fix: transaction fails when signed from auto-restored derived account after seed phrase recovery with biometric authentication enabled (#22040)

briansztamfater · web-flow · commit 447945f46ec7 · 2025-02-14T11:16:50.000-03:00
Signed-off-by: Brian Sztamfater &lt;brian@status.im&gt;
diff --git a/src/status_im/common/standard_authentication/events.cljs b/src/status_im/common/standard_authentication/events.cljs
@@ -10,16 +10,35 @@
     [utils.re-frame :as rf]
     [utils.security.core :as security]))
 
+(defn- partially-operable-accounts?
+  [accounts]
+  (->> accounts
+       vals
+       (some #(= :partially (:operable %)))
+       boolean))
+
+(rf/reg-event-fx :standard-auth/migrate-partially-operable-accounts
+ (fn [{:keys [db]} [{:keys [masked-password on-success]}]]
+   (let [on-auth-success-callback         #(on-success masked-password)
+         has-partially-operable-accounts? (-> (get-in db [:wallet :accounts])
+                                              partially-operable-accounts?)]
+     {:fx [(if has-partially-operable-accounts?
+             [:dispatch
+              [:wallet/make-partially-operable-accounts-fully-operable
+               {:password   masked-password
+                :on-success on-auth-success-callback
+                :on-error   on-auth-success-callback}]]
+             [:effects.standard-auth/on-auth-success on-auth-success-callback])]})))
+
 (defn- handle-password-success
-  [has-partially-operable-accounts? on-auth-success masked-password]
+  [{:keys [migrate-partially-operable-accounts? on-auth-success masked-password]}]
   (let [on-auth-success-callback #(on-auth-success masked-password)]
     (rf/dispatch [:standard-auth/set-success true])
     (rf/dispatch [:standard-auth/reset-login-password])
-    (if has-partially-operable-accounts?
-      (rf/dispatch [:wallet/make-partially-operable-accounts-fully-operable
-                    {:password   masked-password
-                     :on-success on-auth-success-callback
-                     :on-error   on-auth-success-callback}])
+    (if migrate-partially-operable-accounts?
+      (rf/dispatch [:standard-auth/migrate-partially-operable-accounts
+                    {:masked-password masked-password
+                     :on-success      on-auth-success}])
       (on-auth-success-callback))))
 
 (defn authorize
@@ -42,9 +61,10 @@
                     {:pin        pin
                      :on-success (fn [{:keys [encryption-public-key]}]
                                    (rf/dispatch [:keycard/disconnect])
-                                   (handle-password-success false
-                                                            on-auth-success
-                                                            (security/mask-data encryption-public-key)))
+                                   (handle-password-success {:migrate-partially-operable-accounts? false
+                                                             :on-auth-success on-auth-success
+                                                             :masked-password (security/mask-data
+                                                                               encryption-public-key)}))
                      :on-failure #(rf/dispatch [:keycard/on-action-with-pin-error
                                                 %])}]))}]))}]]
         [:effects.biometric/check-if-available
@@ -85,7 +105,12 @@
         keycard? (get-in db [:profile/profile :keycard-pairing])]
     {:fx [(if keycard?
             [:keychain/get-keycard-keys [key-uid on-auth-success]]
-            [:keychain/get-user-password [key-uid on-auth-success]])
+            [:keychain/get-user-password
+             [key-uid
+              (fn [masked-password]
+                (rf/dispatch [:standard-auth/migrate-partially-operable-accounts
+                              {:masked-password masked-password
+                               :on-success      on-auth-success}]))]])
           [:dispatch [:standard-auth/set-success true]]
           [:dispatch [:standard-auth/reset-login-password]]]}))
 
@@ -108,15 +133,14 @@
 (defn- bottom-sheet-password-view
   [{:keys [on-press-biometric on-auth-success auth-button-icon-left auth-button-label]}]
   (fn []
-    (let [has-partially-operable-accounts? (rf/sub [:wallet/has-partially-operable-accounts?])]
-      [enter-password/view
-       {:on-enter-password   #(handle-password-success
-                               has-partially-operable-accounts?
-                               on-auth-success
-                               (security/hash-masked-password %))
-        :on-press-biometrics on-press-biometric
-        :button-icon-left    auth-button-icon-left
-        :button-label        auth-button-label}])))
+    [enter-password/view
+     {:on-enter-password   #(handle-password-success {:migrate-partially-operable-accounts? true
+                                                      :on-auth-success on-auth-success
+                                                      :masked-password (security/hash-masked-password
+                                                                        %)})
+      :on-press-biometrics on-press-biometric
+      :button-icon-left    auth-button-icon-left
+      :button-label        auth-button-label}]))
 
 (defn authorize-with-keycard
   [_ [{:keys [on-complete]}]]
@@ -155,6 +179,12 @@
    (when on-close
      (on-close success?))))
 
+(rf/reg-fx
+ :effects.standard-auth/on-auth-success
+ (fn [on-auth-success]
+   (when on-auth-success
+     (on-auth-success))))
+
 (rf/reg-event-fx
  :standard-auth/close
  (fn [{:keys [db]} [on-close]]
diff --git a/src/status_im/subs/wallet/wallet.cljs b/src/status_im/subs/wallet/wallet.cljs
@@ -861,14 +861,6 @@
                                 fee-in-fiat)]
        fee-formatted))))
 
-(rf/reg-sub
- :wallet/has-partially-operable-accounts?
- :<- [:wallet/accounts]
- (fn [accounts]
-   (->> accounts
-        (some #(= :partially (:operable %)))
-        boolean)))
-
 (rf/reg-sub
  :wallet/accounts-names
  :<- [:wallet/accounts]
diff --git a/src/status_im/subs/wallet/wallet_test.cljs b/src/status_im/subs/wallet/wallet_test.cljs
@@ -942,20 +942,6 @@
           result                (rf/sub [sub-name token-symbol-for-fees])]
       (is (match? result "$0.20")))))
 
-(h/deftest-sub :wallet/has-partially-operable-accounts?
-  [sub-name]
-  (testing "returns false if there are no partially operable accounts"
-    (swap! rf-db/app-db
-      #(assoc-in % [:wallet :accounts] accounts))
-    (is (false? (rf/sub [sub-name]))))
-
-  (testing "returns true if there are partially operable accounts"
-    (swap! rf-db/app-db
-      #(assoc-in %
-        [:wallet :accounts]
-        (update accounts "0x2" assoc :operable :partially)))
-    (is (true? (rf/sub [sub-name])))))
-
 (h/deftest-sub :wallet/zero-balance-in-all-non-watched-accounts?
   [sub-name]
   (testing "returns true if the balance is zero in all non-watched accounts"
diff --git a/src/tests/integration_test/standard_auth_test.cljs b/src/tests/integration_test/standard_auth_test.cljs
@@ -17,6 +17,8 @@
 
 (defn auth-success-fixtures
   []
+  (rf/reg-fx :effects.standard-auth/on-auth-success
+   (fn [on-auth-success] (on-auth-success)))
   (rf/reg-fx :effects.biometric/check-if-available
    (fn [{:keys [on-success]}] (on-success)))
   (rf/reg-event-fx :biometric/authenticate
@@ -32,7 +34,7 @@
      (let [on-success-called? (atom false)
            args               (assoc default-args :on-auth-success #(reset! on-success-called? true))]
        (rf/dispatch [:standard-auth/authorize args])
-       (rf-test/wait-for [:standard-auth/on-biometric-success]
+       (rf-test/wait-for [:standard-auth/migrate-partially-operable-accounts]
          (is @on-success-called?))))))
 
 (defn auth-cancel-fixtures
