass Generated password, only set if `OK` is returned.
+ * [@retval](/bitcoin-bitcoin/contributor/retval/) GenerateAuthCookieResult::DISABLED Authentication via cookie is disabled.
+ * [@retval](/bitcoin-bitcoin/contributor/retval/) GenerateAuthCookieResult::ERROR Error occurred, auth data could not be saved to disk.
+ * [@retval](/bitcoin-bitcoin/contributor/retval/) GenerateAuthCookieResult::OK Auth data was generated, saved to disk and in `user` and `pass`.
+ */
+GenerateAuthCookieResult GenerateAuthCookie(const std::optional<fs::perms>& cookie_perms,
+                                            std::string& user,
+                                            std::string& pass);
+
 /** Read the RPC authentication cookie from disk */
 bool GetAuthCookie(std::string *cookie_out);
 /** Delete RPC authentication cookie from disk */
 void DeleteAuthCookie();
 /** Parse JSON-RPC batch reply into a vector */
 std::vector<UniValue> JSONRPCProcessBatchReply(const UniValue& in);

    </details>

    laanwj commented at 2:27 PM on May 9, 2025:

    i did that initially but it was a much larger change than i wanted. The current PR's behavior is easy to review. It seems this works fine, and keeps everything the same with the only exception the : in rpcpassword but that gives a clear error at least.

    laanwj commented at 2:40 PM on May 9, 2025:

    Anyhow, i'll cherry-pick this, thanks, hope i won't get the opposite comment now that this is changing too much 😓

    Edit: done So after this, even -rpcuser can contain : again, although that makes it impossible to authenticate. This is disallowed by the spec so not an important edge case.

    vasild commented at 12:48 PM on May 12, 2025:

    Thanks! Another option, if this gets frowned upon, with less changes, is to leave GenerateAuthCookie() alone and have two separate variables in InitRPCAuthentication(). In the else branch set them like user = gArgs.GetArg("-rpcuser", ""); and pass = gArgs.GetArg("-rpcpassword", ""); and in the if branch where GenerateAuthCookie() is called - use a temporary variable user_colon_pass and parse it immediately into the two user and pass variables.

    Anyway, I think the current one is better because it avoids creating "user:pass" string from GenerateAuthCookie() only to parse it into user and pass later from the only caller.

  23. vasild commented at 1:27 PM on May 9, 2025: contributor

    Almost ACK 3acfc071c3445e943069b2778bbc5c74f702ef36

    Only unsure about The configured rpcuser or rpcpassword cannot contain a ":", see the comment below.

  24. rpc: Undeprecate rpcuser/rpcpassword, change message to security warning
    Back in 2015, in #7044, we added configuration option `rpcauth` for
multiple RPC users. At the same time the old settings for single-user
configuration `rpcuser` and `rpcpassword` were "soon" to be deprecated.

The main reason for this deprecation is that while `-rpcpassword` stores
the password in plain text, `-rpcauth` stores a hash, so it doesn't
appear in the configuration in plain text.

As the options are still in active use, actually removing them is
expected to be a hassle to many, and it's not clear that is worth it. As
for the security risk, in many kinds of setups (no wallet,
containerized, single-user-single-application, local-only, etc) it is an
unlikely point of escalation.

In the end, it is good to encourage secure practices, but it is the
responsibility of the user. Log a clear warning but remove the
deprecation notice.

Closes #29240.
    4ab9bedee9
  25. rpc: Store all credentials hashed in memory
    This gets rid of the special-casing of `strRPCUserColonPass` by hashing
cookies as well as manually provided `-rpcuser`/`-rpcpassword` with a
random salt before storing them.

Also take the opportunity to modernize the surrounding code a bit. There
should be no end-user visible differences in behavior.
    879a17bcb1
  26. rpc: Perform HTTP user:pass split once in `RPCAuthorized` 98ff38a6f1
  27. laanwj force-pushed on May 9, 2025
  28. rpc: Avoid join-split roundtrip for user:pass for auth credentials e49a7274a2
  29. laanwj force-pushed on May 9, 2025
  30. 1440000bytes commented at 10:16 PM on May 11, 2025: none

    utACK https://github.com/bitcoin/bitcoin/pull/32423/commits/e49a7274a2141dcb9e188bc4b45c2d7b928ccecd

    Although I am not sure if it doesn't break anything.

  31. DrahtBot requested review from vasild on May 11, 2025
  32. DrahtBot requested review from janb84 on May 11, 2025
  33. janb84 commented at 9:11 AM on May 12, 2025: contributor

    reACK https://github.com/bitcoin/bitcoin/commit/e49a7274a2141dcb9e188bc4b45c2d7b928ccecd

    Changes since last ACK:

    • Added Enum + logic to use Enum in GenerateAuthCookieResult and InitRPCAuthentication
    • the user and pass are now stored separate variables
    • small change in the logwarning

    Reviewed:

    • Compiled & run tests ✅
    • Code review ✅
    • Some manual testing ✅ (Did some additional testing and weirdly enough an empty user with a password is allowed. This is consistent with the current impl. on master/main so 👍)
  34. vasild approved
  35. vasild commented at 12:48 PM on May 12, 2025: contributor

    ACK e49a7274a2141dcb9e188bc4b45c2d7b928ccecd

  36. in src/httprpc.cpp:138 in 98ff38a6f1 outdated 
     137 | +    size_t colon_pos = strUserPass.find(':');
 138 | +    if (colon_pos == std::string::npos) {
 139 | +        return false; // Invalid basic auth.
 140 | +    }
 141 | +    std::string user = strUserPass.substr(0, colon_pos);
 142 | +    std::string pass = strUserPass.substr(colon_pos + 1);
    achow101 commented at 6:28 PM on May 14, 2025:

    In 98ff38a6f1a8a1e214bd3905a2dcac31ae6c2f52 "rpc: Perform HTTP user:pass split once in RPCAuthorized"

    Could use util::Split instead of reimplementing split

    laanwj commented at 8:49 AM on May 19, 2025:

    i intentionally didn't do that, as that would change the semantics. It currently breaks on the first :, which allows colons in the password. (Python's split has a max_splits parameter for cases like this, but ours doesn't and it seems out of scope to add it)

  37. in src/httprpc.cpp:317 in e49a7274a2 
     308 | +        case GenerateAuthCookieResult::OK:
 309 |              LogInfo("Using random cookie authentication.");
 310 | +            break;
 311 |          }
 312 |      } else {
 313 | -        LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcauth for rpcauth auth generation.\n");
    jonatack commented at 9:50 PM on May 14, 2025:

    Concept ACK (people have been asking me about this deprecation warning for at least 6-7 years)

    jasonribble commented at 4:56 AM on May 19, 2025:

    Concept ACK

    Introduced d52fbf00e32fb0565652c9a62cdaf2bc1e2dddf0

  38. ryanofsky assigned ryanofsky on May 19, 2025
  39. ryanofsky merged this on May 19, 2025
  40. ryanofsky closed this on May 19, 2025
Contributors
laanwjDrahtBotmaflckoSjorsyancyribbensjanb84vasild1440000bytesachow101jonatackjasonribble


Sjors

Labels
RPC/REST/ZMQ
Linked (view graph)
#7044 RPC: Added additional config option for multiple RPC users.#29240 rpc: actually deprecate `rpcuser` & `rpcpass`
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-28 06:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me