Merge branch 'develop' into sdp-multitenant

# Conflicts: # cmd/db_test.go # cmd/serve.go # cmd/serve_test.go # db/migrations/sdp-migrations/2023-12-18.0-alter-payments-table-add-external-payment-id.sql # db/migrations/sdp-migrations/2024-01-12.0-alter-disbursements-table-add-sms-template.sql # db/migrations/sdp-migrations/2024-02-05.0-tss-transactions-table-amount-constraing.sql # dev/docker-compose-sdp-anchor.yml # dev/docker-compose-tss.yml # dev/docker-compose.yml # go.list # go.mod # go.sum # helmchart/sdp/Chart.yaml # helmchart/sdp/README.md # helmchart/sdp/values.yaml # internal/data/assets_test.go # internal/data/disbursement_instructions.go # internal/data/disbursement_instructions_test.go # internal/data/wallets.go # internal/integrationtests/docker-compose-e2e-tests.yml # internal/serve/httphandler/disbursement_handler.go # internal/serve/httphandler/disbursement_handler_test.go # internal/serve/httphandler/forgot_password_handler.go # internal/serve/httphandler/forgot_password_handler_test.go # internal/serve/httphandler/login_handler.go # internal/serve/httphandler/login_handler_test.go # internal/serve/httphandler/payments_handler_test.go # internal/serve/httphandler/profile_handler_test.go # internal/serve/httphandler/user_handler.go # internal/serve/serve.go # internal/serve/serve_test.go # internal/services/disbursement_management_service.go # internal/services/disbursement_management_service_test.go # stellar-auth/pkg/auth/auth.go
stellar · Feb 10, 2024 · e5d71ed · e5d71ed
2 parents 12efa3c + cf6583f
commit e5d71ed
Show file tree

Hide file tree

Showing 95 changed files with 4,447 additions and 1,809 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -14,9 +14,9 @@
 
 #### PR Structure
 
-* [ ] This PR has reasonably narrow scope (if not, break it down into smaller PRs).
+* [ ] This PR has a reasonably narrow scope (if not, break it down into smaller PRs).
+* [ ] This PR title and description are clear enough for anyone to review it.
 * [ ] This PR does not mix refactoring changes with feature changes (split into two PRs otherwise).
-* [ ] This PR's title starts with the name of the package, area, or subject affected by the change.
 
 #### Thoroughness
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -34,6 +34,40 @@ jobs:
       - name: Run ./gomod.sh
         run: ./gomod.sh
 
+      - name: Install github.com/nishanths/exhaustive
+        run: go install github.com/nishanths/exhaustive/cmd/exhaustive@latest
+
+      - name: Run exhaustive
+        run: exhaustive -default-signifies-exhaustive ./...
+
+  check-helm-readme:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install NodeJs
+        uses: actions/setup-node@v2
+        with:
+          node-version: 14
+
+      - name: Install Helm Readme Generator (@bitnami/readme-generator-for-helm)
+        run: npm install -g @bitnami/readme-generator-for-helm
+
+      - name: Generate README.md for comparison
+        run: readme-generator -v helmchart/sdp/values.yaml -r helmchart/sdp/README.md
+
+      - name: Check if helmchart/sdp/README.md is in sync with helmchart/sdp/values.yaml
+        run: |
+          if git diff --exit-code --stat helmchart/sdp/README.md; then
+            echo "✅ helmchart/sdp/README.md is in sync with helmchart/sdp/values.yaml"
+          else
+            echo "🚨 helmchart/sdp/README.md needs to be re-generated!"
+            echo "Run 'readme-generator -v helmchart/sdp/values.yaml -r helmchart/sdp/README.md' locally and commit the changes."
+            echo "Refer to https://github.com/bitnami/readme-generator-for-helm for more information."
+            exit 1
+          fi
+
   build:
     runs-on: ubuntu-latest
     steps:
@@ -110,7 +144,7 @@ jobs:
 
   complete:
     if: always()
-    needs: [check, build, test]
+    needs: [check, check-helm-readme, build, test]
     runs-on: ubuntu-latest
     steps:
       - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,78 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
-> Place unreleased changes here.
+None
+
+## [1.1.2](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.1.1...1.1.2)
+
+### Fixed
+
+- Re-add missing recaptcha script [#179](https://github.com/stellar/stellar-disbursement-platform-backend/pull/179)
+
+## [1.1.1](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.1.0...1.1.1)
+
+### Fixed
+
+- TSS amount precision [#176](https://github.com/stellar/stellar-disbursement-platform-backend/pull/176)
+
+## [1.1.0](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.0.1...1.1.0)
+
+### Changed
+
+- Change `POST /disbursements` to accept different verification types [#103](https://github.com/stellar/stellar-disbursement-platform-backend/pull/103)
+- Change `SEP-24` Flow to display different verifications based on disbursement verification type [#116](https://github.com/stellar/stellar-disbursement-platform-backend/pull/116)
+- Add sorting to `GET /users` endpoint [#104](https://github.com/stellar/stellar-disbursement-platform-backend/pull/104)
+- Change read permission for receiver details to include business roles [#144](https://github.com/stellar/stellar-disbursement-platform-backend/pull/144)
+- Add support for unique payment ID to disbursement instructions file as an optional field in `GET /payments/{id}` [#131](https://github.com/stellar/stellar-disbursement-platform-backend/pull/131)
+- Add support for SMS preview & editing before sending a new disbursement [#146](https://github.com/stellar/stellar-disbursement-platform-backend/pull/146)
+- Add metadata for users that created and started a disbursement in disbursement details `GET /disbursements`, `GET /disbursements/{id}` [#151](https://github.com/stellar/stellar-disbursement-platform-backend/pull/151)
+- Update CI check to run the exhaustive validator [#163](https://github.com/stellar/stellar-disbursement-platform-backend/pull/163)
+- Preload reCAPTCHA script in attempt to mitigate component loading issues upon login [#152](https://github.com/stellar/stellar-disbursement-platform-backend/pull/152)
+- Validate distribution account balance before starting disbursement [#161](https://github.com/stellar/stellar-disbursement-platform-backend/pull/161)
+
+### Added
+
+- Support automatic cancellation of payments in `READY` status after a certain time period [#121](https://github.com/stellar/stellar-disbursement-platform-backend/pull/121)
+- API endpoint for cancelling payments in `READY` status: `PATCH /payments/{id}/status` [#130](https://github.com/stellar/stellar-disbursement-platform-backend/pull/130)
+- Use CI to make sure the helm README is up to date [#164](https://github.com/stellar/stellar-disbursement-platform-backend/pull/164)
+
+### Fixed
+
+- Verification DOB validation missing when date is in the future [#101](https://github.com/stellar/stellar-disbursement-platform-backend/pull/101)
+- Support disbursements from two or more wallet providers to the same address [#87](https://github.com/stellar/stellar-disbursement-platform-backend/pull/87)
+- [TSS] Stale channel account not cleared after switching distribution keys [#91](https://github.com/stellar/stellar-disbursement-platform-backend/pull/91)
+- Make setup-wallets-for-network tests more flexible [#95](https://github.com/stellar/stellar-disbursement-platform-backend/pull/95)
+- Make `POST /assets` idempotent [#122](https://github.com/stellar/stellar-disbursement-platform-backend/pull/122)
+- Add missing space when building query [#121](https://github.com/stellar/stellar-disbursement-platform-backend/pull/121)
+
+### Security
+
+- Stellar Protocol 20 Horizon SDK upgrade [#107](https://github.com/stellar/stellar-disbursement-platform-backend/pull/107)
+- Coinspect Issues:
+  - Add "Secure Operation Manual" section and updated the code to enforce MFA and reCAPTCHA [#150](https://github.com/stellar/stellar-disbursement-platform-backend/pull/150)
+  - Coinspect SDP-006 Weak password policy [#143](https://github.com/stellar/stellar-disbursement-platform-backend/pull/143)
+  - Coinspect SDP-007: Log user activity when updating user info [#139](https://github.com/stellar/stellar-disbursement-platform-backend/pull/139)
+  - Coinspect SDP-012 Enhance User Awareness for SMS One-Time Password (OTP) Usage [#138](https://github.com/stellar/stellar-disbursement-platform-backend/pull/138)
+
+## [1.0.1](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.0.0...1.0.1)
+
+### Changed
+
+- Update log message for better debugging. [#125](https://github.com/stellar/stellar-disbursement-platform-backend/pull/125)
+
+### Fixed
+
+- Fix client_domain from the Viobrant Assist wallet. [#126](https://github.com/stellar/stellar-disbursement-platform-backend/pull/126)
+
+## [1.0.1](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.0.0...1.0.1)
+
+### Changed
+
+- Update log message for better debugging. [#125](https://github.com/stellar/stellar-disbursement-platform-backend/pull/125)
+
+### Fixed
+
+- Fix client_domain from the Viobrant Assist wallet. [#126](https://github.com/stellar/stellar-disbursement-platform-backend/pull/126)
 
 ## [1.0.0](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.0.0-rc2...1.0.0)
 

diff --git a/README.md b/README.md
@@ -36,6 +36,48 @@ stellar-disbursement-platform --help
 
 To quickly test the SDP using preconfigured values, see the [Quick Start Guide](./dev/README.md).
 
+## Secure Operation Manual
+
+This manual outlines the security measures implemented in the Stellar Disbursement Platform (SDP) to protect the integrity of the platform and its users. By adhering to these guidelines, you can ensure that your use of the SDP is as secure as possible.
+
+Security is a critical aspect of the SDP. The measures outlined in this document are designed to mitigate risks and enhance the security of the platform. Users are strongly encouraged to follow these guidelines to protect their accounts and operations.
+
+### Implementation of reCAPTCHA
+
+Google's reCAPTCHA has been integrated into the SDP to prevent automated attacks and ensure that interactions are performed by humans, not bots.
+
+ReCAPTCHA is enabled by default and can be disabled in the development environment by setting the `DISABLE_RECAPTCHA` environment variable to `true`.
+
+**Note:** Disabling reCAPTCHA is not supported for production environments due to security risks.
+
+### Enforcement of Multi-Factor Authentication
+
+Multi-Factor Authentication (MFA) provides an additional layer of security to user accounts. It is enforced by default on the SDP and it relies on OTPs sent to the account's email.
+
+MFA is enabled by default and can be disabled in the development environment by setting the `DISABLE_MFA` environment variable to `true`.
+
+**Note:** Disabling MFA is not supported for production environments due to security risks.
+
+### Best Practices for Wallet Management
+
+The SDP wallet should be used primarily as a hot wallet with a limited amount of funds to minimize potential losses.
+
+#### Hot and Cold Wallets
+
+- A hot wallet is connected to the internet and allows for quick transactions.
+- A cold wallet is offline and used for storing funds securely.
+- Learn more about these concepts at [Investopedia](https://www.investopedia.com/hot-wallet-vs-cold-wallet-7098461).
+
+### Distribution of Disbursement Responsibilities
+
+To enhance security, disbursement responsibilities should be distributed among multiple financial controller users.
+
+#### Recommended Configuration
+
+1. **Approval Flow**: Enable the approval flow on the organization page to require two users for the disbursement process. The owner can do that at *Profile > Organization > ... > Edit details > Approval flow > Confirm*.
+2. **Financial Controller Role**: Create two users with the *Financial Controller* role on the organization page to enforce separation of duties. The owner can do hat at *Settings > Team Members*.
+3. **Owner Account Management**: Use the Owner account solely for user management and organization configuration. Avoid using the Owner account for financial controller tasks to minimize the exposure of that account.
+
 ## Architecture
 
 ![high_level_architecture](./docs/images/high_level_architecture.png)

diff --git a/cmd/db_test.go b/cmd/db_test.go
@@ -535,7 +535,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 		}
 		assert.Equal(t, "Vibrant Assist", vibrantAssist.Name)
 		assert.Equal(t, "https://vibrantapp.com/vibrant-assist", vibrantAssist.Homepage)
-		assert.Equal(t, "api.vibrantapp.com", vibrantAssist.SEP10ClientDomain)
+		assert.Equal(t, "vibrantapp.com", vibrantAssist.SEP10ClientDomain)
 		assert.Equal(t, "https://vibrantapp.com/sdp", vibrantAssist.DeepLinkSchema)
 
 		assert.Equal(t, "Vibrant Assist RC", vibrantAssistRC.Name)
@@ -554,7 +554,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 			"Name: Vibrant Assist",
 			"Homepage: https://vibrantapp.com/vibrant-assist",
 			"Deep Link Schema: https://vibrantapp.com/sdp",
-			"SEP-10 Client Domain: api.vibrantapp.com",
+			"SEP-10 Client Domain: vibrantapp.com",
 		}
 
 		logs := buf.String()
@@ -595,7 +595,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 		// Test the two wallets
 		assert.Equal(t, "Vibrant Assist", vibrantAssist.Name)
 		assert.Equal(t, "https://vibrantapp.com/vibrant-assist", vibrantAssist.Homepage)
-		assert.Equal(t, "api.vibrantapp.com", vibrantAssist.SEP10ClientDomain)
+		assert.Equal(t, "vibrantapp.com", vibrantAssist.SEP10ClientDomain)
 		assert.Equal(t, "https://vibrantapp.com/sdp", vibrantAssist.DeepLinkSchema)
 
 		assert.Equal(t, "Vibrant Assist RC", vibrantAssistRC.Name)
@@ -614,7 +614,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 			"Name: Vibrant Assist",
 			"Homepage: https://vibrantapp.com/vibrant-assist",
 			"Deep Link Schema: https://vibrantapp.com/sdp",
-			"SEP-10 Client Domain: api.vibrantapp.com",
+			"SEP-10 Client Domain: vibrantapp.com",
 		}
 
 		for _, expectedLog := range expectedLogs {
@@ -697,7 +697,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 		}
 		assert.Equal(t, "Vibrant Assist", vibrantAssist.Name)
 		assert.Equal(t, "https://vibrantapp.com/vibrant-assist", vibrantAssist.Homepage)
-		assert.Equal(t, "api.vibrantapp.com", vibrantAssist.SEP10ClientDomain)
+		assert.Equal(t, "vibrantapp.com", vibrantAssist.SEP10ClientDomain)
 		assert.Equal(t, "https://vibrantapp.com/sdp", vibrantAssist.DeepLinkSchema)
 
 		assert.Equal(t, "Vibrant Assist RC", vibrantAssistRC.Name)
@@ -716,7 +716,7 @@ func Test_DatabaseCommand_db_setup_for_network(t *testing.T) {
 			"Name: Vibrant Assist",
 			"Homepage: https://vibrantapp.com/vibrant-assist",
 			"Deep Link Schema: https://vibrantapp.com/sdp",
-			"SEP-10 Client Domain: api.vibrantapp.com",
+			"SEP-10 Client Domain: vibrantapp.com",
 		}
 
 		for _, expectedLog := range expectedLogs {

diff --git a/cmd/serve.go b/cmd/serve.go
@@ -282,6 +282,22 @@ func (c *ServeCommand) Command(serverService ServerServiceInterface, monitorServ
 			CustomSetValue: cmdUtils.SetConfigOptionURLString,
 			Required:       true,
 		},
+		{
+			Name:        "disable-mfa",
+			Usage:       "Disables the email Multi-Factor Authentication (MFA).",
+			OptType:     types.Bool,
+			ConfigKey:   &serveOpts.DisableMFA,
+			FlagDefault: false,
+			Required:    false,
+		},
+		{
+			Name:        "disable-recaptcha",
+			Usage:       "Disables ReCAPTCHA for login and forgot password.",
+			OptType:     types.Bool,
+			ConfigKey:   &serveOpts.DisableReCAPTCHA,
+			FlagDefault: false,
+			Required:    false,
+		},
 		{
 			Name:        "enable-scheduler",
 			Usage:       "Enable Scheduler for SDP Backend Jobs",

diff --git a/cmd/serve_test.go b/cmd/serve_test.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"sync"
 	"testing"
 
@@ -149,6 +150,8 @@ func Test_serve(t *testing.T) {
 		DistributionPublicKey:           "GBC2HVWFIFN7WJHFORVBCDKJORG6LWTW3O2QBHOURL3KHZPM4KMWTUSA",
 		ReCAPTCHASiteKey:                "reCAPTCHASiteKey",
 		ReCAPTCHASiteSecretKey:          "reCAPTCHASiteSecretKey",
+		DisableMFA:                      false,
+		DisableReCAPTCHA:                false,
 		EnableScheduler:                 true,
 		EnableMultiTenantDB:             false,
 		SubmitterEngine:                 submitterEngine,
@@ -254,6 +257,8 @@ func Test_serve(t *testing.T) {
 	t.Setenv("ANCHOR_PLATFORM_BASE_PLATFORM_URL", serveOpts.AnchorPlatformBasePlatformURL)
 	t.Setenv("ANCHOR_PLATFORM_OUTGOING_JWT_SECRET", serveOpts.AnchorPlatformOutgoingJWTSecret)
 	t.Setenv("DISTRIBUTION_PUBLIC_KEY", serveOpts.DistributionPublicKey)
+	t.Setenv("DISABLE_MFA", fmt.Sprintf("%t", serveOpts.DisableMFA))
+	t.Setenv("DISABLE_RECAPTCHA", fmt.Sprintf("%t", serveOpts.DisableMFA))
 	t.Setenv("DISTRIBUTION_SEED", distributionSeed)
 	t.Setenv("BASE_URL", serveOpts.BaseURL)
 	t.Setenv("RECAPTCHA_SITE_KEY", serveOpts.ReCAPTCHASiteKey)

diff --git a/db/migrations/sdp-migrations/2023-07-05.0-tss-transactions-table-constraints.sql b/db/migrations/sdp-migrations/2023-07-05.0-tss-transactions-table-constraints.sql
@@ -6,7 +6,7 @@ ALTER TABLE submitter_transactions
     ADD COLUMN xdr_received TEXT UNIQUE,
     ALTER COLUMN external_id SET NOT NULL,
     ALTER COLUMN status SET DEFAULT 'PENDING',
-    ALTER COLUMN amount TYPE numeric(10,7),
+    ALTER COLUMN amount TYPE NUMERIC(19,7),
     ADD CONSTRAINT unique_stellar_transaction_hash UNIQUE (stellar_transaction_hash),
     ADD CONSTRAINT check_retry_count CHECK (retry_count >= 0);
 

diff --git a/db/migrations/sdp-migrations/2023-12-18.0-alter-payments-table-add-external-payment-id.sql b/db/migrations/sdp-migrations/2023-12-18.0-alter-payments-table-add-external-payment-id.sql
@@ -0,0 +1,9 @@
+-- +migrate Up
+
+ALTER TABLE payments
+    ADD COLUMN external_payment_id VARCHAR(64) NULL;
+
+-- +migrate Down
+
+ALTER TABLE payments
+    DROP COLUMN external_payment_id;
diff --git a/db/migrations/sdp-migrations/2024-01-12.0-alter-disbursements-table-add-sms-template.sql b/db/migrations/sdp-migrations/2024-01-12.0-alter-disbursements-table-add-sms-template.sql
@@ -0,0 +1,9 @@
+-- +migrate Up
+ALTER TABLE
+    disbursements
+ADD
+    COLUMN sms_registration_message_template TEXT NULL;
+
+-- +migrate Down
+ALTER TABLE
+    disbursements DROP COLUMN sms_registration_message_template;
diff --git a/db/migrations/tss-migrations/2024-02-05.0-tss-transactions-table-amount-constraing.sql b/db/migrations/tss-migrations/2024-02-05.0-tss-transactions-table-amount-constraing.sql
@@ -0,0 +1,6 @@
+-- +migrate Up
+
+ALTER TABLE submitter_transactions
+    ALTER COLUMN amount TYPE NUMERIC(19,7);
+
+-- +migrate Down
diff --git a/dev/docker-compose-frontend.yml b/dev/docker-compose-frontend.yml
@@ -7,6 +7,3 @@ services:
       - "3000:80"
     volumes:
       - ./env-config.js:/usr/share/nginx/html/settings/env-config.js
-    depends_on:
-      - db
-      - sdp-api
diff --git a/dev/docker-compose-sdp-anchor.yml b/dev/docker-compose-sdp-anchor.yml
@@ -41,6 +41,8 @@ services:
       DISTRIBUTION_SEED: ${DISTRIBUTION_SEED}
       CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE: ${CHANNEL_ACCOUNT_ENCRYPTION_PASSPHRASE}
       RECAPTCHA_SITE_KEY: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
+      DISABLE_MFA: "true"
+      DISABLE_RECAPTCHA: "true"
       CORS_ALLOWED_ORIGINS: "*"
 
 
@@ -77,9 +79,6 @@ services:
         ./stellar-disbursement-platform db sdp migrate up --all
         ./stellar-disbursement-platform db setup-for-network --all
         ./stellar-disbursement-platform serve
-    depends_on:
-      - db
-      - kafka
 
   db-anchor-platform:
     container_name: anchor-platform-postgres-db
@@ -102,8 +101,6 @@ services:
       - "8080:8080" # sep-server
       - "8085:8085" # platform-server
       - "8082:8082" # metrics
-    depends_on:
-      - db-anchor-platform
     environment:
       HOST_URL: http://localhost:8080
       SEP_SERVER_PORT: 8080
@@ -119,7 +116,7 @@ services:
       METRICS_ENABLED: "false"  # Metrics would be available at port 8082
       METRICS_EXTRAS_ENABLED: "false"
       SEP10_ENABLED: "true"
-      SEP10_HOME_DOMAINS: "localhost:8000" # Comma separated list of home domains
+      SEP10_HOME_DOMAINS: "localhost:8000, *.stellar.local" # Comma separated list of home domains
       SEP10_HOME_DOMAIN: ""
       SEP10_WEB_AUTH_DOMAIN: "localhost:8080"
       # SEP10_CLIENT_ATTRIBUTION_REQUIRED: true  # RECOMMENDED

diff --git a/dev/docker-compose-tss.yml b/dev/docker-compose-tss.yml
@@ -24,10 +24,6 @@ services:
       BROKER_URLS: "kafka:9092"
       CONSUMER_GROUP_ID: "group-id"
       KAFKA_SECURITY_PROTOCOL: "PLAINTEXT"
-    depends_on:
-      - db
-      - sdp-api
-      - kafka
     entrypoint: ""
     command:
       - sh