fix(auth_service): legacy wallet bip39 validation

packages/komodo_defi_framework/app_build/build_config.json

@@ -28,7 +28,7 @@
     "coins": {
         "fetch_at_build_enabled": true,
         "update_commit_on_build": true,
-        "bundled_coins_repo_commit": "d7906da4ab0283ea7dcd22d8b5157a8a46eac0f2",
+        "bundled_coins_repo_commit": "642abea7172b81db24b16bffc13783b9a0e400f5",
         "coins_repo_api_url": "https://api.github.com/repos/KomodoPlatform/coins",
         "coins_repo_content_url": "https://komodoplatform.github.io/coins",
         "coins_repo_branch": "master",

packages/komodo_defi_local_auth/lib/src/auth/auth_service.dart

@@ -111,9 +111,12 @@ class KdfAuthService implements IAuthService {
       }
 
       final storedUser = await _secureStorage.getUser(walletName);
+      if (storedUser == null) {
+        throw AuthException.notFound();
+      }
 
       // If we know this is not a BIP39 seed, don't allow HD mode
-      if (storedUser?.isBip39Seed == false &&
+      if (!storedUser.isBip39Seed &&
           options.derivationMethod == DerivationMethod.hdWallet) {
         throw AuthException(
           'Cannot use HD mode with non-BIP39 seed',

packages/komodo_defi_local_auth/lib/src/auth/auth_service_auth_extension.dart

@@ -23,7 +23,10 @@ extension KdfAuthServiceAuthExtension on KdfAuthService {
 
     // For HD wallets, verify BIP39 compatibility if not already verified
     if (currentUser.isHd && !currentUser.isBip39Seed) {
-      currentUser = await _verifyBip39Compatibility(config, currentUser);
+      currentUser = await _verifyBip39Compatibility(
+        walletPassword: config.walletPassword,
+        currentUser,
+      );
     }
 
     return currentUser;
@@ -60,11 +63,18 @@ extension KdfAuthServiceAuthExtension on KdfAuthService {
     );
     await _secureStorage.saveUser(currentUser);
 
-    if (currentUser.isHd && !currentUser.isBip39Seed) {
-      // Verify BIP39 compatibility for HD wallets after registration
-      // if verification fails, the user can still log into the wallet in legacy
-      // mode.
-      currentUser = await _verifyBip39Compatibility(config, currentUser);
+    try {
+      currentUser = await _verifyBip39Compatibility(
+        walletPassword: config.walletPassword,
+        currentUser,
+      );
+    } on AuthException {
+      if (currentUser.isHd && !currentUser.isBip39Seed) {
+        // Verify BIP39 compatibility for HD wallets after registration
+        // if verification fails, the user can still log into the wallet in legacy
+        // mode.
+        rethrow;
+      }
     }
 
     return currentUser;
@@ -78,9 +88,9 @@ extension KdfAuthServiceAuthExtension on KdfAuthService {
   /// so any atomic requirements need to be handled by the calling function.
   /// Throws [AuthException] if the seed is not a valid BIP39 seed phrase.
   Future<KdfUser> _verifyBip39Compatibility(
-    KdfStartupConfig config,
-    KdfUser currentUser,
-  ) async {
+    KdfUser currentUser, {
+    required String? walletPassword,
+  }) async {
     var updatedUser = currentUser.copyWith();
     bool isBip39;
 
@@ -90,7 +100,7 @@ extension KdfAuthServiceAuthExtension on KdfAuthService {
       // [getActiveUser] function (or any others). It simply
       final plaintext = await _getMnemonic(
         encrypted: false,
-        walletPassword: config.walletPassword,
+        walletPassword: walletPassword,
       );
 
       if (plaintext.plaintextMnemonic == null) {

packages/komodo_defi_sdk/example/lib/main.dart

@@ -738,10 +738,6 @@ class _KomodoAppState extends State<KomodoApp> {
       return 'Please enter a ${fieldName ?? 'value'}.';
     }
 
-    if (input.contains(RegExp('[<>&]'))) {
-      return "Invalid password: contains '<', '>', or '&'";
-    }
-
     return null;
   }