Skip to content

chore: bump @metamask/{keyring,seedless-onboarding}-controller #37454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mikesposito merged 36 commits into from
Dec 3, 2025
+35 −190
Merged

chore: bump @metamask/{keyring,seedless-onboarding}-controller #37454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
bcde1bc
use preview builds
mikesposito Nov 3, 2025
5d92049
Update LavaMoat policies
metamaskbot Nov 3, 2025
9f6a6e2
adjust `encryptorFactory` with new methods
mikesposito Nov 4, 2025
e776872
Update LavaMoat policies
metamaskbot Nov 4, 2025
e0e1322
bump `@metamask/browser-passworder` to `^6.0.0`
mikesposito Nov 4, 2025
825bbeb
remove unnecessary type parameters for controllers
mikesposito Nov 4, 2025
0a057de
Update LavaMoat policies
metamaskbot Nov 4, 2025
cb9797d
fix `keyring-controller-init.test.ts`
mikesposito Nov 5, 2025
a771b4a
remove unnecessary return type from encryptor factory
mikesposito Nov 5, 2025
92b160e
add missing method to mock encryptor
mikesposito Nov 5, 2025
b8619f1
update previews
mikesposito Nov 5, 2025
5332054
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 5, 2025
797b3dd
fix `seedless-onboarding-controller-init.test.ts`
mikesposito Nov 5, 2025
64fcda1
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 5, 2025
98e2cd4
remove seedless-onboarding-controller preview
mikesposito Nov 5, 2025
b59ee0c
fix: do not override `keyFromPassword` derivation options
mikesposito Nov 5, 2025
2fde464
Update LavaMoat policies
metamaskbot Nov 5, 2025
1156d72
revert `encryptor-factory` change and update preview
mikesposito Nov 6, 2025
412018d
update preview build
mikesposito Nov 6, 2025
65e0b1b
fix lint
mikesposito Nov 6, 2025
9e613d1
refactor `seedless-onboarding-controller-init` encryptor argument
mikesposito Nov 6, 2025
b41b54d
update preview build
mikesposito Nov 6, 2025
e83c5e0
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 12, 2025
3b0aa88
update package preview
mikesposito Nov 12, 2025
3844326
Update LavaMoat policies
metamaskbot Nov 12, 2025
c82ff56
update preview build
mikesposito Nov 13, 2025
1e40bf2
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 13, 2025
769f080
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 25, 2025
cf77d74
remove preview-builds
mikesposito Nov 25, 2025
c5b8aee
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Nov 28, 2025
acb5bf2
Update LavaMoat policies
metamaskbot Nov 28, 2025
7bb7688
fix lint
mikesposito Dec 2, 2025
2b7e539
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Dec 2, 2025
9126053
Update LavaMoat policies
metamaskbot Dec 2, 2025
14cfe12
Merge branch 'main' into mikesposito/update-keyring-controller
mikesposito Dec 3, 2025
3733c29
update node-forge to fix audit
mikesposito Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion app/scripts/controller-init/keyring-controller-init.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ describe('KeyringControllerInit', () => {
expect(controllerMock).toHaveBeenCalledWith({
messenger: expect.any(Object),
state: undefined,
cacheEncryptionKey: true,
encryptor: expect.any(Object),
keyringBuilders: expect.any(Array),
});
Expand Down
2 changes: 0 additions & 2 deletions app/scripts/controller-init/keyring-controller-init.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,9 @@ export const KeyringControllerInit: ControllerInitFunction<
additionalKeyrings.push(snapKeyringBuilder);
///: END:ONLY_INCLUDE_IF

// @ts-expect-error: The types for the encryptor are not correct.
const controller = new KeyringController({
state: persistedState.KeyringController,
messenger: controllerMessenger,
cacheEncryptionKey: true,
keyringBuilders: additionalKeyrings,
encryptor: encryptor || encryptorFactory(600_000),
});
Expand Down
5 changes: 5 additions & 0 deletions app/scripts/controller-init/seedless-onboarding/seedless-onboarding-controller-init.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,12 @@ describe('SeedlessOnboardingControllerInit', () => {
decryptWithKey: expect.any(Function),
encrypt: expect.any(Function),
encryptWithDetail: expect.any(Function),
encryptWithKey: expect.any(Function),
isVaultUpdated: expect.any(Function),
importKey: expect.any(Function),
exportKey: expect.any(Function),
generateSalt: expect.any(Function),
keyFromPassword: expect.any(Function),
},
passwordOutdatedCacheTTL: expect.any(Number),
refreshJWTToken: expect.any(Function),
Expand Down
25 changes: 5 additions & 20 deletions app/scripts/controller-init/seedless-onboarding/seedless-onboarding-controller-init.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import {
SeedlessOnboardingControllerMessenger,
Web3AuthNetwork,
} from '@metamask/seedless-onboarding-controller';
import { EncryptionKey, EncryptionResult } from '@metamask/browser-passworder';
import { EncryptionKey } from '@metamask/browser-passworder';
import { ControllerInitFunction } from '../types';
import { encryptorFactory } from '../../lib/encryptor-factory';
import { isDevOrTestBuild } from '../../services/oauth/config';
Expand All @@ -24,7 +24,9 @@ export const SeedlessOnboardingControllerInit: ControllerInitFunction<

const network = loadWeb3AuthNetwork();

const controller = new SeedlessOnboardingController({
const controller = new SeedlessOnboardingController<
CryptoKey | EncryptionKey
>({
messenger: controllerMessenger,
state: persistedState.SeedlessOnboardingController,
network,
Expand All @@ -41,24 +43,7 @@ export const SeedlessOnboardingControllerInit: ControllerInitFunction<
renewRefreshToken: (...args) =>
initMessenger.call('OAuthService:renewRefreshToken', ...args),

encryptor: {
decrypt: (key, encryptedData) => encryptor.decrypt(key, encryptedData),
decryptWithDetail: (key, encryptedData) =>
encryptor.decryptWithDetail(key, encryptedData),
decryptWithKey(key, encryptedData) {
let payload: EncryptionResult;
if (typeof encryptedData === 'string') {
payload = JSON.parse(encryptedData);
} else {
payload = encryptedData;
}

return encryptor.decryptWithKey(key as EncryptionKey, payload);
Comment on lines -49 to -56
Copy link
Member

@FrederikBolding FrederikBolding Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this compatible with the encryptor passed now?

Copy link
Member Author

@mikesposito mikesposito Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There has been this broken type in KeyringController for a while now, but it was aligned with the real type coming from browser-passworder here: https://github.com/MetaMask/core/pull/7127/files#diff-cacd62f731d7f6947fe841f6ba3441c7a16f764b699801b0c212e0e6c15879bfR423 - encryptedData should never be a string when being decrypted with decryptWithKey

Copy link
Member

@FrederikBolding FrederikBolding Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just making sure that the SeedlessOnboardingController doesn't expect to be able to pass a string? But I guess not since the types are valid

Copy link
Member Author

@mikesposito mikesposito Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, SeedlessOnboardingController always parses the vault before passing it to decryptWithKey: https://github.com/MetaMask/core/blob/8f42d26998ec95ccbcc3dba16d6aff0490cec052/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts#L1403-L1403

},
encrypt: (key, data) => encryptor.encrypt(key, data),
encryptWithDetail: (key, data) => encryptor.encryptWithDetail(key, data),
importKey: (key) => encryptor.importKey(key),
},
encryptor,
});

return {
Expand Down
4 changes: 2 additions & 2 deletions app/scripts/controller-init/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import { Duplex } from 'readable-stream';
import { SubjectType } from '@metamask/permission-controller';
import { PreinstalledSnap } from '@metamask/snaps-controllers';
import { Browser } from 'webextension-polyfill';
import { ExportableKeyEncryptor } from '@metamask/keyring-controller';
import { Encryptor } from '@metamask/keyring-controller';
import { KeyringClass } from '@metamask/keyring-utils';
import { QrKeyringScannerBridge } from '@metamask/eth-qr-keyring';
import type { TransactionMetricsRequest } from '../../../shared/types';
Expand Down Expand Up @@ -83,7 +83,7 @@ export type ControllerInitRequest<
* An instance of an encryptor to use for encrypting and decrypting
* sensitive data.
*/
encryptor?: ExportableKeyEncryptor;
encryptor: Encryptor;

/**
* The extension browser API.
Expand Down
18 changes: 1 addition & 17 deletions lavamoat/browserify/beta/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -978,7 +978,7 @@
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"@metamask/utils": true,
"browserify>buffer": true
}
},
Expand Down Expand Up @@ -1496,7 +1496,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -2450,21 +2449,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"browserify>buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"packages": {
"@ngraveio/bc-ur>@keystonehq/alias-sampling": true,
Expand Down
18 changes: 1 addition & 17 deletions lavamoat/browserify/experimental/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -978,7 +978,7 @@
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"@metamask/utils": true,
"browserify>buffer": true
}
},
Expand Down Expand Up @@ -1496,7 +1496,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -2450,21 +2449,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"browserify>buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"packages": {
"@ngraveio/bc-ur>@keystonehq/alias-sampling": true,
Expand Down
18 changes: 1 addition & 17 deletions lavamoat/browserify/flask/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -978,7 +978,7 @@
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"@metamask/utils": true,
"browserify>buffer": true
}
},
Expand Down Expand Up @@ -1496,7 +1496,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -2450,21 +2449,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"browserify>buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"packages": {
"@ngraveio/bc-ur>@keystonehq/alias-sampling": true,
Expand Down
18 changes: 1 addition & 17 deletions lavamoat/browserify/main/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -978,7 +978,7 @@
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"@metamask/utils": true,
"browserify>buffer": true
}
},
Expand Down Expand Up @@ -1496,7 +1496,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -2450,21 +2449,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"browserify>buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"packages": {
"@ngraveio/bc-ur>@keystonehq/alias-sampling": true,
Expand Down
19 changes: 1 addition & 18 deletions lavamoat/webpack/mv2/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -982,7 +982,7 @@
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"@metamask/utils": true,
"buffer": true
}
},
Expand Down Expand Up @@ -1484,7 +1484,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -2307,22 +2306,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"Buffer": true,
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"globals": {
"Buffer.alloc": true,
Expand Down
34 changes: 0 additions & 34 deletions lavamoat/webpack/mv3/policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -576,23 +576,6 @@
"reselect": true
}
},
"@metamask/browser-passworder": {
"globals": {
"Buffer.from": true,
"CryptoKey": true,
"btoa": true,
"crypto.getRandomValues": true,
"crypto.subtle.decrypt": true,
"crypto.subtle.deriveKey": true,
"crypto.subtle.encrypt": true,
"crypto.subtle.exportKey": true,
"crypto.subtle.importKey": true
},
"packages": {
"@metamask/browser-passworder>@metamask/utils": true,
"buffer": true
}
},
"@metamask/chain-agnostic-permission": {
"packages": {
"@metamask/chain-agnostic-permission>@metamask/api-specs": true,
Expand Down Expand Up @@ -927,7 +910,6 @@
"packages": {
"@ethereumjs/tx>@ethereumjs/util": true,
"@metamask/base-controller": true,
"@metamask/browser-passworder": true,
"@metamask/keyring-controller>@metamask/eth-hd-keyring": true,
"@metamask/eth-sig-util": true,
"@metamask/keyring-controller>@metamask/eth-simple-keyring": true,
Expand Down Expand Up @@ -1213,22 +1195,6 @@
"semver": true
}
},
"@metamask/browser-passworder>@metamask/utils": {
"globals": {
"Buffer": true,
"TextDecoder": true,
"TextEncoder": true
},
"packages": {
"@metamask/superstruct": true,
"@noble/hashes": true,
"@scure/base": true,
"buffer": true,
"nock>debug": true,
"@metamask/utils>pony-cause": true,
"semver": true
}
},
"@ngraveio/bc-ur": {
"globals": {
"Buffer.alloc": true,
Expand Down
6 changes: 3 additions & 3 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@
"@metamask/bitcoin-wallet-snap": "^1.8.0",
"@metamask/bridge-controller": "patch:@metamask/bridge-controller@npm%3A61.0.0#~/.yarn/patches/@metamask-bridge-controller-npm-61.0.0-8c413c463f.patch",
"@metamask/bridge-status-controller": "^61.0.0",
"@metamask/browser-passworder": "^4.3.0",
"@metamask/browser-passworder": "^6.0.0",
"@metamask/chain-agnostic-permission": "^1.2.2",
"@metamask/claims-controller": "^0.2.0",
"@metamask/contract-metadata": "^2.5.0",
Expand Down Expand Up @@ -317,7 +317,7 @@
"@metamask/kernel-ui": "^0.3.0",
"@metamask/kernel-utils": "^0.3.0",
"@metamask/keyring-api": "^21.2.0",
"@metamask/keyring-controller": "^24.0.0",
"@metamask/keyring-controller": "^25.0.0",
"@metamask/keyring-internal-api": "^9.1.0",
"@metamask/keyring-internal-snap-client": "^8.0.0",
"@metamask/keyring-snap-client": "^8.1.0",
Expand Down Expand Up @@ -354,7 +354,7 @@
"@metamask/rpc-errors": "^7.0.0",
"@metamask/safe-event-emitter": "^3.1.1",
"@metamask/scure-bip39": "^2.0.3",
"@metamask/seedless-onboarding-controller": "^6.1.0",
"@metamask/seedless-onboarding-controller": "^7.0.0",
"@metamask/selected-network-controller": "^25.0.0",
"@metamask/shield-controller": "^2.1.1",
"@metamask/signature-controller": "^35.0.0",
Expand Down
6 changes: 5 additions & 1 deletion test/lib/mock-encryptor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,11 @@ const mockEncryptor = {
`Failed to execute 'importKey' on 'SubtleCrypto': The provided value is not of type '(ArrayBuffer or ArrayBufferView or JsonWebKey)'.`,
);
}
return null;
return JSON.parse(key);
},

async exportKey(key) {
return JSON.stringify(key);
},

async updateVault(_vault, _password) {
Expand Down
Loading
Loading