Throw specific error when trying to sign with an expired session (#887)

* Throw when supported session signer is expired

* Fix tests

Author: ScreamingHawk

packages/wallet/core/src/signers/session-manager.ts

@@ -137,11 +137,9 @@ export class SessionManager implements SapientSigner {
     if (identitySigners.length === 0) {
       throw new Error('Identity signers not found')
     }
-    const validImplicitSigners = this._implicitSigners.filter((signer) => signer.isValid(topology, chainId).isValid)
-    const validExplicitSigners = this._explicitSigners.filter((signer) => signer.isValid(topology, chainId).isValid)
 
     // Prioritize implicit signers
-    const availableSigners = [...validImplicitSigners, ...validExplicitSigners]
+    const availableSigners = [...this._implicitSigners, ...this._explicitSigners]
     if (availableSigners.length === 0) {
       throw new Error('No signers match the topology')
     }
@@ -150,9 +148,18 @@ export class SessionManager implements SapientSigner {
     const signers: SessionSigner[] = []
     for (const call of calls) {
       let supported = false
+      let expiredSupportedSigner: SessionSigner | undefined
       for (const signer of availableSigners) {
         try {
           supported = await signer.supportedCall(wallet, chainId, call, this.address, this._provider)
+          if (supported) {
+            // Check signer validity
+            const signerValidity = await signer.isValid(topology, chainId)
+            if (signerValidity.invalidReason === 'Expired') {
+              expiredSupportedSigner = signer
+            }
+            supported = signerValidity.isValid
+          }
         } catch (error) {
           console.error('findSignersForCalls error', error)
           continue
@@ -163,6 +170,9 @@ export class SessionManager implements SapientSigner {
         }
       }
       if (!supported) {
+        if (expiredSupportedSigner) {
+          throw new Error(`Signer supporting call is expired: ${expiredSupportedSigner.address}`)
+        }
         throw new Error('No signer supported for call')
       }
     }
@@ -256,6 +266,7 @@ export class SessionManager implements SapientSigner {
 
     const signers = await this.findSignersForCalls(wallet, chainId, payload.calls)
     if (signers.length !== payload.calls.length) {
+      // Unreachable. Throw in findSignersForCalls
       throw new Error('No signer supported for call')
     }
     const signatures = await Promise.all(

packages/wallet/core/test/session-manager.test.ts

@@ -562,7 +562,7 @@ for (const extension of ALL_EXTENSIONS) {
 
         // Sign the transaction
         expect(sessionManager.signSapient(wallet.address, chainId, payload, imageHash)).rejects.toThrow(
-          'No signers match the topology',
+          `Signer supporting call is expired: ${explicitSigner.address}`,
         )
       },
       timeout,

packages/wallet/dapp-client/src/ChainSessionManager.ts

@@ -449,9 +449,9 @@ export class ChainSessionManager {
         throw new ModifyExplicitSessionError('Session address is required.')
       }
 
-      const existingExplicitSession: ExplicitSession = this.explicitSessions.find((s) =>
+      const existingExplicitSession = this.explicitSessions.find((s) =>
         Address.isEqual(s.sessionAddress!, modifiedExplicitSession.sessionAddress!),
-      ) as ExplicitSession
+      )
       if (!existingExplicitSession) {
         throw new ModifyExplicitSessionError('Session not found.')
       }
@@ -487,6 +487,8 @@ export class ChainSessionManager {
       }
 
       existingExplicitSession.permissions = modifiedExplicitSession.permissions
+      existingExplicitSession.deadline = modifiedExplicitSession.deadline
+      existingExplicitSession.valueLimit = modifiedExplicitSession.valueLimit
 
       if (this.transport?.mode === TransportMode.POPUP) {
         this.transport?.closeWallet()
@@ -721,6 +723,20 @@ export class ChainSessionManager {
       throw new InitializationError(`Explicit session init failed after ${maxRetries} attempts: ${lastError.message}`)
   }
 
+  private async _refreshExplicitSession(expiredSignerAddress: Address.Address): Promise<void> {
+    if (!this.wallet || !this.sessionManager || !this.provider || !this.isInitialized)
+      throw new InitializationError('Session is not initialized.')
+    // Find current explicit session
+    const explicitSigner = this.explicitSessions.find((s) => Address.isEqual(s.sessionAddress, expiredSignerAddress))
+    if (!explicitSigner) throw new ModifyExplicitSessionError('Explicit session not found.')
+    // Update the deadline
+    const newExplicitSession = {
+      ...explicitSigner,
+      deadline: BigInt(Math.floor(Date.now() / 1000)) + BigInt(24 * 60 * 60),
+    }
+    await this.modifyExplicitSession(newExplicitSession)
+  }
+
   /**
    * Checks if the current session has permission to execute a set of transactions.
    * @param transactions The transactions to check permissions for.
@@ -747,6 +763,19 @@ export class ChainSessionManager {
       await this.sessionManager.findSignersForCalls(this.wallet.address, this.chainId, calls)
       return true
     } catch (error) {
+      if (error instanceof Error && error.message.includes('Signer supporting call is expired')) {
+        // Extract the expired signer address from the message with address regex
+        const expiredSignerAddress = error.message.match(/(0x[0-9a-fA-F]{40})/)?.[1]
+        if (expiredSignerAddress) {
+          // Refresh the session
+          await this._refreshExplicitSession(Address.from(expiredSignerAddress))
+          // Retry the permission check
+          return this.hasPermission(transactions)
+        } else {
+          // Could not parse error message. Rethrow as this shouldn't happen.
+          throw error
+        }
+      }
       // An error from findSignersForCalls indicates a permission failure.
       console.warn(
         `Permission check failed for chain ${this.chainId}:`,