client: Fix login redirect loop. (#3571)

* client: Show link instead for disabled DEX.

When a DEX account is disabled, the trade page now shows the DEX
disabled message with a link to the settings page instead of the
generic "Connection to server failed / Waiting to reconnect" overlay.

* client: Skip token wallets with disabled parent.

Token wallets (e.g. usdc.eth, polygon.eth) were not themselves marked
disabled when only their parent chain wallet was disabled, causing
error log spam on startup when the parent connection was refused.

* client: Skip wallet lock when mixing.

Avoids error log during shutdown.

* client: Fix login redirect loop.

When loadPage fetches a page but receives the login page instead
(due to a server-side auth redirect), fall back to a full browser
navigation rather than silently inserting the login page HTML. The
browser's navigation handles cookie state more reliably than fetch.

* server/db: Fix v8 upgrade for token market names.

The v8 DB upgrade used raw market names from the DB (e.g. dcr_usdt.eth)
which contain dots from token symbols. The actual PostgreSQL schema
names replace dots with TKN via marketSchema(). Apply that conversion
before constructing the table name for the ALTER TABLE statement.

* client: Hide disabled networks from address form.

Disabled wallets were shown in the network selector when requesting
a receive address, leading to a broken address screen. Filter them
out so only enabled wallets are selectable.

* docs: Update release notes.

Correct the server upgrade guidance: all in-flight swaps from v1.0.x
are revoked on upgrade due to the per-match address requirement, so
operators must wait for active swaps to complete. The previous advice
about evm-protocol-overrides.json is insufficient on its own.

Add known issues section noting that Electrum wallets are temporarily
disabled due to inconsistencies found during testing, with a fix
expected in a patch release.

* client: Fix DCR explorer links returning 403.

The dcrdata /tx/{txid}/out/{vout} path now returns 403. Link to the
transaction page instead, consistent with other UTXO assets.

* client: Fix multi-line locale keys in forms.

Three locale keys were split across lines in the template, preventing
the [[[...]]] replacement from matching: "pick a different asset",
"Authorize Import", and "Wallet Balances".

* dcr: Include mixed account funds in balance.

When mixing is disabled but the mixed or trading accounts exist from a
previous mixing session, their balances were invisible. Now those funds
are reported as locked so the user can see they still exist. Ticket
values in those accounts are also included in the staked category.

Author: JoeGruffins

client/asset/dcr/dcr.go

@@ -1243,6 +1243,25 @@ func (dcr *ExchangeWallet) balance() (*asset.Balance, error) {
 	}
 
 	if accts.UnmixedAccount == "" {
+		// Mixing is disabled, but if the mixed or trading accounts exist
+		// and have funds (e.g. from a previous mixing session), include
+		// them as locked so the user can see they exist.
+		for _, acctName := range []string{mixedAccountName, tradingAccountName} {
+			acctBal, err := dcr.wallet.AccountBalance(dcr.ctx, 0, acctName)
+			if err != nil {
+				continue // account may not exist
+			}
+			total := toAtoms(acctBal.Total)
+			if total > 0 {
+				bal.Locked += total
+			}
+			staked := toAtoms(acctBal.LockedByTickets)
+			if staked > 0 {
+				bal.Other[asset.BalanceCategoryStaked] = asset.CustomBalance{
+					Amount: bal.Other[asset.BalanceCategoryStaked].Amount + staked,
+				}
+			}
+		}
 		return bal, nil
 	}
 

client/core/core.go

@@ -1998,6 +1998,13 @@ fetchers:
 			continue
 		}
 		if !c.cfg.NoAutoWalletLock && wallet.unlocked() { // no-op if Logout did it
+			if mw, is := wallet.Wallet.(asset.FundsMixer); is {
+				if stats, err := mw.FundsMixingStats(); err == nil && stats.Enabled {
+					c.log.Infof("Skipping lock for %s wallet (mixing active)", strings.ToUpper(unbip(assetID)))
+					wallet.Disconnect()
+					continue
+				}
+			}
 			symb := strings.ToUpper(unbip(assetID))
 			c.log.Infof("Locking %s wallet", symb)
 			if err := wallet.Lock(walletLockTimeout); err != nil {
@@ -4951,6 +4958,12 @@ func (c *Core) connectWallets(crypter encrypt.Crypter) {
 		if wallet.isDisabled() {
 			return
 		}
+		// Return early if this is a token and the parent wallet is disabled.
+		if token := asset.TokenInfo(wallet.AssetID); token != nil {
+			if parentWallet, found := c.wallet(token.ParentID); found && parentWallet.isDisabled() {
+				return
+			}
+		}
 		if !wallet.connected() {
 			err := wallet.OpenWithPW(c.ctx, crypter)
 			if err != nil {
@@ -5163,6 +5176,12 @@ func (c *Core) Logout() error {
 		c.wg.Add(1)
 		for _, w := range c.xcWallets() {
 			if w.connected() && w.unlocked() {
+				if mw, is := w.Wallet.(asset.FundsMixer); is {
+					if stats, err := mw.FundsMixingStats(); err == nil && stats.Enabled {
+						c.log.Infof("Skipping lock for %s wallet (mixing active)", strings.ToUpper(unbip(w.AssetID)))
+						continue
+					}
+				}
 				symb := strings.ToUpper(unbip(w.AssetID))
 				c.log.Infof("Locking %s wallet", symb)
 				if err := w.Lock(walletLockTimeout); err != nil {

client/webserver/locales/en-us.go

@@ -68,6 +68,7 @@ var EnUS = map[string]*intl.Translation{
 	"volume_24":                      {T: "24 Hr. Volume"},
 	"Connection to server failed":    {T: "Connection to server failed"},
 	"Waiting to reconnect...":        {T: "Waiting to reconnect..."},
+	"Visit settings to re-enable":    {T: "Visit settings to re-enable"},
 	"High":                           {T: "High"},
 	"Low":                            {T: "Low"},
 	"buys":                           {T: "buys"},

client/webserver/site/src/html/forms.tmpl

@@ -482,8 +482,7 @@
 <div data-tmpl="text" class="fs16 reg-conf-msg mt-3 border-top">
   <span class="ico-info"></span> [[[reg_confirm_submit]]]
 </div>
-<div class="hoverbg pointer grey pt-2" data-tmpl="goBack"><span class="ico-arrowleft fs12 me-1"></span> [[[pick a
-  different asset]]]</div>
+<div class="hoverbg pointer grey pt-2" data-tmpl="goBack"><span class="ico-arrowleft fs12 me-1"></span> [[[pick a different asset]]]</div>
 {{end}}
 
 {{define "authorizeAccountImportForm"}}
@@ -501,8 +500,7 @@
   </small>
 </div>
 <div class="flex-stretch-column">
-  <button id="authorizeImportAccountConfirm" type="button" class="mt-2 mx-3 mb-3 feature">[[[Authorize
-    Import]]]</button>
+  <button id="authorizeImportAccountConfirm" type="button" class="mt-2 mx-3 mb-3 feature">[[[Authorize Import]]]</button>
 </div>
 <div class="fs15 text-center d-hide text-danger text-break" id="importAccountErr"></div>
 {{end}}
@@ -1079,8 +1077,7 @@
   <header id="orderReportTitle"></header>
   <div id="orderReportError" class="text-danger d-flex flex-column"></div>
   <div id="orderReportDetails" class="d-flex flex-column">
-    <div class="fs18 mt-3 align-self-start"><img class="logo-square small"><span class="ms-2">[[[Wallet
-        Balances]]]</span></div>
+    <div class="fs18 mt-3 align-self-start"><img class="logo-square small"><span class="ms-2">[[[Wallet Balances]]]</span></div>
     <table class="table striped border mt-3 w-auto mx-auto">
       <thead>
         <tr>

client/webserver/site/src/html/markets.tmpl

@@ -99,9 +99,16 @@
 
       <div class="flex-grow-1 position-relative">
         <div id="disconnectedOverlay" class="d-hide fill-abs flex-center flex-column" style="z-index:10; background-color: rgba(0,0,0,0.5);">
-          <span class="ico-disconnected fs40 text-danger mb-3"></span>
-          <span class="fs22 demi">[[[Connection to server failed]]]</span>
-          <span class="fs16 grey mt-2">[[[Waiting to reconnect...]]]</span>
+          <div id="disconnectedContent" class="flex-center flex-column">
+            <span class="ico-disconnected fs40 text-danger mb-3"></span>
+            <span class="fs22 demi">[[[Connection to server failed]]]</span>
+            <span class="fs16 grey mt-2">[[[Waiting to reconnect...]]]</span>
+          </div>
+          <div id="disabledContent" class="flex-center flex-column d-hide">
+            <span class="ico-settings fs40 grey mb-3"></span>
+            <span id="disabledMsg" class="fs22 demi"></span>
+            <a id="disabledSettingsLink" class="fs16 pointer mt-3 underline">[[[Visit settings to re-enable]]]</a>
+          </div>
         </div>
         <div id="mainContent">
 

client/webserver/site/src/js/app.ts

@@ -336,9 +336,13 @@ export default class Application {
    * reconnected is called by the websocket client when a reconnection is made.
    */
   reconnected () {
+    // Skip reload if the user is on the login page and a login is likely
+    // in progress. The long login (connecting wallets) can outlast the
+    // websocket ping timeout, causing a reconnect that would abort the
+    // pending login POST and lose the auth cookie.
+    if (this.main?.dataset.handler === 'login') return
     if (this.main?.dataset.handler === 'settings') window.location.assign('/')
-    else window.location.reload() // This triggers another websocket disconnect/connect (!)
-    // a fetchUser() and loadPage(window.history.state.page) might work
+    else window.location.reload()
   }
 
   /*
@@ -404,6 +408,12 @@ export default class Application {
     const doc = Doc.noderize(html)
     const main = idel(doc, 'main')
     const delivered = main.dataset.handler
+    // If we were redirected to the login page, fall back to a full page
+    // navigation which is more reliable for cookie handling.
+    if (delivered === 'login' && requestedHandler !== 'login') {
+      window.location.assign(url.toString())
+      return false
+    }
     // Append the request to the page history.
     if (!skipPush) {
       const path = delivered === requestedHandler ? url.toString() : `/${delivered}`

client/webserver/site/src/js/coinexplorers.ts

@@ -66,21 +66,9 @@ const optimismExplorers: Record<number, (cid: string) => string> = {
 
 export const CoinExplorers: Record<number, Record<number, (cid: string) => string>> = {
   42: { // dcr
-    [Mainnet]: (cid: string) => {
-      const [txid, vout] = cid.split(':')
-      if (vout !== undefined) return `https://dcrdata.decred.org/tx/${txid}/out/${vout}`
-      return `https://dcrdata.decred.org/tx/${txid}`
-    },
-    [Testnet]: (cid: string) => {
-      const [txid, vout] = cid.split(':')
-      if (vout !== undefined) return `https://testnet.decred.org/tx/${txid}/out/${vout}`
-      return `https://testnet.decred.org/tx/${txid}`
-    },
-    [Simnet]: (cid: string) => {
-      const [txid, vout] = cid.split(':')
-      if (vout !== undefined) return `http://127.0.0.1:17779/tx/${txid}/out/${vout}`
-      return `https://127.0.0.1:17779/tx/${txid}`
-    }
+    [Mainnet]: (cid: string) => `https://dcrdata.decred.org/tx/${cid.split(':')[0]}`,
+    [Testnet]: (cid: string) => `https://testnet.decred.org/tx/${cid.split(':')[0]}`,
+    [Simnet]: (cid: string) => `http://127.0.0.1:17779/tx/${cid.split(':')[0]}`
   },
   0: { // btc
     [Mainnet]: (cid: string) => `https://mempool.space/tx/${cid.split(':')[0]}`,

client/webserver/site/src/js/markets.ts

@@ -1132,10 +1132,17 @@ export default class MarketsPage extends BasePage {
     // exchange data, so just put up a message and wait for the connection to be
     // established, at which time handleConnNote will refresh and reload.
     if (!dex || !dex.markets || dex.connectionStatus !== ConnectionStatus.Connected) {
-      let errMsg = intl.prep(intl.ID_CONNECTION_FAILED)
-      if (dex.disabled) errMsg = intl.prep(intl.ID_DEX_DISABLED_MSG)
-      page.chartErrMsg.textContent = errMsg
-      Doc.show(page.chartErrMsg, page.disconnectedOverlay)
+      if (dex && dex.disabled) {
+        page.disabledMsg.textContent = intl.prep(intl.ID_DEX_DISABLED_MSG)
+        page.disabledSettingsLink.href = `/dexsettings/${dex.host}`
+        Doc.show(page.disabledContent)
+        Doc.hide(page.disconnectedContent)
+      } else {
+        page.chartErrMsg.textContent = intl.prep(intl.ID_CONNECTION_FAILED)
+        Doc.show(page.chartErrMsg, page.disconnectedContent)
+        Doc.hide(page.disabledContent)
+      }
+      Doc.show(page.disconnectedOverlay)
       return
     }
 

client/webserver/site/src/js/wallets.ts

@@ -2375,7 +2375,18 @@ export default class WalletsPage extends BasePage {
   /* Display a deposit address. */
   async showDeposit () {
     const { page, selectedTicker: { networkAssets } } = this
-    const assetIDs = networkAssets.map(({ assetID }: NetworkAsset) => assetID)
+    const assetIDs = networkAssets
+      .filter(({ assetID, token }: NetworkAsset) => {
+        const w = app().walletMap[assetID]
+        if (!w || w.disabled) return false
+        if (token) {
+          const pw = app().walletMap[token.parentID]
+          if (pw && pw.disabled) return false
+        }
+        return true
+      })
+      .map(({ assetID }: NetworkAsset) => assetID)
+    if (assetIDs.length === 0) return
     this.depositAddrForm.setAssetSelect(assetIDs)
     this.forms.show(page.deposit)
   }

docs/release-notes/release-notes-1.1.0.md

@@ -18,22 +18,29 @@ This release introduces per-match swap addresses, which change the trade
 negotiation protocol. Old clients cannot trade on a v1.1.0 server and new
 clients cannot trade on a v1.0.x server.
 
-### EVM Contract Upgrade (Server Operators)
+### Upgrading (Server Operators)
 
-v1.0.6 used EVM contract version 0. v1.1.0 defaults to contract version 1.
-The server's RPC client binds to a single contract version, so after upgrading
-the server cannot verify coins from in-flight v0 swaps. To handle this safely,
-operators should either:
+All active swaps from v1.0.x will be revoked on upgrade because the v1.1.0
+server requires per-match swap addresses on all matches. Revoked matches are
+marked as no-fault, so neither party is penalized, but participants with
+on-chain swaps will need to wait for locktime expiry to refund.
 
-1. Wait for all active EVM swaps to complete before upgrading, OR
-2. Place an `evm-protocol-overrides.json` file in the server's working
-   directory to keep v0 until remaining swaps drain:
+**Operators must wait for all active swaps to complete before upgrading.**
 
-   ```json
-   {"eth": 0, "usdc.eth": 0, "usdt.eth": 0, "matic.eth": 0}
-   ```
+Additionally, v1.0.6 used EVM contract version 0 while v1.1.0 defaults to
+contract version 1. An `evm-protocol-overrides.json` file can be placed in
+the server's working directory to override the contract version for specific
+assets, but this does not prevent the per-match address revocation above.
 
-   Once no v0 swaps remain, remove the file and restart to use v1.
+## Known Issues
+
+### Electrum Wallets Temporarily Disabled
+
+Electrum wallet support (BTC, LTC, FIRO) has been temporarily disabled due to
+inconsistencies found during testing. Existing Electrum wallets will continue
+to function, but new Electrum wallet creation is not available in this release.
+Users should use native SPV or RPC wallets instead. A fix is expected in a
+subsequent patch release.
 
 ## New Features