fix: social login invalid access token

app/scripts/constants/sentry-state.ts

@@ -92,6 +92,7 @@ export const SENTRY_BACKGROUND_STATE = {
     lastUpdatedAt: true,
     shieldEndingToastLastClickedOrClosed: true,
     shieldPausedToastLastClickedOrClosed: true,
+    isWalletResetInProgress: false,
   },
   MultichainBalancesController: {
     balances: false,

app/scripts/controllers/app-state-controller.test.ts

@@ -773,6 +773,7 @@ describe('AppStateController', () => {
               "hasShownMultichainAccountsIntroModal": false,
               "isRampCardClosed": false,
               "isUpdateAvailable": false,
+              "isWalletResetInProgress": false,
               "lastInteractedConfirmationInfo": {
                 "chainId": "0x1",
                 "id": "123",
@@ -860,6 +861,7 @@ describe('AppStateController', () => {
               "hasShownMultichainAccountsIntroModal": false,
               "isRampCardClosed": false,
               "isUpdateAvailable": false,
+              "isWalletResetInProgress": false,
               "lastInteractedConfirmationInfo": {
                 "chainId": "0x1",
                 "id": "123",
@@ -939,6 +941,7 @@ describe('AppStateController', () => {
               "hadAdvancedGasFeesSetPriorToMigration92_3": false,
               "hasShownMultichainAccountsIntroModal": false,
               "isRampCardClosed": false,
+              "isWalletResetInProgress": false,
               "lastInteractedConfirmationInfo": {
                 "chainId": "0x1",
                 "id": "123",
@@ -1020,6 +1023,7 @@ describe('AppStateController', () => {
               "hasShownMultichainAccountsIntroModal": false,
               "isRampCardClosed": false,
               "isUpdateAvailable": false,
+              "isWalletResetInProgress": false,
               "lastInteractedConfirmationInfo": {
                 "chainId": "0x1",
                 "id": "123",

app/scripts/controllers/app-state-controller.ts

@@ -122,6 +122,11 @@ export type AppStateControllerState = {
   updateModalLastDismissedAt: number | null;
   hasShownMultichainAccountsIntroModal: boolean;
   showShieldEntryModalOnce: boolean | null;
+
+  /**
+   * Whether the wallet reset is in progress.
+   */
+  isWalletResetInProgress: boolean;
 };
 
 const controllerName = 'AppStateController';
@@ -268,6 +273,8 @@ const getDefaultAppStateControllerState = (): AppStateControllerState => ({
   updateModalLastDismissedAt: null,
   hasShownMultichainAccountsIntroModal: false,
   showShieldEntryModalOnce: null,
+  isWalletResetInProgress: false,
+
   ...getInitialStateOverrides(),
 });
 
@@ -599,6 +606,12 @@ const controllerMetadata: StateMetadata<AppStateControllerState> = {
     includeInDebugSnapshot: true,
     usedInUi: true,
   },
+  isWalletResetInProgress: {
+    persist: true,
+    includeInDebugSnapshot: true,
+    usedInUi: true,
+    includeInStateLogs: true,
+  },
 };
 
 export class AppStateController extends BaseController<
@@ -1502,4 +1515,14 @@ export class AppStateController extends BaseController<
       state.canTrackWalletFundsObtained = enabled;
     });
   }
+
+  setIsWalletResetInProgress(isResetting: boolean): void {
+    this.update((state) => {
+      state.isWalletResetInProgress = isResetting;
+    });
+  }
+
+  getIsWalletResetInProgress(): boolean {
+    return this.state.isWalletResetInProgress;
+  }
 }

app/scripts/controllers/onboarding.ts

@@ -235,4 +235,16 @@ export default class OnboardingController extends BaseController<
       firstTimeFlowType === FirstTimeFlowType.socialImport
     );
   }
+
+  /**
+   * Reset the onboarding controller state.
+   */
+  resetOnboarding(): void {
+    this.update((state) => {
+      state.completedOnboarding = false;
+      state.firstTimeFlowType = null;
+      state.seedPhraseBackedUp = null;
+      state.onboardingTabs = {};
+    });
+  }
 }

app/scripts/metamask-controller.actions.test.js

@@ -835,10 +835,8 @@ describe('MetaMaskController', function () {
         // We now need the Snap keyring after unlocking the wallet.
         jest.spyOn(metamaskController, 'getSnapKeyring').mockReturnValue({});
 
-        const syncAndUnlockResult =
-          await metamaskController.syncPasswordAndUnlockWallet(password);
+        await metamaskController.syncPasswordAndUnlockWallet(password);
 
-        expect(syncAndUnlockResult).toBe(true);
         expect(keyringSubmitPwdSpy).toHaveBeenCalled();
         expect(seedlessSubmitPwdSpy).toHaveBeenCalled();
       });

app/scripts/metamask-controller.js

@@ -2784,6 +2784,10 @@ export default class MetamaskController extends EventEmitter {
         this.restoreSocialBackupAndGetSeedPhrase.bind(this),
       syncSeedPhrases: this.syncSeedPhrases.bind(this),
       changePassword: this.changePassword.bind(this),
+      getIsSeedlessOnboardingUserAuthenticated:
+        this.seedlessOnboardingController.getIsUserAuthenticated.bind(
+          this.seedlessOnboardingController,
+        ),
 
       // GatorPermissionsController
       fetchAndUpdateGatorPermissions:
@@ -3377,6 +3381,7 @@ export default class MetamaskController extends EventEmitter {
           ),
         }),
       lookupSelectedNetworks: this.lookupSelectedNetworks.bind(this),
+      resetWallet: this.resetWallet.bind(this),
     };
   }
 
@@ -3394,6 +3399,16 @@ export default class MetamaskController extends EventEmitter {
     });
   }
 
+  async resetWallet() {
+    // clear SeedlessOnboardingController state
+    this.seedlessOnboardingController.clearState();
+
+    // reset onboarding state
+    this.onboardingController.resetOnboarding();
+
+    this.appStateController.setIsWalletResetInProgress(true);
+  }
+
   async exportAccount(address, password) {
     await this.verifyPassword(password);
     return this.keyringController.exportAccount(password, address);
@@ -3768,7 +3783,6 @@ export default class MetamaskController extends EventEmitter {
    * and user has changed password more than 20 times since the last time they used the app on this device.
    */
   async syncPasswordAndUnlockWallet(password) {
-    let isPasswordSynced = false;
     const isSocialLoginFlow = this.onboardingController.getIsSocialLoginFlow();
     // check if the password is outdated
     let isPasswordOutdated = false;
@@ -3804,8 +3818,7 @@ export default class MetamaskController extends EventEmitter {
               });
           });
       }
-      isPasswordSynced = true;
-      return isPasswordSynced;
+      return;
     }
     const releaseLock = await this.seedlessOperationMutex.acquire();
 
@@ -3830,14 +3843,8 @@ export default class MetamaskController extends EventEmitter {
           globalPassword: password,
           maxKeyChainLength: 20,
         })
-        .then(() => {
-          // Case 1.
-          isPasswordSynced = true;
-        })
         .catch((err) => {
-          log.error(
-            `error while submitting global password: ${err.message} , isKeyringPasswordValid: ${isKeyringPasswordValid}`,
-          );
+          log.error(`error while submitting global password: ${err.message}`);
           if (err instanceof RecoveryError) {
             // Keyring controller password verification succeeds and seedless controller failed.
             if (
@@ -3850,28 +3857,11 @@ export default class MetamaskController extends EventEmitter {
               );
             }
             throw new JsonRpcError(-32603, err.message, err.data);
-          } else if (
-            err.message ===
-            SeedlessOnboardingControllerErrorMessage.MaxKeyChainLengthExceeded
-          ) {
-            isPasswordSynced = false;
           } else {
             throw err;
           }
         });
 
-      // we are unable to recover the old pwd enc key as user is on a very old device.
-      // create a new vault and encrypt the new vault with the latest global password.
-      // also show a info popup to user.
-      if (!isPasswordSynced) {
-        // refresh the current auth tokens to get the latest auth tokens
-        await this.seedlessOnboardingController.refreshAuthTokens();
-        // create a new vault and encrypt the new vault with the latest global password
-        await this.restoreSocialBackupAndGetSeedPhrase(password);
-        // display info popup to user based on the password sync status
-        return isPasswordSynced;
-      }
-
       // re-encrypt the old vault data with the latest global password
       const keyringEncryptionKey =
         await this.seedlessOnboardingController.loadKeyringEncryptionKey();
@@ -3937,7 +3927,6 @@ export default class MetamaskController extends EventEmitter {
           data: { success: changePasswordSuccess },
         });
       }
-      return isPasswordSynced;
     } finally {
       releaseLock();
     }
@@ -4169,16 +4158,42 @@ export default class MetamaskController extends EventEmitter {
    */
   async createNewVaultAndKeychain(password) {
     const releaseLock = await this.createVaultMutex.acquire();
+    const isWalletResetInProgress =
+      this.appStateController.getIsWalletResetInProgress();
     try {
+      if (isWalletResetInProgress) {
+        // clear permissions
+        this.permissionController.clearState();
+
+        // Clear snap state
+        await this.snapController.clearState();
+
+        // Clear account tree state
+        this.accountTreeController.clearState();
+
+        // Currently, the account-order-controller is not in sync with
+        // the accounts-controller. To properly persist the hidden state
+        // of accounts, we should add a new flag to the account struct
+        // to indicate if it is hidden or not.
+        // TODO: Update @metamask/accounts-controller to support this.
+        this.accountOrderController.updateHiddenAccountsList([]);
+
+        this.txController.clearUnapprovedTransactions();
+      }
+
       await this.keyringController.createNewVaultAndKeychain(password);
+
+      // set is resetting wallet in progress to false, after new vault and keychain are created
+      this.appStateController.setIsWalletResetInProgress(false);
+
       const primaryKeyring = this.keyringController.state.keyrings[0];
 
       // Once we have our first HD keyring available, we re-create the internal list of
       // accounts (they should be up-to-date already, but we still run `updateAccounts` as
       // there are some account migration happening in that function).
       await this.accountsController.updateAccounts();
       // Then we can build the initial tree.
-      this.accountTreeController.init();
+      this.accountTreeController.reinit();
       // TODO: Move this logic to the SnapKeyring directly.
       // Forward selected accounts to the Snap keyring, so each Snaps can fetch those accounts.
       await this.forwardSelectedAccountGroupToSnapKeyring(
@@ -4562,6 +4577,9 @@ export default class MetamaskController extends EventEmitter {
         seedPhraseAsUint8Array,
       );
 
+      // set is resetting wallet in progress to false, after new vault and keychain are created
+      this.appStateController.setIsWalletResetInProgress(false);
+
       // We re-created the vault, meaning we only have 1 new HD keyring
       // now. We re-create the internal list of accounts (which is
       // not an expensive operation, since we should only have 1 HD

lavamoat/browserify/beta/policy.json

@@ -870,6 +870,20 @@
         "eslint>json-stable-stringify-without-jsonify": true
       }
     },
+    "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@metamask/auth-network-utils": {
+      "globals": {
+        "clearTimeout": true,
+        "setTimeout": true
+      },
+      "packages": {
+        "@noble/curves": true,
+        "@noble/hashes": true,
+        "bn.js": true,
+        "browserify>buffer": true,
+        "@toruslabs/eccrypto>elliptic": true,
+        "eslint>json-stable-stringify-without-jsonify": true
+      }
+    },
     "@metamask/base-controller": {
       "globals": {
         "console.error": true
@@ -1992,11 +2006,11 @@
         "fetch": true
       },
       "packages": {
-        "@metamask/seedless-onboarding-controller>@metamask/auth-network-utils": true,
+        "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@metamask/auth-network-utils": true,
         "@noble/ciphers": true,
         "@noble/curves": true,
         "@noble/hashes": true,
-        "@toruslabs/eccrypto": true,
+        "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/eccrypto": true,
         "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/fetch-node-details": true,
         "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/http-helpers": true,
         "bn.js": true,
@@ -2524,7 +2538,7 @@
         "browserify>browser-resolve": true
       }
     },
-    "@toruslabs/eccrypto": {
+    "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/eccrypto": {
       "globals": {
         "crypto": true,
         "msCrypto": true

lavamoat/browserify/experimental/policy.json

@@ -870,6 +870,20 @@
         "eslint>json-stable-stringify-without-jsonify": true
       }
     },
+    "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@metamask/auth-network-utils": {
+      "globals": {
+        "clearTimeout": true,
+        "setTimeout": true
+      },
+      "packages": {
+        "@noble/curves": true,
+        "@noble/hashes": true,
+        "bn.js": true,
+        "browserify>buffer": true,
+        "@toruslabs/eccrypto>elliptic": true,
+        "eslint>json-stable-stringify-without-jsonify": true
+      }
+    },
     "@metamask/base-controller": {
       "globals": {
         "console.error": true
@@ -1992,11 +2006,11 @@
         "fetch": true
       },
       "packages": {
-        "@metamask/seedless-onboarding-controller>@metamask/auth-network-utils": true,
+        "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@metamask/auth-network-utils": true,
         "@noble/ciphers": true,
         "@noble/curves": true,
         "@noble/hashes": true,
-        "@toruslabs/eccrypto": true,
+        "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/eccrypto": true,
         "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/fetch-node-details": true,
         "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/http-helpers": true,
         "bn.js": true,
@@ -2524,7 +2538,7 @@
         "browserify>browser-resolve": true
       }
     },
-    "@toruslabs/eccrypto": {
+    "@metamask/seedless-onboarding-controller>@metamask/toprf-secure-backup>@toruslabs/eccrypto": {
       "globals": {
         "crypto": true,
         "msCrypto": true