fix(@desktop/keycard): `ExportPublic` instead of `Sign` flow should be used for user authentication

Fixes: #8176

src/app/modules/main/browser_section/provider/controller.nim

@@ -65,9 +65,7 @@ proc postMessage*(self: Controller, payloadMethod: string, requestType: string,
 proc ensResourceURL*(self: Controller, ens: string, url: string): (string, string, string, string, bool) =
   return self.providerService.ensResourceURL(ens, url)
 
-proc authenticateUser*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
+proc authenticateUser*(self: Controller, keyUid = "") =
   let data = SharedKeycarModuleAuthenticationArgs(uniqueIdentifier: UNIQUE_BROWSER_SECTION_TRANSACTION_MODULE_IDENTIFIER,
-    keyUid: keyUid,
+    keyUid: keyUid)
-    bip44Path: bip44Path,
-    txHash: txHash)
   self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER, data)

src/app/modules/main/controller.nim

@@ -261,16 +261,10 @@ proc init*(self: Controller) =
       self.authenticateUserFlowRequestedBy.len == 0:
         return
     self.delegate.onSharedKeycarModuleFlowTerminated(args.lastStepInTheCurrentFlow)
-    var password = args.password
-    if password.len == 0 and args.keyUid.len > 0:
-      password = args.keyUid
     let data = SharedKeycarModuleArgs(uniqueIdentifier: self.authenticateUserFlowRequestedBy,
-      password: password,
+      password: args.password,
       pin: args.pin,
-      keyUid: args.keyUid,
+      keyUid: args.keyUid)
-      txR: args.txR,
-      txS: args.txS,
-      txV: args.txV)
     self.authenticateUserFlowRequestedBy = ""
     self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_USER_AUTHENTICATED, data)
 
@@ -284,7 +278,7 @@ proc init*(self: Controller) =
   self.events.on(SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER) do(e: Args):
     let args = SharedKeycarModuleAuthenticationArgs(e)
     self.authenticateUserFlowRequestedBy = args.uniqueIdentifier
-    self.delegate.runAuthenticationPopup(args.keyUid, args.bip44Path, args.txHash)
+    self.delegate.runAuthenticationPopup(args.keyUid)
 
 proc isConnected*(self: Controller): bool =
   return self.nodeService.isConnected()

src/app/modules/main/io_interface.nim

@@ -220,7 +220,7 @@ method onDisplayKeycardSharedModuleFlow*(self: AccessInterface) {.base.} =
 method onSharedKeycarModuleFlowTerminated*(self: AccessInterface, lastStepInTheCurrentFlow: bool) {.base.} =
   raise newException(ValueError, "No implementation available")
 
-method runAuthenticationPopup*(self: AccessInterface, keyUid: string, bip44Path: string, txHash: string) {.base.} =
+method runAuthenticationPopup*(self: AccessInterface, keyUid: string) {.base.} =
   raise newException(ValueError, "No implementation available")
   
 method onMyRequestAdded*(self: AccessInterface) {.base.} =

src/app/modules/main/module.nim

@@ -968,11 +968,11 @@ method onSharedKeycarModuleFlowTerminated*[T](self: Module[T], lastStepInTheCurr
     self.keycardSharedModule.delete
     self.keycardSharedModule = nil
 
-method runAuthenticationPopup*[T](self: Module[T], keyUid: string, bip44Path: string, txHash: string) =
+method runAuthenticationPopup*[T](self: Module[T], keyUid: string) =
   self.createSharedKeycardModule()
   if self.keycardSharedModule.isNil:
     return
-  self.keycardSharedModule.runFlow(keycard_shared_module.FlowType.Authentication, keyUid, bip44Path, txHash)
+  self.keycardSharedModule.runFlow(keycard_shared_module.FlowType.Authentication, keyUid)
 
 method onDisplayKeycardSharedModuleFlow*[T](self: Module[T]) =
   self.view.emitDisplayKeycardSharedModuleFlow()

src/app/modules/main/profile_section/ens_usernames/controller.nim

@@ -140,9 +140,7 @@ proc getStatusToken*(self: Controller): string =
 proc getNetwork*(self: Controller): NetworkDto =
   return self.networkService.getNetworkForEns()
 
-proc authenticateUser*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
+proc authenticateUser*(self: Controller, keyUid = "") =
   let data = SharedKeycarModuleAuthenticationArgs(uniqueIdentifier: UNIQUE_ENS_SECTION_TRANSACTION_MODULE_IDENTIFIER,
-    keyUid: keyUid,
+    keyUid: keyUid)
-    bip44Path: bip44Path,
-    txHash: txHash)
   self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER, data)

src/app/modules/main/stickers/controller.nim

@@ -166,9 +166,7 @@ proc getStatusToken*(self: Controller): string =
   }
   return $jsonObj
 
-proc authenticateUser*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
+proc authenticateUser*(self: Controller, keyUid = "") =
   let data = SharedKeycarModuleAuthenticationArgs(uniqueIdentifier: UNIQUE_BUY_STICKER_TRANSACTION_MODULE_IDENTIFIER,
-    keyUid: keyUid,
+    keyUid: keyUid)
-    bip44Path: bip44Path,
-    txHash: txHash)
   self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER, data)

src/app/modules/main/wallet_section/accounts/controller.nim

@@ -76,8 +76,8 @@ proc deleteAccount*(self: Controller, address: string) =
 proc fetchDerivedAddressDetails*(self: Controller, address: string) =
   self.walletAccountService.fetchDerivedAddressDetails(address)
 
-method getDerivedAddressList*(self: Controller, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int)=
+method getDerivedAddressList*(self: Controller, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int, hashPassword: bool)=
-  self.walletAccountService.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber)
+  self.walletAccountService.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber, hashPassword)
 
 method getDerivedAddressListForMnemonic*(self: Controller, mnemonic: string, path: string, pageSize: int, pageNumber: int) =
   self.walletAccountService.getDerivedAddressListForMnemonic(mnemonic, path, pageSize, pageNumber)

src/app/modules/main/wallet_section/accounts/io_interface.nim

@@ -35,7 +35,7 @@ method deleteAccount*(self: AccessInterface, address: string) {.base.} =
 method refreshWalletAccounts*(self: AccessInterface) {.base.} =
   raise newException(ValueError, "No implementation available")
 
-method getDerivedAddressList*(self: AccessInterface, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int) {.base.} =
+method getDerivedAddressList*(self: AccessInterface, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int, hashPassword: bool) {.base.} =
   raise newException(ValueError, "No implementation available")
 
 method getDerivedAddressListForMnemonic*(self: AccessInterface, mnemonic: string, path: string, pageSize: int, pageNumber: int) {.base.} =

src/app/modules/main/wallet_section/accounts/module.nim

@@ -201,8 +201,8 @@ method addWatchOnlyAccount*(self: Module, address: string, accountName: string,
 method deleteAccount*(self: Module, address: string) =
   self.controller.deleteAccount(address)
 
-method getDerivedAddressList*(self: Module, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int) =
+method getDerivedAddressList*(self: Module, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int, hashPassword: bool) =
-  self.controller.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber)
+  self.controller.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber, hashPassword)
 
 method getDerivedAddressListForMnemonic*(self: Module, mnemonic: string, path: string, pageSize: int, pageNumber: int) =
   self.controller.getDerivedAddressListForMnemonic(mnemonic, path, pageSize, pageNumber)

src/app/modules/main/wallet_section/accounts/view.nim

@@ -246,10 +246,10 @@ QtObject:
     self.setDerivedAddressesLoading(false)
     self.derivedAddressesChanged()
 
-  proc getDerivedAddressList*(self: View, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int) {.slot.} =
+  proc getDerivedAddressList*(self: View, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int, hashPassword: bool) {.slot.} =
     self.setDerivedAddressesLoading(true)
     self.setDerivedAddressesError("")
-    self.delegate.getDerivedAddressList(password, derivedfrom, path, pageSize, pageNumber)
+    self.delegate.getDerivedAddressList(password, derivedfrom, path, pageSize, pageNumber, hashPassword)
 
   proc getDerivedAddressListForMnemonic*(self: View, mnemonic: string, path: string, pageSize: int, pageNumber: int) {.slot.} =
     self.setDerivedAddressesLoading(true)

src/app/modules/main/wallet_section/transactions/controller.nim

@@ -133,9 +133,7 @@ proc getLastTxBlockNumber*(self: Controller): string =
   return self.transactionService.getLastTxBlockNumber(self.networkService.getNetworkForBrowser().chainId)
 
 
-proc authenticateUser*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
+proc authenticateUser*(self: Controller, keyUid = "") =
   let data = SharedKeycarModuleAuthenticationArgs(uniqueIdentifier: UNIQUE_WALLET_SECTION_TRANSACTION_MODULE_IDENTIFIER,
-    keyUid: keyUid,
+    keyUid: keyUid)
-    bip44Path: bip44Path,
-    txHash: txHash)
   self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER, data)

src/app/modules/shared_modules/keycard_popup/controller.nim

@@ -5,6 +5,7 @@ import io_interface
 import ../../../global/global_singleton
 import ../../../core/signals/types
 import ../../../core/eventemitter
+import ../../../../app_service/common/account_constants
 import ../../../../app_service/service/keycard/service as keycard_service
 import ../../../../app_service/service/settings/service as settings_service
 import ../../../../app_service/service/privacy/service as privacy_service
@@ -385,13 +386,7 @@ proc runDeriveAccountFlow*(self: Controller, bip44Path = "", pin = "") =
   self.cancelCurrentFlow()
   self.keycardService.startExportPublicFlow(bip44Path, exportMasterAddr=true, exportPrivateAddr=false, pin)
 
-proc runLoadAccountFlow*(self: Controller, seedPhraseLength = 0, seedPhrase = "", puk = "", factoryReset = false) =
+proc runAuthenticationFlow*(self: Controller, keyUid = "") =
-  if not serviceApplicable(self.keycardService):
-    return
-  self.cancelCurrentFlow()
-  self.keycardService.startLoadAccountFlow(seedPhraseLength, seedPhrase, puk, factoryReset)
-
-proc runSignFlow*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
   ## For signing a transaction  we need to provide a key uid of a keypair that an account we want to sign a transaction 
   ## for belongs to. If we're just doing an authentication for a logged in user, then default key uid is always the key 
   ## uid of the logged in user.
@@ -401,7 +396,24 @@ proc runSignFlow*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
   if self.tmpKeyUidWhichIsBeingAuthenticating.len == 0:
     self.tmpKeyUidWhichIsBeingAuthenticating = singletonInstance.userProfile.getKeyUid()
   self.cancelCurrentFlow()
-  self.keycardService.startSignFlow(bip44Path, txHash)
+  self.keycardService.startExportPublicFlow(path = account_constants.PATH_ENCRYPTION)
+
+proc runLoadAccountFlow*(self: Controller, seedPhraseLength = 0, seedPhrase = "", puk = "", factoryReset = false) =
+  if not serviceApplicable(self.keycardService):
+    return
+  self.cancelCurrentFlow()
+  self.keycardService.startLoadAccountFlow(seedPhraseLength, seedPhrase, puk, factoryReset)
+
+# This flow is not in use any more for authentication purpose, will be use later for signing a transaction, but
+# we still do not support that. Going to keep this code, but as a comment.
+#
+# For running sign flow we need to be sure is a keycard we're signing with contains a keyuid for a keypair we're sending a transaction for.
+#
+# proc runSignFlow*(self: Controller, keyUid = "", bip44Path = "", txHash = "") =
+#   if not serviceApplicable(self.keycardService):
+#     return
+#   self.cancelCurrentFlow()
+#   self.keycardService.startSignFlow(bip44Path, txHash)
 
 proc resumeCurrentFlowLater*(self: Controller) =
   if not serviceApplicable(self.keycardService):
@@ -417,13 +429,11 @@ proc terminateCurrentFlow*(self: Controller, lastStepInTheCurrentFlow: bool) =
   let (_, flowEvent) = self.getLastReceivedKeycardData()
   var data = SharedKeycarModuleFlowTerminatedArgs(uniqueIdentifier: self.uniqueIdentifier,
     lastStepInTheCurrentFlow: lastStepInTheCurrentFlow)
+  let exportedEncryptionPubKey = flowEvent.generatedWalletAccount.publicKey
   if lastStepInTheCurrentFlow:
-    data.password = self.getPassword()
+    data.password = if exportedEncryptionPubKey.len > 0: exportedEncryptionPubKey else: self.getPassword()
     data.pin = self.getPin()
     data.keyUid = flowEvent.keyUid
-    data.txR = flowEvent.txSignature.r
-    data.txS = flowEvent.txSignature.s
-    data.txV = flowEvent.txSignature.v
   self.events.emit(SIGNAL_SHARED_KEYCARD_MODULE_FLOW_TERMINATED, data)
 
 proc authenticateUser*(self: Controller, keyUid = "") =

src/app/modules/shared_modules/keycard_popup/io_interface.nim

@@ -16,16 +16,13 @@ const SIGNAL_SHARED_KEYCARD_MODULE_USER_AUTHENTICATED* = "sharedKeycarModuleUser
 ## -- in case of non keycard user (regular) user that's enough, 
 ## -- in case of keycard user we want to authenticate it with a card that his profile is migrated to, that means apart of `uniqueIdentifier` 
 ## we need to set `keyUid` as well, 
-## -- in case we want to sign a transaction for a certain wallet's account, then apart of `uniqueIdentifier` and `keyUid`of a key pair that 
-## account belongs to, we need to set and `bip44Path` and `txHash`
 ## 
 ## `SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER` will be handled in the `mainModule` (shared keycard popup module will be run) and as a 
 ## result, when authentication gets done `SIGNAL_SHARED_KEYCARD_MODULE_USER_AUTHENTICATED` signal with properly set `SharedKeycarModuleArgs` 
 ## and props there will be emitted:
 ## -- `uniqueIdentifier` - will be the same as one used for running authentication process
 ## -- in case of success of a regular user authentication `password` will be sent, otherwise it will be empty
-## -- in case of success of a keycard user authentication `keyUid` will be sent, otherwise it will be empty
+## -- in case of success of a keycard user authentication `keyUid`, `pin` and `password` will be sent, otherwise they will be empty
-## -- in case of success of a signing a transaction `keyUid`, `txR` and `txS` will be sent, otherwise it will be empty
 ##
 ## TLDR: when you need to authenticate user, from the module where it's needed you have to send `SIGNAL_SHARED_KEYCARD_MODULE_AUTHENTICATE_USER`
 ## signal to run authentication process and connect to `SIGNAL_SHARED_KEYCARD_MODULE_USER_AUTHENTICATED` signal to get the results of it.
@@ -39,9 +36,6 @@ type
     password*: string
     pin*: string # this is used in case we need to run another keycard flow which requires pin, after we successfully authenticated logged in user
     keyUid*: string
-    txR*: string
-    txS*: string
-    txV*: string
 
 type
   SharedKeycarModuleFlowTerminatedArgs* = ref object of SharedKeycarModuleArgs
@@ -50,8 +44,6 @@ type
 type
   SharedKeycarModuleAuthenticationArgs* = ref object of SharedKeycarModuleBaseArgs
     keyUid*: string
-    bip44Path*: string
-    txHash*: string
 
 type FlowType* {.pure.} = enum
   General = "General"

src/app/modules/shared_modules/keycard_popup/module.nim

@@ -380,7 +380,7 @@ method runFlow*[T](self: Module[T], flowToRun: FlowType, keyUid = "", bip44Path
     if keyUid.len > 0:
       self.prepareKeyPairItemForAuthentication(keyUid)
       self.tmpLocalState = newReadingKeycardState(flowToRun, nil)
-      self.controller.runSignFlow(keyUid, bip44Path, txHash)
+      self.controller.runAuthenticationFlow(keyUid)
       return
     if singletonInstance.userProfile.getUsingBiometricLogin():
       self.controller.tryToObtainDataFromKeychain()

src/app_service/service/wallet_account/service.nim

@@ -238,7 +238,7 @@ QtObject:
     try:
       if skipPasswordVerification:
         discard backend.generateAccountWithDerivedPathPasswordVerified(
-          hashPassword(password),
+          password,
           accountName,
           color,
           emoji,
@@ -263,7 +263,7 @@ QtObject:
       if skipPasswordVerification:
         discard backend.addAccountWithPrivateKeyPasswordVerified(
           privateKey,
-          hashPassword(password),
+          password,
           accountName,
           color,
           emoji)
@@ -285,7 +285,7 @@ QtObject:
       if skipPasswordVerification:
         discard backend.addAccountWithMnemonicAndPathPasswordVerified(
           mnemonic,
-          hashPassword(password),
+          password,
           accountName,
           color,
           emoji,
@@ -364,9 +364,9 @@ QtObject:
 
     self.events.emit(SIGNAL_WALLET_ACCOUNT_UPDATED, WalletAccountUpdated(account: account))
 
-  proc getDerivedAddressList*(self: Service, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int)=
+  proc getDerivedAddressList*(self: Service, password: string, derivedFrom: string, path: string, pageSize: int, pageNumber: int, hashPassword: bool)=
     let arg = GetDerivedAddressesTaskArg(
-      password: hashPassword(password),
+      password: if hashPassword: hashPassword(password) else: password,
       derivedFrom: derivedFrom,
       path: path,
       pageSize: pageSize,

ui/app/AppLayouts/Wallet/popups/AddAccountModal.qml

@@ -99,7 +99,8 @@ StatusModal {
             } else if(!!d.selectedPath && !!d.selectedAccountDerivedFromAddress
                       && (d.password.length > 0)) {
                 RootStore.getDerivedAddressList(d.password, d.selectedAccountDerivedFromAddress,
-                                                d.selectedPath, numOfItems, pageNumber)
+                                                d.selectedPath, numOfItems, pageNumber,
+                                                !(d.selectedKeyUidMigratedToKeycard || userProfile.isKeycardUser))
             }
         }
 

ui/app/AppLayouts/Wallet/stores/RootStore.qml

@@ -195,8 +195,8 @@ QtObject {
         globalUtils.copyToClipboard(text)
     }
 
-    function getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber) {
+    function getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber, hashPassword) {
-        walletSectionAccounts.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber)
+        walletSectionAccounts.getDerivedAddressList(password, derivedFrom, path, pageSize, pageNumber, hashPassword)
     }
 
     function getDerivedAddressData(index) {