npm - @metamask-previews/seedless-onboarding-controller - Versions diffs - 5.0.0-preview-e9293111 → 6.0.0-preview-79b6f72 - Mend

@metamask-previews/seedless-onboarding-controller 5.0.0-preview-e9293111 → 6.0.0-preview-79b6f72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +22 -1
package/dist/SeedlessOnboardingController.cjs +70 -43
package/dist/SeedlessOnboardingController.cjs.map +1 -1
package/dist/SeedlessOnboardingController.d.cts +7 -1
package/dist/SeedlessOnboardingController.d.cts.map +1 -1
package/dist/SeedlessOnboardingController.d.mts +7 -1
package/dist/SeedlessOnboardingController.d.mts.map +1 -1
package/dist/SeedlessOnboardingController.mjs +70 -43
package/dist/SeedlessOnboardingController.mjs.map +1 -1
package/dist/constants.cjs +1 -0
package/dist/constants.cjs.map +1 -1
package/dist/constants.d.cts +2 -1
package/dist/constants.d.cts.map +1 -1
package/dist/constants.d.mts +2 -1
package/dist/constants.d.mts.map +1 -1
package/dist/constants.mjs +1 -0
package/dist/constants.mjs.map +1 -1
package/package.json +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+### Fixed
+- Fixed `InvalidRevokeToken` issue in `refreshAuthTokens` method. ([#7012](https://github.com/MetaMask/core/pull/7012))
+## [6.0.0]
+### Added
+- Added new public method, `checkIsSeedlessOnboardingUserAuthenticated` to validate the controller authenticate tokens state. ([#6998](https://github.com/MetaMask/core/pull/6998))
+### Changed
+- **BREAKING** Update `refreshToken` and `revokeToken` params as required in `Authenticate` method. ([#6998](https://github.com/MetaMask/core/pull/6998))
+- Refactor `refreshAuthTokens` method, separately catch refreshJWTToken and authenticate errors. ([#6998](https://github.com/MetaMask/core/pull/6998))
+- Bump `@metamask/toprf-secure-backup` package to `0.10.0`. ([#6998](https://github.com/MetaMask/core/pull/6998))
+### Fixed
+- Fixed `Invalid Access Token` error during rehydration. ([#6998](https://github.com/MetaMask/core/pull/6998))
 ## [5.0.0]
 ### Changed
@@ -202,7 +222,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - `checkIsPasswordOutdated`: Check if the password is current device is outdated, i.e. user changed password in another device.
     - `clearState`: Reset the state of the controller to the defaults.
-[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@5.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@6.0.0...HEAD
+[6.0.0]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@5.0.0...@metamask/seedless-onboarding-controller@6.0.0
 [5.0.0]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@4.1.1...@metamask/seedless-onboarding-controller@5.0.0
 [4.1.1]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@4.1.0...@metamask/seedless-onboarding-controller@4.1.1
 [4.1.0]: https://github.com/MetaMask/core/compare/@metamask/seedless-onboarding-controller@4.0.0...@metamask/seedless-onboarding-controller@4.1.0

package/dist/SeedlessOnboardingController.cjs CHANGED Viewed

@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isTokenExpiredError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
+var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isAuthTokenError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SeedlessOnboardingController = exports.getInitialSeedlessOnboardingControllerStateWithDefaults = void 0;
 const auth_network_utils_1 = require("@metamask/auth-network-utils");
@@ -297,14 +297,12 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
                     state.authConnection = authConnection;
                     state.socialLoginEmail = socialLoginEmail;
                     state.metadataAccessToken = metadataAccessToken;
-                    state.accessToken = accessToken;
-                    if (refreshToken) {
-                        state.refreshToken = refreshToken;
-                    }
+                    state.refreshToken = refreshToken;
                     if (revokeToken) {
-                        // Temporarily store revoke token in state for later vault creation
+                        // Temporarily store revoke token & access token in state for later vault creation
                         state.revokeToken = revokeToken;
                     }
+                    state.accessToken = accessToken;
                     // we will check if the controller state is properly set with the authenticated user info
                     // before setting the isSeedlessOnboardingUserAuthenticated to true
                     (0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(state);
@@ -406,26 +404,26 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
      */
     async fetchAllSecretData(password) {
         return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, async () => {
-            // assert that the user is authenticated before fetching the secret data
-            __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
-            let encKey;
-            let pwEncKey;
-            let authKeyPair;
-            if (password) {
-                const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
-                encKey = recoverEncKeyResult.encKey;
-                pwEncKey = recoverEncKeyResult.pwEncKey;
-                authKeyPair = recoverEncKeyResult.authKeyPair;
-            }
-            else {
-                __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
-                // verify the password and unlock the vault
-                const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
-                encKey = keysFromVault.toprfEncryptionKey;
-                pwEncKey = keysFromVault.toprfPwEncryptionKey;
-                authKeyPair = keysFromVault.toprfAuthKeyPair;
-            }
-            const performFetch = async () => {
+            return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, async () => {
+                // assert that the user is authenticated before fetching the secret data
+                __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
+                let encKey;
+                let pwEncKey;
+                let authKeyPair;
+                if (password) {
+                    const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
+                    encKey = recoverEncKeyResult.encKey;
+                    pwEncKey = recoverEncKeyResult.pwEncKey;
+                    authKeyPair = recoverEncKeyResult.authKeyPair;
+                }
+                else {
+                    __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
+                    // verify the password and unlock the vault
+                    const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
+                    encKey = keysFromVault.toprfEncryptionKey;
+                    pwEncKey = keysFromVault.toprfPwEncryptionKey;
+                    authKeyPair = keysFromVault.toprfAuthKeyPair;
+                }
                 const secrets = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore).call(this, encKey, authKeyPair);
                 if (password) {
                     // if password is provided, we need to create a new vault with the auth data. (supposedly the user is trying to rehydrate the wallet)
@@ -437,8 +435,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
                     });
                 }
                 return secrets;
-            };
-            return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, performFetch, 'fetchAllSecretData');
+            }, 'fetchAllSecretData');
         });
     }
     /**
@@ -634,7 +631,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
      */
     async checkIsPasswordOutdated(options) {
         const doCheckIsPasswordExpired = async () => {
-            __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
             // cache result to reduce load on infra
             // Check cache first unless skipCache is true
             if (!options?.skipCache) {
@@ -647,6 +643,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
                     return passwordOutdatedCache.isExpiredPwd;
                 }
             }
+            __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
             const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
             const currentDeviceAuthPubKey = __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverAuthPubKey).call(this);
             let globalAuthPubKey = options?.globalAuthPubKey;
@@ -676,6 +673,26 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
             ? await doCheckIsPasswordExpired()
             : await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, doCheckIsPasswordExpired), 'checkIsPasswordOutdated');
     }
+    /**
+     * Check if the user is authenticated with the seedless onboarding flow by checking the token values in the state.
+     *
+     * @returns True if the user is authenticated, false otherwise.
+     */
+    async checkIsSeedlessOnboardingUserAuthenticated() {
+        let isAuthenticated = false;
+        try {
+            __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
+            isAuthenticated =
+                Boolean(this.state.accessToken) && Boolean(this.state.refreshToken);
+        }
+        catch {
+            isAuthenticated = false;
+        }
+        this.update((state) => {
+            state.isSeedlessOnboardingUserAuthenticated = isAuthenticated;
+        });
+        return isAuthenticated;
+    }
     /**
      * Clears the current state of the SeedlessOnboardingController.
      */
@@ -716,11 +733,14 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
     async refreshAuthTokens() {
         __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
         const { refreshToken } = this.state;
+        const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
+            connection: this.state.authConnection,
+            refreshToken,
+        }).catch((error) => {
+            log('Error refreshing JWT tokens', error);
+            throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToRefreshJWTTokens);
+        });
         try {
-            const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
-                connection: this.state.authConnection,
-                refreshToken,
-            });
             const { idTokens, accessToken, metadataAccessToken } = res;
             // re-authenticate with the new id tokens to set new node auth tokens
             await this.authenticate({
@@ -731,6 +751,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
                 authConnectionId: this.state.authConnectionId,
                 groupedAuthConnectionId: this.state.groupedAuthConnectionId,
                 userId: this.state.userId,
+                refreshToken,
                 skipLock: true,
             });
         }
@@ -912,7 +933,7 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
         __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_setUnlocked).call(this);
     }
     catch (error) {
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             throw error;
         }
         if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isMaxKeyChainLengthError).call(this, error)) {
@@ -968,7 +989,7 @@ async function _SeedlessOnboardingController_persistOprfKey(oprfKey, authPubKey)
         });
     }
     catch (error) {
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             throw error;
         }
         log('Error persisting local encryption key', error);
@@ -1033,10 +1054,10 @@ async function _SeedlessOnboardingController_loadSeedlessEncryptionKey(encKey) {
  */
 async function _SeedlessOnboardingController_recoverEncKey(password) {
     __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
-    const { authConnectionId, groupedAuthConnectionId, userId } = this.state;
+    const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
     try {
         const recoverEncKeyResult = await this.toprfClient.recoverEncKey({
-            nodeAuthTokens: this.state.nodeAuthTokens,
+            nodeAuthTokens,
             password,
             authConnectionId,
             groupedAuthConnectionId,
@@ -1046,7 +1067,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
     }
     catch (error) {
         // throw token expired error for token refresh handler
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             throw error;
         }
         throw errors_1.RecoveryError.getInstance(error);
@@ -1062,7 +1083,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
     }
     catch (error) {
         log('Error fetching secret data', error);
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             throw error;
         }
         throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToFetchSecretMetadata);
@@ -1166,7 +1187,7 @@ async function _SeedlessOnboardingController_encryptAndStoreSecretData(params) {
         });
     }
     catch (error) {
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             throw error;
         }
         log('Error encrypting and storing secret data backup', error);
@@ -1324,6 +1345,9 @@ async function _SeedlessOnboardingController_withPersistedSecretMetadataBackupsS
 async function _SeedlessOnboardingController_createNewVaultWithAuthData({ password, rawToprfEncryptionKey, rawToprfPwEncryptionKey, rawToprfAuthKeyPair, }) {
     __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
     const { revokeToken } = this.state;
+    if (!revokeToken) {
+        throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidRevokeToken);
+    }
     const accessToken = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_getAccessToken).call(this, password);
     const vaultData = {
         toprfAuthKeyPair: rawToprfAuthKeyPair,
@@ -1475,10 +1499,13 @@ async function _SeedlessOnboardingController_assertPasswordInSync(options) {
             { refreshToken, revokeToken },
         ];
     });
-}, _SeedlessOnboardingController_isTokenExpiredError = function _SeedlessOnboardingController_isTokenExpiredError(error) {
+}, _SeedlessOnboardingController_isAuthTokenError = function _SeedlessOnboardingController_isAuthTokenError(error) {
     if (error instanceof toprf_secure_backup_1.TOPRFError) {
+        return (
         // eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
-        return error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired;
+        error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired ||
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
+            error.code === toprf_secure_backup_1.TOPRFErrorCode.InvalidAuthToken);
     }
     return false;
 }, _SeedlessOnboardingController_isMaxKeyChainLengthError = function _SeedlessOnboardingController_isMaxKeyChainLengthError(error) {
@@ -1521,7 +1548,7 @@ async function _SeedlessOnboardingController_executeWithTokenRefresh(operation,
     }
     catch (error) {
         // Check if this is a token expiration error
-        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
+        if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
             log(`Token expired during ${operationName}, attempting to refresh tokens`, error);
             try {
                 // Refresh the tokens