npm - @metamask-previews/seedless-onboarding-controller - Versions diffs - 10.0.2-preview-55f166437 → 10.0.2-preview-e80844493 - Mend

@metamask-previews/seedless-onboarding-controller 10.0.2-preview-55f166437 → 10.0.2-preview-e80844493

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +4 -0
package/dist/SeedlessOnboardingController.cjs +22 -7
package/dist/SeedlessOnboardingController.cjs.map +1 -1
package/dist/SeedlessOnboardingController.d.cts.map +1 -1
package/dist/SeedlessOnboardingController.d.mts.map +1 -1
package/dist/SeedlessOnboardingController.mjs +22 -7
package/dist/SeedlessOnboardingController.mjs.map +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump `@metamask/utils` from `^11.9.0` to `^11.11.0` ([#9074](https://github.com/MetaMask/core/pull/9074))
 - Bump `@metamask/keyring-controller` from `^27.0.0` to `^27.1.0` ([#9129](https://github.com/MetaMask/core/pull/9129))
+### Fixed
+- Fix `InvalidPrimarySecretDataType` thrown for legacy accounts where client clock skew sorts a non-mnemonic item ahead of the primary SRP ([#9247](https://github.com/MetaMask/core/pull/9247))
 ## [10.0.2]
 ### Changed

package/dist/SeedlessOnboardingController.cjs CHANGED Viewed

@@ -1325,15 +1325,30 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
         }));
         // Sort: PrimarySrp first, then by createdAt/timestamp (oldest first)
         results.sort((a, b) => SecretMetadata_1.SecretMetadata.compare(a, b, 'asc'));
-        // Validate the first item is the primary SRP
-        const firstItem = results[0];
-        const isDataTypePrimary = firstItem.dataType === undefined ||
-            firstItem.dataType === null ||
-            firstItem.dataType === toprf_secure_backup_1.EncAccountDataType.PrimarySrp;
-        const isMnemonic = SecretMetadata_1.SecretMetadata.matchesType(firstItem, constants_1.SecretType.Mnemonic);
-        if (!isDataTypePrimary || !isMnemonic) {
+        // Find the primary SRP instead of assuming it is at index 0: legacy
+        // items have no `createdAt`, so ordering falls back to the client
+        // `timestamp`, which clock skew can sort a private key ahead of.
+        // A candidate is a mnemonic whose `dataType` is `PrimarySrp` or unset.
+        // `dataType` (a plaintext server field) is the only thing separating
+        // primary from imported SRP; legacy items lack it and the encrypted
+        // `SecretType` groups both, so among legacy mnemonics the primary is
+        // indistinguishable — we take the oldest (best-effort).
+        const primaryIndex = results.findIndex((item) => {
+            const isDataTypePrimary = item.dataType === undefined ||
+                item.dataType === null ||
+                item.dataType === toprf_secure_backup_1.EncAccountDataType.PrimarySrp;
+            return (isDataTypePrimary &&
+                SecretMetadata_1.SecretMetadata.matchesType(item, constants_1.SecretType.Mnemonic));
+        });
+        // No recoverable primary SRP exists in the metadata store.
+        if (primaryIndex === -1) {
             throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidPrimarySecretDataType);
         }
+        // Ensure the primary SRP is first; callers rely on `results[0]` being it.
+        if (primaryIndex > 0) {
+            const [primary] = results.splice(primaryIndex, 1);
+            results.unshift(primary);
+        }
         return results;
     }
     throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.NoSecretDataFound);