@metamask-previews/seedless-onboarding-controller 5.0.0-preview-bd9da90 → 5.0.0-preview-1ae9d4fd
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +0 -14
- package/dist/SeedlessOnboardingController.cjs +76 -70
- package/dist/SeedlessOnboardingController.cjs.map +1 -1
- package/dist/SeedlessOnboardingController.d.cts +2 -8
- package/dist/SeedlessOnboardingController.d.cts.map +1 -1
- package/dist/SeedlessOnboardingController.d.mts +2 -8
- package/dist/SeedlessOnboardingController.d.mts.map +1 -1
- package/dist/SeedlessOnboardingController.mjs +77 -71
- package/dist/SeedlessOnboardingController.mjs.map +1 -1
- package/dist/assertions.cjs +4 -20
- package/dist/assertions.cjs.map +1 -1
- package/dist/assertions.d.cts +0 -7
- package/dist/assertions.d.cts.map +1 -1
- package/dist/assertions.d.mts +0 -7
- package/dist/assertions.d.mts.map +1 -1
- package/dist/assertions.mjs +3 -18
- package/dist/assertions.mjs.map +1 -1
- package/dist/constants.cjs +0 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.cts +1 -2
- package/dist/constants.d.cts.map +1 -1
- package/dist/constants.d.mts +1 -2
- package/dist/constants.d.mts.map +1 -1
- package/dist/constants.mjs +0 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.cts +0 -8
- package/dist/types.d.cts.map +1 -1
- package/dist/types.d.mts +0 -8
- package/dist/types.d.mts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,20 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
-
### Added
|
|
11
|
-
|
|
12
|
-
- Added new public method, `checkIsSeedlessOnboardingUserAuthenticated` to validate the controller authenticate tokens state. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
13
|
-
|
|
14
|
-
### Changed
|
|
15
|
-
|
|
16
|
-
- **BREAKING** Update `refreshToken` and `revokeToken` params as required in `Authenticate` method. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
17
|
-
- Refactor `refreshAuthTokens` method, separately catch refreshJWTToken and authenticate errors. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
18
|
-
- Bump `@metamask/toprf-secure-backup` package to `0.9.0`. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
19
|
-
|
|
20
|
-
### Fixed
|
|
21
|
-
|
|
22
|
-
- Fixed `Invalid Access Token` error during rehydration. ([#6998](https://github.com/MetaMask/core/pull/6998))
|
|
23
|
-
|
|
24
10
|
## [5.0.0]
|
|
25
11
|
|
|
26
12
|
### Changed
|
|
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
10
10
|
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
11
|
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
12
|
};
|
|
13
|
-
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList,
|
|
13
|
+
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isTokenExpiredError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.SeedlessOnboardingController = exports.getInitialSeedlessOnboardingControllerStateWithDefaults = void 0;
|
|
16
16
|
const auth_network_utils_1 = require("@metamask/auth-network-utils");
|
|
@@ -297,10 +297,14 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
297
297
|
state.authConnection = authConnection;
|
|
298
298
|
state.socialLoginEmail = socialLoginEmail;
|
|
299
299
|
state.metadataAccessToken = metadataAccessToken;
|
|
300
|
-
state.refreshToken = refreshToken;
|
|
301
|
-
// Temporarily store revoke token & access token in state for later vault creation
|
|
302
|
-
state.revokeToken = revokeToken;
|
|
303
300
|
state.accessToken = accessToken;
|
|
301
|
+
if (refreshToken) {
|
|
302
|
+
state.refreshToken = refreshToken;
|
|
303
|
+
}
|
|
304
|
+
if (revokeToken) {
|
|
305
|
+
// Temporarily store revoke token in state for later vault creation
|
|
306
|
+
state.revokeToken = revokeToken;
|
|
307
|
+
}
|
|
304
308
|
// we will check if the controller state is properly set with the authenticated user info
|
|
305
309
|
// before setting the isSeedlessOnboardingUserAuthenticated to true
|
|
306
310
|
(0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(state);
|
|
@@ -402,26 +406,26 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
402
406
|
*/
|
|
403
407
|
async fetchAllSecretData(password) {
|
|
404
408
|
return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, async () => {
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
409
|
+
// assert that the user is authenticated before fetching the secret data
|
|
410
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
411
|
+
let encKey;
|
|
412
|
+
let pwEncKey;
|
|
413
|
+
let authKeyPair;
|
|
414
|
+
if (password) {
|
|
415
|
+
const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
|
|
416
|
+
encKey = recoverEncKeyResult.encKey;
|
|
417
|
+
pwEncKey = recoverEncKeyResult.pwEncKey;
|
|
418
|
+
authKeyPair = recoverEncKeyResult.authKeyPair;
|
|
419
|
+
}
|
|
420
|
+
else {
|
|
421
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
|
|
422
|
+
// verify the password and unlock the vault
|
|
423
|
+
const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
|
|
424
|
+
encKey = keysFromVault.toprfEncryptionKey;
|
|
425
|
+
pwEncKey = keysFromVault.toprfPwEncryptionKey;
|
|
426
|
+
authKeyPair = keysFromVault.toprfAuthKeyPair;
|
|
427
|
+
}
|
|
428
|
+
const performFetch = async () => {
|
|
425
429
|
const secrets = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore).call(this, encKey, authKeyPair);
|
|
426
430
|
if (password) {
|
|
427
431
|
// if password is provided, we need to create a new vault with the auth data. (supposedly the user is trying to rehydrate the wallet)
|
|
@@ -433,7 +437,8 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
433
437
|
});
|
|
434
438
|
}
|
|
435
439
|
return secrets;
|
|
436
|
-
}
|
|
440
|
+
};
|
|
441
|
+
return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, performFetch, 'fetchAllSecretData');
|
|
437
442
|
});
|
|
438
443
|
}
|
|
439
444
|
/**
|
|
@@ -629,6 +634,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
629
634
|
*/
|
|
630
635
|
async checkIsPasswordOutdated(options) {
|
|
631
636
|
const doCheckIsPasswordExpired = async () => {
|
|
637
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
632
638
|
// cache result to reduce load on infra
|
|
633
639
|
// Check cache first unless skipCache is true
|
|
634
640
|
if (!options?.skipCache) {
|
|
@@ -641,7 +647,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
641
647
|
return passwordOutdatedCache.isExpiredPwd;
|
|
642
648
|
}
|
|
643
649
|
}
|
|
644
|
-
(0, assertions_1.assertIsAuthUserInfoValid)(this.state);
|
|
645
650
|
const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
|
|
646
651
|
const currentDeviceAuthPubKey = __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverAuthPubKey).call(this);
|
|
647
652
|
let globalAuthPubKey = options?.globalAuthPubKey;
|
|
@@ -671,25 +676,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
671
676
|
? await doCheckIsPasswordExpired()
|
|
672
677
|
: await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, doCheckIsPasswordExpired), 'checkIsPasswordOutdated');
|
|
673
678
|
}
|
|
674
|
-
/**
|
|
675
|
-
* Check if the user is authenticated with the seedless onboarding flow by checking the token values in the state.
|
|
676
|
-
*
|
|
677
|
-
* @returns True if the user is authenticated, false otherwise.
|
|
678
|
-
*/
|
|
679
|
-
async checkIsSeedlessOnboardingUserAuthenticated() {
|
|
680
|
-
let isAuthenticated = false;
|
|
681
|
-
try {
|
|
682
|
-
(0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(this.state);
|
|
683
|
-
isAuthenticated = true;
|
|
684
|
-
}
|
|
685
|
-
catch {
|
|
686
|
-
isAuthenticated = false;
|
|
687
|
-
}
|
|
688
|
-
this.update((state) => {
|
|
689
|
-
state.isSeedlessOnboardingUserAuthenticated = isAuthenticated;
|
|
690
|
-
});
|
|
691
|
-
return isAuthenticated;
|
|
692
|
-
}
|
|
693
679
|
/**
|
|
694
680
|
* Clears the current state of the SeedlessOnboardingController.
|
|
695
681
|
*/
|
|
@@ -729,15 +715,12 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
729
715
|
*/
|
|
730
716
|
async refreshAuthTokens() {
|
|
731
717
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
732
|
-
const { refreshToken
|
|
733
|
-
const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
|
|
734
|
-
connection: this.state.authConnection,
|
|
735
|
-
refreshToken,
|
|
736
|
-
}).catch((error) => {
|
|
737
|
-
log('Error refreshing JWT tokens', error);
|
|
738
|
-
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToRefreshJWTTokens);
|
|
739
|
-
});
|
|
718
|
+
const { refreshToken } = this.state;
|
|
740
719
|
try {
|
|
720
|
+
const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
|
|
721
|
+
connection: this.state.authConnection,
|
|
722
|
+
refreshToken,
|
|
723
|
+
});
|
|
741
724
|
const { idTokens, accessToken, metadataAccessToken } = res;
|
|
742
725
|
// re-authenticate with the new id tokens to set new node auth tokens
|
|
743
726
|
await this.authenticate({
|
|
@@ -748,8 +731,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
748
731
|
authConnectionId: this.state.authConnectionId,
|
|
749
732
|
groupedAuthConnectionId: this.state.groupedAuthConnectionId,
|
|
750
733
|
userId: this.state.userId,
|
|
751
|
-
refreshToken,
|
|
752
|
-
revokeToken,
|
|
753
734
|
skipLock: true,
|
|
754
735
|
});
|
|
755
736
|
}
|
|
@@ -887,6 +868,9 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
887
868
|
try {
|
|
888
869
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
889
870
|
const { accessToken } = this.state;
|
|
871
|
+
if (!accessToken) {
|
|
872
|
+
return true; // Consider missing token as expired
|
|
873
|
+
}
|
|
890
874
|
const decodedToken = (0, utils_3.decodeJWTToken)(accessToken);
|
|
891
875
|
return decodedToken.exp < Math.floor(Date.now() / 1000);
|
|
892
876
|
}
|
|
@@ -928,7 +912,7 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
|
|
|
928
912
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_setUnlocked).call(this);
|
|
929
913
|
}
|
|
930
914
|
catch (error) {
|
|
931
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
915
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
932
916
|
throw error;
|
|
933
917
|
}
|
|
934
918
|
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isMaxKeyChainLengthError).call(this, error)) {
|
|
@@ -936,6 +920,30 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
|
|
|
936
920
|
}
|
|
937
921
|
throw errors_1.PasswordSyncError.getInstance(error);
|
|
938
922
|
}
|
|
923
|
+
}, _SeedlessOnboardingController_getAccessToken =
|
|
924
|
+
/**
|
|
925
|
+
* Get the access token from the state or the vault.
|
|
926
|
+
* If the access token is not in the state, it will be retrieved from the vault by decrypting it with the password.
|
|
927
|
+
*
|
|
928
|
+
* If both the access token and the vault are not available, an error will be thrown.
|
|
929
|
+
*
|
|
930
|
+
* @param password - The optional password to unlock the vault. If not provided, the access token will be retrieved from the vault.
|
|
931
|
+
* @returns The access token.
|
|
932
|
+
*/
|
|
933
|
+
async function _SeedlessOnboardingController_getAccessToken(password) {
|
|
934
|
+
const { accessToken, vault } = this.state;
|
|
935
|
+
if (accessToken) {
|
|
936
|
+
// if the access token is in the state, return it
|
|
937
|
+
return accessToken;
|
|
938
|
+
}
|
|
939
|
+
// otherwise, check the vault availability and decrypt the access token from the vault
|
|
940
|
+
if (!vault) {
|
|
941
|
+
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidAccessToken);
|
|
942
|
+
}
|
|
943
|
+
const { vaultData } = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_decryptAndParseVaultData).call(this, {
|
|
944
|
+
password,
|
|
945
|
+
});
|
|
946
|
+
return vaultData.accessToken;
|
|
939
947
|
}, _SeedlessOnboardingController_setUnlocked = function _SeedlessOnboardingController_setUnlocked() {
|
|
940
948
|
__classPrivateFieldSet(this, _SeedlessOnboardingController_isUnlocked, true, "f");
|
|
941
949
|
}, _SeedlessOnboardingController_persistOprfKey =
|
|
@@ -960,7 +968,7 @@ async function _SeedlessOnboardingController_persistOprfKey(oprfKey, authPubKey)
|
|
|
960
968
|
});
|
|
961
969
|
}
|
|
962
970
|
catch (error) {
|
|
963
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
971
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
964
972
|
throw error;
|
|
965
973
|
}
|
|
966
974
|
log('Error persisting local encryption key', error);
|
|
@@ -1024,11 +1032,11 @@ async function _SeedlessOnboardingController_loadSeedlessEncryptionKey(encKey) {
|
|
|
1024
1032
|
* @throws RecoveryError - If failed to recover the encryption key.
|
|
1025
1033
|
*/
|
|
1026
1034
|
async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
1027
|
-
(
|
|
1028
|
-
const {
|
|
1035
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1036
|
+
const { authConnectionId, groupedAuthConnectionId, userId } = this.state;
|
|
1029
1037
|
try {
|
|
1030
1038
|
const recoverEncKeyResult = await this.toprfClient.recoverEncKey({
|
|
1031
|
-
nodeAuthTokens,
|
|
1039
|
+
nodeAuthTokens: this.state.nodeAuthTokens,
|
|
1032
1040
|
password,
|
|
1033
1041
|
authConnectionId,
|
|
1034
1042
|
groupedAuthConnectionId,
|
|
@@ -1038,7 +1046,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
|
1038
1046
|
}
|
|
1039
1047
|
catch (error) {
|
|
1040
1048
|
// throw token expired error for token refresh handler
|
|
1041
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1049
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1042
1050
|
throw error;
|
|
1043
1051
|
}
|
|
1044
1052
|
throw errors_1.RecoveryError.getInstance(error);
|
|
@@ -1054,7 +1062,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
|
1054
1062
|
}
|
|
1055
1063
|
catch (error) {
|
|
1056
1064
|
log('Error fetching secret data', error);
|
|
1057
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1065
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1058
1066
|
throw error;
|
|
1059
1067
|
}
|
|
1060
1068
|
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToFetchSecretMetadata);
|
|
@@ -1158,7 +1166,7 @@ async function _SeedlessOnboardingController_encryptAndStoreSecretData(params) {
|
|
|
1158
1166
|
});
|
|
1159
1167
|
}
|
|
1160
1168
|
catch (error) {
|
|
1161
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1169
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1162
1170
|
throw error;
|
|
1163
1171
|
}
|
|
1164
1172
|
log('Error encrypting and storing secret data backup', error);
|
|
@@ -1315,7 +1323,8 @@ async function _SeedlessOnboardingController_withPersistedSecretMetadataBackupsS
|
|
|
1315
1323
|
*/
|
|
1316
1324
|
async function _SeedlessOnboardingController_createNewVaultWithAuthData({ password, rawToprfEncryptionKey, rawToprfPwEncryptionKey, rawToprfAuthKeyPair, }) {
|
|
1317
1325
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1318
|
-
const { revokeToken
|
|
1326
|
+
const { revokeToken } = this.state;
|
|
1327
|
+
const accessToken = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_getAccessToken).call(this, password);
|
|
1319
1328
|
const vaultData = {
|
|
1320
1329
|
toprfAuthKeyPair: rawToprfAuthKeyPair,
|
|
1321
1330
|
toprfEncryptionKey: rawToprfEncryptionKey,
|
|
@@ -1466,13 +1475,10 @@ async function _SeedlessOnboardingController_assertPasswordInSync(options) {
|
|
|
1466
1475
|
{ refreshToken, revokeToken },
|
|
1467
1476
|
];
|
|
1468
1477
|
});
|
|
1469
|
-
},
|
|
1478
|
+
}, _SeedlessOnboardingController_isTokenExpiredError = function _SeedlessOnboardingController_isTokenExpiredError(error) {
|
|
1470
1479
|
if (error instanceof toprf_secure_backup_1.TOPRFError) {
|
|
1471
|
-
return (
|
|
1472
1480
|
// eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
|
|
1473
|
-
error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired
|
|
1474
|
-
// eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
|
|
1475
|
-
error.code === toprf_secure_backup_1.TOPRFErrorCode.InvalidAuthToken);
|
|
1481
|
+
return error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired;
|
|
1476
1482
|
}
|
|
1477
1483
|
return false;
|
|
1478
1484
|
}, _SeedlessOnboardingController_isMaxKeyChainLengthError = function _SeedlessOnboardingController_isMaxKeyChainLengthError(error) {
|
|
@@ -1515,7 +1521,7 @@ async function _SeedlessOnboardingController_executeWithTokenRefresh(operation,
|
|
|
1515
1521
|
}
|
|
1516
1522
|
catch (error) {
|
|
1517
1523
|
// Check if this is a token expiration error
|
|
1518
|
-
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m",
|
|
1524
|
+
if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
|
|
1519
1525
|
log(`Token expired during ${operationName}, attempting to refresh tokens`, error);
|
|
1520
1526
|
try {
|
|
1521
1527
|
// Refresh the tokens
|