@metamask-previews/seedless-onboarding-controller 5.0.0-preview-e98a6769 → 5.0.0-preview-772b5970

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/CHANGELOG.md +0 -13
  2. package/dist/SeedlessOnboardingController.cjs +43 -61
  3. package/dist/SeedlessOnboardingController.cjs.map +1 -1
  4. package/dist/SeedlessOnboardingController.d.cts +2 -8
  5. package/dist/SeedlessOnboardingController.d.cts.map +1 -1
  6. package/dist/SeedlessOnboardingController.d.mts +2 -8
  7. package/dist/SeedlessOnboardingController.d.mts.map +1 -1
  8. package/dist/SeedlessOnboardingController.mjs +43 -61
  9. package/dist/SeedlessOnboardingController.mjs.map +1 -1
  10. package/dist/constants.cjs +0 -1
  11. package/dist/constants.cjs.map +1 -1
  12. package/dist/constants.d.cts +1 -2
  13. package/dist/constants.d.cts.map +1 -1
  14. package/dist/constants.d.mts +1 -2
  15. package/dist/constants.d.mts.map +1 -1
  16. package/dist/constants.mjs +0 -1
  17. package/dist/constants.mjs.map +1 -1
  18. package/dist/types.cjs.map +1 -1
  19. package/dist/types.d.cts +0 -4
  20. package/dist/types.d.cts.map +1 -1
  21. package/dist/types.d.mts +0 -4
  22. package/dist/types.d.mts.map +1 -1
  23. package/dist/types.mjs.map +1 -1
  24. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -7,19 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
- ### Added
11
-
12
- - Added new public method, `checkIsSeedlessOnboardingUserAuthenticated` to validate the controller authenticate tokens state. ([#6998](https://github.com/MetaMask/core/pull/6998))
13
-
14
- ### Changed
15
-
16
- - Refactor `refreshAuthTokens` method, separately catch refreshJWTToken and authenticate errors. ([#6998](https://github.com/MetaMask/core/pull/6998))
17
- - Bump `@metamask/toprf-secure-backup` package to `0.9.0`. ([#6998](https://github.com/MetaMask/core/pull/6998))
18
-
19
- ### Fixed
20
-
21
- - Fixed `Invalid Access Token` error during rehydration. ([#6998](https://github.com/MetaMask/core/pull/6998))
22
-
23
10
  ## [5.0.0]
24
11
 
25
12
  ### Changed
package/dist/SeedlessOnboardingController.cjs CHANGED
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
10
10
  if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
11
11
  return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
12
12
  };
13
- var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isAuthTokenError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
13
+ var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_getAccessToken, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isTokenExpiredError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
14
14
  Object.defineProperty(exports, "__esModule", { value: true });
15
15
  exports.SeedlessOnboardingController = exports.getInitialSeedlessOnboardingControllerStateWithDefaults = void 0;
16
16
  const auth_network_utils_1 = require("@metamask/auth-network-utils");
@@ -297,10 +297,14 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
297
297
  state.authConnection = authConnection;
298
298
  state.socialLoginEmail = socialLoginEmail;
299
299
  state.metadataAccessToken = metadataAccessToken;
300
- state.refreshToken = refreshToken;
301
- // Temporarily store revoke token & access token in state for later vault creation
302
- state.revokeToken = revokeToken;
303
300
  state.accessToken = accessToken;
301
+ if (refreshToken) {
302
+ state.refreshToken = refreshToken;
303
+ }
304
+ if (revokeToken) {
305
+ // Temporarily store revoke token in state for later vault creation
306
+ state.revokeToken = revokeToken;
307
+ }
304
308
  // we will check if the controller state is properly set with the authenticated user info
305
309
  // before setting the isSeedlessOnboardingUserAuthenticated to true
306
310
  (0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(state);
@@ -402,26 +406,26 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
402
406
  */
403
407
  async fetchAllSecretData(password) {
404
408
  return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, async () => {
405
- return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, async () => {
406
- // assert that the user is authenticated before fetching the secret data
407
- __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
408
- let encKey;
409
- let pwEncKey;
410
- let authKeyPair;
411
- if (password) {
412
- const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
413
- encKey = recoverEncKeyResult.encKey;
414
- pwEncKey = recoverEncKeyResult.pwEncKey;
415
- authKeyPair = recoverEncKeyResult.authKeyPair;
416
- }
417
- else {
418
- __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
419
- // verify the password and unlock the vault
420
- const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
421
- encKey = keysFromVault.toprfEncryptionKey;
422
- pwEncKey = keysFromVault.toprfPwEncryptionKey;
423
- authKeyPair = keysFromVault.toprfAuthKeyPair;
424
- }
409
+ // assert that the user is authenticated before fetching the secret data
410
+ __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
411
+ let encKey;
412
+ let pwEncKey;
413
+ let authKeyPair;
414
+ if (password) {
415
+ const recoverEncKeyResult = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverEncKey).call(this, password);
416
+ encKey = recoverEncKeyResult.encKey;
417
+ pwEncKey = recoverEncKeyResult.pwEncKey;
418
+ authKeyPair = recoverEncKeyResult.authKeyPair;
419
+ }
420
+ else {
421
+ __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsUnlocked).call(this);
422
+ // verify the password and unlock the vault
423
+ const keysFromVault = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_unlockVaultAndGetVaultData).call(this);
424
+ encKey = keysFromVault.toprfEncryptionKey;
425
+ pwEncKey = keysFromVault.toprfPwEncryptionKey;
426
+ authKeyPair = keysFromVault.toprfAuthKeyPair;
427
+ }
428
+ const performFetch = async () => {
425
429
  const secrets = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore).call(this, encKey, authKeyPair);
426
430
  if (password) {
427
431
  // if password is provided, we need to create a new vault with the auth data. (supposedly the user is trying to rehydrate the wallet)
@@ -433,7 +437,8 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
433
437
  });
434
438
  }
435
439
  return secrets;
436
- }, 'fetchAllSecretData');
440
+ };
441
+ return await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_executeWithTokenRefresh).call(this, performFetch, 'fetchAllSecretData');
437
442
  });
438
443
  }
439
444
  /**
@@ -671,21 +676,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
671
676
  ? await doCheckIsPasswordExpired()
672
677
  : await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_withControllerLock).call(this, doCheckIsPasswordExpired), 'checkIsPasswordOutdated');
673
678
  }
674
- /**
675
- * Check if the user is authenticated with the seedless onboarding flow by checking the token values in the state.
676
- *
677
- * @returns True if the user is authenticated, false otherwise.
678
- */
679
- async checkIsSeedlessOnboardingUserAuthenticated() {
680
- try {
681
- (0, assertions_1.assertIsSeedlessOnboardingUserAuthenticated)(this.state);
682
- // if accessToken is missing, the user needs to authenticate again
683
- return Boolean(this.state.accessToken) && Boolean(this.state.revokeToken);
684
- }
685
- catch {
686
- return false;
687
- }
688
- }
689
679
  /**
690
680
  * Clears the current state of the SeedlessOnboardingController.
691
681
  */
@@ -725,15 +715,12 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
725
715
  */
726
716
  async refreshAuthTokens() {
727
717
  __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
728
- const { refreshToken, revokeToken } = this.state;
729
- const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
730
- connection: this.state.authConnection,
731
- refreshToken,
732
- }).catch((error) => {
733
- log('Error refreshing JWT tokens', error);
734
- throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToRefreshJWTTokens);
735
- });
718
+ const { refreshToken } = this.state;
736
719
  try {
720
+ const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
721
+ connection: this.state.authConnection,
722
+ refreshToken,
723
+ });
737
724
  const { idTokens, accessToken, metadataAccessToken } = res;
738
725
  // re-authenticate with the new id tokens to set new node auth tokens
739
726
  await this.authenticate({
@@ -744,8 +731,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
744
731
  authConnectionId: this.state.authConnectionId,
745
732
  groupedAuthConnectionId: this.state.groupedAuthConnectionId,
746
733
  userId: this.state.userId,
747
- refreshToken,
748
- revokeToken,
749
734
  skipLock: true,
750
735
  });
751
736
  }
@@ -927,7 +912,7 @@ async function _SeedlessOnboardingController_submitGlobalPassword({ targetAuthPu
927
912
  __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_setUnlocked).call(this);
928
913
  }
929
914
  catch (error) {
930
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
915
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
931
916
  throw error;
932
917
  }
933
918
  if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isMaxKeyChainLengthError).call(this, error)) {
@@ -983,7 +968,7 @@ async function _SeedlessOnboardingController_persistOprfKey(oprfKey, authPubKey)
983
968
  });
984
969
  }
985
970
  catch (error) {
986
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
971
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
987
972
  throw error;
988
973
  }
989
974
  log('Error persisting local encryption key', error);
@@ -1061,7 +1046,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
1061
1046
  }
1062
1047
  catch (error) {
1063
1048
  // throw token expired error for token refresh handler
1064
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
1049
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
1065
1050
  throw error;
1066
1051
  }
1067
1052
  throw errors_1.RecoveryError.getInstance(error);
@@ -1077,7 +1062,7 @@ async function _SeedlessOnboardingController_recoverEncKey(password) {
1077
1062
  }
1078
1063
  catch (error) {
1079
1064
  log('Error fetching secret data', error);
1080
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
1065
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
1081
1066
  throw error;
1082
1067
  }
1083
1068
  throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.FailedToFetchSecretMetadata);
@@ -1181,7 +1166,7 @@ async function _SeedlessOnboardingController_encryptAndStoreSecretData(params) {
1181
1166
  });
1182
1167
  }
1183
1168
  catch (error) {
1184
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
1169
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
1185
1170
  throw error;
1186
1171
  }
1187
1172
  log('Error encrypting and storing secret data backup', error);
@@ -1490,13 +1475,10 @@ async function _SeedlessOnboardingController_assertPasswordInSync(options) {
1490
1475
  { refreshToken, revokeToken },
1491
1476
  ];
1492
1477
  });
1493
- }, _SeedlessOnboardingController_isAuthTokenError = function _SeedlessOnboardingController_isAuthTokenError(error) {
1478
+ }, _SeedlessOnboardingController_isTokenExpiredError = function _SeedlessOnboardingController_isTokenExpiredError(error) {
1494
1479
  if (error instanceof toprf_secure_backup_1.TOPRFError) {
1495
- return (
1496
1480
  // eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
1497
- error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired ||
1498
- // eslint-disable-next-line @typescript-eslint/no-unsafe-enum-comparison
1499
- error.code === toprf_secure_backup_1.TOPRFErrorCode.InvalidAuthToken);
1481
+ return error.code === toprf_secure_backup_1.TOPRFErrorCode.AuthTokenExpired;
1500
1482
  }
1501
1483
  return false;
1502
1484
  }, _SeedlessOnboardingController_isMaxKeyChainLengthError = function _SeedlessOnboardingController_isMaxKeyChainLengthError(error) {
@@ -1539,7 +1521,7 @@ async function _SeedlessOnboardingController_executeWithTokenRefresh(operation,
1539
1521
  }
1540
1522
  catch (error) {
1541
1523
  // Check if this is a token expiration error
1542
- if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isAuthTokenError).call(this, error)) {
1524
+ if (__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_isTokenExpiredError).call(this, error)) {
1543
1525
  log(`Token expired during ${operationName}, attempting to refresh tokens`, error);
1544
1526
  try {
1545
1527
  // Refresh the tokens