fix: seedless existing user e2e test

[grvgoel81]

Description

• PR stabilizes seedless existing-user E2E tests and aligns behavior with real TOPRF flows under mock OAuth

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: Seedless existing user E2E

  Scenario: Register then return as existing user after reset
    Given the iOS (or Android) E2E debug app is built with seedless onboarding and mock OAuth enabled
    And Metro is running with the E2E environment
    When the tester runs the Google existing-user seedless smoke test
    Then the flow completes new-user onboarding, locks and resets the wallet, and completes the second login as an existing user without hanging on modals
    When the tester runs the Apple existing-user seedless smoke test
    Then the same register-then-reset-then-login flow completes successfully

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes seedless OAuth onboarding behavior in E2E/perf paths (token exchange, seed phrase backup, config selection), which can affect authentication/onboarding flows if misconfigured, but is largely gated behind test/mocking flags and CI workflows.

Overview
Seedless E2E mock OAuth now exercises real onboarding paths. OAuthService no longer short-circuits seedless authentication under E2E_MOCK_OAUTH; the mock path now performs provider login() to capture an email, exchanges QA-mock tokens, calls seedless authenticate, and dispatches setSeedlessOnboarding.

OAuth build-type selection is refactored and made overridable. Build-type mapping is extracted into new oauthBuildType.ts with tests, BUILD_TYPE is exported, and CI/BrowserStack workflows set OAUTH_BUILD_TYPE=main_uat and enable E2E_MOCK_OAUTH for iOS/Android E2E builds.

E2E infra/test updates to reduce flakiness. QA mock token exchange generates unique emails (or uses launch arg/env override), shim/mock server bypass proxy for Web3Auth/Auth-service hosts and filters hop-by-hop headers, Metro mocking is narrowed to OAuth handlers only (removing seedless controller mocks), and seedless smoke/perf tests are adjusted to register-then-reset-then-login plus modal handling; also adds Android trust anchors for user certs in debug and accessibility labels for password fields to improve Android test selectors.

^{Reviewed by Cursor Bugbot for commit 6a43546. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 6a43546. Configure here.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 93.10345% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.20%. Comparing base (5ed240f) to head (7a6b194).
⚠️ Report is 443 commits behind head on main.

Files with missing lines	Patch %	Lines
app/core/OAuthService/QAMockOAuthService.ts	75.00%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #28855      +/-   ##
==========================================
+ Coverage   82.12%   82.20%   +0.08%     
==========================================
  Files        4911     5075     +164     
  Lines      129029   133758    +4729     
  Branches    28750    30000    +1250     
==========================================
+ Hits       105961   109962    +4001     
- Misses      15792    16325     +533     
- Partials     7276     7471     +195     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeSeedlessOnboarding
• Selected Performance tags: @PerformanceOnboarding
• Risk Level: high
• AI Confidence: 95%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR is entirely focused on the seedless onboarding / OAuth infrastructure. The changes are:

1. Core OAuth flow changes: Authentication.ts removes the isE2EMockOAuth() guard so OAuth logins always call createAndBackupSeedPhrase. OAuthService.ts removes the shortcut that bypassed real OAuth flow in E2E. These are fundamental changes to how seedless onboarding works in E2E tests.

2. Metro config: Removed the seedless-onboarding-controller Metro mock redirect - now only the OAuthLoginHandlers module is mocked. This means E2E tests now use the real SeedlessOnboardingController instead of a mock.

3. OAuth build type refactoring: New oauthBuildType.ts module with resolveOAuthConfigKey() supporting env override (OAUTH_BUILD_TYPE=main_uat). CI workflows now pass this env var.

4. E2E test infrastructure: shim.js adds proxy bypass for Web3Auth/auth-service URLs, OAuthMockttpService.ts removes TOPRF SSS node mocks (no longer needed since real controller is used), OAuthLoginHandlers/index.ts now uses real UAT client IDs and generates random emails.

5. Test changes: Existing user tests now do a full new user registration first (since there's no pre-seeded existing user), new google-login-change-password.spec.ts test added, performance tests updated.

6. CI workflows: E2E_MOCK_OAUTH: 'true' added to build workflows, OAUTH_BUILD_TYPE: main_uat added to BrowserStack uploads.

All changes are exclusively in the seedless onboarding / OAuth domain. The SmokeSeedlessOnboarding tag covers exactly these flows: new user wallet creation via Google/Apple OAuth, existing user detection, lock/unlock, wallet reset, and SRP import after seedless onboarding.

No other E2E test areas are affected - there are no changes to navigation, confirmations, accounts, networks, browser, snaps, swaps, or any other feature area. The shim.js and MockServerE2E.ts changes are additive (proxy bypass and header filtering) and don't break existing mock infrastructure for other tests.

Performance Test Selection:
The performance tests for seedless onboarding (seedless-apple-onboarding.spec.ts and seedless-google-onboarding.spec.ts) were directly modified in this PR - timer6 was removed from both tests. These tests run under the @PerformanceOnboarding tag. Since the performance test files themselves were changed (removing a timer measurement), the performance tests should run to validate the updated test logic works correctly with the new OAuth infrastructure (real SeedlessOnboardingController, UAT client IDs, random email generation).

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
96.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud