@metamask-previews/seedless-onboarding-controller 5.0.0-preview-7bc334fb → 5.0.0-preview-772b5970
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -14
- package/dist/SeedlessOnboardingController.cjs +76 -66
- package/dist/SeedlessOnboardingController.cjs.map +1 -1
- package/dist/SeedlessOnboardingController.d.cts +2 -8
- package/dist/SeedlessOnboardingController.d.cts.map +1 -1
- package/dist/SeedlessOnboardingController.d.mts +2 -8
- package/dist/SeedlessOnboardingController.d.mts.map +1 -1
- package/dist/SeedlessOnboardingController.mjs +77 -67
- package/dist/SeedlessOnboardingController.mjs.map +1 -1
- package/dist/assertions.cjs +4 -20
- package/dist/assertions.cjs.map +1 -1
- package/dist/assertions.d.cts +0 -7
- package/dist/assertions.d.cts.map +1 -1
- package/dist/assertions.d.mts +0 -7
- package/dist/assertions.d.mts.map +1 -1
- package/dist/assertions.mjs +3 -18
- package/dist/assertions.mjs.map +1 -1
- package/dist/constants.cjs +0 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.cts +1 -2
- package/dist/constants.d.cts.map +1 -1
- package/dist/constants.d.mts +1 -2
- package/dist/constants.d.mts.map +1 -1
- package/dist/constants.mjs +0 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.cts +0 -8
- package/dist/types.d.cts.map +1 -1
- package/dist/types.d.mts +0 -8
- package/dist/types.d.mts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,20 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
-
### Added
|
|
11
|
-
|
|
12
|
-
- Added new public method, `checkIsSeedlessOnboardingUserAuthenticated` to validate the controller authenticate tokens state. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
13
|
-
|
|
14
|
-
### Changed
|
|
15
|
-
|
|
16
|
-
- **BREAKING** Update `refreshToken` and `revokeToken` params as required in `Authenticate` method. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
17
|
-
- Refactor `refreshAuthTokens` method, separately catch refreshJWTToken and authenticate errors. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
18
|
-
- Bump `@metamask/toprf-secure-backup` package to `0.9.0`. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
19
|
-
|
|
20
|
-
### Fixed
|
|
21
|
-
|
|
22
|
-
- Fixed `Invalid Access Token` error during rehydration. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
23
|
-
|
|
24
10
|
## [5.0.0]
|
|
25
11
|
|
|
26
12
|
### Changed
|
|
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
10
10
|
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
11
|
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
12
|
};
|
|
13
|
-
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList,
|
|
13
|
+
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isTokenExpiredError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.SeedlessOnboardingController = exports.getInitialSeedlessOnboardingControllerStateWithDefaults = void 0;
|
|
16
16
|
const auth_network_utils_1 = require("@metamask/auth-network-utils");
|
|
@@ -297,10 +297,14 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
297
297
|
state.authConnection = authConnection;
|
|
298
298
|
state.socialLoginEmail = socialLoginEmail;
|
|
299
299
|
state.metadataAccessToken = metadataAccessToken;
|
|
300
|
-
state.refreshToken = refreshToken;
|
|
301
|
-
// Temporarily store revoke token & access token in state for later vault creation
|
|
302
|
-
state.revokeToken = revokeToken;
|
|
303
300
|
state.accessToken = accessToken;
|
|
301
|
+
if (refreshToken) {
|
|
302
|
+
state.refreshToken = refreshToken;
|
|
303
|
+
}
|
|
304
|
+
if (revokeToken) {
|
|
305
|
+
// Temporarily store revoke token in state for later vault creation
|
|
306
|
+
state.revokeToken = revokeToken;
|
|
307
|
+
}
|
|
304
308
|
// we will check if the controller state is properly set with the authenticated user info
|
|
305
309
|
// before setting the isSeedlessOnboardingUserAuthenticated to true
|
|
306
310
|
(0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(state);
|
|
@@ -402,26 +406,26 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
402
406
|
*/
|
|
403
407
|
async fetchAllSecretData(password) {
|
|
404
408
|
return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, async () => {
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
409
|
+
// assert that the user is authenticated before fetching the secret data
|
|
410
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
411
|
+
let encKey;
|
|
412
|
+
let pwEncKey;
|
|
413
|
+
let authKeyPair;
|
|
414
|
+
if (password) {
|
|
415
|
+
const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
|
|
416
|
+
encKey = recoverEncKeyResult.encKey;
|
|
417
|
+
pwEncKey = recoverEncKeyResult.pwEncKey;
|
|
418
|
+
authKeyPair = recoverEncKeyResult.authKeyPair;
|
|
419
|
+
}
|
|
420
|
+
else {
|
|
421
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
|
|
422
|
+
// verify the password and unlock the vault
|
|
423
|
+
const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
|
|
424
|
+
encKey = keysFromVault.toprfEncryptionKey;
|
|
425
|
+
pwEncKey = keysFromVault.toprfPwEncryptionKey;
|
|
426
|
+
authKeyPair = keysFromVault.toprfAuthKeyPair;
|
|
427
|
+
}
|
|
428
|
+
const performFetch = async () => {
|
|
425
429
|
const secrets = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore).call(this, encKey, authKeyPair);
|
|
426
430
|
if (password) {
|
|
427
431
|
// if password is provided, we need to create a new vault with the auth data. (supposedly the user is trying to rehydrate the wallet)
|
|
@@ -433,7 +437,8 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
433
437
|
});
|
|
434
438
|
}
|
|
435
439
|
return secrets;
|
|
436
|
-
}
|
|
440
|
+
};
|
|
441
|
+
return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, performFetch, 'fetchAllSecretData');
|
|
437
442
|
});
|
|
438
443
|
}
|
|
439
444
|
/**
|
|
@@ -629,6 +634,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
629
634
|
*/
|
|
630
635
|
async checkIsPasswordOutdated(options) {
|
|
631
636
|
const doCheckIsPasswordExpired = async () => {
|
|
637
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
632
638
|
// cache result to reduce load on infra
|
|
633
639
|
// Check cache first unless skipCache is true
|
|
634
640
|
if (!options?.skipCache) {
|
|
@@ -641,7 +647,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
641
647
|
return passwordOutdatedCache.isExpiredPwd;
|
|
642
648
|
}
|
|
643
649
|
}
|
|
644
|
-
(0, assertions_1.assertIsAuthUserInfoValid)(this.state);
|
|
645
650
|
const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
|
|
646
651
|
const currentDeviceAuthPubKey = __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverAuthPubKey).call(this);
|
|
647
652
|
let globalAuthPubKey = options?.globalAuthPubKey;
|
|
@@ -671,21 +676,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
671
676
|
? await doCheckIsPasswordExpired()
|
|
672
677
|
: await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, doCheckIsPasswordExpired), 'checkIsPasswordOutdated');
|
|
673
678
|
}
|
|
674
|
-
/**
|
|
675
|
-
* Check if the user is authenticated with the seedless onboarding flow by checking the token values in the state.
|
|
676
|
-
*
|
|
677
|
-
* @returns True if the user is authenticated, false otherwise.
|
|
678
|
-
*/
|
|
679
|
-
async checkIsSeedlessOnboardingUserAuthenticated() {
|
|
680
|
-
try {
|
|
681
|
-
(0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(this.state);
|
|
682
|
-
// if accessToken is missing, the user needs to authenticate again
|
|
683
|
-
return Boolean(this.state.accessToken) && Boolean(this.state.revokeToken);
|
|
684
|
-
}
|
|
685
|
-
catch {
|
|
686
|
-
return false;
|
|
687
|
-
}
|
|
688
|
-
}
|
|
689
679
|
/**
|
|
690
680
|
* Clears the current state of the SeedlessOnboardingController.
|
|
691
681
|
*/
|
|
@@ -725,15 +715,12 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
725
715
|
*/
|
|
726
716
|
async refreshAuthTokens() {
|
|
727
717
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
728
|
-
const { refreshToken
|
|
729
|
-
const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
|
|
730
|
-
connection: this.state.authConnection,
|
|
731
|
-
refreshToken,
|
|
732
|
-
}).catch((error) => {
|
|
733
|
-
log('Error refreshing JWT tokens', error);
|
|
734
|
-
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToRefreshJWTTokens);
|
|
735
|
-
});
|
|
718
|
+
const { refreshToken } = this.state;
|
|
736
719
|
try {
|
|
720
|
+
const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
|
|
721
|
+
connection: this.state.authConnection,
|
|
722
|
+
refreshToken,
|
|
723
|
+
});
|
|
737
724
|
const { idTokens, accessToken, metadataAccessToken } = res;
|
|
738
725
|
// re-authenticate with the new id tokens to set new node auth tokens
|
|
739
726
|
await this.authenticate({
|
|
@@ -744,8 +731,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
744
731
|
authConnectionId: this.state.authConnectionId,
|
|
745
732
|
groupedAuthConnectionId: this.state.groupedAuthConnectionId,
|
|
746
733
|
userId: this.state.userId,
|
|
747
|
-
refreshToken,
|
|
748
|
-
revokeToken,
|
|
749
734
|
skipLock: true,
|
|
750
735
|
});
|
|
751
736
|
}
|
|
@@ -883,6 +868,9 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
883
868
|
try {
|
|
884
869
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
885
870
|
const { accessToken } = this.state;
|
|
871
|
+
if (!accessToken) {
|
|
872
|
+
return true; // Consider missing token as expired
|
|
873
|
+
}
|
|
886
874
|
const decodedToken = (0, utils_3.decodeJWTToken)(accessToken);
|
|
887
875
|
return decodedToken.exp < Math.floor(Date.now() / 1000);
|
|
888
876
|
}
|
|
@@ -924,7 +912,7 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
|
|
|
924
912
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_setUnlocked).call(this);
|
|
925
913
|
}
|
|
926
914
|
catch (error) {
|
|
927
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
915
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
928
916
|
throw error;
|
|
929
917
|
}
|
|
930
918
|
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isMaxKeyChainLengthError).call(this, error)) {
|
|
@@ -932,6 +920,30 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
|
|
|
932
920
|
}
|
|
933
921
|
throw errors_1.PasswordSyncError.getInstance(error);
|
|
934
922
|
}
|
|
923
|
+
}, _SeedlessOnboardingController_getAccessToken =
|
|
924
|
+
/**
|
|
925
|
+
* Get the access token from the state or the vault.
|
|
926
|
+
* If the access token is not in the state, it will be retrieved from the vault by decrypting it with the password.
|
|
927
|
+
*
|
|
928
|
+
* If both the access token and the vault are not available, an error will be thrown.
|
|
929
|
+
*
|
|
930
|
+
* @param password - The optional password to unlock the vault. If not provided, the access token will be retrieved from the vault.
|
|
931
|
+
* @returns The access token.
|
|
932
|
+
*/
|
|
933
|
+
async function _SeedlessOnboardingController_getAccessToken(password) {
|
|
934
|
+
const { accessToken, vault } = this.state;
|
|
935
|
+
if (accessToken) {
|
|
936
|
+
// if the access token is in the state, return it
|
|
937
|
+
return accessToken;
|
|
938
|
+
}
|
|
939
|
+
// otherwise, check the vault availability and decrypt the access token from the vault
|
|
940
|
+
if (!vault) {
|
|
941
|
+
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidAccessToken);
|
|
942
|
+
}
|
|
943
|
+
const { vaultData } = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_decryptAndParseVaultData).call(this, {
|
|
944
|
+
password,
|
|
945
|
+
});
|
|
946
|
+
return vaultData.accessToken;
|
|
935
947
|
}, _SeedlessOnboardingController_setUnlocked = function _SeedlessOnboardingController_setUnlocked() {
|
|
936
948
|
__classPrivateFieldSet(this, _SeedlessOnboardingController_isUnlocked, true, "f");
|
|
937
949
|
}, _SeedlessOnboardingController_persistOprfKey =
|
|
@@ -956,7 +968,7 @@ async function _SeedlessOnboardingController_persistOprfKey(oprfKey, authPubKey)
|
|
|
956
968
|
});
|
|
957
969
|
}
|
|
958
970
|
catch (error) {
|
|
959
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
971
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
960
972
|
throw error;
|
|
961
973
|
}
|
|
962
974
|
log('Error persisting local encryption key', error);
|
|
@@ -1020,11 +1032,11 @@ async function _SeedlessOnboardingController_loadSeedlessEncryptionKey(encKey) {
|
|
|
1020
1032
|
* @throws RecoveryError - If failed to recover the encryption key.
|
|
1021
1033
|
*/
|
|
1022
1034
|
async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
1023
|
-
(
|
|
1024
|
-
const {
|
|
1035
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1036
|
+
const { authConnectionId, groupedAuthConnectionId, userId } = this.state;
|
|
1025
1037
|
try {
|
|
1026
1038
|
const recoverEncKeyResult = await this.toprfClient.recoverEncKey({
|
|
1027
|
-
nodeAuthTokens,
|
|
1039
|
+
nodeAuthTokens: this.state.nodeAuthTokens,
|
|
1028
1040
|
password,
|
|
1029
1041
|
authConnectionId,
|
|
1030
1042
|
groupedAuthConnectionId,
|
|
@@ -1034,7 +1046,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
|
1034
1046
|
}
|
|
1035
1047
|
catch (error) {
|
|
1036
1048
|
// throw token expired error for token refresh handler
|
|
1037
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1049
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1038
1050
|
throw error;
|
|
1039
1051
|
}
|
|
1040
1052
|
throw errors_1.RecoveryError.getInstance(error);
|
|
@@ -1050,7 +1062,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
|
1050
1062
|
}
|
|
1051
1063
|
catch (error) {
|
|
1052
1064
|
log('Error fetching secret data', error);
|
|
1053
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1065
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1054
1066
|
throw error;
|
|
1055
1067
|
}
|
|
1056
1068
|
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToFetchSecretMetadata);
|
|
@@ -1154,7 +1166,7 @@ async function _SeedlessOnboardingController_encryptAndStoreSecretData(params) {
|
|
|
1154
1166
|
});
|
|
1155
1167
|
}
|
|
1156
1168
|
catch (error) {
|
|
1157
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1169
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1158
1170
|
throw error;
|
|
1159
1171
|
}
|
|
1160
1172
|
log('Error encrypting and storing secret data backup', error);
|
|
@@ -1311,7 +1323,8 @@ async function _SeedlessOnboardingController_withPersistedSecretMetadataBackupsS
|
|
|
1311
1323
|
*/
|
|
1312
1324
|
async function _SeedlessOnboardingController_createNewVaultWithAuthData({ password, rawToprfEncryptionKey, rawToprfPwEncryptionKey, rawToprfAuthKeyPair, }) {
|
|
1313
1325
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1314
|
-
const { revokeToken
|
|
1326
|
+
const { revokeToken } = this.state;
|
|
1327
|
+
const accessToken = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_getAccessToken).call(this, password);
|
|
1315
1328
|
const vaultData = {
|
|
1316
1329
|
toprfAuthKeyPair: rawToprfAuthKeyPair,
|
|
1317
1330
|
toprfEncryptionKey: rawToprfEncryptionKey,
|
|
@@ -1462,13 +1475,10 @@ async function _SeedlessOnboardingController_assertPasswordInSync(options) {
|
|
|
1462
1475
|
{ refreshToken, revokeToken },
|
|
1463
1476
|
];
|
|
1464
1477
|
});
|
|
1465
|
-
},
|
|
1478
|
+
}, _SeedlessOnboardingController_isTokenExpiredError = function _SeedlessOnboardingController_isTokenExpiredError(error) {
|
|
1466
1479
|
if (error instanceof toprf_secure_backup_1.TOPRFError) {
|
|
1467
|
-
return (
|
|
1468
1480
|
// eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
|
|
1469
|
-
error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired
|
|
1470
|
-
// eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
|
|
1471
|
-
error.code === toprf_secure_backup_1.TOPRFErrorCode.InvalidAuthToken);
|
|
1481
|
+
return error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired;
|
|
1472
1482
|
}
|
|
1473
1483
|
return false;
|
|
1474
1484
|
}, _SeedlessOnboardingController_isMaxKeyChainLengthError = function _SeedlessOnboardingController_isMaxKeyChainLengthError(error) {
|
|
@@ -1511,7 +1521,7 @@ async function _SeedlessOnboardingController_executeWithTokenRefresh(operation,
|
|
|
1511
1521
|
}
|
|
1512
1522
|
catch (error) {
|
|
1513
1523
|
// Check if this is a token expiration error
|
|
1514
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1524
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1515
1525
|
log(`Token expired during ${operationName}, attempting to refresh tokens`, error);
|
|
1516
1526
|
try {
|
|
1517
1527
|
// Refresh the tokens
|