Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate KeyringController to BaseControllerV2 #1378

Merged
merged 19 commits into from
Jun 6, 2023
Merged

Migrate KeyringController to BaseControllerV2 #1378

merged 19 commits into from
Jun 6, 2023

Conversation

mikesposito
Copy link
Member

@mikesposito mikesposito commented May 16, 2023
edited
Loading

Description

This PR refactors KeyringController to extend BaseControllerV2.

This controller's state is completely non-persistent and is kept in sync with the inner EthKeyringController's memStore through event subscription. For this reason, the fullUpdate method is now unnecessary and has been removed - Tests have been refactored to use controller state for assertions so that this mechanism is implicitly well covered.

All the methods that returned fullUpdate, now return the KeyringController's state with vault, encryptionKey and encryptionSalt removed as sensitive data; these parameters can always be found with KeyringController.state

Changes

  • BREAKING: KeyringController now inherits from BaseControllerV2
    • The constructor takes a single argument, an options bag, instead of three arguments
    • The state of the controller is accessible via controller.state instead of controller.store.getState()
    • KeyringController now expects a messenger option (and corresponding type KeyringControllerMessenger is now available)
    • The messenger will now publish KeyringController:getState and KeyringController:stateChange events (and corresponding types KeyringControllerGetStateAction and KeyringControllerStateChangeEvent are now available)
    • Removed KeyringState, KeyringMemState, and KeyringConfig in favor of new types KeyringControllerState, KeyringControllerActions, KeyringControllerEvents, and KeyringControllerOptions
      • KeyringControllerState is like the previous KeyringMemState but with an extra vault property
      • KeyringControllerOptions incorporates the previous set of options and the KeyringConfig
    • Added immer as a dependency
  • BREAKING: Removed index from the Keyring type
  • BREAKING: The keyringState property in the return value of addNewAccount, addNewAccountWithoutUpdate, createNewVaultAndRestore, createNewVaultAndKeychain, importAccountWithStrategy, removeAccount, setLocked, submitEncryptionKey, and submitPassword is now a type of KeyringControllerMemState instead of KeyringMemState (and may omit vault, encryptionKey, and encryptionSalt)
  • BREAKING: Removed subscribe and unsubscribe methods
    • State changes can be directly subscribed to (or unsubscribed from) via the messenger if necessary.
  • BREAKING: Removed lock and unlock methods
    • KeyringController:lock and KeyringController:unlock may now be subscribed to via the messenger if necessary.
  • BREAKING: Removed fullUpdate method
    • There is no need to call this method anymore because the controller should always be up to date with the EthKeyringController instance.
  • ADDED: Added KeyringControllerMemState type
    • This is like the previous KeyringMemState but without encryptionKey or encryptionSalt
  • ADDED: Added messenger events NetworkController:lock and NetworkController:unlock (and corresponding types KeyringControllerLockEvent and KeyringControllerUnlockEvent)
    • The messenger will publish NetworkController:lock when the inner EthKeyringController instance publishes its lock event and NetworkController:unlock when it publishes its unlock event

References

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation for new or updated code as appropriate (note: this will usually be JSDoc)
  • I've highlighted breaking changes using the "BREAKING" category above as appropriate

Base automatically changed from feat/1257-cache-encryption-key to main May 18, 2023 08:52
@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch from 0ef1d78 to 40ebd18 Compare May 18, 2023 09:07
@socket-security
Copy link

socket-security bot commented May 18, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been removed or ignored.

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch 2 times, most recently from 77c7655 to 706b0e7 Compare May 19, 2023 15:34
@mikesposito mikesposito marked this pull request as ready for review May 19, 2023 15:59
@mikesposito mikesposito requested a review from a team as a code owner May 19, 2023 15:59
@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch from a0171f4 to cc408fe Compare May 23, 2023 10:11
@mikesposito mikesposito mentioned this pull request May 23, 2023
Merged
3 tasks
@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch 2 times, most recently from 965a2f9 to 65d38ca Compare May 25, 2023 11:54
@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch from 522e462 to 281d6ff Compare May 29, 2023 11:33
mikesposito
mikesposito commented Jun 1, 2023
View reviewed changes
packages/keyring-controller/src/KeyringController.test.ts
...rest,
});
const initialState = await controller.createNewVaultAndKeychain(password);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we removed vault, encryptionKey and encryptionSalt from methods returns, we now need to take the initial state from controller.state, which contains all state properties

@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch from e7e6e41 to 1caf12e Compare June 1, 2023 12:40
@mcmire
Copy link
Contributor

mcmire commented Jun 1, 2023
edited
Loading

I audited the set of changes here and here are my notes for the changelog:

  • BREAKING: KeyringController now inherits from BaseControllerV2
    • The constructor takes a single argument, an options bag, instead of three arguments
    • The state of the controller is accessible via controller.state instead of controller.store.getState()
    • KeyringController now expects a messenger option (and corresponding type KeyringControllerMessenger is now available)
    • The messenger will now publish KeyringController:getState and KeyringController:stateChange events (and corresponding types KeyringControllerGetStateAction and KeyringControllerStateChangeEvent are now available)
    • Removed KeyringState, KeyringMemState, and KeyringConfig in favor of new types KeyringControllerState, KeyringControllerActions, KeyringControllerEvents, and KeyringControllerOptions
      • KeyringControllerState is like the previous KeyringMemState but with an extra vault property
      • KeyringControllerOptions incorporates the previous set of options and the KeyringConfig
    • Added immer as a dependency
  • BREAKING: Removed index from the Keyring type
  • BREAKING: The keyringState property in the return value of addNewAccount, addNewAccountWithoutUpdate, createNewVaultAndRestore, createNewVaultAndKeychain, importAccountWithStrategy, removeAccount, setLocked, submitEncryptionKey, and submitPassword is now a type of KeyringControllerMemState instead of KeyringMemState (and may omit vault, encryptionKey, and encryptionSalt)
  • BREAKING: Removed subscribe and unsubscribe methods
    • State changes can be directly subscribed to (or unsubscribed from) via the messenger if necessary.
  • BREAKING: Removed lock and unlock methods
    • KeyringController:lock and KeyringController:unlock may now be subscribed to via the messenger if necessary.
  • BREAKING: Removed fullUpdate method
    • There is no need to call this method anymore because the controller should always be up to date with the EthKeyringController instance.
  • ADDED: Added KeyringControllerMemState type
    • This is like the previous KeyringMemState but without encryptionKey or encryptionSalt
  • ADDED: Added messenger events NetworkController:lock and NetworkController:unlock (and corresponding types KeyringControllerLockEvent and KeyringControllerUnlockEvent)
    • The messenger will publish NetworkController:lock when the inner EthKeyringController instance publishes its lock event and NetworkController:unlock when it publishes its unlock event

@mikesposito I believe this aligns with what you had written in your changelog. I just had a question about the behavior of restoreQRKeyring, but I'll ask separately. Does the rest of this sound right though?

mcmire
mcmire previously approved these changes Jun 1, 2023
View reviewed changes
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a couple of questions but I've looked this over and these changes make sense to me.

packages/keyring-controller/src/KeyringController.ts Outdated
@@ -237,7 +280,7 @@ export class KeyringController extends BaseController<
// we return the account already existing at index `accountCount`
const primaryKeyringAccounts = await primaryKeyring.getAccounts();
return {
keyringState: await this.fullUpdate(),
keyringState: this.state,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it important to filter vault, encryptionKey and encryptionSalt out of this value?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ops! yes, it is. I forgot this occurrence, I just changed it to this.#getMemState()

packages/keyring-controller/src/KeyringController.ts Show resolved Hide resolved
@mikesposito mikesposito force-pushed the refactor/update-to-basecontroller-v2 branch from 7b2577b to a0d8096 Compare June 5, 2023 08:29
@mikesposito
Copy link
Member Author

@mcmire thanks for auditing this PR changes and writing down a nice changelog! I just updated the main description

mcmire
mcmire approved these changes Jun 5, 2023
View reviewed changes
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Nice work 💪🏻

@mikesposito mikesposito merged commit 371dda3 into main Jun 6, 2023
@mikesposito mikesposito deleted the refactor/update-to-basecontroller-v2 branch June 6, 2023 08:42
MajorLift pushed a commit that referenced this pull request Oct 11, 2023
@mikesposito @MajorLift
Migrate KeyringController to BaseControllerV2 (#1378)
8b2996a 
* feat: supp cacheEncryptionKey and submitEncryptionKey method

* docs: update jsdoc

* refactor: migrate KeyringController to BaseControllerV2

* fix: use immer v9

* rollback: controller parameters change

* refactor: change KeyringConfig to KeyringControllerConfig

* refactor: sync controller state with keyring state

* refactor: no vault sync

* refactor: use state value for isUnlocked

* refactor: use controller state for test assertions

* refactor: remove onLock and onUnlock in favor of events

* refactor: sync mem and persistent store

* refactor: apply review feedback

* refactor: use option bag for constructor

* fix: set immer as prod dependency

* fix: add encryption key and salt to memstore

* refactor: remove vault encryptionKey and encryptionSalt from returns

* fix: remove forgotten state return
MajorLift pushed a commit that referenced this pull request Oct 11, 2023
@mikesposito @MajorLift
Migrate KeyringController to BaseControllerV2 (#1378)
b3318d8 
* feat: supp cacheEncryptionKey and submitEncryptionKey method

* docs: update jsdoc

* refactor: migrate KeyringController to BaseControllerV2

* fix: use immer v9

* rollback: controller parameters change

* refactor: change KeyringConfig to KeyringControllerConfig

* refactor: sync controller state with keyring state

* refactor: no vault sync

* refactor: use state value for isUnlocked

* refactor: use controller state for test assertions

* refactor: remove onLock and onUnlock in favor of events

* refactor: sync mem and persistent store

* refactor: apply review feedback

* refactor: use option bag for constructor

* fix: set immer as prod dependency

* fix: add encryption key and salt to memstore

* refactor: remove vault encryptionKey and encryptionSalt from returns

* fix: remove forgotten state return
@MajorLift MajorLift mentioned this pull request Dec 6, 2023
Open
29 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gudahtt Gudahtt Gudahtt left review comments

@mcmire mcmire mcmire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

KeyringController: Update to BaseControllerV2
3 participants
@mikesposito @mcmire @Gudahtt