chore: Replace userEntryAuth and appTriggeredAuth with unlockWallet on Login screen

[Cal-L]

Description

This change refactors the Login screen to replace both userEntryAuth and appTriggeredAuth with the consolidated method, unlockWallet. unlockWallet provides us with benefits, which includes automatically handling manual/biometrics password, outdated seedless password check, and intelligently navigates to onboarding or login based on the existence of a user. In follow up PRs, we will continue to surgically use unlockWallet to further consolidate logic associated with unlocking the wallet. There were also a couple of UI bug fixes related to the Login page. These issues included, persisting biometrics icon on password submission and preventing input and biometrics button interaction while loading. Lastly, we removed a redundant biometrics prompt when FIRST enabling biometrics toggle upon logging in. It is not needed since the password is already provided.

Previous PR that created the unlockWallet method - #23958

Changelog

CHANGELOG entry:

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/MCWP-240

Manual testing steps

Using biometrics

• Create a new wallet with SRP
• Toggle on biometrics while choosing a password
• Update auto lock to immediate
• Background the app and foreground
• Biometrics should prompt automatically
• Deny biometrics
• Should see an error message stating user canceled biometrics
• Tap on biometrics button again to prompt biometrics
• Upon success, app navigates to wallet view

Using manual password entry

• Continuing with the flow above
• Disable biometrics in settings
• Background the app and foreground
• App should show the Login screen and require manual password entry
• Attempt an incorrect password
• Should see an error message stating incorrect password
• Enter correct password and submit
• Upon success, app navigates to wallet view

Screenshots/Recordings

Before

After

Authenticating using manual password entry and biometrics
https://github.com/user-attachments/assets/b5a71cea-e386-4af2-8e15-f3c5c1c3096f

Navigates to opt in metrics screen when needed
https://github.com/user-attachments/assets/9269b1f1-d10b-435f-a267-d5eb328d9ace

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Refactor: Centralize authentication via unlockWallet

• Replace userEntryAuth/appTriggeredAuth with unlockWallet in Login, using new useAuthentication hook (getAuthType, componentAuthenticationType)
• Move post-login navigation (home vs OPTIN_METRICS) and error handling into Authentication.unlockWallet; add lock-on-error behavior
• Update error matching to use containsErrorMessage and normalize constants (remove Error: prefixes)
• Improve Login UX: disable input/biometry while loading, clear/blur input on submit, handle biometric/passcode states, show alerts for passcode unset, route to REHYDRATE for outdated seedless passwords
• Simplify SecureKeychain: remove storage side-effects and iOS immediate prompt logic; storage flag updates handled in Authentication.updateAuthPreference
• Minor UI API: BiometryButton now extends TouchableOpacityProps and spreads props
• Add route ONBOARDING.REHYDRATE; remove unused storage keys
• Extensive test updates/additions for new flows and edge cases (vault corruption, biometrics, metrics routing)

^{Written by Cursor Bugbot for commit 8789032. This will update automatically on new commits. Configure here.}

[NicolasMassart]

Nice progress. Before merge, please make unlock error path deterministic, keep opt-in nav aligned with seedless flow guard, fix the test isolation leak, and replace deprecated MetaMetrics usage (see Sonar issues).

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[NicolasMassart]

Looks good to me.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[ieow]

would it be better if we check for the Authentication.checkIsSeedlessPasswordOutdated
before the unlockWallet?
We could prompt user that global password changed and navigate user to rehydration screen if checkIsSeedlessPasswordOutdated is TRUE
In this case, handleLoginError do not need to handle any SeedlessOnboardingError

[Cal-L]

We discussed this topic a week or two ago and landed on designing it this way, which provided a few benefits:

• Allows us to abstract seedless onboarding checks only when needed, cleaning up component life cycles that check for seedless onboarding outdated check
• Assuming a user enters the correct global password, it doesn't look like they would need to be routed to the rehydration screen since the sync happens automatically in the background?
• The seedless check needs to happen in a few places and the areas are identified as the same places where unlock happens, so it made sense to abstract it there

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmationsRedesigned, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeTrade, SmokeWalletPlatform, SmokeCard, SmokeRamps, SmokePerps, SmokePredictions, FlaskBuildTests
• Risk Level: high
• AI Confidence: 85%

click to see 🤖 AI reasoning details

This PR makes significant changes to the core Authentication service and Login flow, which are critical components used by virtually all E2E tests:

1. Authentication.ts changes:

   • Modified navigation logic after successful unlock (now checks metrics opt-in status)
   • Changed error handling to throw errors directly instead of using handlePasswordSubmissionError
   • Moved biometry/passcode storage flag management from SecureKeychain to Authentication service
   • These changes affect how the app transitions after login

2. SecureKeychain.ts changes:

   • Removed all storage flag management for biometry/passcode choices
   • Simplified setGenericPassword by removing iOS biometric permission prompt handling
   • This is a core security component for password encryption/decryption

3. Login/index.tsx changes:

   • Refactored to use new useAuthentication hook
   • Changed login methods (handleLogin → unlockWithPassword, tryBiometric → unlockWithBiometrics)
   • Modified error handling to use containsErrorMessage instead of toLowerCaseEquals
   • Added seedless onboarding error handling with navigation to Rehydrate screen
   • BiometryButton now accepts disabled prop

4. Constants changes:

   • Removed BIOMETRY_CHOICE and PASSCODE_CHOICE from storage constants
   • Updated error message constants (removed "Error: " prefix)

5. Routes changes:

   • Added REHYDRATE route to onboarding routes

The loginToApp helper function in e2e/viewHelper.ts is used by almost all E2E tests to authenticate users. Any regression in the Login flow would cause widespread test failures. The changes to authentication type storage flags and error handling could affect biometric login, password login, and remember-me functionality.

Given the critical nature of these changes affecting the authentication flow that gates access to all wallet functionality, running all test tags is the safest approach to ensure no regressions are introduced.

View GitHub Actions results

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[sonarqubecloud]

Quality Gate passed

Issues
20 New issues
0 Accepted issues

Measures
6 Security Hotspots
90.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud