-
-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[keyring-controller]: Add changePassword
method
#4279
Conversation
a2d3dd9
to
0be3ac6
Compare
setPassword
methodsetPassword
method
// to force the controller to re-encrypt the vault using | ||
// the new password. | ||
if (this.#cacheEncryptionKey) { | ||
this.update((state) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#persistOrRollback
will not be able to roll this back, so in case of errors during vault update clients will have to derive the key again
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I can tell, the impact of discarding these would be that the password would be used for vault persistence instead of the key, but that's all. And even then, that's only the case of cacheEncryptionKey
is enabled, otherwise the password is always used. Does that sound right? This doesn't seem harmful if that's the case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes I agree, in case of error consumers will just have to unlock with password again. Mine was a consideration more than a concern - I'm not 100% sure of MV3 implications but I'm guessing that the behaviour is the same, user having to enter the password again
setPassword
methodchangePassword
method
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Explanation
This PR adds
changePassword
as a new method for KeyringController, useful for changing the current password.This addition aims to make it easier for clients to update the password, which is something that they currently need to implement themself
References
Changelog
@metamask/keyring-controller
changePassword
methodChecklist