fix: checkIfFactorKeyValid, check in factorEncs

ieow · ieow · commit cc7acc4d86f2 · 2025-11-06T20:57:17.000+08:00
diff --git a/src/mpcCoreKit.ts b/src/mpcCoreKit.ts
@@ -1278,6 +1278,12 @@ export class Web3AuthMPCCoreKit implements ICoreKit {
 
   private async checkIfFactorKeyValid(factorKey: BN): Promise<boolean> {
     this.checkReady();
+    const factorKeyPrivate = factorKeyCurve.keyFromPrivate(factorKey.toBuffer());
+    const factorPubX = factorKeyPrivate.getPublic().getX().toString("hex").padStart(64, "0");
+    const existingFactorEnc = this.tkey.metadata.factorEncs[this.tkey.tssTag][factorPubX];
+    if (!existingFactorEnc) {
+      return false;
+    }
     const factorKeyMetadata = await this.tKey?.readMetadata<StringifiedType>(factorKey);
     if (!factorKeyMetadata || factorKeyMetadata.message === "KEY_NOT_FOUND" || factorKeyMetadata.message === "SHARE_DELETED") {
       return false;
diff --git a/tests/factors.spec.ts b/tests/factors.spec.ts
@@ -1,7 +1,7 @@
 import assert from "node:assert";
 import test from "node:test";
 
-import { EllipticPoint, KeyType, Point, secp256k1 } from "@tkey/common-types";
+import { EllipticPoint, getPubKeyPoint, KeyType, Point, secp256k1 } from "@tkey/common-types";
 import { factorKeyCurve } from "@tkey/tss";
 import { tssLib as tssLibDKLS } from "@toruslabs/tss-dkls-lib";
 import { tssLib as tssLibFROST } from "@toruslabs/tss-frost-lib";
@@ -158,7 +158,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
     });
 
     // enable mfa
-
+    let browserFactor: string;
     await t.test("enable MFA", async function () {
       const instance = await newInstance();
       assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN);
@@ -179,7 +179,7 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
       const instance2 = await newInstance();
       assert.strictEqual(instance2.status, COREKIT_STATUS.REQUIRED_SHARE);
 
-      const browserFactor = await instance2.getDeviceFactor();
+      browserFactor = await instance2.getDeviceFactor();
 
       const factorBN = new BN(recoverFactor, "hex")
 
@@ -210,9 +210,32 @@ export const FactorManipulationTest = async (testVariable: FactorTestVariable) =
       } else {
         await signSecp256k1Data({ coreKitInstance: instance3, msg: "hello world" });
       }
-
     });
 
+    // replace factor
+    await t.test("replace factor", async function () {
+      const instance = await newInstance();
+    
+      const deviceFactorKeyBN = new BN(browserFactor, "hex")
+      await instance.inputFactorKey(deviceFactorKeyBN); 
+      assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN);
+
+      const newFactorkey = await instance.createFactor({ shareType: TssShareType.DEVICE });
+      await instance.inputFactorKey(new BN(newFactorkey, "hex"));
+
+      assert.strictEqual(instance.status, COREKIT_STATUS.LOGGED_IN);
+
+
+      const deviceFactorPub = getPubKeyPoint(deviceFactorKeyBN);
+      await instance.deleteFactor(deviceFactorPub, browserFactor);
+
+      try {
+        await instance.inputFactorKey(deviceFactorKeyBN);
+        throw Error("should not be able to deleted input factor");
+      } catch (e) {
+        assert(e instanceof Error);
+      }
+    });
   });
 };
 
diff --git a/tests/gating.spec.ts b/tests/gating.spec.ts
@@ -23,7 +23,8 @@ const variable: TestVariable[] = [
     description: "should not be gated when on devnet",
     web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET,
     uxMode: "nodejs",
-    email: defaultTestEmail,
+    // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss
+    email: defaultTestEmail + '1',
     web3ClientID: "torus-key-test",
     expectedErrorThrown: false,
   },
diff --git a/tests/sessionTime.spec.ts b/tests/sessionTime.spec.ts
@@ -23,7 +23,14 @@ const defaultTestEmail = "testEmail1";
 const isBasePlan = (id: string) => id === "BCriFlI9ihm81N-bc7x6N-xbqwBLuxfRDMmSH87spKH27QTNOPj1W9s2K3-mp9NzXuaRiqxvAGHyuGlXG5wLD1g";
 // BasePlan up to 1 day only
 const variable: TestVariable[] = [
-  { web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET, uxMode: "nodejs", email: defaultTestEmail, web3ClientID: "torus-key-test", sessionTime: 3600 },
+  {
+    web3AuthNetwork: WEB3AUTH_NETWORK.DEVNET,
+    uxMode: "nodejs",
+    // tkey tests seems use this verifierid, metadata retrun only have tkey that do not support tss
+    email: defaultTestEmail + "1",
+    web3ClientID: "torus-key-test",
+    sessionTime: 3600
+  },
   {
     web3AuthNetwork: WEB3AUTH_NETWORK.MAINNET,
     uxMode: "nodejs",
