-
Notifications
You must be signed in to change notification settings - Fork 94
Conversation
Is there a way to not need --2fa flag? Ideally we should figure out it from account itself. Multisig is easily detectable. Not sure if we want to expose CH to tell if this account is managed by it or not - looks a bit like of privacy/attack issue. Right now it's exposed just by the fact that the key is the same, but we would ideally generate new public key per user going forward. Also Account object should work not just specifically to 2fa but for any multisig account. This probably can even live in near-api-js eventually. And 2FA should be just extra wrapper over Account that if it's 2fa account - after request was created it will wait for confirmation and query for result after tx confirmed. |
Yes we can check hashes or use CH
Each time you login with wallet you get a 2FA key for the CLI. This key is multisig key only. You need to provide signature to access any CH methods that expose recovery / 2FA details so I think it's secure?
Agree with this point here. Will take a bit of time to think about proper abstractions. Appreciate any input here: @vgrichina
Sure. Should we continue with |
@dentesting thanks for joining this discussion. We decided to move the mutlisig support to There is already a wallet PR that uses this: This will allow us to create a simple CLI PR that detects if the account has a multisig contract (using access keys and method names or contract hashes as it's done in the wallet). ETA for CLI PR - next week |
Excellent, I will be happy to test. |
Works with: |
utils/connect.js
Outdated
// TODO: Avoid need to wrap in deps | ||
return await nearConnect({ ...options, deps: { keyStore }}); | ||
const near = await nearConnect({ ...options, deps: { keyStore }}); | ||
near.account = async (accountId) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems like this logic should be in near-api-js
…erify security code; remove prompts dep for readline & chalk
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks good, just make sure to address comments in near/near-api-js#428 (review)
WIP can send transfers using 2fa account with --use2fa
TODO