From 790c94c287afe3524ec296c79121d71148974164 Mon Sep 17 00:00:00 2001 From: ieow <4881057+ieow@users.noreply.github.com> Date: Thu, 6 Nov 2025 20:57:17 +0800 Subject: [PATCH 1/5] fix: checkIfFactorKeyValid, check in factorEncs --- src/mpcCoreKit.ts | 6 ++++++ tests/factors.spec.ts | 31 +++++++++++++++++++++++++++---- tests/gating.spec.ts | 3 ++- tests/sessionTime.spec.ts | 9 ++++++++- 4 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts index 3cae7ff..f573c03 100644 --- a/src/mpcCoreKit.ts +++ b/src/mpcCoreKit.ts @@ -1283,6 +1283,12 @@ export class Web3AuthMPCCoreKit implements ICoreKit { private async checkIfFactorKeyValid(factorKey: BN): Promise { this.checkReady(); + const factorKeyPrivate = factorKeyCurve.keyFromPrivate(factorKey.toBuffer()); + const factorPubX = factorKeyPrivate.getPublic().getX().toString("hex").padStart(64, "0"); + const existingFactorEnc = this.tkey.metadata.factorEncs[this.tkey.tssTag][factorPubX]; + if (!existingFactorEnc) { + return false; + } const factorKeyMetadata = await this.tKey?.readMetadata(factorKey); if (!factorKeyMetadata || factorKeyMetadata.message === "KEY_NOT_FOUND" || factorKeyMetadata.message === "SHARE_DELETED") { return false; diff --git a/tests/factors.spec.ts b/tests/factors.spec.ts index 539e892..659802b 100644 --- a/tests/factors.spec.ts +++ b/tests/factors.spec.ts @@ -1,7 +1,7 @@ import assert from "node:assert"; import test from "node:test"; -import { EllipticPoint, KeyType, Point, secp256k1 } from "@tkey/common-types"; +import { EllipticPoint, getPubKeyPoint, KeyType, Point, secp256k1 } from "@tkey/common-types"; import { factorKeyCurve } from "@tkey/tss"; import { tssLib as tssLibDKLS } from "@toruslabs/tss-dkls-lib"; import { tssLib as tssLibFROST } from "@toruslabs/tss-frost-lib"; @@ -158,7 +158,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) = }); // enable mfa - + let browserFactor: string; await t.test("enable MFA", async function () { const instance = await newInstance(); assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN); @@ -179,7 +179,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) = const instance2 = await newInstance(); assert.strictEqual(instance2.status, COREKIT_STATUS.REQUIRED_SHARE); - const browserFactor = await instance2.getDeviceFactor(); + browserFactor = await instance2.getDeviceFactor(); const factorBN = new BN(recoverFactor, "hex") @@ -210,9 +210,32 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) = } else { await signSecp256k1Data({ coreKitInstance: instance3, msg: "hello world" }); } - }); + // replace factor + await t.test("replace factor", async function () { + const instance = await newInstance(); + + const deviceFactorKeyBN = new BN(browserFactor, "hex") + await instance.inputFactorKey(deviceFactorKeyBN); + assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN); + + const newFactorkey = await instance.createFactor({ shareType: TssShareType.DEVICE }); + await instance.inputFactorKey(new BN(newFactorkey, "hex")); + + assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN); + + + const deviceFactorPub = getPubKeyPoint(deviceFactorKeyBN); + await instance.deleteFactor(deviceFactorPub, browserFactor); + + try { + await instance.inputFactorKey(deviceFactorKeyBN); + throw Error("should not be able to deleted input factor"); + } catch (e) { + assert(e instanceof Error); + } + }); }); }; diff --git a/tests/gating.spec.ts b/tests/gating.spec.ts index 586386f..a2007ff 100644 --- a/tests/gating.spec.ts +++ b/tests/gating.spec.ts @@ -23,7 +23,8 @@ const variable: TestVariable[] = [ description: "should not be gated when on devnet", web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", - email: defaultTestEmail, + // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss + email: defaultTestEmail + '1', web3ClientID: "torus-key-test", expectedErrorThrown: false, }, diff --git a/tests/sessionTime.spec.ts b/tests/sessionTime.spec.ts index b5a4b2c..6a84f7f 100644 --- a/tests/sessionTime.spec.ts +++ b/tests/sessionTime.spec.ts @@ -23,7 +23,14 @@ const defaultTestEmail = "testEmail1"; const isBasePlan = (id: string) => id === "BCriFlI9ihm81N-bc7x6N-xbqwBLuxfRDMmSH87spKH27QTNOPj1W9s2K3-mp9NzXuaRiqxvAGHyuGlXG5wLD1g"; // BasePlan up to 1 day only const variable: TestVariable[] = [ - { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", email: defaultTestEmail, web3ClientID: "torus-key-test", sessionTime: 3600 }, + { + web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, + uxMode: "nodejs", + // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss + email: defaultTestEmail + "1", + web3ClientID: "torus-key-test", + sessionTime: 3600 + }, { web3AuthNetwork: WEB3AUTH_NETWORK.MAINNET, uxMode: "nodejs", From d046cd45bd44ee5412063465b9c0782c11a328c2 Mon Sep 17 00:00:00 2001 From: ieow <4881057+ieow@users.noreply.github.com> Date: Fri, 7 Nov 2025 15:14:04 +0800 Subject: [PATCH 2/5] fix: Optional Chaining for FactorEncs Access --- src/mpcCoreKit.ts | 2 +- tests/gating.spec.ts | 3 +-- tests/sessionTime.spec.ts | 9 +-------- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts index f573c03..0120a58 100644 --- a/src/mpcCoreKit.ts +++ b/src/mpcCoreKit.ts @@ -1285,7 +1285,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit { this.checkReady(); const factorKeyPrivate = factorKeyCurve.keyFromPrivate(factorKey.toBuffer()); const factorPubX = factorKeyPrivate.getPublic().getX().toString("hex").padStart(64, "0"); - const existingFactorEnc = this.tkey.metadata.factorEncs[this.tkey.tssTag][factorPubX]; + const existingFactorEnc = this.tkey.metadata.factorEncs?.[this.tkey.tssTag]?.[factorPubX]; if (!existingFactorEnc) { return false; } diff --git a/tests/gating.spec.ts b/tests/gating.spec.ts index a2007ff..586386f 100644 --- a/tests/gating.spec.ts +++ b/tests/gating.spec.ts @@ -23,8 +23,7 @@ const variable: TestVariable[] = [ description: "should not be gated when on devnet", web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", - // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss - email: defaultTestEmail + '1', + email: defaultTestEmail, web3ClientID: "torus-key-test", expectedErrorThrown: false, }, diff --git a/tests/sessionTime.spec.ts b/tests/sessionTime.spec.ts index 6a84f7f..b5a4b2c 100644 --- a/tests/sessionTime.spec.ts +++ b/tests/sessionTime.spec.ts @@ -23,14 +23,7 @@ const defaultTestEmail = "testEmail1"; const isBasePlan = (id: string) => id === "BCriFlI9ihm81N-bc7x6N-xbqwBLuxfRDMmSH87spKH27QTNOPj1W9s2K3-mp9NzXuaRiqxvAGHyuGlXG5wLD1g"; // BasePlan up to 1 day only const variable: TestVariable[] = [ - { - web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, - uxMode: "nodejs", - // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss - email: defaultTestEmail + "1", - web3ClientID: "torus-key-test", - sessionTime: 3600 - }, + { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", email: defaultTestEmail, web3ClientID: "torus-key-test", sessionTime: 3600 }, { web3AuthNetwork: WEB3AUTH_NETWORK.MAINNET, uxMode: "nodejs", From 856f3af26fd17dc30097bc87e327d699c30d4a0d Mon Sep 17 00:00:00 2001 From: ieow <4881057+ieow@users.noreply.github.com> Date: Fri, 7 Nov 2025 16:42:10 +0800 Subject: [PATCH 3/5] fix: add new user indication --- src/mpcCoreKit.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts index 0120a58..9b52e8d 100644 --- a/src/mpcCoreKit.ts +++ b/src/mpcCoreKit.ts @@ -86,6 +86,10 @@ export class Web3AuthMPCCoreKit implements ICoreKit { public torusSp: TSSTorusServiceProvider | null = null; + // new user indication + // only true during new user sign up, after reinit or rehydration, the flag will be always false + public newUser: boolean = false; + private options: Web3AuthOptionsWithDefaults; private storageLayer: TorusStorageLayer | null = null; @@ -1093,6 +1097,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit { // mutation function private async handleNewUser(importTssKey?: string, isSfaKey?: boolean) { + this.newUser = true; await this.atomicSync(async () => { // Generate or use hash factor and initialize tkey with it. let factorKey: BN; From 336eb5bc29919eb772b931be8e3b588336673edb Mon Sep 17 00:00:00 2001 From: ieow <4881057+ieow@users.noreply.github.com> Date: Mon, 1 Dec 2025 13:12:29 +0800 Subject: [PATCH 4/5] fix: other condition set new user to false --- src/mpcCoreKit.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts index 9b52e8d..0fcc2a9 100644 --- a/src/mpcCoreKit.ts +++ b/src/mpcCoreKit.ts @@ -1151,6 +1151,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit { } private async handleExistingUser() { + this.newUser = false await this.tKey.initialize({ neverInitializeNewKey: true }); if (this.options.disableHashedFactorKey) { return; @@ -1414,6 +1415,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit { this.tkey = null; this.torusSp = null; this.storageLayer = null; + this.newUser = false; this.state = { accountIndex: 0 }; } From 826e94467a0576022b8d2e878cb632b58e810f72 Mon Sep 17 00:00:00 2001 From: ieow <4881057+ieow@users.noreply.github.com> Date: Fri, 5 Dec 2025 13:36:18 +0800 Subject: [PATCH 5/5] fix: lint --- src/mpcCoreKit.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts index 0fcc2a9..01774c2 100644 --- a/src/mpcCoreKit.ts +++ b/src/mpcCoreKit.ts @@ -1151,7 +1151,7 @@ export class Web3AuthMPCCoreKit implements ICoreKit { } private async handleExistingUser() { - this.newUser = false + this.newUser = false; await this.tKey.initialize({ neverInitializeNewKey: true }); if (this.options.disableHashedFactorKey) { return;