fix: pw protect seed during backup after on-board

[josheleonard]

Resolves brave/brave-browser#24534

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Screen.Recording.2022-08-09.at.11.08.10.AM.mov

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[Douglashdaniel]

LGTM!

[onyb]

@josheleonard Can you please upload a screen recording?

[kdenhartog]

Just did a quick static analysis and it looks good. I'll grab the build from CI and make sure it's working as expected and can give a recording for @onyb as well while I'm at it

[kdenhartog]

Hmm not sure if this is doing something odd with this specifically, but I just encountered a delay in opening the wallet panel button now and then after testing once, resetting wallet and trying again while recording I got a crash. Would this be specific to something we're introducing here by chance?

[kdenhartog]

@onyb this is a recording of how it should be working, but I seem to get quite a bit of crashing on this build now. Can anyone else reproduce these crashes?

[kdenhartog]

From a security perspective, could be good to refactor that maxAttempts number to be set once by the function rather than by the caller, but that's non blocking and this looks good to me.

Let's double check that the crashing isn't related to this change and then I think it's good to go

[josheleonard]

Taking a look at the crashing issue now.

[josheleonard]

I tried recreating this by resetting the wallet and onboarding a second time while recording. No crash here on M1 mac.

Screen.Recording.2022-08-09.at.11.04.03.AM.mov

[josheleonard]

From a security perspective, could be good to refactor that maxAttempts number to be set once by the function rather than by the caller, but that's non blocking and this looks good to me.

Let's double check that the crashing isn't related to this change and then I think it's good to go

Refactored here: 68792720acfaf1091b23a0687b4afc5095e18ce7

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[kdenhartog]

I tried recreating this by resetting the wallet and onboarding a second time while recording. No crash here on M1 mac.

Screen.Recording.2022-08-09.at.11.04.03.AM.mov

👍🏻 I'll double check this either this afternoon or tomorrow to try and build locally to see if it was just a problem with how I was using it.

After doublechecking this it seems like it's still failing for me even with a fresh install.

From a security perspective, could be good to refactor that maxAttempts number to be set once by the function rather than by the caller, but that's non blocking and this looks good to me.
Let's double check that the crashing isn't related to this change and then I think it's good to go

Refactored here: 6879272

Sounds good thanks for updating that

[josheleonard]

I tried recreating this by resetting the wallet and onboarding a second time while recording. No crash here on M1 mac.
Screen.Recording.2022-08-09.at.11.04.03.AM.mov

👍🏻 I'll double check this either this afternoon or tomorrow to try and build locally to see if it was just a problem with how I was using it.

After doublechecking this it seems like it's still failing for me even with a fresh install.

From a security perspective, could be good to refactor that maxAttempts number to be set once by the function rather than by the caller, but that's non blocking and this looks good to me.
Let's double check that the crashing isn't related to this change and then I think it's good to go

Refactored here: 6879272

Sounds good thanks for updating that

I tried recreating this by resetting the wallet and onboarding a second time while recording. No crash here on M1 mac.
Screen.Recording.2022-08-09.at.11.04.03.AM.mov

👍🏻 I'll double check this either this afternoon or tomorrow to try and build locally to see if it was just a problem with how I was using it.

After doublechecking this it seems like it's still failing for me even with a fresh install.

From a security perspective, could be good to refactor that maxAttempts number to be set once by the function rather than by the caller, but that's non blocking and this looks good to me.
Let's double check that the crashing isn't related to this change and then I think it's good to go

Refactored here: 6879272

Sounds good thanks for updating that

@kdenhartog, were you able to confirm that this branch is causing crashes, or is it related to something on master?

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[muliswilliam]

Can you add useCallback?

[muliswilliam]

Minor change

[kdenhartog]

Hey it seems that we're going to move away from a UI based approach for this based on this discussion: https://bravesoftware.slack.com/archives/C023VS4HJ6Q/p1660751349341859

@yrliou are you the one who's going to help coordinate this?

[yrliou]

@kdenhartog I can help prepare a backend commit that makes GetMnemonicForDefaultKeyring API taking a password argument and validate it in the backend. @josheleonard and someone from the Android team would need to push the UI change to this PR.

[yrliou]

Created b2f2893 for backend API protection that's ready to be cherry-picked once this PR branch is rebased on master.

[yrliou]

@darkdh Please help review the backend commit at 5f53a5c, thanks.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[kdenhartog]

Nice to see it locks after 1 failed attempt here since that's simpler for state management at this layer.

[yrliou]

It's not because of 1 failed attempt, it's just still locked because this line try to unlock with wrong password.

[kdenhartog]

Reviewed the API layer changes made by @yrliou

Looks like we'd just need to do the refactor to use this and then this would be good to go

[kdenhartog]

looks good to me, thanks for the fix!

[darkdh]

backend++

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[muliswilliam]

LGTM

[SergeyZhukovsky]

@Pavneet-Sing would you mind to review Android fixes? I didn't post a video as we hide onboarding with password prompts for a sec reasons, but it does similar as desktop plus uses biometric if it's set.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[Pavneet-Sing]

LGTM

[SergeyZhukovsky]

++

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[yrliou]

[2022-08-24T13:41:12.432Z] FAIL components/test/brave_new_tab_ui/components/settings_test.tsx

[2022-08-24T13:41:12.432Z]   ● Test suite failed to run

[2022-08-24T13:41:12.432Z] 

[2022-08-24T13:41:12.432Z]     Cannot find module '$web-common/locale' from 'components/brave_new_tab_ui/components/default/searchPromotion/searchBox.tsx'

[2022-08-24T13:41:12.432Z] 

[2022-08-24T13:41:12.432Z]     Require stack:

[2022-08-24T13:41:12.432Z]       components/brave_new_tab_ui/components/default/searchPromotion/searchBox.tsx

[2022-08-24T13:41:12.432Z]       components/brave_new_tab_ui/components/default/searchPromotion/index.tsx

[2022-08-24T13:41:12.432Z]       components/brave_new_tab_ui/components/default/index.ts

[2022-08-24T13:41:12.432Z]       components/test/brave_new_tab_ui/components/settings_test.tsx

[2022-08-24T13:41:12.432Z] 

[2022-08-24T13:41:12.432Z]       1 | import * as React from 'react'

[2022-08-24T13:41:12.432Z]       2 | import styled from 'styled-components'

[2022-08-24T13:41:12.432Z]     > 3 | import { getLocale } from '$web-common/locale'

[2022-08-24T13:41:12.432Z]         | ^

[2022-08-24T13:41:12.432Z]       4 |

[2022-08-24T13:41:12.432Z]       5 | const Box = styled.div`

[2022-08-24T13:41:12.432Z]       6 |   display: flex;

[2022-08-24T13:41:12.432Z] 

[2022-08-24T13:41:12.432Z]       at Resolver.resolveModule (node_modules/jest-resolve/build/index.js:306:11)

[2022-08-24T13:41:12.432Z]       at Object.<anonymous> (components/brave_new_tab_ui/components/default/searchPromotion/searchBox.tsx:3:1)

test-javascript failure on linux, windows-x86, windows, it's known brave/brave-browser#24787 and irrelevant to this PR.

[yrliou]

For macOS https://ci.brave.com/job/pr-brave-browser-fix-pw-protect-seed-during-backup-macos/8/ was successful with only the same javascript test error above, after that it's only android changes due to review which won't affect macOS build at all.

[yrliou]

Merging, see above comments for CI notes.