1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-12 12:47:14 +01:00
metamask-extension/app/scripts/controllers/permissions/permission-log.js

375 lines
11 KiB
JavaScript
Raw Normal View History

Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
import { ObservableStore } from '@metamask/obs-store';
import { CaveatTypes } from '../../../../shared/constants/permissions';
import {
LOG_IGNORE_METHODS,
LOG_LIMIT,
LOG_METHOD_TYPES,
WALLET_PREFIX,
} from './enums';
/**
* Controller with middleware for logging requests and responses to restricted
* and permissions-related methods.
*/
export class PermissionLogController {
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
/**
* @param {{ restrictedMethods: Set<string>, initState: Record<string, unknown> }} options - Options bag.
*/
constructor({ restrictedMethods, initState }) {
this.restrictedMethods = restrictedMethods;
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
this.store = new ObservableStore({
permissionHistory: {},
permissionActivityLog: [],
...initState,
});
}
/**
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
* Get the restricted method activity log.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @returns {Array<object>} The activity log.
*/
2020-11-03 00:41:28 +01:00
getActivityLog() {
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
return this.store.getState().permissionActivityLog;
}
/**
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
* Update the restricted method activity log.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {Array<object>} logs - The new activity log array.
*/
2020-11-03 00:41:28 +01:00
updateActivityLog(logs) {
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
this.store.updateState({ permissionActivityLog: logs });
}
/**
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
* Get the permission history log.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @returns {object} The permissions history log.
*/
2020-11-03 00:41:28 +01:00
getHistory() {
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
return this.store.getState().permissionHistory;
}
/**
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
* Update the permission history log.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} history - The new permissions history log object.
*/
2020-11-03 00:41:28 +01:00
updateHistory(history) {
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
this.store.updateState({ permissionHistory: history });
}
/**
* Updates the exposed account history for the given origin.
* Sets the 'last seen' time to Date.now() for the given accounts.
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
* Does **not** update the 'lastApproved' time for the permission itself.
* Returns if the accounts array is empty.
*
* @param {string} origin - The origin that the accounts are exposed to.
* @param {Array<string>} accounts - The accounts.
*/
2020-11-03 00:41:28 +01:00
updateAccountsHistory(origin, accounts) {
if (accounts.length === 0) {
return;
}
const accountToTimeMap = getAccountToTimeMap(accounts, Date.now());
this.commitNewHistory(origin, {
eth_accounts: {
accounts: accountToTimeMap,
},
});
}
/**
* Create a permissions log middleware. Records permissions activity and history:
*
* Activity: requests and responses for restricted and most wallet_ methods.
*
* History: for each origin, the last time a permission was granted, including
* which accounts were exposed, if any.
*
* @returns {JsonRpcEngineMiddleware} The permissions log middleware.
*/
2020-11-03 00:41:28 +01:00
createMiddleware() {
return (req, res, next, _end) => {
let activityEntry, requestedMethods;
const { origin, method } = req;
const isInternal = method.startsWith(WALLET_PREFIX);
// we only log certain methods
if (
!LOG_IGNORE_METHODS.includes(method) &&
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
(isInternal || this.restrictedMethods.has(method))
) {
activityEntry = this.logRequest(req, isInternal);
if (method === `${WALLET_PREFIX}requestPermissions`) {
// get the corresponding methods from the requested permissions so
// that we can record permissions history
requestedMethods = this.getRequestedMethods(req);
}
} else if (method === 'eth_requestAccounts') {
// eth_requestAccounts is a special case; we need to extract the accounts
// from it
activityEntry = this.logRequest(req, isInternal);
requestedMethods = ['eth_accounts'];
} else {
// no-op
next();
return;
}
// call next with a return handler for capturing the response
2020-02-15 21:34:12 +01:00
next((cb) => {
const time = Date.now();
this.logResponse(activityEntry, res, time);
if (requestedMethods && !res.error && res.result) {
// any permissions or accounts changes will be recorded on the response,
// so we only log permissions history here
this.logPermissionsHistory(
2020-11-03 00:41:28 +01:00
requestedMethods,
origin,
res.result,
time,
method === 'eth_requestAccounts',
);
}
cb();
});
};
}
/**
* Creates and commits an activity log entry, without response data.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} request - The request object.
* @param {boolean} isInternal - Whether the request is internal.
*/
2020-11-03 00:41:28 +01:00
logRequest(request, isInternal) {
const activityEntry = {
id: request.id,
method: request.method,
2020-11-03 00:41:28 +01:00
methodType: isInternal
? LOG_METHOD_TYPES.internal
: LOG_METHOD_TYPES.restricted,
origin: request.origin,
requestTime: Date.now(),
responseTime: null,
success: null,
};
this.commitNewActivity(activityEntry);
return activityEntry;
}
/**
* Adds response data to an existing activity log entry.
* Entry assumed already committed (i.e., in the log).
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} entry - The entry to add a response to.
* @param {object} response - The response object.
* @param {number} time - Output from Date.now()
*/
2020-11-03 00:41:28 +01:00
logResponse(entry, response, time) {
if (!entry || !response) {
return;
}
// The JSON-RPC 2.0 specification defines "success" by the presence of
// either the "result" or "error" property. The specification forbids
// both properties from being present simultaneously, and our JSON-RPC
// stack is spec-compliant at the time of writing.
entry.success = Object.hasOwnProperty.call(response, 'result');
entry.responseTime = time;
}
/**
* Commit a new entry to the activity log.
* Removes the oldest entry from the log if it exceeds the log limit.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} entry - The activity log entry.
*/
2020-11-03 00:41:28 +01:00
commitNewActivity(entry) {
const logs = this.getActivityLog();
// add new entry to end of log
logs.push(entry);
// remove oldest log if exceeding size limit
if (logs.length > LOG_LIMIT) {
logs.shift();
}
this.updateActivityLog(logs);
}
/**
* Create new permissions history log entries, if any, and commit them.
*
* @param {Array<string>} requestedMethods - The method names corresponding to the requested permissions.
* @param {string} origin - The origin of the permissions request.
* @param {Array<IOcapLdCapability} result - The permissions request response.result.
* @param {string} time - The time of the request, i.e. Date.now().
* @param {boolean} isEthRequestAccounts - Whether the permissions request was 'eth_requestAccounts'.
*/
2020-11-03 00:41:28 +01:00
logPermissionsHistory(
requestedMethods,
origin,
result,
time,
isEthRequestAccounts,
) {
let accounts, newEntries;
if (isEthRequestAccounts) {
accounts = result;
const accountToTimeMap = getAccountToTimeMap(accounts, time);
newEntries = {
2020-11-03 00:41:28 +01:00
eth_accounts: {
accounts: accountToTimeMap,
lastApproved: time,
},
};
} else {
// Records new "lastApproved" times for the granted permissions, if any.
// Special handling for eth_accounts, in order to record the time the
// accounts were last seen or approved by the origin.
newEntries = result
.map((perm) => {
if (perm.parentCapability === 'eth_accounts') {
accounts = this.getAccountsFromPermission(perm);
}
return perm.parentCapability;
})
.reduce((acc, method) => {
// all approved permissions will be included in the response,
// not just the newly requested ones
if (requestedMethods.includes(method)) {
if (method === 'eth_accounts') {
const accountToTimeMap = getAccountToTimeMap(accounts, time);
acc[method] = {
lastApproved: time,
accounts: accountToTimeMap,
};
} else {
acc[method] = { lastApproved: time };
}
}
return acc;
}, {});
}
if (Object.keys(newEntries).length > 0) {
this.commitNewHistory(origin, newEntries);
}
}
/**
* Commit new entries to the permissions history log.
* Merges the history for the given origin, overwriting existing entries
* with the same key (permission name).
*
* @param {string} origin - The requesting origin.
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} newEntries - The new entries to commit.
*/
2020-11-03 00:41:28 +01:00
commitNewHistory(origin, newEntries) {
// a simple merge updates most permissions
const history = this.getHistory();
const newOriginHistory = {
...history[origin],
...newEntries,
};
// eth_accounts requires special handling, because of information
// we store about the accounts
2020-11-03 00:41:28 +01:00
const existingEthAccountsEntry =
history[origin] && history[origin].eth_accounts;
const newEthAccountsEntry = newEntries.eth_accounts;
if (existingEthAccountsEntry && newEthAccountsEntry) {
// we may intend to update just the accounts, not the permission
// itself
2020-11-03 00:41:28 +01:00
const lastApproved =
newEthAccountsEntry.lastApproved ||
existingEthAccountsEntry.lastApproved;
// merge old and new eth_accounts history entries
newOriginHistory.eth_accounts = {
lastApproved,
accounts: {
...existingEthAccountsEntry.accounts,
...newEthAccountsEntry.accounts,
},
};
}
history[origin] = newOriginHistory;
this.updateHistory(history);
}
/**
* Get all requested methods from a permissions request.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} request - The request object.
* @returns {Array<string>} The names of the requested permissions.
*/
2020-11-03 00:41:28 +01:00
getRequestedMethods(request) {
if (
!request.params ||
2020-02-12 17:17:13 +01:00
!request.params[0] ||
typeof request.params[0] !== 'object' ||
Array.isArray(request.params[0])
) {
return null;
}
return Object.keys(request.params[0]);
}
/**
* Get the permitted accounts from an eth_accounts permissions object.
* Returns an empty array if the permission is not eth_accounts.
*
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @param {object} perm - The permissions object.
* @returns {Array<string>} The permitted accounts.
*/
2020-11-03 00:41:28 +01:00
getAccountsFromPermission(perm) {
if (perm.parentCapability !== 'eth_accounts' || !perm.caveats) {
return [];
}
const accounts = new Set();
for (const caveat of perm.caveats) {
if (
Permission System 2.0 (#12243) # Permission System 2.0 ## Background This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions). The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack. We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp. While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps. Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`. With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0. Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works. The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod. ## Changes in Detail First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files. - The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers). - The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation. - Migration number 68 has been added to account for the new state changes. - The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`. Reviewers should focus their attention on the following files: - `app/scripts/` - `metamask-controller.js` - This is where most of the integration work for the new `PermissionController` occurs. Some functions that were internal to the original controller were moved here. - `controllers/permissions/` - `selectors.js` - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details. - `specifications.js` - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation. See the `PermissionController` readme for details. - `migrations/068.js` - The new state should be cross-referenced with the controllers that manage it. The accompanying tests should also be thoroughly reviewed. Some files may appear new but have just moved and/or been renamed: - `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js` - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`. - `test/mocks/permissions.js` - A truncated version of `test/mocks/permission-controller.js`. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-07 04:16:49 +01:00
caveat.type === CaveatTypes.restrictReturnedAccounts &&
Array.isArray(caveat.value)
) {
for (const value of caveat.value) {
accounts.add(value);
}
}
}
return [...accounts];
}
}
// helper functions
/**
* Get a map from account addresses to the given time.
*
* @param {Array<string>} accounts - An array of addresses.
* @param {number} time - A time, e.g. Date.now().
Version v10.18.4 RC (#15643) * Version v10.18.4 * Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201) * set more appropriate default for ticker symbol when wallet_addEthereumChain is called * throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user * Fix Provider Tracking Metrics (#15082) * fix filetype audit (#15334) * Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300) * remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down * add migration * remove nock of on chain registry call in getMethodDataAsync test * remove audit exclusion (#15346) * Updates `eth-lattice-keyring` to v0.10.0 (#15261) This is mainly associated with an update in GridPlus SDK and enables better strategies for fetching calldata decoder data. `eth-lattice-keyring` changes: GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0 `gridplus-sdk` changes (which includes a codebase rewrite): GridPlus/gridplus-sdk@v1.2.3...v2.2.2 * Fix 'block link explorer on custom networks' (#13870) * Created a logic for the 'Add a block explorer URL' Removed unused message Message logic rollback Modified history push operation WIP: Pushing before rebasing Applied requested changes Removed unintenionally added code * Lint fix * Metrics fixed * Stop injecting provider on docs.google.com (#15459) * Fix setting of gasPrice when on non-eip 1559 networks (#15628) * Fix setting of gasPrice when on non-eip 1559 networks * Fix unit tests * Fix logic * Update ui/ducks/send/send.test.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490) * [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561) * remove exclusions for mismatched object jsdoc type casing (#15351) * Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304) * Fix state creation in setupSentryGetStateGlobal (#15635) * filter breadcrumbs for improved clarity while debugging sentry errors (#15639) * Update v10.18.4 changelog (#15645) * Auto generated changelog * Update 10.18.4 changelog * Run lavamoat:auto * Call metrics event for wallet type selection at the right time (#15591) * Fix Sentry in LavaMoat contexts (#15672) Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration. * Fix Sentry deduplication of events that were never sent (#15677) The Sentry `Dedupe` integration has been filtering out our events, even when they were never sent due to our `beforeSend` handler. It was wrongly identifying them as duplicates because it has no knowledge of `beforeSend` or whether they were actually sent or not. To resolve this, the filtering we were doing in `beforeSend` has been moved to a Sentry integration. This integration is installed ahead of the `Dedupe` integration, so `Dedupe` should never find out about any events that we filter out, and thus will never consider them as sent when they were not. * Replace `lavamoat-runtime.js` patch (#15682) A patch made in #15672 was found to be unnecessary. Instead of setting a `rootGlobals` object upon construction of the root compartment, we are now creating a `sentryHooks` object in the initial top-level compartment. I hadn't realized at the time that the root compartment would inherit all properties of the initial compartment `globalThis`. This accomplishes the same goals as #15672 except without needing a patch. * Update v10.18.4 changelog * Fix lint issues * Update yarn.lock * Update `depcheck` to latest version (#15690) `depcheck` has been updated to the latest version. This version pins `@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that result in `depcheck` failing to parse TypeScript files correctly. We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was being used already. That resolution is no longer needed so it has been removed. This should resove the issue the dev team has been seeing lately where `yarn` and `yarn-deduplicate` disagree about the state the lockfile should be in. * Update yarn.lock * Update LavaMoat policy * deduplicate * Update LavaMoat build policy Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com> Co-authored-by: Alex Donesky <adonesky@gmail.com> Co-authored-by: Brad Decker <bhdecker84@gmail.com> Co-authored-by: Alex Miller <asmiller1989@gmail.com> Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: Dan J Miller <danjm.com@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: seaona <54408225+seaona@users.noreply.github.com> Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 20:57:47 +02:00
* @returns {object} A string:number map of addresses to time.
*/
2020-11-03 00:41:28 +01:00
function getAccountToTimeMap(accounts, time) {
return accounts.reduce((acc, account) => ({ ...acc, [account]: time }), {});
}