feat: implement secure storage unlock with password verification

packages/core-sdk/src/storage/__tests__/manager.test.ts

@@ -1,7 +1,7 @@
 import { webcrypto } from 'crypto';
 
 if (!globalThis.crypto) {
-  // @ts-ignore
+  // @ts-expect-error - Polyfill for Node.js environment
   globalThis.crypto = webcrypto;
 }
 if (!globalThis.btoa) {
@@ -48,7 +48,8 @@ describe('SecureStorageManager', () => {
   });
 
   it('should store encrypted payloads (no plaintext secrets)', async () => {
-    await manager.unlock(password);
+    const unlockResult = await manager.unlock(password);
+    expect(unlockResult).toBe(true);
     await manager.saveAccount(accountData);
 
     const storedData = await storage.get('account');
@@ -65,7 +66,8 @@ describe('SecureStorageManager', () => {
   });
 
   it('should restore original data after unlock -> save -> lock -> unlock -> get', async () => {
-    await manager.unlock(password);
+    const unlockResult1 = await manager.unlock(password);
+    expect(unlockResult1).toBe(true);
     await manager.saveAccount(accountData);
     await manager.saveSessionKeys(sessionKeysData);
 
@@ -82,7 +84,8 @@ describe('SecureStorageManager', () => {
     await expect(newManager.saveAccount(accountData)).rejects.toThrow('Storage manager is locked');
 
     // Unlock with correct password
-    await newManager.unlock(password);
+    const unlockResult2 = await newManager.unlock(password);
+    expect(unlockResult2).toBe(true);
     expect(newManager.isUnlocked).toBe(true);
 
     const restoredAccount = await newManager.getAccount();
@@ -93,14 +96,20 @@ describe('SecureStorageManager', () => {
   });
 
   it('should fail gracefully with the wrong password', async () => {
-    await manager.unlock(password);
+    const unlockResult = await manager.unlock(password);
+    expect(unlockResult).toBe(true);
     await manager.saveAccount(accountData);
 
     manager.lock();
     const newManager = new SecureStorageManager(storage);
-    await newManager.unlock('wrong_password');
-
-    await expect(newManager.getAccount()).rejects.toThrow('Invalid password or corrupted data');
+    const wrongPasswordResult = await newManager.unlock('wrong_password');
+
+    // Wrong password should return false
+    expect(wrongPasswordResult).toBe(false);
+    // Manager should remain locked
+    expect(newManager.isUnlocked).toBe(false);
+    // Attempting to access data while locked should throw
+    await expect(newManager.getAccount()).rejects.toThrow('Storage manager is locked');
   });
 
   it('should return null for non-existent items', async () => {
@@ -114,8 +123,10 @@ describe('SecureStorageManager', () => {
   });
 
   it('should not throw on unlock if already unlocked', async () => {
-    await manager.unlock(password);
-    await manager.unlock(password); // Should return early
+    const unlockResult1 = await manager.unlock(password);
+    expect(unlockResult1).toBe(true);
+    const unlockResult2 = await manager.unlock(password); // Should return true immediately
+    expect(unlockResult2).toBe(true);
     expect(manager.isUnlocked).toBe(true);
   });
 });