[dev] A consistent approach to wallet password protection & unlocking

[ghost]

There are a couple of open issues requesting wallet password prompts to be put in for Burn BSQ, Asset fee listing, Bonded Reputation, Unlock Bond, Make Proposal, Vote, and View Private Keys. There is already a wallet password prompt at app startup, and when sending from BTC & BSQ wallets. A previous PR was cited as an example of how to do it. But actually a more consistent way to unlock the wallet would be better.

The model used in other wallets like monero-wallet-cli and also Unix sudo is, upon a privileged action, to authenticate and keep that authentication for a certain period of time, e.g. 1 minute. That way if you are doing repeated wallet actions you don't have to enter the password every time. The wallet automatically locks itself after a minute of inactivity.

The other advantage is that you intercept the privilege escalation at the point it is used rather than spreading the same code all throughout the GUI. This makes code cleaner, more robust, and devs don't have to remember to code a password prompt every time a new wallet feature is added (like the one recently added to the Multisig Payout Tool).

We already have some form of unlock and lock on timeout implemented in CoreWalletsService.java. Perhaps this can be utilized. I just need to figure out the details, and wanted to communicate that I'm working on it as an overall solution to #5152 and #5276

cc: @bisq-network/bisq-devs @pazza83

[Conza88]

Nice. Yes, important to simplify across.
Also this #5396 tangentially related

[sqrrm]

This sounds like a good way to protect unauthorized usage as discussed in those issues and to keep code uniform. Good idea.

[pazza83]

Hi @JMACXX thanks for working on this. The solution proposed sounds great and would improve security.