Skip to content

Recovery phrase unverified status based on last_authentication. #3519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Nov 28, 2025
Merged

Recovery phrase unverified status based on last_authentication. #3519

merged 19 commits into from
Nov 28, 2025

Conversation

@sea-snake
Copy link
Contributor

@sea-snake sea-snake commented Nov 27, 2025
edited by github-actions bot
Loading

Recovery phrase unverified status based on last_authentication.

Changes

  • Renamed Verify component to VerifySelecting.
  • Implemented RecoveryPhraseInput component.
  • Use above component to implement VerifyTyping.
  • Update RecoveryPhraseWizard to use either VerifySelecting or VerifyTyping depending on the availability of the valid recovery phrase in memory (e.g. user signed out and in -> not available).
  • Update /manage/recovery page to use last_authentication to decide if a recovery phrase is unverified (null = not used yet).

Tests

No tests have been updated in this PR, existing e2e tests should pass in the CI/CD pipeline.

Notes

  • The RecoveryPhraseInput component will be used on the use recovery phrase screen in a later PR.
  • Additional e2e tests that cover VerifyTyping will be added in a later PR.

@sea-snake sea-snake requested a review from aterga November 27, 2025 10:50
@aterga aterga requested a review from Copilot November 28, 2025 10:56
Copilot finished reviewing on behalf of aterga November 28, 2025 11:00
Copilot AI reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the recovery phrase verification system to support two verification methods: selecting words from a shuffled list (when the phrase is in memory) and typing the entire phrase (when signing in again after sign-out). The key change is using last_authentication field to determine if a recovery phrase has been verified (null = unverified).

  • Renamed Verify component to VerifySelecting and created new VerifyTyping component for manual phrase entry
  • Implemented reusable RecoveryPhraseInput component with accessibility features and validation
  • Updated verification logic to call the canister with the recovery phrase identity to mark it as used

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
src/frontend/src/routes/(new-styling)/manage/(authenticated)/(access-and-recovery)/recovery/+page.svelte Updates unverified status detection to use last_authentication field; implements handleVerify to authenticate with recovery phrase and mark as used
src/frontend/src/lib/components/wizards/createRecoveryPhrase/views/VerifyTyping.svelte New component for manual recovery phrase entry with auto-submit and validation
src/frontend/src/lib/components/wizards/createRecoveryPhrase/views/VerifySelecting.svelte Minor text formatting change adding colon to instruction
src/frontend/src/lib/components/wizards/createRecoveryPhrase/views/Retry.svelte Adds verification method prop to show different error messages for selecting vs typing
src/frontend/src/lib/components/wizards/createRecoveryPhrase/CreateRecoveryPhraseWizard.svelte Adds action prop and error handling; routes between VerifySelecting and VerifyTyping based on phrase availability
src/frontend/src/lib/components/views/RecoveryPhraseInput.svelte New reusable component for entering 24-word recovery phrase with paste support, keyboard navigation, and validation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

aterga
aterga reviewed Nov 28, 2025
View reviewed changes
aterga
aterga reviewed Nov 28, 2025
View reviewed changes
aterga
aterga approved these changes Nov 28, 2025
View reviewed changes
Copy link
Contributor

@aterga aterga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving modulo tests (feel free to add them in a follow up PR, since this feature is disabled)

@sea-snake sea-snake enabled auto-merge November 28, 2025 16:06
@sea-snake sea-snake added this pull request to the merge queue Nov 28, 2025
Merged via the queue into main with commit 3971ab8 Nov 28, 2025
75 checks passed
@sea-snake sea-snake deleted the sea-snake/persistent-unverified-recovery-phrase branch November 28, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aterga aterga aterga approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sea-snake @aterga