From 456d1ceacb8bec576135ed67dab0435032c2d9d5 Mon Sep 17 00:00:00 2001 From: David Walsh Date: Tue, 16 Aug 2022 14:44:35 -0500 Subject: [PATCH] Don't assume password if there's a salted vault --- index.js | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/index.js b/index.js index de206cf0..17bfee6f 100644 --- a/index.js +++ b/index.js @@ -203,7 +203,7 @@ class KeyringController extends EventEmitter { if (!encryptedVault) { throw new Error('Cannot unlock without a previous vault.'); } - + // TODO: MV3: Should we persist keyrings here as well? await this.encryptor.decrypt(password, encryptedVault); } @@ -566,7 +566,8 @@ class KeyringController extends EventEmitter { ); } - // MV3: Since we also allow persisting without a password, we should require this.encryptedKey + // MV3: Since we also allow persisting without a password, + // we should require this.encryptedKey if (password === undefined && this.encryptedKey === undefined) { return Promise.reject( new Error( @@ -638,10 +639,19 @@ class KeyringController extends EventEmitter { // MV3: If the separator string is in the vault string, the user has already migrated // from the previous password-only model let vault = null; - if (encryptedVault.includes(VAULT_SEPARATOR)) { + if (encryptedVault && encryptedVault.includes(VAULT_SEPARATOR)) { const [, salt] = encryptedVault.split(VAULT_SEPARATOR); - this.encryptedKey = - encryptedKey || this._generateEncryptedKey(password, salt); + + if (password) { + this.encryptedKey = this._generateEncryptedKey(password, salt); + } else if (encryptedKey) { + this.encryptedKey = encryptedKey; + } else { + throw new Error( + 'No way to decrypt a salted vault without a password or encrypted key', + ); + } + vault = await this.encryptor.decrypt(this.encryptedKey, encryptedVault); } else { vault = await this.encryptor.decrypt(password, encryptedVault);