Do not prompt for password to start owner API

[davidtavarez]

It makes no sense to ask for the password if one only wants to initialize the APIs. Asking for the password makes things unnecessarily difficult and insecure in case I, as a system administrator, want to have the APIs running as a system service.

[phyro]

@yeastplume I'm not familiar with this part. The wallet lifecycle RFC says

'Open' wallets store their in-memory seeds XORed against the token, which is temporarily XORed against the supplied token during each request to reproduce the master seed.

Is opening a wallet here by design or can we remove it?

[davidtavarez]

@yeastplume I'm not familiar with this part. The wallet lifecycle RFC says

'Open' wallets store their in-memory seeds XORed against the token, which is temporarily XORed against the supplied token during each request to reproduce the master seed.

Is opening a wallet here by design or can we remove it?

It can be remove it. When the open_wallet method is called, the token is generated. If I want to use the APIs I should not be asked to enter the password wallet and then anyways get the token via que API using open_wallet method.

My guess is that since the token can be null while using init_secure_api one could call init_secure_api directly without calling open_wallet because the wallet is already open.

What changes this PR is that the wallet will not open unless someone passes the password directly while setting the owner_api flag.

What I want to achieve is to be able to configure a local service that runs the API. In case the instance running the service is restarted, the service could be started automatically after starting the instance without human intervention.

[yeastplume]

I think this is fine, the password check is likely left over from before the implementation of the lifecycle API and tokens, when there was no concept of opening or closing wallets, just the single 'open wallet' on the listener.