guard: allow using recovery code as 2FA token (#910)

patrislav · corbanbrook · web-flow · commit 9ecb03450856 · 2025-10-31T13:16:30.000-04:00
* guard: allow using recovery code as 2FA token

* Cleanup types of ResponseFn

---------

Co-authored-by: Corban Riley &lt;corbanbrook@gmail.com&gt;
diff --git a/packages/wallet/core/src/signers/guard.ts b/packages/wallet/core/src/signers/guard.ts
@@ -4,7 +4,7 @@ import * as GuardService from '@0xsequence/guard'
 import * as Envelope from '../envelope.js'
 
 type GuardToken = {
-  id: 'TOTP' | 'PIN'
+  id: 'TOTP' | 'PIN' | 'recovery'
   code: string
 }
 
diff --git a/packages/wallet/wdk/src/sequence/handlers/guard.ts b/packages/wallet/wdk/src/sequence/handlers/guard.ts
@@ -5,7 +5,7 @@ import { BaseSignatureRequest, SignerUnavailable, SignerReady, SignerActionable,
 import { Signatures } from '../signatures.js'
 import { Guards } from '../guards.js'
 
-type RespondFn = (code: string) => Promise<void>
+type RespondFn = (id: 'TOTP' | 'PIN' | 'recovery', code: string) => Promise<void>
 
 export type PromptCodeHandler = (
   request: BaseSignatureRequest,
@@ -94,9 +94,9 @@ export class GuardHandler implements Handler {
             resolve(true)
           } catch (e) {
             if (e instanceof Guard.AuthRequiredError) {
-              const respond: RespondFn = async (code: string) => {
+              const respond: RespondFn = async (id, code) => {
                 try {
-                  const signature = await guard.signEnvelope(request.envelope, { id: e.id, code })
+                  const signature = await guard.signEnvelope(request.envelope, { id, code })
                   await this.signatures.addSignature(request.id, signature)
                   resolve(true)
                 } catch (e) {
diff --git a/packages/wallet/wdk/src/sequence/handlers/mnemonic.ts b/packages/wallet/wdk/src/sequence/handlers/mnemonic.ts
@@ -95,7 +95,7 @@ export class MnemonicHandler implements Handler {
       message: 'enter-mnemonic',
       handle: () =>
         new Promise(async (resolve, reject) => {
-          const respond: RespondFn = async (mnemonic: string) => {
+          const respond: RespondFn = async (mnemonic) => {
             const signer = MnemonicHandler.toSigner(mnemonic)
             if (!signer) {
               return reject('invalid-mnemonic')
diff --git a/packages/wallet/wdk/src/sequence/handlers/otp.ts b/packages/wallet/wdk/src/sequence/handlers/otp.ts
@@ -99,7 +99,7 @@ export class OtpHandler extends IdentityHandler implements Handler {
       try {
         const { loginHint, challenge: codeChallenge } = await this.nitroCommitVerifier(challenge)
 
-        const respond: RespondFn = async (otp: string) => {
+        const respond: RespondFn = async (otp) => {
           try {
             const { signer, email: returnedEmail } = await this.nitroCompleteAuth(
               challenge.withAnswer(codeChallenge, otp),

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ import * as GuardService from '@0xsequence/guard'`
`4`	`4`	`import * as Envelope from '../envelope.js'`
`5`	`5`
`6`	`6`	`type GuardToken = {`
`7`		`- id: 'TOTP' \| 'PIN'`
	`7`	`+ id: 'TOTP' \| 'PIN' \| 'recovery'`
`8`	`8`	`code: string`
`9`	`9`	`}`
`10`	`10`