Allow allowlisted accounts to connect/requestAccounts without unlocking

packages/browser-wallet/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## Unreleased
+
+### Changed
+
+-   Allow allowlisted sites to connect/requestAccounts/getSelectedChain/getMostRecentlySelectedAccount without unlocking. The user will still be prompted to unlock if other requests are made.
+
 ## 1.0.7
 
 ### Added

packages/browser-wallet/src/background/index.ts

@@ -50,7 +50,7 @@ async function isWalletLocked(): Promise<boolean> {
 /**
  * Determines whether the given url has been whitelisted by any account.
  */
-async function isWhiteListedForAnyAccount(url: string): Promise<boolean> {
+async function isAllowListedForAnyAccount(url: string): Promise<boolean> {
     const urlOrigin = new URL(url).origin;
     const connectedSites = await storedConnectedSites.get();
     if (connectedSites) {
@@ -71,7 +71,7 @@ async function performRpcCall(
         onFailure(walletLockedMessage);
     }
 
-    const isWhiteListed = await isWhiteListedForAnyAccount(senderUrl);
+    const isWhiteListed = await isAllowListedForAnyAccount(senderUrl);
     if (isWhiteListed) {
         const url = (await storedCurrentNetwork.get())?.jsonRpcUrl;
         if (!url) {
@@ -101,7 +101,7 @@ async function exportGRPCLocation(
     onSuccess: (response: string | undefined) => void,
     onFailure: (response: string) => void
 ): Promise<void> {
-    const isWhiteListed = await isWhiteListedForAnyAccount(callerUrl);
+    const isWhiteListed = await isAllowListedForAnyAccount(callerUrl);
     if (!isWhiteListed) {
         return onFailure(rpcCallNotAllowedMessage);
     }
@@ -260,9 +260,8 @@ const NOT_WHITELISTED = 'Site is not whitelisted';
 const runIfWhitelisted: RunCondition<MessageStatusWrapper<undefined>> = async (msg, sender) => {
     const { accountAddress } = msg.payload;
     const connectedSites = await storedConnectedSites.get();
-    const locked = await isWalletLocked();
 
-    if (!accountAddress || connectedSites === undefined || locked) {
+    if (!accountAddress || connectedSites === undefined) {
         return { run: false, response: { success: false, message: NOT_WHITELISTED } };
     }
 
@@ -349,7 +348,6 @@ async function findPrioritizedAccountConnectedToSite(url: string): Promise<strin
  * Run condition that runs the handler if the wallet is non-empty (an account exists), and no
  * account in the wallet is connected to the sender URL.
  *
- * 1. If the wallet is locked, then do run.
  * 1. If no selected account exists (the wallet is empty), then do not run and return undefined.
  * 1. Else if the selected account is connected to the sender URL, then do not run and return the selected account address.
  * 1. Else if any other account is connected to the sender URL, then do not run and return that account's address.
@@ -367,11 +365,6 @@ const runIfNotWhitelisted: RunCondition<MessageStatusWrapper<string | undefined>
         return { run: false, response: { success: false, message: 'No account in the wallet' } };
     }
 
-    const locked = await isWalletLocked();
-    if (locked) {
-        return { run: true };
-    }
-
     const accountConnectedToSite = await findPrioritizedAccountConnectedToSite(sender.url);
     if (accountConnectedToSite) {
         return { run: false, response: { success: true, result: accountConnectedToSite } };
@@ -411,16 +404,10 @@ const handleConnectionResponse: HandleResponse<MessageStatusWrapper<string | und
  * Callback method which returns the prioritized account's address.
  */
 const getMostRecentlySelectedAccountHandler: ExtensionMessageHandler = (_msg, sender, respond) => {
-    isWalletLocked().then((locked) => {
-        if (locked) {
-            respond(undefined);
-        } else {
-            if (!sender.url) {
-                throw new Error('Expected URL to be available for sender.');
-            }
-            findPrioritizedAccountConnectedToSite(sender.url).then(respond);
-        }
-    });
+    if (!sender.url) {
+        throw new Error('Expected URL to be available for sender.');
+    }
+    findPrioritizedAccountConnectedToSite(sender.url).then(respond);
     return true;
 };
 
@@ -430,14 +417,14 @@ bgMessageHandler.handleMessage(
 );
 
 const getSelectedChainHandler: ExtensionMessageHandler = (_msg, sender, respond) => {
-    isWalletLocked().then((locked) => {
-        if (locked) {
+    if (!sender.url) {
+        throw new Error('Expected URL to be available for sender.');
+    }
+
+    isAllowListedForAnyAccount(sender.url).then((allowListed) => {
+        if (!allowListed) {
             respond(undefined);
         } else {
-            if (!sender.url) {
-                throw new Error('Expected URL to be available for sender.');
-            }
-
             getGenesisHash()
                 .then(respond)
                 .catch(() => respond(undefined));

packages/browser-wallet/src/popup/page-layouts/ExternalRequestLayout/ExternalRequestLayout.tsx

@@ -1,12 +1,14 @@
 import React, { ReactNode } from 'react';
 import { useTranslation } from 'react-i18next';
-import { useLocation } from 'react-router-dom';
+import { Navigate, useLocation } from 'react-router-dom';
 import { absoluteRoutes } from '@popup/constants/routes';
 import Logo from '@assets/svg/concordium.svg';
 import Toast from '@popup/shared/Toast/Toast';
 
 import { useCredential } from '@popup/shared/utils/account-helpers';
 import AccountDetails from '@popup/pages/Account/AccountDetails';
+import { useAtomValue } from 'jotai';
+import { sessionPasscodeAtom } from '@popup/store/settings';
 
 function Header() {
     const { t } = useTranslation('mainLayout');
@@ -54,6 +56,16 @@ interface Props {
 export default function ExternalRequestLayout({ children }: Props) {
     const { state } = useLocation() as Location;
     const account = useCredential(state.payload.accountAddress);
+    const { loading: loadingPasscode, value: sessionPasscode } = useAtomValue(sessionPasscodeAtom);
+
+    if (loadingPasscode) {
+        // This will be near instant, as we're just waiting for the Chrome async store
+        return null;
+    }
+
+    if (!sessionPasscode) {
+        return <Navigate to={absoluteRoutes.login.path} state={{ to: -1 }} />;
+    }
 
     return (
         <>

packages/browser-wallet/src/popup/pages/IdProofRequest/IdProofRequest.tsx

@@ -48,7 +48,8 @@ export default function IdProofRequest({ onReject, onSubmit }: Props) {
     const network = useAtomValue(networkConfigurationAtom);
     const client = useAtomValue(grpcClientAtom);
     const addToast = useSetAtom(addToastAtom);
-    const recoveryPhrase = useDecryptedSeedPhrase((e) => addToast(e.message));
+    // TODO log this;
+    const recoveryPhrase = useDecryptedSeedPhrase(undefined);
     const dappName = displayUrl(url);
     const [creatingProof, setCreatingProof] = useState<boolean>(false);
     const [canProve, setCanProve] = useState(statement.length > 0);

packages/browser-wallet/src/popup/pages/Login/Login.tsx

@@ -43,7 +43,7 @@ export default function Login() {
             try {
                 await decrypt(encryptedSeedPhrase.value, vs.passcode);
                 // If decryption did not throw an error, then the password is correct.
-                setPasscodeInSession(vs.passcode);
+                await setPasscodeInSession(vs.passcode);
                 navigate(state.to, { state: state.toState });
             } catch {
                 form.setError('passcode', { message: t('incorrectPasscode') });