@metamask-previews/seedless-onboarding-controller 6.0.0-preview-eee46d4b → 6.0.0-preview-cc7e30d0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/dist/SeedlessOnboardingController.cjs +64 -31
- package/dist/SeedlessOnboardingController.cjs.map +1 -1
- package/dist/SeedlessOnboardingController.d.cts +1 -1
- package/dist/SeedlessOnboardingController.d.cts.map +1 -1
- package/dist/SeedlessOnboardingController.d.mts +1 -1
- package/dist/SeedlessOnboardingController.d.mts.map +1 -1
- package/dist/SeedlessOnboardingController.mjs +65 -32
- package/dist/SeedlessOnboardingController.mjs.map +1 -1
- package/dist/assertions.cjs +11 -27
- package/dist/assertions.cjs.map +1 -1
- package/dist/assertions.d.cts +0 -7
- package/dist/assertions.d.cts.map +1 -1
- package/dist/assertions.d.mts +0 -7
- package/dist/assertions.d.mts.map +1 -1
- package/dist/assertions.mjs +10 -25
- package/dist/assertions.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.cts +1 -9
- package/dist/types.d.cts.map +1 -1
- package/dist/types.d.mts +1 -9
- package/dist/types.d.mts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
### Changed
|
|
11
|
+
|
|
12
|
+
- Revert `revokeToken` value as optional in `authenticate` method. ([#7012](https://github.com/MetaMask/core/pull/7012))
|
|
13
|
+
|
|
14
|
+
### Fixed
|
|
15
|
+
|
|
16
|
+
- Fixed `InvalidRevokeToken` issue in `refreshAuthTokens` method. ([#7012](https://github.com/MetaMask/core/pull/7012))
|
|
17
|
+
|
|
10
18
|
## [6.0.0]
|
|
11
19
|
|
|
12
20
|
### Added
|
|
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
10
10
|
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
11
|
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
12
|
};
|
|
13
|
-
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isAuthTokenError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
|
|
13
|
+
var _SeedlessOnboardingController_instances, _SeedlessOnboardingController_vaultEncryptor, _SeedlessOnboardingController_controllerOperationMutex, _SeedlessOnboardingController_vaultOperationMutex, _SeedlessOnboardingController_refreshJWTToken, _SeedlessOnboardingController_revokeRefreshToken, _SeedlessOnboardingController_renewRefreshToken, _SeedlessOnboardingController_passwordOutdatedCacheTTL, _SeedlessOnboardingController_isUnlocked, _SeedlessOnboardingController_cachedDecryptedVaultData, _SeedlessOnboardingController_submitGlobalPassword, _SeedlessOnboardingController_setUnlocked, _SeedlessOnboardingController_persistOprfKey, _SeedlessOnboardingController_persistAuthPubKey, _SeedlessOnboardingController_storeKeyringEncryptionKey, _SeedlessOnboardingController_loadKeyringEncryptionKey, _SeedlessOnboardingController_loadSeedlessEncryptionKey, _SeedlessOnboardingController_recoverAuthPubKey, _SeedlessOnboardingController_recoverEncKey, _SeedlessOnboardingController_fetchAllSecretDataFromMetadataStore, _SeedlessOnboardingController_changeEncryptionKey, _SeedlessOnboardingController_encryptAndStoreSecretData, _SeedlessOnboardingController_unlockVaultAndGetVaultData, _SeedlessOnboardingController_decryptAndParseVaultData, _SeedlessOnboardingController_withPersistedSecretMetadataBackupsState, _SeedlessOnboardingController_filterDupesAndUpdateSocialBackupsMetadata, _SeedlessOnboardingController_createNewVaultWithAuthData, _SeedlessOnboardingController_updateVault, _SeedlessOnboardingController_getAccessTokenAndRevokeToken, _SeedlessOnboardingController_withControllerLock, _SeedlessOnboardingController_withVaultLock, _SeedlessOnboardingController_parseVaultData, _SeedlessOnboardingController_assertIsUnlocked, _SeedlessOnboardingController_assertIsAuthenticatedUser, _SeedlessOnboardingController_assertIsSRPBackedUpUser, _SeedlessOnboardingController_assertPasswordInSync, _SeedlessOnboardingController_resetPasswordOutdatedCache, _SeedlessOnboardingController_addRefreshTokenToRevokeList, _SeedlessOnboardingController_isAuthTokenError, _SeedlessOnboardingController_isMaxKeyChainLengthError, _SeedlessOnboardingController_executeWithTokenRefresh;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.SeedlessOnboardingController = exports.getInitialSeedlessOnboardingControllerStateWithDefaults = void 0;
|
|
16
16
|
const auth_network_utils_1 = require("@metamask/auth-network-utils");
|
|
@@ -298,8 +298,10 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
298
298
|
state.socialLoginEmail = socialLoginEmail;
|
|
299
299
|
state.metadataAccessToken = metadataAccessToken;
|
|
300
300
|
state.refreshToken = refreshToken;
|
|
301
|
-
|
|
302
|
-
|
|
301
|
+
if (revokeToken) {
|
|
302
|
+
// Temporarily store revoke token & access token in state for later vault creation
|
|
303
|
+
state.revokeToken = revokeToken;
|
|
304
|
+
}
|
|
303
305
|
state.accessToken = accessToken;
|
|
304
306
|
// we will check if the controller state is properly set with the authenticated user info
|
|
305
307
|
// before setting the isSeedlessOnboardingUserAuthenticated to true
|
|
@@ -641,7 +643,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
641
643
|
return passwordOutdatedCache.isExpiredPwd;
|
|
642
644
|
}
|
|
643
645
|
}
|
|
644
|
-
(
|
|
646
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
645
647
|
const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
|
|
646
648
|
const currentDeviceAuthPubKey = __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_recoverAuthPubKey).call(this);
|
|
647
649
|
let globalAuthPubKey = options?.globalAuthPubKey;
|
|
@@ -679,8 +681,9 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
679
681
|
async checkIsSeedlessOnboardingUserAuthenticated() {
|
|
680
682
|
let isAuthenticated = false;
|
|
681
683
|
try {
|
|
682
|
-
(
|
|
683
|
-
isAuthenticated =
|
|
684
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
685
|
+
isAuthenticated =
|
|
686
|
+
Boolean(this.state.accessToken) && Boolean(this.state.refreshToken);
|
|
684
687
|
}
|
|
685
688
|
catch {
|
|
686
689
|
isAuthenticated = false;
|
|
@@ -729,7 +732,7 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
729
732
|
*/
|
|
730
733
|
async refreshAuthTokens() {
|
|
731
734
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
732
|
-
const { refreshToken
|
|
735
|
+
const { refreshToken } = this.state;
|
|
733
736
|
const res = await __classPrivateFieldGet(this, _SeedlessOnboardingController_refreshJWTToken, "f").call(this, {
|
|
734
737
|
connection: this.state.authConnection,
|
|
735
738
|
refreshToken,
|
|
@@ -749,7 +752,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
749
752
|
groupedAuthConnectionId: this.state.groupedAuthConnectionId,
|
|
750
753
|
userId: this.state.userId,
|
|
751
754
|
refreshToken,
|
|
752
|
-
revokeToken,
|
|
753
755
|
skipLock: true,
|
|
754
756
|
});
|
|
755
757
|
}
|
|
@@ -774,9 +776,6 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
774
776
|
password,
|
|
775
777
|
encryptionKey: vaultEncryptionKey,
|
|
776
778
|
});
|
|
777
|
-
if (!revokeToken) {
|
|
778
|
-
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidRevokeToken);
|
|
779
|
-
}
|
|
780
779
|
const { newRevokeToken, newRefreshToken } = await __classPrivateFieldGet(this, _SeedlessOnboardingController_renewRefreshToken, "f").call(this, {
|
|
781
780
|
connection: this.state.authConnection,
|
|
782
781
|
revokeToken,
|
|
@@ -887,6 +886,9 @@ class SeedlessOnboardingController extends base_controller_1.BaseController {
|
|
|
887
886
|
try {
|
|
888
887
|
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
889
888
|
const { accessToken } = this.state;
|
|
889
|
+
if (!accessToken) {
|
|
890
|
+
return true; // Consider missing token as expired
|
|
891
|
+
}
|
|
890
892
|
const decodedToken = (0, utils_3.decodeJWTToken)(accessToken);
|
|
891
893
|
return decodedToken.exp < Math.floor(Date.now() / 1000);
|
|
892
894
|
}
|
|
@@ -1024,7 +1026,7 @@ async function _SeedlessOnboardingController_loadSeedlessEncryptionKey(encKey) {
|
|
|
1024
1026
|
* @throws RecoveryError - If failed to recover the encryption key.
|
|
1025
1027
|
*/
|
|
1026
1028
|
async function _SeedlessOnboardingController_recoverEncKey(password) {
|
|
1027
|
-
(
|
|
1029
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1028
1030
|
const { nodeAuthTokens, authConnectionId, groupedAuthConnectionId, userId, } = this.state;
|
|
1029
1031
|
try {
|
|
1030
1032
|
const recoverEncKeyResult = await this.toprfClient.recoverEncKey({
|
|
@@ -1314,25 +1316,31 @@ async function _SeedlessOnboardingController_withPersistedSecretMetadataBackupsS
|
|
|
1314
1316
|
* @param params.rawToprfAuthKeyPair - The authentication key pair for Toprf operations.
|
|
1315
1317
|
*/
|
|
1316
1318
|
async function _SeedlessOnboardingController_createNewVaultWithAuthData({ password, rawToprfEncryptionKey, rawToprfPwEncryptionKey, rawToprfAuthKeyPair, }) {
|
|
1317
|
-
|
|
1318
|
-
|
|
1319
|
-
|
|
1320
|
-
|
|
1321
|
-
|
|
1322
|
-
|
|
1323
|
-
|
|
1324
|
-
|
|
1325
|
-
|
|
1326
|
-
|
|
1327
|
-
|
|
1328
|
-
|
|
1329
|
-
|
|
1330
|
-
|
|
1331
|
-
|
|
1332
|
-
|
|
1333
|
-
|
|
1334
|
-
|
|
1335
|
-
|
|
1319
|
+
try {
|
|
1320
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_assertIsAuthenticatedUser).call(this, this.state);
|
|
1321
|
+
const { accessToken, revokeToken } = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_getAccessTokenAndRevokeToken).call(this, password);
|
|
1322
|
+
const vaultData = {
|
|
1323
|
+
toprfAuthKeyPair: rawToprfAuthKeyPair,
|
|
1324
|
+
toprfEncryptionKey: rawToprfEncryptionKey,
|
|
1325
|
+
toprfPwEncryptionKey: rawToprfPwEncryptionKey,
|
|
1326
|
+
revokeToken,
|
|
1327
|
+
accessToken,
|
|
1328
|
+
};
|
|
1329
|
+
await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_updateVault).call(this, {
|
|
1330
|
+
password,
|
|
1331
|
+
vaultData,
|
|
1332
|
+
pwEncKey: rawToprfPwEncryptionKey,
|
|
1333
|
+
});
|
|
1334
|
+
// update the authPubKey in the state
|
|
1335
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_persistAuthPubKey).call(this, {
|
|
1336
|
+
authPubKey: rawToprfAuthKeyPair.pk,
|
|
1337
|
+
});
|
|
1338
|
+
__classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_setUnlocked).call(this);
|
|
1339
|
+
}
|
|
1340
|
+
catch (error) {
|
|
1341
|
+
log('Error creating new vault with auth data', error, JSON.stringify(this.state));
|
|
1342
|
+
throw error;
|
|
1343
|
+
}
|
|
1336
1344
|
}, _SeedlessOnboardingController_updateVault =
|
|
1337
1345
|
/**
|
|
1338
1346
|
* Encrypt and update the vault with the given authentication data.
|
|
@@ -1363,6 +1371,31 @@ async function _SeedlessOnboardingController_updateVault({ password, vaultData,
|
|
|
1363
1371
|
state.encryptedSeedlessEncryptionKey = (0, utils_1.bytesToBase64)(encryptedKey);
|
|
1364
1372
|
});
|
|
1365
1373
|
});
|
|
1374
|
+
}, _SeedlessOnboardingController_getAccessTokenAndRevokeToken =
|
|
1375
|
+
/**
|
|
1376
|
+
* Get the access token and revoke token from the state or the vault.
|
|
1377
|
+
*
|
|
1378
|
+
* @param password - The password to decrypt the vault.
|
|
1379
|
+
* @returns The access token and revoke token.
|
|
1380
|
+
*/
|
|
1381
|
+
async function _SeedlessOnboardingController_getAccessTokenAndRevokeToken(password) {
|
|
1382
|
+
let { accessToken, revokeToken } = this.state;
|
|
1383
|
+
if (accessToken && revokeToken) {
|
|
1384
|
+
return { accessToken, revokeToken };
|
|
1385
|
+
}
|
|
1386
|
+
if (this.state.vault) {
|
|
1387
|
+
// if the access token or revoke token is not available in the state, decrypt the vault and get the access token and revoke token from the vault
|
|
1388
|
+
const { vaultData } = await __classPrivateFieldGet(this, _SeedlessOnboardingController_instances, "m", _SeedlessOnboardingController_decryptAndParseVaultData).call(this, { password });
|
|
1389
|
+
accessToken = accessToken || vaultData.accessToken;
|
|
1390
|
+
revokeToken = revokeToken || vaultData.revokeToken;
|
|
1391
|
+
}
|
|
1392
|
+
if (!accessToken) {
|
|
1393
|
+
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidAccessToken);
|
|
1394
|
+
}
|
|
1395
|
+
if (!revokeToken) {
|
|
1396
|
+
throw new Error(constants_1.SeedlessOnboardingControllerErrorMessage.InvalidRevokeToken);
|
|
1397
|
+
}
|
|
1398
|
+
return { accessToken, revokeToken };
|
|
1366
1399
|
}, _SeedlessOnboardingController_withControllerLock =
|
|
1367
1400
|
/**
|
|
1368
1401
|
* Lock the controller mutex before executing the given function,
|