diff --git a/modules/sdk-core/src/bitgo/wallet/iWallet.ts b/modules/sdk-core/src/bitgo/wallet/iWallet.ts index a4ce4b1a0c..58f16ae6dd 100644 --- a/modules/sdk-core/src/bitgo/wallet/iWallet.ts +++ b/modules/sdk-core/src/bitgo/wallet/iWallet.ts @@ -609,6 +609,7 @@ export interface WalletData { tokens?: Record[]; nfts?: { [contractAddressOrToken: string]: NftBalance }; unsupportedNfts?: { [contractAddress: string]: NftBalance }; + users?: any[]; } export interface RecoverTokenOptions { diff --git a/modules/sdk-core/src/bitgo/wallet/iWallets.ts b/modules/sdk-core/src/bitgo/wallet/iWallets.ts index 7ce6121bbd..3d4e95f8db 100644 --- a/modules/sdk-core/src/bitgo/wallet/iWallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/iWallets.ts @@ -72,6 +72,7 @@ export interface UpdateShareOptions { walletShareId?: string; state?: string; encryptedPrv?: string; + keyId?: string; } export interface AcceptShareOptions { diff --git a/modules/sdk-core/src/bitgo/wallet/wallets.ts b/modules/sdk-core/src/bitgo/wallet/wallets.ts index e4b67ec5f1..3ef6cea5c6 100644 --- a/modules/sdk-core/src/bitgo/wallet/wallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/wallets.ts @@ -27,6 +27,8 @@ import { WalletWithKeychains, } from './iWallets'; import { Wallet } from './wallet'; +import * as sjcl from '@bitgo/sjcl'; +import * as bs58 from 'bs58'; export class Wallets implements IWallets { private readonly bitgo: BitGoBase; @@ -506,10 +508,7 @@ export class Wallets implements IWallets { async updateShare(params: UpdateShareOptions = {}): Promise { common.validateParams(params, ['walletShareId'], []); - return await this.bitgo - .post(this.baseCoin.url('/walletshare/' + params.walletShareId)) - .send(params) - .result(); + return await this.bitgo.post(this.baseCoin.url('/walletshare/' + params.walletShareId)).send(params); } /** @@ -538,6 +537,62 @@ export class Wallets implements IWallets { .result(); } + async shareOfcAccountWithSpenders(walletId: string, userPassword: string, enterprise: string): Promise { + const wallet = await this.bitgo.coin('ofc').wallets().get({ id: walletId }); + const enterpriseUsersResponse = (await this.bitgo.get(`/api/v2/enterprise/${enterprise}/user`).result()) as any; + wallet?._wallet?.users?.forEach(async (user) => { + try { + if (user.permissions.includes('spend') && !user.permissions.includes('admin')) { + const userObject = enterpriseUsersResponse?.adminUsers.find( + (enterpriseUser) => enterpriseUser.id === user.user + ); + const shareParams = { + walletId: walletId, + user: user.user, + permissions: user.permissions.join(','), + walletPassphrase: userPassword, + email: userObject.email.email, + coin: wallet.coin, + reshare: true, + }; + wallet.shareWallet(shareParams); + } + } catch (e) { + // TODO: gracefully handle this error + console.error(e); + } + }); + } + + /** + * Generate a random password + * @param {Number} numWords Number of 32-bit words + * @returns {String} base58 random password + */ + generateRandomPassword(numWords = 5): string { + const bytes = sjcl.codec.bytes.fromBits(sjcl.random.randomWords(numWords)); + return bs58.encode(bytes); + } + + async createKeychain(userPassword: string): Promise { + const sdkCoin = await this.bitgo.coin('ofc'); + const keychains = sdkCoin.keychains(); + const newKeychain = keychains.create(); + const originalPasscodeEncryptionCode = this.generateRandomPassword(); + + const encryptedPrv = this.bitgo.encrypt({ + password: userPassword, + input: newKeychain.prv, + }); + + const walletKeychain = await keychains.add({ + encryptedPrv, + originalPasscodeEncryptionCode, + pub: newKeychain.pub, + source: 'user', + }); + return walletKeychain; + } /** * Accepts a wallet share, adding the wallet to the user's list * Needs a user's password to decrypt the shared key @@ -554,15 +609,35 @@ export class Wallets implements IWallets { common.validateParams(params, ['walletShareId'], ['overrideEncryptedPrv', 'userPassword', 'newWalletPassphrase']); let encryptedPrv = params.overrideEncryptedPrv; - const walletShare = (await this.getShare({ walletShareId: params.walletShareId })) as any; - - // Return right away if there is no keychain to decrypt, or if explicit encryptedPrv was provided - if (!walletShare.keychain || !walletShare.keychain.encryptedPrv || encryptedPrv) { - return this.updateShare({ + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + if (_.isUndefined(params.userPassword)) { + throw new Error('userPassword param must be provided to decrypt shared key'); + } + const walletKeychain = await this.createKeychain(params.userPassword); + const response = await this.updateShare({ walletShareId: params.walletShareId, state: 'accepted', + keyId: walletKeychain.id, }); + if (response.statusCode === 200 || response.result().changed) { + try { + await this.shareOfcAccountWithSpenders(walletShare.wallet, params.userPassword, walletShare.enterprise); + } catch (e) { + // TODO: gracefully handle this error + console.error(e); + } + } + return response; + } + // Return right away if there is no keychain to decrypt, or if explicit encryptedPrv was provided + if (!walletShare.keychain || !walletShare.keychain.encryptedPrv || encryptedPrv) { + return ( + this.updateShare({ + walletShareId: params.walletShareId, + state: 'accepted', + }) as any + ).result(); } // More than viewing was requested, so we need to process the wallet keys using the shared ecdh scheme @@ -606,8 +681,7 @@ export class Wallets implements IWallets { if (encryptedPrv) { updateParams.encryptedPrv = encryptedPrv; } - - return this.updateShare(updateParams); + return (this.updateShare(updateParams) as any).result(); } /**