m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00
Code

Limit Dapp permissions to primary account (#8653)

Browse Source
This commit is contained in:
Brad Decker 2020-05-27 22:35:09 -05:00 committed by GitHub
parent 95a95ee4bc
commit 34fb525ce5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 168 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/scripts/controllers/permissions/enums.js
View File

@ -11,6 +11,12 @@ export const METADATA_CACHE_MAX_SIZE = 100
export const CAVEAT_NAMES = {
exposedAccounts: 'exposedAccounts',
primaryAccountOnly: 'primaryAccountOnly',
}
export const CAVEAT_TYPES = {
limitResponseLength: 'limitResponseLength',
filterResponse: 'filterResponse',
}
export const NOTIFICATION_NAMES = {

25
app/scripts/controllers/permissions/index.js
View File

@ -19,6 +19,7 @@ import {
HISTORY_STORE_KEY,
CAVEAT_NAMES,
NOTIFICATION_NAMES,
CAVEAT_TYPES,
} from './enums'
export class PermissionsController {
@ -287,9 +288,11 @@ export class PermissionsController {
}
})
const newPermittedAccounts = await this.getAccounts(origin)
this.notifyDomain(origin, {
method: NOTIFICATION_NAMES.accountsChanged,
result: accounts,
result: newPermittedAccounts,
})
this.permissionsLog.logAccountExposure(origin, accounts)
@ -420,16 +423,20 @@ export class PermissionsController {
// caveat names are unique, and we will only construct this caveat here
ethAccounts.caveats = ethAccounts.caveats.filter((c) => (
c.name !== CAVEAT_NAMES.exposedAccounts
c.name !== CAVEAT_NAMES.exposedAccounts && c.name !== CAVEAT_NAMES.primaryAccountOnly
))
ethAccounts.caveats.push(
{
type: 'filterResponse',
value: finalizedAccounts,
name: CAVEAT_NAMES.exposedAccounts,
},
)
ethAccounts.caveats.push({
type: CAVEAT_TYPES.limitResponseLength,
value: 1,
name: CAVEAT_NAMES.primaryAccountOnly,
})
ethAccounts.caveats.push({
type: CAVEAT_TYPES.filterResponse,
value: finalizedAccounts,
name: CAVEAT_NAMES.exposedAccounts,
})
}
return finalizedPermissions

2
package.json
View File

@ -167,7 +167,7 @@
"redux": "^4.0.5",
"redux-thunk": "^2.3.0",
"reselect": "^3.0.1",
"rpc-cap": "^2.0.0",
"rpc-cap": "^2.1.0",
"safe-event-emitter": "^1.0.1",
"safe-json-stringify": "^1.2.0",
"single-call-balance-checker-abi": "^1.0.0",

56
test/unit/app/controllers/permissions/mocks.js
View File

@ -6,6 +6,7 @@ import _getRestrictedMethods
import {
CAVEAT_NAMES,
CAVEAT_TYPES,
NOTIFICATION_NAMES,
} from '../../../../../app/scripts/controllers/permissions/enums'
@ -162,10 +163,19 @@ const PERM_NAMES = {
does_not_exist: 'does_not_exist',
}
const ACCOUNT_ARRAYS = {
a: [ ...keyringAccounts.slice(0, 3) ],
b: [keyringAccounts[0]],
c: [keyringAccounts[1]],
const ACCOUNTS = {
a: {
permitted: keyringAccounts.slice(0, 3),
primary: keyringAccounts[0],
},
b: {
permitted: [keyringAccounts[0]],
primary: keyringAccounts[0],
},
c: {
permitted: [keyringAccounts[1]],
primary: keyringAccounts[1],
},
}
/**
@ -180,11 +190,15 @@ const CAVEATS = {
* @returns {Object} An eth_accounts exposedAccounts caveats
*/
eth_accounts: (accounts) => {
return {
type: 'filterResponse',
return [{
type: CAVEAT_TYPES.limitResponseLength,
value: 1,
name: CAVEAT_NAMES.primaryAccountOnly,
}, {
type: CAVEAT_TYPES.filterResponse,
value: accounts,
name: CAVEAT_NAMES.exposedAccounts,
}
}]
},
}
@ -245,7 +259,7 @@ const PERMS = {
eth_accounts: (accounts) => {
return {
eth_accounts: {
caveats: [CAVEATS.eth_accounts(accounts)],
caveats: CAVEATS.eth_accounts(accounts),
} }
},
@ -273,7 +287,7 @@ const PERMS = {
eth_accounts: (accounts) => {
return {
parentCapability: PERM_NAMES.eth_accounts,
caveats: [CAVEATS.eth_accounts(accounts)],
caveats: CAVEATS.eth_accounts(accounts),
}
},
@ -639,7 +653,7 @@ export const constants = deepFreeze({
ORIGINS: { ...ORIGINS },
ACCOUNT_ARRAYS: { ...ACCOUNT_ARRAYS },
ACCOUNTS: { ...ACCOUNTS },
PERM_NAMES: { ...PERM_NAMES },
@ -659,9 +673,9 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 1,
accounts: {
[ACCOUNT_ARRAYS.a[0]]: 1,
[ACCOUNT_ARRAYS.a[1]]: 1,
[ACCOUNT_ARRAYS.a[2]]: 1,
[ACCOUNTS.a.permitted[0]]: 1,
[ACCOUNTS.a.permitted[1]]: 1,
[ACCOUNTS.a.permitted[2]]: 1,
},
},
},
@ -671,9 +685,9 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 2,
accounts: {
[ACCOUNT_ARRAYS.a[0]]: 2,
[ACCOUNT_ARRAYS.a[1]]: 1,
[ACCOUNT_ARRAYS.a[2]]: 1,
[ACCOUNTS.a.permitted[0]]: 2,
[ACCOUNTS.a.permitted[1]]: 1,
[ACCOUNTS.a.permitted[2]]: 1,
},
},
},
@ -700,7 +714,7 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 1,
accounts: {
[ACCOUNT_ARRAYS.b[0]]: 1,
[ACCOUNTS.b.permitted[0]]: 1,
},
},
},
@ -709,7 +723,7 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 1,
accounts: {
[ACCOUNT_ARRAYS.c[0]]: 1,
[ACCOUNTS.c.permitted[0]]: 1,
},
},
},
@ -722,7 +736,7 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 1,
accounts: {
[ACCOUNT_ARRAYS.b[0]]: 1,
[ACCOUNTS.b.permitted[0]]: 1,
},
},
},
@ -731,8 +745,8 @@ export const constants = deepFreeze({
[PERM_NAMES.eth_accounts]: {
lastApproved: 2,
accounts: {
[ACCOUNT_ARRAYS.c[0]]: 1,
[ACCOUNT_ARRAYS.b[0]]: 2,
[ACCOUNTS.c.permitted[0]]: 1,
[ACCOUNTS.b.permitted[0]]: 2,
},
},
},

144
test/unit/app/controllers/permissions/permissions-controller-test.js
View File

@ -35,7 +35,7 @@ const {
const {
ALL_ACCOUNTS,
ACCOUNT_ARRAYS,
ACCOUNTS,
DUMMY_ACCOUNT,
ORIGINS,
PERM_NAMES,
@ -74,11 +74,11 @@ describe('permissions controller', function () {
permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
})
@ -88,11 +88,11 @@ describe('permissions controller', function () {
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
bAccounts, [ACCOUNTS.b.primary],
'second origin should have correct accounts'
)
})
@ -115,7 +115,7 @@ describe('permissions controller', function () {
const permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
@ -160,31 +160,32 @@ describe('permissions controller', function () {
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.c)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.c.permitted)
)
let aAccounts = await permController.getAccounts(ORIGINS.a)
let bAccounts = await permController.getAccounts(ORIGINS.b)
let cAccounts = await permController.getAccounts(ORIGINS.c)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
bAccounts, [ACCOUNTS.b.primary],
'second origin should have correct accounts'
)
assert.deepEqual(
cAccounts, ACCOUNT_ARRAYS.c,
cAccounts, [ACCOUNTS.c.primary],
'third origin should have correct accounts'
)
@ -230,11 +231,11 @@ describe('permissions controller', function () {
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
})
@ -244,11 +245,11 @@ describe('permissions controller', function () {
let bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
bAccounts, [ACCOUNTS.b.primary],
'second origin should have correct accounts'
)
@ -320,7 +321,7 @@ describe('permissions controller', function () {
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'first origin should have correct accounts'
)
assert.deepEqual(bAccounts, [], 'second origin should have no accounts')
@ -356,11 +357,11 @@ describe('permissions controller', function () {
const bAccounts = await permController.getAccounts(ORIGINS.b)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'first origin should have correct accounts'
)
assert.deepEqual(
bAccounts, ACCOUNT_ARRAYS.b,
bAccounts, [ACCOUNTS.b.primary],
'second origin should have correct accounts'
)
@ -380,11 +381,11 @@ describe('permissions controller', function () {
permController = initPermController()
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
})
@ -470,11 +471,11 @@ describe('permissions controller', function () {
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
})
@ -525,7 +526,7 @@ describe('permissions controller', function () {
it('should throw if account is already permitted', async function () {
await assert.rejects(
() => permController.addPermittedAccount(ORIGINS.a, ACCOUNT_ARRAYS.a[0]),
() => permController.addPermittedAccount(ORIGINS.a, ACCOUNTS.a.permitted[0]),
ERRORS.addPermittedAccount.alreadyPermitted(),
'should throw if account is already permitted'
)
@ -534,16 +535,16 @@ describe('permissions controller', function () {
it('should successfully add permitted account', async function () {
await permController.addPermittedAccount(ORIGINS.a, EXTRA_ACCOUNT)
const accounts = await permController.getAccounts(ORIGINS.a)
const accounts = await permController._getPermittedAccounts(ORIGINS.a)
assert.deepEqual(
accounts, [...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT],
accounts, [...ACCOUNTS.a.permitted, EXTRA_ACCOUNT],
'origin should have correct accounts'
)
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT]),
NOTIFICATIONS.newAccounts([ACCOUNTS.a.primary]),
'origin should have correct notification'
)
})
@ -557,11 +558,11 @@ describe('permissions controller', function () {
permController = initPermController(notifications)
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted)
)
})
@ -612,31 +613,31 @@ describe('permissions controller', function () {
it('should throw if account is not permitted', async function () {
await assert.rejects(
() => permController.removePermittedAccount(ORIGINS.b, ACCOUNT_ARRAYS.c[0]),
() => permController.removePermittedAccount(ORIGINS.b, ACCOUNTS.c.permitted[0]),
ERRORS.removePermittedAccount.notPermitted(),
'should throw if account is not permitted'
)
})
it('should successfully remove permitted account', async function () {
await permController.removePermittedAccount(ORIGINS.a, ACCOUNT_ARRAYS.a[1])
await permController.removePermittedAccount(ORIGINS.a, ACCOUNTS.a.permitted[1])
const accounts = await permController.getAccounts(ORIGINS.a)
const accounts = await permController._getPermittedAccounts(ORIGINS.a)
assert.deepEqual(
accounts, ACCOUNT_ARRAYS.a.filter((acc) => acc !== ACCOUNT_ARRAYS.a[1]),
accounts, ACCOUNTS.a.permitted.filter((acc) => acc !== ACCOUNTS.a.permitted[1]),
'origin should have correct accounts'
)
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a.filter((acc) => acc !== ACCOUNT_ARRAYS.a[1])),
NOTIFICATIONS.newAccounts([ACCOUNTS.a.primary]),
'origin should have correct notification'
)
})
it('should remove eth_accounts permission if removing only permitted account', async function () {
await permController.removePermittedAccount(ORIGINS.b, ACCOUNT_ARRAYS.b[0])
await permController.removePermittedAccount(ORIGINS.b, ACCOUNTS.b.permitted[0])
const accounts = await permController.getAccounts(ORIGINS.b)
@ -682,21 +683,21 @@ describe('permissions controller', function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.requests.eth_accounts(),
ACCOUNT_ARRAYS.a,
ACCOUNTS.a.permitted,
)
assert.deepEqual(perm, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a))
assert.deepEqual(perm, PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted))
})
it('replaces caveat of eth_accounts permission', async function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
ACCOUNT_ARRAYS.b,
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted),
ACCOUNTS.b.permitted,
)
assert.deepEqual(
perm, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b),
perm, PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted),
'permission should have correct caveat'
)
})
@ -705,7 +706,7 @@ describe('permissions controller', function () {
const perm = await permController.finalizePermissionsRequest(
PERMS.finalizedRequests.test_method(),
ACCOUNT_ARRAYS.b,
ACCOUNTS.b.permitted,
)
assert.deepEqual(
@ -729,10 +730,10 @@ describe('permissions controller', function () {
let aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, [], 'origin should have no accounts')
await permController.legacyExposeAccounts(ORIGINS.a, ACCOUNT_ARRAYS.a)
await permController.legacyExposeAccounts(ORIGINS.a, ACCOUNTS.a.permitted)
aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, ACCOUNT_ARRAYS.a, 'origin should have correct accounts')
assert.deepEqual(aAccounts, [ACCOUNTS.a.primary], 'origin should have correct accounts')
// now, permissions history should be updated
const permissionsHistory = permController.permissionsLog.getHistory()
@ -748,14 +749,14 @@ describe('permissions controller', function () {
assert.deepEqual(
Object.keys(permissionsHistory[ORIGINS.a].eth_accounts.accounts),
ACCOUNT_ARRAYS.a,
ACCOUNTS.a.permitted,
'should have expected eth_accounts entry accounts'
)
// notification should also have been sent
assert.deepEqual(
notifications[ORIGINS.a][0],
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a),
NOTIFICATIONS.newAccounts([ACCOUNTS.a.primary]),
'first origin should have correct notification'
)
})
@ -764,14 +765,14 @@ describe('permissions controller', function () {
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
const aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(aAccounts, ACCOUNT_ARRAYS.a, 'origin should have correct accounts')
assert.deepEqual(aAccounts, [ACCOUNTS.a.primary], 'origin should have correct accounts')
await assert.rejects(
permController.legacyExposeAccounts(ORIGINS.a, ACCOUNT_ARRAYS.b),
permController.legacyExposeAccounts(ORIGINS.a, ACCOUNTS.b.permitted),
ERRORS.legacyExposeAccounts.forbiddenUsage(),
'should throw if called on origin with existing exposed accounts'
)
@ -809,7 +810,7 @@ describe('permissions controller', function () {
it('throws if called with bad origin', async function () {
await assert.rejects(
permController.legacyExposeAccounts(null, ACCOUNT_ARRAYS.a),
permController.legacyExposeAccounts(null, ACCOUNTS.a.permitted),
ERRORS.legacyExposeAccounts.badOrigin(),
'should throw if called with invalid origin'
)
@ -857,11 +858,11 @@ describe('permissions controller', function () {
})
grantPermissions(
permController, ORIGINS.b,
PERMS.finalizedRequests.eth_accounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT])
PERMS.finalizedRequests.eth_accounts([...ACCOUNTS.a.permitted, EXTRA_ACCOUNT])
)
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
})
@ -896,21 +897,21 @@ describe('permissions controller', function () {
})
it('should emit notification if account already first in array for each connected site', async function () {
identities[ACCOUNT_ARRAYS.a[0]] = { lastSelected: 1000 }
identities[ACCOUNTS.a.permitted[0]] = { lastSelected: 1000 }
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
await onPreferencesUpdate({ selectedAddress: ACCOUNT_ARRAYS.a[0] })
await onPreferencesUpdate({ selectedAddress: ACCOUNTS.a.permitted[0] })
assert.deepEqual(
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([...ACCOUNT_ARRAYS.a, EXTRA_ACCOUNT])],
[NOTIFICATIONS.newAccounts([ACCOUNTS.a.primary])],
'should not have emitted notification'
)
assert.deepEqual(
notifications[ORIGINS.c],
[NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a)],
[NOTIFICATIONS.newAccounts([ACCOUNTS.a.primary])],
'should not have emitted notification'
)
})
@ -925,7 +926,7 @@ describe('permissions controller', function () {
assert.deepEqual(
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([ EXTRA_ACCOUNT, ...ACCOUNT_ARRAYS.a ])],
[NOTIFICATIONS.newAccounts([EXTRA_ACCOUNT])],
'should have emitted notification'
)
assert.deepEqual(
@ -935,24 +936,21 @@ describe('permissions controller', function () {
})
it('should emit notification for multiple connected domains', async function () {
identities[ACCOUNT_ARRAYS.a[1]] = { lastSelected: 1000 }
identities[ACCOUNTS.a.permitted[1]] = { lastSelected: 1000 }
assert(preferences.subscribe.calledOnce)
assert(preferences.subscribe.firstCall.args.length === 1)
const onPreferencesUpdate = preferences.subscribe.firstCall.args[0]
await onPreferencesUpdate({ selectedAddress: ACCOUNT_ARRAYS.a[1] })
await onPreferencesUpdate({ selectedAddress: ACCOUNTS.a.permitted[1] })
const accountsWithoutFirst = ACCOUNT_ARRAYS.a
.filter((account) => account !== ACCOUNT_ARRAYS.a[1])
const expectedAccounts = [ ACCOUNT_ARRAYS.a[1], ...accountsWithoutFirst ]
assert.deepEqual(
notifications[ORIGINS.b],
[NOTIFICATIONS.newAccounts([ ...expectedAccounts, EXTRA_ACCOUNT ])],
[NOTIFICATIONS.newAccounts([ACCOUNTS.a.permitted[1]])],
'should have emitted notification'
)
assert.deepEqual(
notifications[ORIGINS.c],
[NOTIFICATIONS.newAccounts(expectedAccounts)],
[NOTIFICATIONS.newAccounts([ACCOUNTS.c.primary])],
'should have emitted notification'
)
})
@ -1028,7 +1026,7 @@ describe('permissions controller', function () {
'should reject if no permissions in request'
)
await permController.approvePermissionsRequest(request, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(request, ACCOUNTS.a.permitted)
await requestRejection
assert.equal(
@ -1050,11 +1048,11 @@ describe('permissions controller', function () {
'should not reject single valid request'
)
await permController.approvePermissionsRequest(request, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(request, ACCOUNTS.a.permitted)
await requestApproval
assert.deepEqual(
perms, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
perms, PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted),
'should produce expected approved permissions'
)
@ -1087,21 +1085,21 @@ describe('permissions controller', function () {
)
// approve out of order
await permController.approvePermissionsRequest(request2, ACCOUNT_ARRAYS.b)
await permController.approvePermissionsRequest(request2, ACCOUNTS.b.permitted)
// add a non-existing request to the mix
await permController.approvePermissionsRequest(request3, ACCOUNT_ARRAYS.c)
await permController.approvePermissionsRequest(request1, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(request3, ACCOUNTS.c.permitted)
await permController.approvePermissionsRequest(request1, ACCOUNTS.a.permitted)
await approval1
await approval2
assert.deepEqual(
perms1, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a),
perms1, PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted),
'first request should produce expected approved permissions'
)
assert.deepEqual(
perms2, PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.b),
perms2, PERMS.finalizedRequests.eth_accounts(ACCOUNTS.b.permitted),
'second request should produce expected approved permissions'
)
@ -1292,7 +1290,7 @@ describe('permissions controller', function () {
permController.notifyDomain(
ORIGINS.a,
NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a),
NOTIFICATIONS.newAccounts(ACCOUNTS.a.permitted),
)
assert.ok(
@ -1302,7 +1300,7 @@ describe('permissions controller', function () {
assert.deepEqual(
notifications[ORIGINS.a],
[ NOTIFICATIONS.newAccounts(ACCOUNT_ARRAYS.a) ],
[ NOTIFICATIONS.newAccounts(ACCOUNTS.a.permitted) ],
'origin should have correct notification'
)
})

26
test/unit/app/controllers/permissions/permissions-log-controller-test.js
View File

@ -28,7 +28,7 @@ const {
} = getters
const {
ACCOUNT_ARRAYS,
ACCOUNTS,
EXPECTED_HISTORIES,
ORIGINS,
PERM_NAMES,
@ -123,7 +123,7 @@ describe('permissions log', function () {
req = RPC_REQUESTS.eth_requestAccounts(ORIGINS.c)
req.id = REQUEST_IDS.c
res = { result: ACCOUNT_ARRAYS.c }
res = { result: ACCOUNTS.c.permitted }
logMiddleware({ ...req }, res)
@ -250,7 +250,7 @@ describe('permissions log', function () {
// next request should be handled as normal
req = RPC_REQUESTS.eth_accounts(ORIGINS.b)
req.id = REQUEST_IDS.b
res = { result: ACCOUNT_ARRAYS.b }
res = { result: ACCOUNTS.b.permitted }
logMiddleware({ ...req }, res)
@ -399,7 +399,7 @@ describe('permissions log', function () {
ORIGINS.a, PERM_NAMES.eth_accounts
)
const res = {
result: [ PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.a) ],
result: [ PERMS.granted.eth_accounts(ACCOUNTS.a.permitted) ],
}
logMiddleware({ ...req }, { ...res })
@ -418,7 +418,7 @@ describe('permissions log', function () {
clock.tick(1)
res.result = [ PERMS.granted.eth_accounts([ ACCOUNT_ARRAYS.a[0] ]) ]
res.result = [ PERMS.granted.eth_accounts([ ACCOUNTS.a.permitted[0] ]) ]
logMiddleware({ ...req }, { ...res })
@ -437,7 +437,7 @@ describe('permissions log', function () {
ORIGINS.a, PERM_NAMES.eth_accounts
)
const res = {
result: [ PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.a) ],
result: [ PERMS.granted.eth_accounts(ACCOUNTS.a.permitted) ],
}
delete res.result[0].caveats
@ -457,7 +457,7 @@ describe('permissions log', function () {
ORIGINS.a, PERM_NAMES.eth_accounts
)
const res = {
result: [ PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.a) ],
result: [ PERMS.granted.eth_accounts(ACCOUNTS.a.permitted) ],
}
res.result[0].caveats.push({ foo: 'bar' })
@ -481,7 +481,7 @@ describe('permissions log', function () {
)
const res = {
result: [
PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.a),
PERMS.granted.eth_accounts(ACCOUNTS.a.permitted),
PERMS.granted.test_method(),
],
}
@ -567,7 +567,7 @@ describe('permissions log', function () {
ORIGINS.b, PERM_NAMES.eth_accounts
),
res: {
result: [ PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.b) ],
result: [ PERMS.granted.eth_accounts(ACCOUNTS.b.permitted) ],
},
})
@ -580,7 +580,7 @@ describe('permissions log', function () {
res: {
result: [
PERMS.granted.test_method(),
PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.c),
PERMS.granted.eth_accounts(ACCOUNTS.c.permitted),
],
},
})
@ -628,7 +628,7 @@ describe('permissions log', function () {
}),
res: {
result: [
PERMS.granted.eth_accounts(ACCOUNT_ARRAYS.b),
PERMS.granted.eth_accounts(ACCOUNTS.b.permitted),
],
},
})
@ -656,7 +656,7 @@ describe('permissions log', function () {
assert.throws(
() => {
permLog.logAccountExposure('', ACCOUNT_ARRAYS.a)
permLog.logAccountExposure('', ACCOUNTS.a.permitted)
},
ERRORS.logAccountExposure.invalidParams(),
'should throw expected error'
@ -664,7 +664,7 @@ describe('permissions log', function () {
assert.throws(
() => {
permLog.logAccountExposure(null, ACCOUNT_ARRAYS.a)
permLog.logAccountExposure(null, ACCOUNTS.a.permitted)
},
ERRORS.logAccountExposure.invalidParams(),
'should throw expected error'

44
test/unit/app/controllers/permissions/permissions-middleware-test.js
View File

@ -29,7 +29,7 @@ const {
} = getters
const {
ACCOUNT_ARRAYS,
ACCOUNTS,
ORIGINS,
PERM_NAMES,
} = constants
@ -82,7 +82,7 @@ describe('permissions middleware', function () {
const id = permController.pendingApprovals.keys().next().value
const approvedReq = PERMS.approvedRequest(id, PERMS.requests.eth_accounts())
await permController.approvePermissionsRequest(approvedReq, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(approvedReq, ACCOUNTS.a.permitted)
await pendingApproval
assert.ok(
@ -99,12 +99,12 @@ describe('permissions middleware', function () {
res.result[0],
PERM_NAMES.eth_accounts,
ORIGINS.a,
[CAVEATS.eth_accounts(ACCOUNT_ARRAYS.a)]
CAVEATS.eth_accounts(ACCOUNTS.a.permitted)
)
const aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a,
aAccounts, [ACCOUNTS.a.primary],
'origin should have correct accounts'
)
})
@ -121,7 +121,7 @@ describe('permissions middleware', function () {
const res1 = {}
// send, approve, and validate first request
// note use of ACCOUNT_ARRAYS.a
// note use of ACCOUNTS.a.permitted
const pendingApproval1 = assert.doesNotReject(
aMiddleware(req1, res1),
@ -131,7 +131,7 @@ describe('permissions middleware', function () {
const id1 = permController.pendingApprovals.keys().next().value
const approvedReq1 = PERMS.approvedRequest(id1, PERMS.requests.eth_accounts())
await permController.approvePermissionsRequest(approvedReq1, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(approvedReq1, ACCOUNTS.a.permitted)
await pendingApproval1
assert.ok(
@ -148,12 +148,12 @@ describe('permissions middleware', function () {
res1.result[0],
PERM_NAMES.eth_accounts,
ORIGINS.a,
[CAVEATS.eth_accounts(ACCOUNT_ARRAYS.a)]
CAVEATS.eth_accounts(ACCOUNTS.a.permitted)
)
const accounts1 = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
accounts1, ACCOUNT_ARRAYS.a,
accounts1, [ACCOUNTS.a.primary],
'origin should have correct accounts'
)
@ -170,7 +170,7 @@ describe('permissions middleware', function () {
const res2 = {}
// send, approve, and validate second request
// note use of ACCOUNT_ARRAYS.b
// note use of ACCOUNTS.b.permitted
const pendingApproval2 = assert.doesNotReject(
aMiddleware(req2, res2),
@ -180,7 +180,7 @@ describe('permissions middleware', function () {
const id2 = permController.pendingApprovals.keys().next().value
const approvedReq2 = PERMS.approvedRequest(id2, { ...requestedPerms2 })
await permController.approvePermissionsRequest(approvedReq2, ACCOUNT_ARRAYS.b)
await permController.approvePermissionsRequest(approvedReq2, ACCOUNTS.b.permitted)
await pendingApproval2
assert.ok(
@ -197,7 +197,7 @@ describe('permissions middleware', function () {
res2.result[0],
PERM_NAMES.eth_accounts,
ORIGINS.a,
[CAVEATS.eth_accounts(ACCOUNT_ARRAYS.b)]
CAVEATS.eth_accounts(ACCOUNTS.b.permitted)
)
validatePermission(
@ -208,7 +208,7 @@ describe('permissions middleware', function () {
const accounts2 = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
accounts2, ACCOUNT_ARRAYS.b,
accounts2, [ACCOUNTS.b.primary],
'origin should have correct accounts'
)
})
@ -481,7 +481,7 @@ describe('permissions middleware', function () {
grantPermissions(
permController, ORIGINS.a,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.a)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.a.permitted)
)
const req = RPC_REQUESTS.eth_accounts(ORIGINS.a)
@ -497,7 +497,7 @@ describe('permissions middleware', function () {
'response should have result and no error'
)
assert.deepEqual(
res.result, ACCOUNT_ARRAYS.a,
res.result, [ACCOUNTS.a.primary],
'response should have correct result'
)
})
@ -535,7 +535,7 @@ describe('permissions middleware', function () {
const id = permController.pendingApprovals.keys().next().value
const approvedReq = PERMS.approvedRequest(id, PERMS.requests.eth_accounts())
await permController.approvePermissionsRequest(approvedReq, ACCOUNT_ARRAYS.a)
await permController.approvePermissionsRequest(approvedReq, ACCOUNTS.a.permitted)
// wait for permission to be granted
await pendingApproval
@ -551,7 +551,7 @@ describe('permissions middleware', function () {
perms[0],
PERM_NAMES.eth_accounts,
ORIGINS.a,
[CAVEATS.eth_accounts(ACCOUNT_ARRAYS.a)]
CAVEATS.eth_accounts(ACCOUNTS.a.permitted)
)
// we should also see the accounts on the response
@ -561,14 +561,14 @@ describe('permissions middleware', function () {
)
assert.deepEqual(
res.result, ACCOUNT_ARRAYS.a,
res.result, [ACCOUNTS.a.primary],
'result should have correct accounts'
)
// we should also be able to get the accounts independently
const aAccounts = await permController.getAccounts(ORIGINS.a)
assert.deepEqual(
aAccounts, ACCOUNT_ARRAYS.a, 'origin should have have correct accounts'
aAccounts, [ACCOUNTS.a.primary], 'origin should have have correct accounts'
)
})
@ -621,7 +621,7 @@ describe('permissions middleware', function () {
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.c)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.c.permitted)
)
const req = RPC_REQUESTS.eth_requestAccounts(ORIGINS.c)
@ -637,7 +637,7 @@ describe('permissions middleware', function () {
'response should have result and no error'
)
assert.deepEqual(
res.result, ACCOUNT_ARRAYS.c,
res.result, [ACCOUNTS.c.primary],
'response should have correct result'
)
})
@ -655,7 +655,7 @@ describe('permissions middleware', function () {
grantPermissions(
permController, ORIGINS.c,
PERMS.finalizedRequests.eth_accounts(ACCOUNT_ARRAYS.c)
PERMS.finalizedRequests.eth_accounts(ACCOUNTS.c.permitted)
)
const req = RPC_REQUESTS.eth_requestAccounts(ORIGINS.c)
@ -683,7 +683,7 @@ describe('permissions middleware', function () {
'response should have result and no error'
)
assert.deepEqual(
res.result, ACCOUNT_ARRAYS.c,
res.result, [ACCOUNTS.c.primary],
'response should have correct result'
)
})

8
yarn.lock
View File

@ -23858,10 +23858,10 @@ rn-host-detect@^1.1.5:
resolved "https://registry.yarnpkg.com/rn-host-detect/-/rn-host-detect-1.1.5.tgz#fbecb982b73932f34529e97932b9a63e58d8deb6"
integrity sha512-ufk2dFT3QeP9HyZ/xTuMtW27KnFy815CYitJMqQm+pgG3ZAtHBsrU8nXizNKkqXGy3bQmhEoloVbrfbvMJMqkg==
rpc-cap@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/rpc-cap/-/rpc-cap-2.0.0.tgz#575ff22417bdea9526292b8989c7b7af5e664bfa"
integrity sha512-P78tE+fIOxIkxcfZ8S1ge+Mt02AH4vMXdcFjr2uWLOdouDosgJOvJP5oROYx6qiUYbECuyKrsmETU7e+MA8vpg==
rpc-cap@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/rpc-cap/-/rpc-cap-2.1.0.tgz#c53e9bd925cb23c86b1591d621a68692c58070c0"
integrity sha512-k4GLWk3IT6r5zETyhiH9tjHqX2sEJ8MdGWv5C4v7wL32hCsx+AnEykbkeVG+EfMox+Vf32C9ieTQPNLKzKwS7A==
dependencies:
clone "^2.1.2"
eth-json-rpc-errors "^2.0.2"