-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: vault recovery & invalid password error #6957
Conversation
set EngineService engineInitialized instance to false to ensure we dispatch INIT_BG_STATE_KEY. This will save KeyringController state object to be saved into redux store state
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
10f1877
to
a68818a
Compare
a68818a
to
51148ea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please ask for another approval but for what I read it looks good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you provide info for expected behavior on both scenario 1 and 2 + provide videos demonstrating the fix?
@jpcloureiro Are the 2 cases listed steps to reproduce or steps to verify the fix? In both scenarios, it states to install the APK/Testflight build but doesn't have the build numbers associated with them |
I've updated this PR description with videos and brief explanation on how to replicate the problems and fixes running local development builds. Steps to reproduce will have build numbers to help QA verify the acceptance criteria |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the videos. LGTM!
Kudos, SonarCloud Quality Gate passed! 0 Bugs 30.0% Coverage The version of Java (11.0.20) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. |
Manual test findings: 1. Upgrade after vault corruption during wallet creation
Result: ✅ Success 2. Upgrade after vault corruption during wallet import
Result: ✅ Success 3. Trigger vault corruption on 7.4.1 Android 9
Result: ✅ Success (can't trigger) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parameters for testing:
- Imported Wallet Biometrics enabled
- New Wallet Biometrics enabled
- Imported Wallet Biometrics disabled.
- New Wallet Biometrics disabled.
Devices used:
iOS: iPhone Xr, 11, iPhone SE
Android: Pixel 3XL, Xiaomi Redmi Note 10, Samsung S8
Scenarios I covered:
Biometrics enabled (FaceID and FingerPrint):
-
Updating from v6.6 (1113) to v7.1 (1125) to trigger the bug in the vault corruption flow then updating to the build with the fix [v7.4.1 (1161)]
-
Updating from all versions of the app since the vault corruption bug was introduced v7.1 - v7.4 to the build with the fix [v7.4.1 (1161)]
-
Updating from v6.6 (1113) to v7.1 (1125) to trigger the bug in the vault corruption flow then updating to the build with the fix [v7.4.1 (1161)] I ensured that I can successfully enter my password. I went ahead and changed my password, killed and relaunch the app then authenticate with password instead of biometrics.
-
Import wallet on v6.6 (1113) then changed password. Updated to v7.1 (1125) to trigger the bug in the vault corruption flow then updated to the build with the fix [v7.4.1 (1161)].
I can confirm the invalid password error does not appear. I am able to successfully recover my wallet.
No biometrics enabled (NO FaceID and FingerPrint):
-
Updating from v6.6 (1113) to v7.1 (1125) to trigger the bug in the vault corruption flow then updating to the build with the fix [v7.4.1 (1161)]
-
Updating from all versions of the app since the vault corruption bug was introduced v7.1 - v7.4 to the build with the fix [v7.4.1 (1161)]
-
Updating from v6.6 (1113) to v7.1 (1125) to trigger the bug in the vault corruption flow then updating to the build with the fix [v7.4.1 (1161)] I ensured that I can successfully enter my password. I went ahead and changed my password, killed and relaunch the app then authenticate with password instead of biometrics.
-
Import wallet on v6.6 (1113) then changed password. Updated to v7.1 (1125) to trigger the bug in the vault corruption flow then updated to the build with the fix [v7.4.1 (1161)].
I can confirm the invalid password error does not appear. I am able to successfully recover my wallet.
This PR is ✅
Development & PR Process
release-xx
label to identify the PR slated for a upcoming release (will be used in release discussion)needs-dev-review
label when work is completedneeds-qa
: PR requires manual QA.No QA/E2E only
: PR does not require any manual QA effort. Prior to merging, ensure that you have successful end-to-end test runs in Bitrise.Spot check on release build
: PR does not require feature QA but needs non-automated verification. In the description section, provide test scenarios. Add screenshots, and or recordings of what was tested.QA Passed
label when QA has signed off (Only required if the PR was labeled withneeds-qa
)team-
(orexternal-contributor
label if your not a MetaMask employee)Description
Setting
state.user.passwordSet
on userAuth & appAuth prevents "Protect Your Wallet" modal from redirecting the user to "Create Password" flow when there's already a password set.Resetting
this.engineInitialized
ensures that the action 'INIT_BG_STATE' gets dispatched after vault recovery. This will placevault
value in the KeyringController redux store state.This PR aims to fix the following cases
[Case 1]
Vault Recovery forces user to go through the flow of creating a new password. When trying to set the new password the error "Invalid Password" appears
Steps to Reproduce:
Install Apk build 1127 v7.1.0
Create new account
Navigate to main wallet view and kill app
Install Apk build
Go through the vault recovery and navigate to main wallet view
"Protect your wallet" modal pops up. Click "Protect wallet" button
Type password & confirm password
Error "Invalid password" appears
[Case 2]
Vault corruption flow is stuck in a loop. When the user kills and relaunches the app, user is taken through the vault recovery flow again repeatedly.
Steps to reproduce:
Install v7.1.0 (1127) on IOS device using TestFlight
Create wallet and navigate to main wallet view
Kill app, and update to using TestFlight
Relaunch app, input password on login page
Go through the vault recovery and navigate to main wallet view
Kill app, then relaunch app
Resources
https://recordit.co/4heyZtR52I
Demo on iOS simulator running
main
branch.First run shows app running without issues.
Simulate an app upgrade with a bad redux store state migration by adding a new migration without returning the state
See vault recovery screens & "Protect your wallet" modal after recovery.
Click "Protect wallet" takes the user to create a password. This is where we see the "Invalid password" error. [Case 1]
Relaunching the app will bring back the vault recovery. It will happen on every relaunch [Case 2]
https://recordit.co/0GcKBCXHmR
Demo on iOS simulator running
fix-invalid-password-error
branch.Show fix for [Case 1] isolated from [Case 2] by checking previous commit.
See that "Protect your wallet" does not appear after vault recovery.
Show fix for [Case 2] by checking out latest commit of PR branch.
See that after a vault recovery we can relaunch the app without triggering vault recovery again.
Issue
Progresses https://github.com/MetaMask/mobile-planning/issues/1160
Related to #6584
Checklist