Added remove keysStore secret into emailVault controller

[stojnovsky]

resolves: https://github.com/AmbireTech/ambire-app/issues/6997

[JIOjosBG]

/security-review

[JIOjosBG]

/review

[github-actions]

Preparing review...

[JIOjosBG]

/review

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

📝 TODO sections src/controllers/emailVault/emailVault.ts [631]: add password

⚡ Recommended focus areas for review State Leak If an exception is thrown during #removeKeyStoreSecret (for example, the relayer call rejects or the keystore throws), #isRemovingSecret is never reset to false because the method lacks a try/finally block. This permanently leaves the controller stuck in the RemovingSecret state until the extension is restarted. this.#isRemovingSecret = true const keyStoreUid = await this.#keyStore.getKeyStoreUid() result = await this.#emailVault.removeKeyStoreSecretFromRelayer( email, magicKey.key, keyStoreUid ) await this.#keyStore.removeSecret(RECOVERY_SECRET_ID) } else this.emitError({ message: 'Email key not confirmed', level: 'minor', sendCrashReport: false, error: new Error('removeKeyStoreSecret: not confirmed magic link key') }) if (result) { await this.#getEmailVaultInfo(email, 'setup') } else { this.emitError({ level: 'minor', message: 'Error upload keyStore to email vault', error: new Error('error removing keyStore secret from email vault') }) } this.#isRemovingSecret = false this.emitUpdate() Inconsistent Local Deletion this.#keyStore.removeSecret(RECOVERY_SECRET_ID) is executed unconditionally immediately after the relayer call, even when removeKeyStoreSecretFromRelayer returns false. If cloud removal fails, the local recovery secret is still deleted, leaving the user's local state inconsistent and potentially preventing recovery. if (magicKey?.key) { this.#isRemovingSecret = true const keyStoreUid = await this.#keyStore.getKeyStoreUid() result = await this.#emailVault.removeKeyStoreSecretFromRelayer( email, magicKey.key, keyStoreUid ) await this.#keyStore.removeSecret(RECOVERY_SECRET_ID) } else this.emitError({ message: 'Email key not confirmed', level: 'minor', sendCrashReport: false, error: new Error('removeKeyStoreSecret: not confirmed magic link key') }) Wrong Error Message The failure branch in #removeKeyStoreSecret emits the error message "Error upload keyStore to email vault", which is copy-pasted from the upload flow. This misleading message makes debugging removal failures harder. this.emitError({ level: 'minor', message: 'Error upload keyStore to email vault', error: new Error('error removing keyStore secret from email vault') })