m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-10-26 13:20:26 +02:00
Code
cf2d1cf8e5
metamask-extension/test/unit/app/controllers/permissions/permissions-controller-test.js

1373 lines
41 KiB
JavaScript
Raw Normal View History

Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
import { strict as assert } from 'assert'
import { find } from 'lodash'
import nanoid from 'nanoid'
import sinon from 'sinon'
import {
METADATA_STORE_KEY,
WALLET_PREFIX,
} from '../../../../../app/scripts/controllers/permissions/enums'
import {
PermissionsController,
addInternalMethodPrefix,
} from '../../../../../app/scripts/controllers/permissions'
import {
grantPermissions,
} from './helpers'
import {
noop,
constants,
getters,
getNotifyDomain,
getNotifyAllDomains,
getPermControllerOpts,
} from './mocks'
const {
ERRORS,
NOTIFICATIONS,
PERMS,
} = getters
const {
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
ALL_ACCOUNTS,
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ACCOUNT_ARRAYS,
DUMMY_ACCOUNT,
ORIGINS,
PERM_NAMES,
REQUEST_IDS,
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
EXTRA_ACCOUNT,
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
} = constants
const initNotifications = () => {
return Object.values(ORIGINS).reduce((acc, domain) => {
acc[domain] = []
return acc
}, {})
}
const initPermController = (notifications = initNotifications()) => {
return new PermissionsController({
...getPermControllerOpts(),
notifyDomain: getNotifyDomain(notifications),
notifyAllDomains: getNotifyAllDomains(notifications),
})
}
const getMockRequestUserApprovalFunction = (permController) => (id, origin) => {
return new Promise((resolve, reject) => {
permController.pendingApprovals.set(id, { origin, resolve, reject })
})
}
describe('permissions controller', function () {
describe('getAccounts', function () {
let permController
beforeEach(function () {
permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
})
it('gets permitted accounts for permitted origins', async function () {
const aAccounts = await permController.getAccounts(ORIGINS.a)
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
'second origin should have correct accounts'
)
})
it('does not get accounts for unpermitted origins', async function () {
const cAccounts = await permController.getAccounts(ORIGINS.c)
assert.deepEqual(cAccounts, [], 'origin should have no accounts')
})
it('does not handle "MetaMask" origin as special case', async function () {
const metamaskAccounts = await permController.getAccounts('MetaMask')
assert.deepEqual(metamaskAccounts, [], 'origin should have no accounts')
})
})
Wait for extension unlock before processing eth_requestAccounts (#8149) * eth_requestAccounts: wait on unlock return error on duplicate eth_requestAccounts add getUnlockPromise mock to permissions unit tests * only await unlock if already permitted * add notification badge for wait on unlock * fixup * more fixup * cleanup * update keyring controller, us its unlock event * move keyring update unlock logic to unlock event handler * fix unit tests * delete onUnlock handler * fix eth-keyring-controller resolution * update eth-keyring-controller
2020-03-23 17:25:55 +01:00
describe('hasPermission', function () {
it('returns correct values', async function () {
const permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.test_method()
)
assert.ok(
permController.hasPermission(ORIGINS.a, 'eth_accounts'),
'should return true for granted permission'
)
assert.ok(
permController.hasPermission(ORIGINS.b, 'test_method'),
'should return true for granted permission'
)
assert.ok(
!permController.hasPermission(ORIGINS.a, 'test_method'),
'should return false for non-granted permission'
)
assert.ok(
!permController.hasPermission(ORIGINS.b, 'eth_accounts'),
'should return true for non-granted permission'
)
assert.ok(
!permController.hasPermission('foo', 'eth_accounts'),
'should return false for unknown origin'
)
assert.ok(
!permController.hasPermission(ORIGINS.b, 'foo'),
'should return false for unknown permission'
)
})
})
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
describe('clearPermissions', function () {
it('notifies all appropriate domains and removes permissions', async function () {
const notifications = initNotifications()
const permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.c)
)
let aAccounts = await permController.getAccounts(ORIGINS.a)
let bAccounts = await permController.getAccounts(ORIGINS.b)
let cAccounts = await permController.getAccounts(ORIGINS.c)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
'second origin should have correct accounts'
)
assert.deepEqual(
cAccounts, ACCOUNT_ARRAYS.c,
'third origin should have correct accounts'
)
permController.clearPermissions()
Object.keys(notifications).forEach((origin) => {
assert.deepEqual(
notifications[origin],
[ NOTIFICATIONS.removedAccounts() ],
'origin should have single wallet_accountsChanged:[] notification',
)
})
aAccounts = await permController.getAccounts(ORIGINS.a)
bAccounts = await permController.getAccounts(ORIGINS.b)
cAccounts = await permController.getAccounts(ORIGINS.c)
assert.deepEqual(aAccounts, [], 'first origin should have no accounts')
assert.deepEqual(bAccounts, [], 'second origin should have no accounts')
assert.deepEqual(cAccounts, [], 'third origin should have no accounts')
Object.keys(notifications).forEach((origin) => {
assert.deepEqual(
permController.permissions.getPermissionsForDomain(origin),
[],
'origin should have no permissions'
)
})
assert.deepEqual(
Object.keys(permController.permissions.getDomains()), [],
'all domains should be deleted'
)
})
})
describe('removePermissionsFor', function () {
let permController, notifications
beforeEach(function () {
notifications = initNotifications()
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
})
it('removes permissions for multiple domains', async function () {
let aAccounts = await permController.getAccounts(ORIGINS.a)
let bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
'second origin should have correct accounts'
)
permController.removePermissionsFor({
[ORIGINS.a]: [PERM_NAMES.eth_accounts],
[ORIGINS.b]: [PERM_NAMES.eth_accounts],
})
aAccounts = await permController.getAccounts(ORIGINS.a)
bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(aAccounts, [], 'first origin should have no accounts')
assert.deepEqual(bAccounts, [], 'second origin should have no accounts')
assert.deepEqual(
notifications[ORIGINS.a], [NOTIFICATIONS.removedAccounts()],
'first origin should have correct notification'
)
assert.deepEqual(
notifications[ORIGINS.b], [NOTIFICATIONS.removedAccounts()],
'second origin should have correct notification'
)
assert.deepEqual(
Object.keys(permController.permissions.getDomains()), [],
'all domains should be deleted'
)
})
it('only removes targeted permissions from single domain', async function () {
grantPermissions(
permController, ORIGINS.b, PERMS.finalizedRequests.test_method()
)
let bPermissions = permController.permissions.getPermissionsForDomain(ORIGINS.b)
assert.ok(
(
bPermissions.length === 2 &&
find(bPermissions, { parentCapability: PERM_NAMES.eth_accounts }) &&
find(bPermissions, { parentCapability: PERM_NAMES.test_method })
),
'origin should have correct permissions'
)
permController.removePermissionsFor({
[ORIGINS.b]: [PERM_NAMES.test_method],
})
bPermissions = permController.permissions.getPermissionsForDomain(ORIGINS.b)
assert.ok(
(
bPermissions.length === 1 &&
find(bPermissions, { parentCapability: PERM_NAMES.eth_accounts })
),
'only targeted permission should have been removed'
)
})
it('removes permissions for a single domain, without affecting another', async function () {
permController.removePermissionsFor({
[ORIGINS.b]: [PERM_NAMES.eth_accounts],
})
const aAccounts = await permController.getAccounts(ORIGINS.a)
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
'first origin should have correct accounts'
)
assert.deepEqual(bAccounts, [], 'second origin should have no accounts')
assert.deepEqual(
notifications[ORIGINS.a], [],
'first origin should have no notifications'
)
assert.deepEqual(
notifications[ORIGINS.b], [NOTIFICATIONS.removedAccounts()],
'second origin should have correct notification'
)
assert.deepEqual(
Object.keys(permController.permissions.getDomains()), [ORIGINS.a],
'only first origin should remain'
)
})
it('send notification but does not affect permissions for unknown domain', async function () {
// it knows nothing of this origin
permController.removePermissionsFor({
[ORIGINS.c]: [PERM_NAMES.eth_accounts],
})
assert.deepEqual(
notifications[ORIGINS.c], [NOTIFICATIONS.removedAccounts()],
'unknown origin should have notification'
)
const aAccounts = await permController.getAccounts(ORIGINS.a)
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
'second origin should have correct accounts'
)
assert.deepEqual(
Object.keys(permController.permissions.getDomains()),
[ORIGINS.a, ORIGINS.b],
'should have correct domains'
)
})
})
describe('validatePermittedAccounts', function () {
let permController
beforeEach(function () {
permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
})
it('throws error on non-array accounts', async function () {
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts(undefined),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw on undefined'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts(false),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw on false'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts(true),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw on true'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts({}),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw on non-array object'
)
})
it('throws error on empty array of accounts', async function () {
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts([]),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw on empty array'
)
})
it('throws error if any account value is not in keyring', async function () {
const keyringAccounts = await permController.getKeyringAccounts()
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts([DUMMY_ACCOUNT]),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.nonKeyringAccount(DUMMY_ACCOUNT),
'should throw on non-keyring account'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.throws(
() => permController.validatePermittedAccounts(keyringAccounts.concat(DUMMY_ACCOUNT)),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
ERRORS.validatePermittedAccounts.nonKeyringAccount(DUMMY_ACCOUNT),
'should throw on non-keyring account with other accounts'
)
})
it('succeeds if all accounts are in keyring', async function () {
const keyringAccounts = await permController.getKeyringAccounts()
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.doesNotThrow(
() => permController.validatePermittedAccounts(keyringAccounts),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should not throw on all keyring accounts'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.doesNotThrow(
() => permController.validatePermittedAccounts([ keyringAccounts[0] ]),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should not throw on single keyring account'
)
Synchronously validate accounts (#8343) Now that identities are available synchronously in the permissions controller, accounts can be validated synchronously as well. Any account the user wants to give permissions to should already be tracked as an identity in the preferences controller.
2020-04-16 20:58:36 +02:00
await assert.doesNotThrow(
() => permController.validatePermittedAccounts([ keyringAccounts[1] ]),
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should not throw on single keyring account'
)
})
})
Add 'addPermittedAccount' method to permissions controller (#8344) This method adds the given account to the given origin's list of exposed accounts. This method is not yet used, but it will be in subsequent PRs (e.g. #8312) This method has been added to the background API, and a wrapper action creator has been written as well.
2020-04-17 00:23:36 +02:00
describe('addPermittedAccount', function () {
let permController, notifications
beforeEach(function () {
notifications = initNotifications()
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
})
it('should throw if account is not a string', async function () {
await assert.rejects(
() => permController.addPermittedAccount(ORIGINS.a, {}),
ERRORS.validatePermittedAccounts.nonKeyringAccount({}),
'should throw on non-string account param'
)
})
it('should throw if given account is not in keyring', async function () {
await assert.rejects(
() => permController.addPermittedAccount(ORIGINS.a, DUMMY_ACCOUNT),
ERRORS.validatePermittedAccounts.nonKeyringAccount(DUMMY_ACCOUNT),
'should throw on non-keyring account'
)
})
it('should throw if origin is invalid', async function () {
await assert.rejects(
() => permController.addPermittedAccount(false, EXTRA_ACCOUNT),
ERRORS.addPermittedAccount.invalidOrigin(),
'should throw on invalid origin'
)
})
it('should throw if origin lacks any permissions', async function () {
await assert.rejects(
() => permController.addPermittedAccount(ORIGINS.c, EXTRA_ACCOUNT),
ERRORS.addPermittedAccount.invalidOrigin(),
'should throw on origin without permissions'
)
})
it('should throw if origin lacks eth_accounts permission', async function () {
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.test_method()
)
await assert.rejects(
() => permController.addPermittedAccount(ORIGINS.c, EXTRA_ACCOUNT),
ERRORS.addPermittedAccount.noEthAccountsPermission(),
'should throw on origin without eth_accounts permission'
)
})
it('should throw if account is already permitted', async function () {
await assert.rejects(
Add PermissionsController.removePermittedAccount (#8354) * add PermissionsController.removePermittedAccount and corresponding UI action * remove eth_accounts permission on removing last account
2020-04-20 20:34:56 +02:00
() => permController.addPermittedAccount(ORIGINS.a, ACCOUNT_ARRAYS.a[0]),
Add 'addPermittedAccount' method to permissions controller (#8344) This method adds the given account to the given origin's list of exposed accounts. This method is not yet used, but it will be in subsequent PRs (e.g. #8312) This method has been added to the background API, and a wrapper action creator has been written as well.
2020-04-17 00:23:36 +02:00
ERRORS.addPermittedAccount.alreadyPermitted(),
'should throw if account is already permitted'
)
})
it('should successfully add permitted account', async function () {
await permController.addPermittedAccount(ORIGINS.a, EXTRA_ACCOUNT)
const accounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
accounts, [...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT],
'origin should have correct accounts'
)
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT]),
'origin should have correct notification'
)
})
})
Add PermissionsController.removePermittedAccount (#8354) * add PermissionsController.removePermittedAccount and corresponding UI action * remove eth_accounts permission on removing last account
2020-04-20 20:34:56 +02:00
describe('removePermittedAccount', function () {
let permController, notifications
beforeEach(function () {
notifications = initNotifications()
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
)
})
it('should throw if account is not a string', async function () {
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.a, {}),
ERRORS.validatePermittedAccounts.nonKeyringAccount({}),
'should throw on non-string account param'
)
})
it('should throw if given account is not in keyring', async function () {
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.a, DUMMY_ACCOUNT),
ERRORS.validatePermittedAccounts.nonKeyringAccount(DUMMY_ACCOUNT),
'should throw on non-keyring account'
)
})
it('should throw if origin is invalid', async function () {
await assert.rejects(
() => permController.removePermittedAccount(false, EXTRA_ACCOUNT),
ERRORS.removePermittedAccount.invalidOrigin(),
'should throw on invalid origin'
)
})
it('should throw if origin lacks any permissions', async function () {
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.c, EXTRA_ACCOUNT),
ERRORS.removePermittedAccount.invalidOrigin(),
'should throw on origin without permissions'
)
})
it('should throw if origin lacks eth_accounts permission', async function () {
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.test_method()
)
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.c, EXTRA_ACCOUNT),
ERRORS.removePermittedAccount.noEthAccountsPermission(),
'should throw on origin without eth_accounts permission'
)
})
it('should throw if account is not permitted', async function () {
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.b, ACCOUNT_ARRAYS.c[0]),
ERRORS.removePermittedAccount.notPermitted(),
'should throw if account is not permitted'
)
})
it('should successfully remove permitted account', async function () {
await permController.removePermittedAccount(ORIGINS.a, ACCOUNT_ARRAYS.a[1])
const accounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
accounts, ACCOUNT_ARRAYS.a.filter((acc) => acc !== ACCOUNT_ARRAYS.a[1]),
'origin should have correct accounts'
)
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a.filter((acc) => acc !== ACCOUNT_ARRAYS.a[1])),
'origin should have correct notification'
)
})
it('should remove eth_accounts permission if removing only permitted account', async function () {
await permController.removePermittedAccount(ORIGINS.b, ACCOUNT_ARRAYS.b[0])
const accounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
accounts, [],
'origin should have no accounts'
)
const permission = await permController.permissions.getPermission(
ORIGINS.b, PERM_NAMES.eth_accounts
)
assert.equal(permission, undefined, 'origin should not have eth_accounts permission')
assert.deepEqual(
notifications[ORIGINS.b][0],
NOTIFICATIONS.removedAccounts(),
'origin should have correct notification'
)
})
})
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
describe('finalizePermissionsRequest', function () {
let permController
beforeEach(function () {
permController = initPermController()
})
it('throws on non-keyring accounts', async function () {
await assert.rejects(
permController.finalizePermissionsRequest(
PERMS.requests.eth_accounts(), [DUMMY_ACCOUNT]
),
ERRORS.validatePermittedAccounts.nonKeyringAccount(DUMMY_ACCOUNT),
'should throw on non-keyring account'
)
})
it('adds caveat to eth_accounts permission', async function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.requests.eth_accounts(),
ACCOUNT_ARRAYS.a,
)
assert.deepEqual(perm, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a))
})
it('replaces caveat of eth_accounts permission', async function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
ACCOUNT_ARRAYS.b,
)
assert.deepEqual(
perm, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b),
'permission should have correct caveat'
)
})
it('handles non-eth_accounts permission', async function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.finalizedRequests.test_method(),
ACCOUNT_ARRAYS.b,
)
assert.deepEqual(
perm, PERMS.finalizedRequests.test_method(),
'permission should have correct caveat'
)
})
})
describe('legacyExposeAccounts', function () {
let permController, notifications
beforeEach(function () {
notifications = initNotifications()
permController = initPermController(notifications)
})
it('successfully exposes accounts and updates permissions history', async function () {
let aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, [], 'origin should have no accounts')
await permController.legacyExposeAccounts(ORIGINS.a, ACCOUNT_ARRAYS.a)
aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, ACCOUNT_ARRAYS.a, 'origin should have correct accounts')
// now, permissions history should be updated
const permissionsHistory = permController.permissionsLog.getHistory()
const historyOrigins = Object.keys(permissionsHistory)
assert.equal(historyOrigins.length, 1, 'should have single origin')
assert.equal(historyOrigins[0], ORIGINS.a, 'should have correct origin')
assert.ok(
permissionsHistory[ORIGINS.a].eth_accounts,
'history should have eth_accounts entry'
)
assert.deepEqual(
Object.keys(permissionsHistory[ORIGINS.a].eth_accounts.accounts),
ACCOUNT_ARRAYS.a,
'should have expected eth_accounts entry accounts'
)
// notification should also have been sent
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a),
'first origin should have correct notification'
)
})
it('throws if called on origin with existing exposed accounts', async function () {
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
)
const aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, ACCOUNT_ARRAYS.a, 'origin should have correct accounts')
await assert.rejects(
permController.legacyExposeAccounts(ORIGINS.a, ACCOUNT_ARRAYS.b),
ERRORS.legacyExposeAccounts.forbiddenUsage(),
'should throw if called on origin with existing exposed accounts'
)
const permissionsHistory = permController.permissionsLog.getHistory()
assert.deepEqual(
permissionsHistory, {},
'should not have modified history'
)
assert.deepEqual(
notifications[ORIGINS.a], [],
'should not have sent notification'
)
})
it('throws if called with bad accounts', async function () {
await assert.rejects(
permController.legacyExposeAccounts(ORIGINS.a, []),
ERRORS.validatePermittedAccounts.invalidParam(),
'should throw if called with no accounts'
)
const permissionsHistory = permController.permissionsLog.getHistory()
assert.deepEqual(
permissionsHistory, {},
'should not have modified history'
)
assert.deepEqual(
notifications[ORIGINS.a], [],
'should not have sent notification'
)
})
it('throws if called with bad origin', async function () {
await assert.rejects(
permController.legacyExposeAccounts(null, ACCOUNT_ARRAYS.a),
ERRORS.legacyExposeAccounts.badOrigin(),
'should throw if called with invalid origin'
)
const permissionsHistory = permController.permissionsLog.getHistory()
assert.deepEqual(
permissionsHistory, {},
'should not have modified history'
)
Object.keys(notifications).forEach((domain) => {
assert.deepEqual(
notifications[domain], [],
'should not have sent notification'
)
})
})
})
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
describe('preferences state update', function () {
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
let permController, notifications, preferences, identities
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
beforeEach(function () {
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
identities = ALL_ACCOUNTS.reduce(
(identities, account) => {
identities[account] = {}
return identities
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
},
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
{}
)
preferences = {
getState: sinon.stub(),
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
subscribe: sinon.stub(),
}
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
preferences.getState.returns({
identities,
selectedAddress: DUMMY_ACCOUNT,
})
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
notifications = initNotifications()
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
permController = new PermissionsController({
...getPermControllerOpts(),
notifyDomain: getNotifyDomain(notifications),
notifyAllDomains: getNotifyAllDomains(notifications),
preferences,
})
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
grantPermissions(
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT])
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
)
grantPermissions(
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
)
})
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
it('should throw if given invalid account', async function () {
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
await assert.rejects(
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
() => onPreferencesUpdate({ selectedAddress: {} }),
ERRORS._handleAccountSelected.invalidParams(),
'should throw if account is not a string'
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
)
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
})
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
it('should do nothing if account not permitted for any origins', async function () {
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
await onPreferencesUpdate({ selectedAddress: DUMMY_ACCOUNT })
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert.deepEqual(
notifications[ORIGINS.b], [],
'should not have emitted notification'
)
assert.deepEqual(
notifications[ORIGINS.c], [],
'should not have emitted notification'
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
)
})
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
it('should emit notification if account already first in array for each connected site', async function () {
identities[ACCOUNT_ARRAYS.a[0]] = { lastSelected: 1000 }
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
await onPreferencesUpdate({ selectedAddress: ACCOUNT_ARRAYS.a[0] })
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
assert.deepEqual(
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT])],
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should not have emitted notification'
)
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert.deepEqual(
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
notifications[ORIGINS.c],
[NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a)],
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
'should not have emitted notification'
)
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
})
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
it('should emit notification just for connected domains', async function () {
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
identities[EXTRA_ACCOUNT] = { lastSelected: 1000 }
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
await onPreferencesUpdate({ selectedAddress: EXTRA_ACCOUNT })
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
assert.deepEqual(
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([ EXTRA_ACCOUNT, ...ACCOUNT_ARRAYS.a ])],
'should have emitted notification'
)
assert.deepEqual(
notifications[ORIGINS.c], [],
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should not have emitted notification'
)
})
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
it('should emit notification for multiple connected domains', async function () {
Fix order of accounts in `eth_accounts` response (#8342) * Fix order of accounts in `eth_accounts` response The accounts returned by `eth_accounts` were in a fixed order - the order in which the keyring returned them - rather than ordered with the selected account first. The accounts returned by the `accountsChanged` event were ordered with the selected account first, but the same order wasn't used for `eth_accounts`. We needed to store additional state in order to determine the correct account order correctly on all dapps. We had only been storing the current selected account, but since we also need to determine the primary account per dapp (i.e. the last "selected" account among the accounts exposed to that dapp), that wasn't enough. A `lastSelected` property has been added to each identity in the preferences controller to keep track of the last selected time. This property is set to the current time (in milliseconds) whenever a new selection is made. The accounts returned with `accountsChanged` and by `eth_accounts` are both ordered by this property. The `updatePermittedAccounts` function was merged with the internal methods for responding to account selection, to keep things simpler. It wasn't called externally anyway, so it wasn't needed in the public API. * Remove caveat update upon change in selected account The order of accounts in the caveat isn't meaningful, so the caveat doesn't need to be updated when the accounts get re-ordered. * Emit event regardless of account order Now that we're no longer relying upon the caveat for the account order, we also have no way of knowing if a particular account selection resulted in a change in order or not. The notification is now emitted whenever an exposed account is selected - even if the order stayed the same. The inpage provider currently caches the account order, so it can be relied upon to ignore these redundant events. We were already emiting redundant `accountsChanged` events in some cases anyway.
2020-04-16 20:20:01 +02:00
identities[ACCOUNT_ARRAYS.a[1]] = { lastSelected: 1000 }
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
await onPreferencesUpdate({ selectedAddress: ACCOUNT_ARRAYS.a[1] })
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
const accountsWithoutFirst = ACCOUNT_ARRAYS.a
.filter((account) => account !== ACCOUNT_ARRAYS.a[1])
const expectedAccounts = [ ACCOUNT_ARRAYS.a[1], ...accountsWithoutFirst ]
assert.deepEqual(
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([ ...expectedAccounts, EXTRA_ACCOUNT ])],
'should have emitted notification'
)
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
assert.deepEqual(
Handle account selection on all domains that can view the selection (#8341) Selecting a new account now results in all domains that can view this change being notified. Previously only the dapp in the active tab was being notified (though not correctly, as the `origin` was accidentally set to the MetaMask chrome extension origin). This handling of account selection has been moved into the background to minimize the gap between account selection and the notification being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 18:16:53 +02:00
notifications[ORIGINS.c],
[NOTIFICATIONS.newAccounts(expectedAccounts)],
Add permissions controller unit tests (#7969) * add permissions controller, log, middleware, and restricted method unit tests * fix permissions-related bugs * convert permissions log to controller-like class * add permissions unit test coverage requirements * update rpc-cap Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com> Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 18:13:22 +01:00
'should have emitted notification'
)
})
})
describe('approvePermissionsRequest', function () {
let permController, mockRequestUserApproval
beforeEach(function () {
permController = initPermController()
mockRequestUserApproval = getMockRequestUserApprovalFunction(
permController
)
})
it('does nothing if called on non-existing request', async function () {
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty on init',
)
sinon.spy(permController, 'finalizePermissionsRequest')
const request = PERMS.approvedRequest(REQUEST_IDS.a, null)
await assert.doesNotReject(
permController.approvePermissionsRequest(request, null),
'should not throw on non-existing request'
)
assert.ok(
permController.finalizePermissionsRequest.notCalled,
'should not call finalizePermissionRequest'
)
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should still be empty after request',
)
})
it('rejects request with bad accounts param', async function () {
const request = PERMS.approvedRequest(
REQUEST_IDS.a,
PERMS.requests.eth_accounts()
)
const requestRejection = assert.rejects(
mockRequestUserApproval(REQUEST_IDS.a),
ERRORS.validatePermittedAccounts.invalidParam(),
'should reject bad accounts'
)
await permController.approvePermissionsRequest(request, null)
await requestRejection
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after rejection',
)
})
it('rejects request with no permissions', async function () {
const request = PERMS.approvedRequest(REQUEST_IDS.a, {})
const requestRejection = assert.rejects(
mockRequestUserApproval(REQUEST_IDS.a),
ERRORS.approvePermissionsRequest.noPermsRequested(),
'should reject if no permissions in request'
)
await permController.approvePermissionsRequest(request, ACCOUNT_ARRAYS.a)
await requestRejection
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after rejection',
)
})
it('approves valid request', async function () {
const request = PERMS.approvedRequest(REQUEST_IDS.a, PERMS.requests.eth_accounts())
let perms
const requestApproval = assert.doesNotReject(
async () => {
perms = await mockRequestUserApproval(REQUEST_IDS.a)
},
'should not reject single valid request'
)
await permController.approvePermissionsRequest(request, ACCOUNT_ARRAYS.a)
await requestApproval
assert.deepEqual(
perms, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
'should produce expected approved permissions'
)
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after approval',
)
})
it('approves valid requests regardless of order', async function () {
const request1 = PERMS.approvedRequest(REQUEST_IDS.a, PERMS.requests.eth_accounts())
const request2 = PERMS.approvedRequest(REQUEST_IDS.b, PERMS.requests.eth_accounts())
const request3 = PERMS.approvedRequest(REQUEST_IDS.c, PERMS.requests.eth_accounts())
let perms1, perms2
const approval1 = assert.doesNotReject(
async () => {
perms1 = await mockRequestUserApproval(REQUEST_IDS.a)
},
'should not reject request'
)
const approval2 = assert.doesNotReject(
async () => {
perms2 = await mockRequestUserApproval(REQUEST_IDS.b)
},
'should not reject request'
)
// approve out of order
await permController.approvePermissionsRequest(request2, ACCOUNT_ARRAYS.b)
// add a non-existing request to the mix
await permController.approvePermissionsRequest(request3, ACCOUNT_ARRAYS.c)
await permController.approvePermissionsRequest(request1, ACCOUNT_ARRAYS.a)
await approval1
await approval2
assert.deepEqual(
perms1, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
'first request should produce expected approved permissions'
)
assert.deepEqual(
perms2, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b),
'second request should produce expected approved permissions'
)
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after approvals',
)
})
})
describe('rejectPermissionsRequest', function () {
let permController, mockRequestUserApproval
beforeEach(async function () {
permController = initPermController()
mockRequestUserApproval = getMockRequestUserApprovalFunction(
permController
)
})
it('does nothing if called on non-existing request', async function () {
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty on init',
)
await assert.doesNotReject(
permController.rejectPermissionsRequest(REQUEST_IDS.a),
'should not throw on non-existing request'
)
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should still be empty after request',
)
})
it('rejects single existing request', async function () {
const requestRejection = assert.rejects(
mockRequestUserApproval(REQUEST_IDS.a),
ERRORS.rejectPermissionsRequest.rejection(),
'should reject with expected error'
)
await permController.rejectPermissionsRequest(REQUEST_IDS.a)
await requestRejection
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after rejection',
)
})
it('rejects requests regardless of order', async function () {
const requestRejection1 = assert.rejects(
mockRequestUserApproval(REQUEST_IDS.b),
ERRORS.rejectPermissionsRequest.rejection(),
'should reject with expected error'
)
const requestRejection2 = assert.rejects(
mockRequestUserApproval(REQUEST_IDS.c),
ERRORS.rejectPermissionsRequest.rejection(),
'should reject with expected error'
)
// reject out of order
await permController.rejectPermissionsRequest(REQUEST_IDS.c)
// add a non-existing request to the mix
await permController.rejectPermissionsRequest(REQUEST_IDS.a)
await permController.rejectPermissionsRequest(REQUEST_IDS.b)
await requestRejection1
await requestRejection2
assert.equal(
permController.pendingApprovals.size, 0,
'pending approvals should be empty after approval',
)
})
})
// see permissions-middleware-test for testing the middleware itself
describe('createMiddleware', function () {
let permController
beforeEach(function () {
permController = initPermController()
})
it('should throw on bad origin', function () {
assert.throws(
() => permController.createMiddleware({ origin: {} }),
ERRORS.createMiddleware.badOrigin(),
'should throw expected error'
)
assert.throws(
() => permController.createMiddleware({ origin: '' }),
ERRORS.createMiddleware.badOrigin(),
'should throw expected error'
)
assert.throws(
() => permController.createMiddleware({}),
ERRORS.createMiddleware.badOrigin(),
'should throw expected error'
)
})
it('should create a middleware', function () {
let middleware
assert.doesNotThrow(
() => {
middleware = permController.createMiddleware({ origin: ORIGINS.a })
},
'should not throw'
)
assert.equal(
typeof middleware, 'function',
'should return function'
)
assert.equal(
middleware.name, 'engineAsMiddleware',
'function name should be "engineAsMiddleware"'
)
})
it('should create a middleware with extensionId', function () {
const extensionId = 'fooExtension'
let middleware
assert.doesNotThrow(
() => {
middleware = permController.createMiddleware({
origin: ORIGINS.a,
extensionId,
})
},
'should not throw'
)
assert.equal(
typeof middleware, 'function',
'should return function'
)
assert.equal(
middleware.name, 'engineAsMiddleware',
'function name should be "engineAsMiddleware"'
)
const metadataStore = permController.store.getState()[METADATA_STORE_KEY]
assert.deepEqual(
metadataStore[ORIGINS.a], { extensionId },
'metadata should be stored'
)
})
})
describe('notifyDomain', function () {
let notifications, permController
beforeEach(function () {
notifications = initNotifications()
permController = initPermController(notifications)
sinon.spy(permController.permissionsLog, 'updateAccountsHistory')
})
it('notifyDomain handles accountsChanged', async function () {
permController.notifyDomain(
ORIGINS.a,
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a),
)
assert.ok(
permController.permissionsLog.updateAccountsHistory.calledOnce,
'permissionsLog.updateAccountsHistory should have been called once'
)
assert.deepEqual(
notifications[ORIGINS.a],
[ NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a) ],
'origin should have correct notification'
)
})
it('notifyDomain handles notifications other than accountsChanged', async function () {
permController.notifyDomain(ORIGINS.a, NOTIFICATIONS.test())
assert.ok(
permController.permissionsLog.updateAccountsHistory.notCalled,
'permissionsLog.updateAccountsHistory should not have been called'
)
assert.deepEqual(
notifications[ORIGINS.a],
[ NOTIFICATIONS.test() ],
'origin should have correct notification'
)
})
})
describe('miscellanea and edge cases', function () {
let permController
beforeEach(function () {
permController = initPermController()
})
it('_addPendingApproval: should throw if adding origin twice', function () {
const id = nanoid()
const origin = ORIGINS.a
permController._addPendingApproval(id, origin, noop, noop)
const otherId = nanoid()
assert.throws(
() => permController._addPendingApproval(otherId, origin, noop, noop),
ERRORS.pendingApprovals.duplicateOriginOrId(otherId, origin),
'should throw expected error'
)
assert.equal(
permController.pendingApprovals.size, 1,
'pending approvals should have single entry',
)
assert.equal(
permController.pendingApprovalOrigins.size, 1,
'pending approval origins should have single item',
)
assert.deepEqual(
permController.pendingApprovals.get(id),
{ origin, resolve: noop, reject: noop },
'pending approvals should have expected entry'
)
assert.ok(
permController.pendingApprovalOrigins.has(origin),
'pending approval origins should have expected item',
)
})
it('addInternalMethodPrefix', function () {
const str = 'foo'
const res = addInternalMethodPrefix(str)
assert.equal(res, WALLET_PREFIX + str, 'should prefix correctly')
})
})
})
Copy Permalink