feat: add updateVaultWithDetail

MetaMask · Nov 9, 2023 · ce50096 · ce50096
1 parent 60ec49a
commit ce50096
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 0 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -445,6 +445,31 @@ export async function updateVault(
   return encrypt(password, await decrypt(password, vault));
 }
 
+/**
+ * Updates the provided vault and exported key, re-encrypting
+ * data with a safer algorithm if one is available.
+ *
+ * If the provided vault is already using the latest available encryption method,
+ * it is returned as is.
+ *
+ * @param encryptionResult - The encrypted data to update.
+ * @param password - The password to use for encryption.
+ * @returns A promise resolving to the updated encrypted data and exported key.
+ */
+export async function updateVaultWithDetail(
+  encryptionResult: DetailedEncryptionResult,
+  password: string,
+): Promise<DetailedEncryptionResult> {
+  if (isVaultUpdated(encryptionResult.vault)) {
+    return encryptionResult;
+  }
+
+  return encryptWithDetail(
+    password,
+    await decrypt(password, encryptionResult.vault),
+  );
+}
+
 /**
  * Checks if the provided key is an `EncryptionKey`.
  *

diff --git a/test/index.spec.ts b/test/index.spec.ts
@@ -831,3 +831,87 @@ test.describe('encryptor:updateVault', async () => {
     });
   });
 });
+
+test.describe('encryptor:updateVaultWithDetail', async () => {
+  test.describe('with old vault format', async () => {
+    test('should return a vault encrypted with a key derived with new key derivation options', async ({
+      page,
+    }) => {
+      const detailedVault: Encryptor.DetailedEncryptionResult = {
+        vault: JSON.stringify(oldSampleEncryptedData),
+        exportedKeyString: OLD_SAMPLE_EXPORTED_KEY,
+      };
+
+      const updatedVault = await page.evaluate(
+        async (args) =>
+          window.encryptor.updateVaultWithDetail(
+            args.detailedVault,
+            args.password,
+          ),
+        {
+          detailedVault,
+          password: 'a sample passw0rd',
+        },
+      );
+      const vault = JSON.parse(updatedVault.vault);
+
+      expect(vault).toHaveProperty('keyMetadata');
+      expect(vault.keyMetadata).toStrictEqual(sampleEncryptedData.keyMetadata);
+    });
+
+    test('should return a vault that can be decrypted with the same password', async ({
+      page,
+    }) => {
+      const password = 'a sample passw0rd';
+      const detailedVault: Encryptor.DetailedEncryptionResult = {
+        vault: JSON.stringify(oldSampleEncryptedData),
+        exportedKeyString: OLD_SAMPLE_EXPORTED_KEY,
+      };
+      const updatedVault = await page.evaluate(
+        async (args) =>
+          window.encryptor.updateVaultWithDetail(
+            args.detailedVault,
+            args.password,
+          ),
+        {
+          detailedVault,
+          password,
+        },
+      );
+
+      const decryptedObj = await page.evaluate(
+        async (args) =>
+          await window.encryptor.decrypt(args.password, args.encryptedString),
+        {
+          encryptedString: updatedVault.vault,
+          password,
+        },
+      );
+
+      expect(decryptedObj).toStrictEqual({ foo: 'data to encrypt' });
+    });
+  });
+
+  test.describe('with new vault format', async () => {
+    test('should return the same vault', async ({ page }) => {
+      const detailedVault: Encryptor.DetailedEncryptionResult = {
+        vault: JSON.stringify(sampleEncryptedData),
+        exportedKeyString: SAMPLE_EXPORTED_KEY,
+      };
+
+      const updatedVault = await page.evaluate(
+        async (args) =>
+          window.encryptor.updateVaultWithDetail(
+            args.detailedVault,
+            args.password,
+          ),
+        {
+          detailedVault,
+          password: 'a sample passw0rd',
+        },
+      );
+
+      expect(JSON.parse(updatedVault.vault)).toStrictEqual(sampleEncryptedData);
+    });
+  });
+});