trezor-firmware/core/src/apps/management/change_pin.py

from typing import TYPE_CHECKING

from trezor import config, wire

if TYPE_CHECKING:
    from typing import Awaitable

    from trezor.messages import ChangePin, Success
    from trezor.wire import Context


async def change_pin(ctx: Context, msg: ChangePin) -> Success:
    from storage.device import is_initialized
    from trezor.messages import Success
    from trezor.ui.layouts import show_success

    from apps.common.request_pin import (
        error_pin_invalid,
        error_pin_matches_wipe_code,
        request_pin_and_sd_salt,
        request_pin_confirm,
    )

    if not is_initialized():
        raise wire.NotInitialized("Device is not initialized")

    # confirm that user wants to change the pin
    await _require_confirm_change_pin(ctx, msg)

    # get old pin
    curpin, salt = await request_pin_and_sd_salt(ctx, "Enter old PIN")

    # if changing pin, pre-check the entered pin before getting new pin
    if curpin and not msg.remove:
        if not config.check_pin(curpin, salt):
            await error_pin_invalid(ctx)

    # get new pin
    if not msg.remove:
        newpin = await request_pin_confirm(ctx)
    else:
        newpin = ""

    # write into storage
    if not config.change_pin(curpin, newpin, salt, salt):
        if newpin:
            await error_pin_matches_wipe_code(ctx)
        else:
            await error_pin_invalid(ctx)

    if newpin:
        if curpin:
            msg_screen = "You have successfully changed your PIN."
            msg_wire = "PIN changed"
        else:
            msg_screen = "You have successfully enabled PIN protection."
            msg_wire = "PIN enabled"
    else:
        msg_screen = "You have successfully disabled PIN protection."
        msg_wire = "PIN removed"

    await show_success(ctx, "success_pin", msg_screen)
    return Success(message=msg_wire)


def _require_confirm_change_pin(ctx: Context, msg: ChangePin) -> Awaitable[None]:
    from trezor.ui.layouts import confirm_action

    has_pin = config.has_pin()

    if msg.remove and has_pin:  # removing pin
        return confirm_action(
            ctx,
            "set_pin",
            "Remove PIN",
            "disable PIN protection?",
            "Do you really want to",
            reverse=True,
        )

    if not msg.remove and has_pin:  # changing pin
        return confirm_action(
            ctx,
            "set_pin",
            "Change PIN",
            "change your PIN?",
            "Do you really want to",
            reverse=True,
        )

    if not msg.remove and not has_pin:  # setting new pin
        return confirm_action(
            ctx,
            "set_pin",
            "Enable PIN",
            "enable PIN protection?",
            "Do you really want to",
            reverse=True,
        )

    # removing non-existing PIN
    raise wire.ProcessError("PIN protection already disabled")
style(core): full pyright-based type-checking Changes many fields to required -- as far as we were able to figure out, signing would fail if these fields aren't provided anyway, so this should not pose a compatibility problem. Co-authored-by: matejcik <ja@matejcik.cz> 3 years ago			`from typing import TYPE_CHECKING`

refactor(core): convert parts of apps.management to layouts 3 years ago			`from trezor import config, wire`
apps.management: add change_pin workflow 8 years ago
style(core): full pyright-based type-checking Changes many fields to required -- as far as we were able to figure out, signing would fail if these fields aren't provided anyway, so this should not pose a compatibility problem. Co-authored-by: matejcik <ja@matejcik.cz> 3 years ago			`if TYPE_CHECKING:`
refactor(core): enable mypy for apps.management 3 years ago			`from typing import Awaitable`

chore(core): decrease management size by 1440 bytes 2 years ago			`from trezor.messages import ChangePin, Success`
			`from trezor.wire import Context`

apps.management: add change_pin workflow 8 years ago
chore(core): decrease management size by 1440 bytes 2 years ago			`async def change_pin(ctx: Context, msg: ChangePin) -> Success:`
			`from storage.device import is_initialized`
			`from trezor.messages import Success`
			`from trezor.ui.layouts import show_success`

			`from apps.common.request_pin import (`
			`error_pin_invalid,`
			`error_pin_matches_wipe_code,`
			`request_pin_and_sd_salt,`
			`request_pin_confirm,`
			`)`
core: improve typing annotations 5 years ago
core, legacy: Don't allow change_pin if device is not initialized. 5 years ago			`if not is_initialized():`
			`raise wire.NotInitialized("Device is not initialized")`

src/apps: cleanup workflow modules 6 years ago			`# confirm that user wants to change the pin`
chore(core): decrease management size by 1440 bytes 2 years ago			`await _require_confirm_change_pin(ctx, msg)`
src/apps/management: fix change_pin behaviour 6 years ago
core: Implement SD card protection. 5 years ago			`# get old pin`
			`curpin, salt = await request_pin_and_sd_salt(ctx, "Enter old PIN")`

			`# if changing pin, pre-check the entered pin before getting new pin`
			`if curpin and not msg.remove:`
feat(core): Support 50 digit PIN and wipe code. 4 years ago			`if not config.check_pin(curpin, salt):`
core: use wire.PinCancelled/PinInvalid instead of custom versions also refactor show_pin_invalid and its usages so that it raises directly note that we are now using PinCancelled instead of ActionCancelled where appropriate 4 years ago			`await error_pin_invalid(ctx)`
src/apps/management: fix change_pin behaviour 6 years ago
src/apps: cleanup workflow modules 6 years ago			`# get new pin`
			`if not msg.remove:`
			`newpin = await request_pin_confirm(ctx)`
			`else:`
src: run black 6 years ago			`newpin = ""`
src/apps/management/change_pin: fix pin label 6 years ago
src/apps: cleanup workflow modules 6 years ago			`# write into storage`
feat(core): Support 50 digit PIN and wipe code. 4 years ago			`if not config.change_pin(curpin, newpin, salt, salt):`
core: Add support for ChangeWipeCode message. 5 years ago			`if newpin:`
core: use wire.PinCancelled/PinInvalid instead of custom versions also refactor show_pin_invalid and its usages so that it raises directly note that we are now using PinCancelled instead of ActionCancelled where appropriate 4 years ago			`await error_pin_matches_wipe_code(ctx)`
core: Add support for ChangeWipeCode message. 5 years ago			`else:`
core: use wire.PinCancelled/PinInvalid instead of custom versions also refactor show_pin_invalid and its usages so that it raises directly note that we are now using PinCancelled instead of ActionCancelled where appropriate 4 years ago			`await error_pin_invalid(ctx)`
src/trezor/wire: add exceptions for all defined FailureTypes Makes the error API much more ergonomic. 6 years ago
			`if newpin:`
core: Show success and failure dialogs in change-pin. 5 years ago			`if curpin:`
refactor(core): turn show_success, show_warning into layouts 4 years ago			`msg_screen = "You have successfully changed your PIN."`
core: Show success and failure dialogs in change-pin. 5 years ago			`msg_wire = "PIN changed"`
			`else:`
refactor(core): turn show_success, show_warning into layouts 4 years ago			`msg_screen = "You have successfully enabled PIN protection."`
core: Show success and failure dialogs in change-pin. 5 years ago			`msg_wire = "PIN enabled"`
src/apps: cleanup workflow modules 6 years ago			`else:`
refactor(core): turn show_success, show_warning into layouts 4 years ago			`msg_screen = "You have successfully disabled PIN protection."`
core: Show success and failure dialogs in change-pin. 5 years ago			`msg_wire = "PIN removed"`

refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`await show_success(ctx, "success_pin", msg_screen)`
core: Show success and failure dialogs in change-pin. 5 years ago			`return Success(message=msg_wire)`
apps/management: fix change_pin 7 years ago

chore(core): decrease management size by 1440 bytes 2 years ago			`def _require_confirm_change_pin(ctx: Context, msg: ChangePin) -> Awaitable[None]:`
			`from trezor.ui.layouts import confirm_action`

apps/management: fix change_pin 7 years ago			`has_pin = config.has_pin()`

			`if msg.remove and has_pin: # removing pin`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`return confirm_action(`
			`ctx,`
			`"set_pin",`
			`"Remove PIN",`
chore(core): decrease management size by 1440 bytes 2 years ago			`"disable PIN protection?",`
			`"Do you really want to",`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`reverse=True,`
refactor(core): convert parts of apps.management to layouts 3 years ago			`)`
apps/management: fix change_pin 7 years ago
			`if not msg.remove and has_pin: # changing pin`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`return confirm_action(`
			`ctx,`
			`"set_pin",`
			`"Change PIN",`
chore(core): decrease management size by 1440 bytes 2 years ago			`"change your PIN?",`
			`"Do you really want to",`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`reverse=True,`
refactor(core): convert parts of apps.management to layouts 3 years ago			`)`
apps/management: fix change_pin 7 years ago
			`if not msg.remove and not has_pin: # setting new pin`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`return confirm_action(`
			`ctx,`
			`"set_pin",`
			`"Enable PIN",`
chore(core): decrease management size by 1440 bytes 2 years ago			`"enable PIN protection?",`
			`"Do you really want to",`
refactor(core/ui): raise exception on dialog cancel by default 3 years ago			`reverse=True,`
refactor(core): convert parts of apps.management to layouts 3 years ago			`)`
core: handle removal of non-existing PIN in require_confirm_change_pin 5 years ago
			`# removing non-existing PIN`
			`raise wire.ProcessError("PIN protection already disabled")`