From 1d65687ce48bc7f35ee0167c94813f8b3cb3a6ee Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 24 Oct 2018 20:03:55 -0700 Subject: [PATCH] Validate signTypedData in eth-json-rpc-middleware --- .../network/createMetamaskMiddleware.js | 2 + app/scripts/metamask-controller.js | 58 ++++++++++--------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/app/scripts/controllers/network/createMetamaskMiddleware.js b/app/scripts/controllers/network/createMetamaskMiddleware.js index 9e6a45888..319c5bf3e 100644 --- a/app/scripts/controllers/network/createMetamaskMiddleware.js +++ b/app/scripts/controllers/network/createMetamaskMiddleware.js @@ -11,6 +11,7 @@ function createMetamaskMiddleware ({ processTransaction, processEthSignMessage, processTypedMessage, + processTypedMessageV3, processPersonalMessage, getPendingNonce, }) { @@ -25,6 +26,7 @@ function createMetamaskMiddleware ({ processTransaction, processEthSignMessage, processTypedMessage, + processTypedMessageV3, processPersonalMessage, }), createPendingNonceMiddleware({ getPendingNonce }), diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 7913662d4..1e02d8488 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -138,12 +138,12 @@ module.exports = class MetamaskController extends EventEmitter { this.accountTracker.stop() } }) - + // ensure accountTracker updates balances after network change this.networkController.on('networkDidChange', () => { this.accountTracker._updateAccounts() }) - + // key mgmt const additionalKeyrings = [TrezorKeyring, LedgerBridgeKeyring] this.keyringController = new KeyringController({ @@ -275,6 +275,8 @@ module.exports = class MetamaskController extends EventEmitter { processTransaction: this.newUnapprovedTransaction.bind(this), // msg signing processEthSignMessage: this.newUnsignedMessage.bind(this), + processTypedMessage: this.newUnsignedTypedMessage.bind(this), + processTypedMessageV3: this.newUnsignedTypedMessage.bind(this), processPersonalMessage: this.newUnsignedPersonalMessage.bind(this), getPendingNonce: this.getPendingNonce.bind(this), } @@ -978,8 +980,8 @@ module.exports = class MetamaskController extends EventEmitter { * @param {Object} msgParams - The params passed to eth_signTypedData. * @param {Function} cb - The callback function, called with the signature. */ - newUnsignedTypedMessage (msgParams, req) { - const promise = this.typedMessageManager.addUnapprovedMessageAsync(msgParams, req) + newUnsignedTypedMessage (msgParams, req, version) { + const promise = this.typedMessageManager.addUnapprovedMessageAsync(msgParams, req, version) this.sendUpdate() this.opts.showUnconfirmedMessage() return promise @@ -1274,9 +1276,9 @@ module.exports = class MetamaskController extends EventEmitter { // watch asset engine.push(this.preferencesController.requestWatchAsset.bind(this.preferencesController)) // sign typed data middleware - engine.push(this.createTypedDataMiddleware('eth_signTypedData', 'V1').bind(this)) - engine.push(this.createTypedDataMiddleware('eth_signTypedData_v1', 'V1').bind(this)) - engine.push(this.createTypedDataMiddleware('eth_signTypedData_v3', 'V3', true).bind(this)) + // engine.push(this.createTypedDataMiddleware('eth_signTypedData', 'V1').bind(this)) + // engine.push(this.createTypedDataMiddleware('eth_signTypedData_v1', 'V1').bind(this)) + // engine.push(this.createTypedDataMiddleware('eth_signTypedData_v3', 'V3', true).bind(this)) // forward to metamask primary provider engine.push(createProviderMiddleware({ provider })) @@ -1542,27 +1544,27 @@ module.exports = class MetamaskController extends EventEmitter { * @param {Function} - next * @param {Function} - end */ - createTypedDataMiddleware (methodName, version, reverse) { - return async (req, res, next, end) => { - const { method, params } = req - if (method === methodName) { - const promise = this.typedMessageManager.addUnapprovedMessageAsync({ - data: reverse ? params[1] : params[0], - from: reverse ? params[0] : params[1], - }, req, version) - this.sendUpdate() - this.opts.showUnconfirmedMessage() - try { - res.result = await promise - end() - } catch (error) { - end(error) - } - } else { - next() - } - } - } + // createTypedDataMiddleware (methodName, version, reverse) { + // return async (req, res, next, end) => { + // const { method, params } = req + // if (method === methodName) { + // const promise = this.typedMessageManager.addUnapprovedMessageAsync({ + // data: reverse ? params[1] : params[0], + // from: reverse ? params[0] : params[1], + // }, req, version) + // this.sendUpdate() + // this.opts.showUnconfirmedMessage() + // try { + // res.result = await promise + // end() + // } catch (error) { + // end(error) + // } + // } else { + // next() + // } + // } + // } /** * Adds a domain to the {@link BlacklistController} whitelist