From 4da2491e0113daa66f5401011a39c9efee3429c3 Mon Sep 17 00:00:00 2001 From: Ravneet Sandhu Date: Wed, 10 Apr 2024 20:09:11 +0530 Subject: [PATCH] feat: modify accept share method Ticket: PX-3296 We are modifying the accept share method for go account wallet invitations --- modules/sdk-api/src/v1/wallets.ts | 73 +++++++++++- modules/sdk-core/src/bitgo/wallet/iWallet.ts | 1 + modules/sdk-core/src/bitgo/wallet/iWallets.ts | 1 + modules/sdk-core/src/bitgo/wallet/wallets.ts | 104 ++++++++++++++++-- 4 files changed, 165 insertions(+), 14 deletions(-) diff --git a/modules/sdk-api/src/v1/wallets.ts b/modules/sdk-api/src/v1/wallets.ts index ca8f113a85..69f084a6ba 100644 --- a/modules/sdk-api/src/v1/wallets.ts +++ b/modules/sdk-api/src/v1/wallets.ts @@ -225,14 +225,71 @@ Wallets.prototype.acceptShare = function (params, callback) { const self = this; let encryptedXprv = params.overrideEncryptedXprv; + let keyId = params.keyId; + + const shareOfcAccountWithSpenders = async (walletId: string) => { + const wallet = await self.bitgo.wallets().get({ id: walletId }); + const enterpriseUsersResponse = await self.bitgo.get(`/api/v2/enterprise/${wallet.enterprise}/user`); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ wallet:', wallet); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ enterpriseUsersResponse:', enterpriseUsersResponse); + + wallet.users.forEach(async (user) => { + console.log('🚀 ~ shareOfcAccountWithSpenders ~ user:', user); + try { + if (user.permissions.includes('spend')) { + console.log('🚀 ~ user permission includes spend'); + const userObject = enterpriseUsersResponse.users.find((enterpriseUser) => enterpriseUser.id === user.user); + const shareParams = { + walletId: walletId, + user: user.user, + permissions: user.permissions.join(','), + walletPassphrase: params.userPassword, + email: userObject.email, + coin: wallet.coin, + }; + console.log('🚀 ~ wallet.users.forEach ~ shareParams:', shareParams); + await self.bitgo.wallets().shareWallet(shareParams); + } + } catch (e) { + console.error(e); + } + }); + }; return this.getShare({ walletShareId: params.walletShareId }) - .then(function (walletShare) { + .then(async function (walletShare) { + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + if (!params.userPassword) { + throw new Error('userPassword param must be provided to decrypt shared key'); + } + console.log('Creating new keychain for wallet share'); + // generate new keychain + const sdkCoin = await self.coin('ofc'); + const keychains = sdkCoin.keychains(); + const newKeychain = keychains.create(); + const originalPasscodeEncryptionCode = self.bitgo.generateRandomPassword(); + + const encryptedPrv = self.bitgo.encrypt({ + password: params.userPassword, + input: newKeychain.prv, + }); + + const walletKeychain = await keychains.add({ + encryptedPrv, + originalPasscodeEncryptionCode, + pub: newKeychain.pub, + source: 'user', + }); + keyId = walletKeychain.id; + console.log('Keychain created successfully and returning wallet share 1'); + return walletShare; + } + // Return right away if there is no keychain to decrypt, or if explicit encryptedXprv was provided if (!walletShare.keychain || !walletShare.keychain.encryptedXprv || encryptedXprv) { + console.log('No keychain to decrypt, returning wallet share'); return walletShare; } - // More than viewing was requested, so we need to process the wallet keys using the shared ecdh scheme if (!params.userPassword) { throw new Error('userPassword param must be provided to decrypt shared key'); @@ -243,6 +300,7 @@ Wallets.prototype.acceptShare = function (params, callback) { throw new Error('EncryptedXprv was not found on sharing keychain'); } + console.log('Decrypting shared keychain'); // Now we have the sharing keychain, we can work out the secret used for sharing the wallet with us sharingKeychain.xprv = self.bitgo.decrypt({ password: params.userPassword, @@ -266,6 +324,7 @@ Wallets.prototype.acceptShare = function (params, callback) { encryptedXprv = self.bitgo.encrypt({ password: newWalletPassphrase, input: decryptedSharedWalletXprv }); // Carry on to the next block where we will post the acceptance of the share with the encrypted xprv + console.log('Decrypted shared keychain successfully and returning wallet share 2'); return walletShare; }); }) @@ -278,8 +337,16 @@ Wallets.prototype.acceptShare = function (params, callback) { if (encryptedXprv) { updateParams.encryptedXprv = encryptedXprv; } + if (keyId && walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + updateParams.keyId = keyId; + } + console.log('🚀 ~ updateParams:', updateParams); + self.updateShare(updateParams); - return self.updateShare(updateParams); + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + console.log('Sharing wallet with spenders'); + shareOfcAccountWithSpenders(walletShare.wallet); + } }) .nodeify(callback); }; diff --git a/modules/sdk-core/src/bitgo/wallet/iWallet.ts b/modules/sdk-core/src/bitgo/wallet/iWallet.ts index a4ce4b1a0c..58f16ae6dd 100644 --- a/modules/sdk-core/src/bitgo/wallet/iWallet.ts +++ b/modules/sdk-core/src/bitgo/wallet/iWallet.ts @@ -609,6 +609,7 @@ export interface WalletData { tokens?: Record[]; nfts?: { [contractAddressOrToken: string]: NftBalance }; unsupportedNfts?: { [contractAddress: string]: NftBalance }; + users?: any[]; } export interface RecoverTokenOptions { diff --git a/modules/sdk-core/src/bitgo/wallet/iWallets.ts b/modules/sdk-core/src/bitgo/wallet/iWallets.ts index 7ce6121bbd..3d4e95f8db 100644 --- a/modules/sdk-core/src/bitgo/wallet/iWallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/iWallets.ts @@ -72,6 +72,7 @@ export interface UpdateShareOptions { walletShareId?: string; state?: string; encryptedPrv?: string; + keyId?: string; } export interface AcceptShareOptions { diff --git a/modules/sdk-core/src/bitgo/wallet/wallets.ts b/modules/sdk-core/src/bitgo/wallet/wallets.ts index e4b67ec5f1..32b5b34d7c 100644 --- a/modules/sdk-core/src/bitgo/wallet/wallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/wallets.ts @@ -27,6 +27,8 @@ import { WalletWithKeychains, } from './iWallets'; import { Wallet } from './wallet'; +import * as sjcl from '@bitgo/sjcl'; +import * as bs58 from 'bs58'; export class Wallets implements IWallets { private readonly bitgo: BitGoBase; @@ -506,10 +508,7 @@ export class Wallets implements IWallets { async updateShare(params: UpdateShareOptions = {}): Promise { common.validateParams(params, ['walletShareId'], []); - return await this.bitgo - .post(this.baseCoin.url('/walletshare/' + params.walletShareId)) - .send(params) - .result(); + return await this.bitgo.post(this.baseCoin.url('/walletshare/' + params.walletShareId)).send(params); } /** @@ -538,6 +537,66 @@ export class Wallets implements IWallets { .result(); } + async shareOfcAccountWithSpenders(walletId: string, userPassword: string, enterprise: string) { + const wallet = await this.bitgo.coin('ofc').wallets().get({ id: walletId }); + const enterpriseUsersResponse = (await this.bitgo.get(`/api/v2/enterprise/${enterprise}/user`).result()) as any; + console.log('🚀 ~ shareOfcAccountWithSpenders ~ wallet:', wallet); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ enterpriseUsersResponse:', enterpriseUsersResponse); + + wallet?._wallet?.users?.forEach(async (user) => { + console.log('🚀 ~ shareOfcAccountWithSpenders ~ user:', user); + try { + if (user.permissions.includes('spend')) { + console.log('🚀 ~ user permission includes spend'); + const userObject = enterpriseUsersResponse?.adminUsers.find( + (enterpriseUser) => enterpriseUser.id === user.user + ); + const shareParams = { + walletId: walletId, + user: user.user, + permissions: user.permissions.join(','), + walletPassphrase: userPassword, + email: userObject.email.email, + coin: wallet.coin, + }; + console.log('🚀 ~ wallet.users.forEach ~ shareParams:', shareParams); + wallet.shareWallet(shareParams); + } + } catch (e) { + console.error(e); + } + }); + } + + /** + * Generate a random password + * @param {Number} numWords Number of 32-bit words + * @returns {String} base58 random password + */ + generateRandomPassword(numWords = 5): string { + const bytes = sjcl.codec.bytes.fromBits(sjcl.random.randomWords(numWords)); + return bs58.encode(bytes); + } + + async createKeychain(userPassword: string) { + const sdkCoin = await this.bitgo.coin('ofc'); + const keychains = sdkCoin.keychains(); + const newKeychain = keychains.create(); + const originalPasscodeEncryptionCode = this.generateRandomPassword(); + + const encryptedPrv = this.bitgo.encrypt({ + password: userPassword, + input: newKeychain.prv, + }); + + const walletKeychain = await keychains.add({ + encryptedPrv, + originalPasscodeEncryptionCode, + pub: newKeychain.pub, + source: 'user', + }); + return walletKeychain; + } /** * Accepts a wallet share, adding the wallet to the user's list * Needs a user's password to decrypt the shared key @@ -554,15 +613,38 @@ export class Wallets implements IWallets { common.validateParams(params, ['walletShareId'], ['overrideEncryptedPrv', 'userPassword', 'newWalletPassphrase']); let encryptedPrv = params.overrideEncryptedPrv; - + console.log('line 619'); const walletShare = (await this.getShare({ walletShareId: params.walletShareId })) as any; - - // Return right away if there is no keychain to decrypt, or if explicit encryptedPrv was provided - if (!walletShare.keychain || !walletShare.keychain.encryptedPrv || encryptedPrv) { - return this.updateShare({ + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + if (_.isUndefined(params.userPassword)) { + throw new Error('userPassword param must be provided to decrypt shared key'); + } + const walletKeychain = await this.createKeychain(params.userPassword); + const response = await this.updateShare({ walletShareId: params.walletShareId, state: 'accepted', + keyId: walletKeychain.id, }); + console.log('🚀 ~ Wallets ~ acceptShare ~ response:', response); + if (response.statusCode === 200 || response.result().changed) { + try { + console.log('line 631'); + await this.shareOfcAccountWithSpenders(walletShare.wallet, params.userPassword, walletShare.enterprise); + } catch (e) { + console.error(e); + } + } + return response; + } + console.log('line 636'); + // Return right away if there is no keychain to decrypt, or if explicit encryptedPrv was provided + if (!walletShare.keychain || !walletShare.keychain.encryptedPrv || encryptedPrv) { + return ( + this.updateShare({ + walletShareId: params.walletShareId, + state: 'accepted', + }) as any + ).result(); } // More than viewing was requested, so we need to process the wallet keys using the shared ecdh scheme @@ -606,8 +688,8 @@ export class Wallets implements IWallets { if (encryptedPrv) { updateParams.encryptedPrv = encryptedPrv; } - - return this.updateShare(updateParams); + console.log('686'); + return (this.updateShare(updateParams) as any).result(); } /**