diff --git a/modules/sdk-api/src/v1/wallets.ts b/modules/sdk-api/src/v1/wallets.ts index ca8f113a85..69f084a6ba 100644 --- a/modules/sdk-api/src/v1/wallets.ts +++ b/modules/sdk-api/src/v1/wallets.ts @@ -225,14 +225,71 @@ Wallets.prototype.acceptShare = function (params, callback) { const self = this; let encryptedXprv = params.overrideEncryptedXprv; + let keyId = params.keyId; + + const shareOfcAccountWithSpenders = async (walletId: string) => { + const wallet = await self.bitgo.wallets().get({ id: walletId }); + const enterpriseUsersResponse = await self.bitgo.get(`/api/v2/enterprise/${wallet.enterprise}/user`); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ wallet:', wallet); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ enterpriseUsersResponse:', enterpriseUsersResponse); + + wallet.users.forEach(async (user) => { + console.log('🚀 ~ shareOfcAccountWithSpenders ~ user:', user); + try { + if (user.permissions.includes('spend')) { + console.log('🚀 ~ user permission includes spend'); + const userObject = enterpriseUsersResponse.users.find((enterpriseUser) => enterpriseUser.id === user.user); + const shareParams = { + walletId: walletId, + user: user.user, + permissions: user.permissions.join(','), + walletPassphrase: params.userPassword, + email: userObject.email, + coin: wallet.coin, + }; + console.log('🚀 ~ wallet.users.forEach ~ shareParams:', shareParams); + await self.bitgo.wallets().shareWallet(shareParams); + } + } catch (e) { + console.error(e); + } + }); + }; return this.getShare({ walletShareId: params.walletShareId }) - .then(function (walletShare) { + .then(async function (walletShare) { + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + if (!params.userPassword) { + throw new Error('userPassword param must be provided to decrypt shared key'); + } + console.log('Creating new keychain for wallet share'); + // generate new keychain + const sdkCoin = await self.coin('ofc'); + const keychains = sdkCoin.keychains(); + const newKeychain = keychains.create(); + const originalPasscodeEncryptionCode = self.bitgo.generateRandomPassword(); + + const encryptedPrv = self.bitgo.encrypt({ + password: params.userPassword, + input: newKeychain.prv, + }); + + const walletKeychain = await keychains.add({ + encryptedPrv, + originalPasscodeEncryptionCode, + pub: newKeychain.pub, + source: 'user', + }); + keyId = walletKeychain.id; + console.log('Keychain created successfully and returning wallet share 1'); + return walletShare; + } + // Return right away if there is no keychain to decrypt, or if explicit encryptedXprv was provided if (!walletShare.keychain || !walletShare.keychain.encryptedXprv || encryptedXprv) { + console.log('No keychain to decrypt, returning wallet share'); return walletShare; } - // More than viewing was requested, so we need to process the wallet keys using the shared ecdh scheme if (!params.userPassword) { throw new Error('userPassword param must be provided to decrypt shared key'); @@ -243,6 +300,7 @@ Wallets.prototype.acceptShare = function (params, callback) { throw new Error('EncryptedXprv was not found on sharing keychain'); } + console.log('Decrypting shared keychain'); // Now we have the sharing keychain, we can work out the secret used for sharing the wallet with us sharingKeychain.xprv = self.bitgo.decrypt({ password: params.userPassword, @@ -266,6 +324,7 @@ Wallets.prototype.acceptShare = function (params, callback) { encryptedXprv = self.bitgo.encrypt({ password: newWalletPassphrase, input: decryptedSharedWalletXprv }); // Carry on to the next block where we will post the acceptance of the share with the encrypted xprv + console.log('Decrypted shared keychain successfully and returning wallet share 2'); return walletShare; }); }) @@ -278,8 +337,16 @@ Wallets.prototype.acceptShare = function (params, callback) { if (encryptedXprv) { updateParams.encryptedXprv = encryptedXprv; } + if (keyId && walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + updateParams.keyId = keyId; + } + console.log('🚀 ~ updateParams:', updateParams); + self.updateShare(updateParams); - return self.updateShare(updateParams); + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + console.log('Sharing wallet with spenders'); + shareOfcAccountWithSpenders(walletShare.wallet); + } }) .nodeify(callback); }; diff --git a/modules/sdk-core/src/bitgo/wallet/iWallets.ts b/modules/sdk-core/src/bitgo/wallet/iWallets.ts index 7ce6121bbd..3d4e95f8db 100644 --- a/modules/sdk-core/src/bitgo/wallet/iWallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/iWallets.ts @@ -72,6 +72,7 @@ export interface UpdateShareOptions { walletShareId?: string; state?: string; encryptedPrv?: string; + keyId?: string; } export interface AcceptShareOptions { diff --git a/modules/sdk-core/src/bitgo/wallet/wallets.ts b/modules/sdk-core/src/bitgo/wallet/wallets.ts index e4b67ec5f1..0ce82b2a90 100644 --- a/modules/sdk-core/src/bitgo/wallet/wallets.ts +++ b/modules/sdk-core/src/bitgo/wallet/wallets.ts @@ -27,6 +27,8 @@ import { WalletWithKeychains, } from './iWallets'; import { Wallet } from './wallet'; +import * as sjcl from '@bitgo/sjcl'; +import * as bs58 from 'bs58'; export class Wallets implements IWallets { private readonly bitgo: BitGoBase; @@ -538,6 +540,66 @@ export class Wallets implements IWallets { .result(); } + async shareOfcAccountWithSpenders(walletId: string, userPassword: string) { + const wallet = await this.bitgo.wallets().get({ id: walletId }); + const enterpriseUsersResponse = (await this.bitgo + .get(`/api/v2/enterprise/${wallet.enterprise}/user`) + .result()) as any; + console.log('🚀 ~ shareOfcAccountWithSpenders ~ wallet:', wallet); + console.log('🚀 ~ shareOfcAccountWithSpenders ~ enterpriseUsersResponse:', enterpriseUsersResponse); + + wallet.users.forEach(async (user) => { + console.log('🚀 ~ shareOfcAccountWithSpenders ~ user:', user); + try { + if (user.permissions.includes('spend')) { + console.log('🚀 ~ user permission includes spend'); + const userObject = enterpriseUsersResponse.users.find((enterpriseUser) => enterpriseUser.id === user.user); + const shareParams = { + walletId: walletId, + user: user.user, + permissions: user.permissions.join(','), + walletPassphrase: userPassword, + email: userObject.email, + coin: wallet.coin, + }; + console.log('🚀 ~ wallet.users.forEach ~ shareParams:', shareParams); + await this.bitgo.wallets().shareWallet(shareParams); + } + } catch (e) { + console.error(e); + } + }); + } + + /** + * Generate a random password + * @param {Number} numWords Number of 32-bit words + * @returns {String} base58 random password + */ + generateRandomPassword(numWords = 5): string { + const bytes = sjcl.codec.bytes.fromBits(sjcl.random.randomWords(numWords)); + return bs58.encode(bytes); + } + + async createKeychain(userPassword: string) { + const sdkCoin = await this.bitgo.coin('ofc'); + const keychains = sdkCoin.keychains(); + const newKeychain = keychains.create(); + const originalPasscodeEncryptionCode = this.generateRandomPassword(); + + const encryptedPrv = this.bitgo.encrypt({ + password: userPassword, + input: newKeychain.prv, + }); + + const walletKeychain = await keychains.add({ + encryptedPrv, + originalPasscodeEncryptionCode, + pub: newKeychain.pub, + source: 'user', + }); + return walletKeychain; + } /** * Accepts a wallet share, adding the wallet to the user's list * Needs a user's password to decrypt the shared key @@ -554,9 +616,24 @@ export class Wallets implements IWallets { common.validateParams(params, ['walletShareId'], ['overrideEncryptedPrv', 'userPassword', 'newWalletPassphrase']); let encryptedPrv = params.overrideEncryptedPrv; - + console.log('line 619'); const walletShare = (await this.getShare({ walletShareId: params.walletShareId })) as any; - + if (walletShare.keychainOverrideRequired && walletShare.permissions.indexOf('admin') !== -1) { + if (_.isUndefined(params.userPassword)) { + throw new Error('userPassword param must be provided to decrypt shared key'); + } + const walletKeychain = await this.createKeychain(params.userPassword); + const response = await this.updateShare({ + walletShareId: params.walletShareId, + state: 'accepted', + keyId: walletKeychain.id, + }); + if (response.statusCode === 200) { + await this.shareOfcAccountWithSpenders(walletShare.walletId, params.userPassword); + } + return response; + } + console.log('line 636'); // Return right away if there is no keychain to decrypt, or if explicit encryptedPrv was provided if (!walletShare.keychain || !walletShare.keychain.encryptedPrv || encryptedPrv) { return this.updateShare({ @@ -606,7 +683,7 @@ export class Wallets implements IWallets { if (encryptedPrv) { updateParams.encryptedPrv = encryptedPrv; } - + console.log('686'); return this.updateShare(updateParams); }