chore: Improve unlockWallet password check

[Cal-L]

Description

This PR is a small change that improves the password triaging condition in unlockWallet method in the Authentication service. The condition is to check for a non undefined password and if detected, will skip deriving password from generic password (aka biometrics).

PR that introduced unlockWallet - #23958

Changelog

CHANGELOG entry:

Related issues

Fixes: 2nd iteration of https://consensyssoftware.atlassian.net/browse/MCWP-238

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Authentication.unlockWallet logic

• Treats any provided password (including empty string) as explicit input; derives from SecureKeychain.getGenericPassword only when password is undefined.

Tests

• Adds unit tests ensuring keychain lookup is skipped when password is provided (empty or non-empty) and executed when omitted.

Impact

• Small behavioral tweak that avoids unintended biometric lookup when an empty password is passed.

^{Written by Cursor Bugbot for commit 21f5d99. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeWalletPlatform
• Risk Level: medium
• AI Confidence: 75%

click to see 🤖 AI reasoning details

The change is a one-line bug fix in the core Authentication service (app/core/Authentication/Authentication.ts), changing if (password) to if (password !== undefined). This allows empty string passwords to be explicitly used instead of falling back to keychain derivation.

Impact Analysis:

• The unlockWallet method is fundamental to wallet authentication
• It's used by Login screen, store sagas, Card authentication, OAuth rehydration, and security settings
• The change is in a critical path (app/core/) but is a targeted, well-tested fix

Why these tags:

1. SmokeAccounts: Tests account security and management which relies on authentication. Includes password-related flows like reveal SRP, wallet details, and account management.
2. SmokeWalletPlatform: Tests core wallet features including multi-SRP architecture and wallet lifecycle which depend on authentication.

Why not more tags:

• The change is a bug fix that makes behavior more correct (handling empty string passwords explicitly)
• Unit tests have been added covering the specific behavior change
• Most E2E tests use non-empty passwords, so the edge case being fixed is unlikely to affect them
• The change doesn't alter the fundamental authentication flow, just how empty passwords are handled

Why not SmokeCard:

• While Card components import Authentication, the Card tests focus on Card-specific UI flows rather than authentication edge cases

View GitHub Actions results

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[metamaskbot]

Missing release label release-7.64.0 on PR. Adding release label release-7.64.0 on PR and removing other release labels(release-7.65.0), as PR was added to branch 7.64.0 when release was cut.