diff --git a/app/scripts/controllers/provider-approval.js b/app/scripts/controllers/provider-approval.js index 53172c069..b8cf04341 100644 --- a/app/scripts/controllers/provider-approval.js +++ b/app/scripts/controllers/provider-approval.js @@ -27,19 +27,19 @@ class ProviderApprovalController { }) if (platform && platform.addMessageListener) { - platform.addMessageListener(({ action = '', force, origin, siteTitle, siteImage }) => { + platform.addMessageListener(({ action = '', force, origin, siteTitle, siteImage }, { tab }) => { switch (action) { case 'init-provider-request': - this._handleProviderRequest(origin, siteTitle, siteImage, force) + this._handleProviderRequest(origin, siteTitle, siteImage, force, tab.id) break case 'init-is-approved': - this._handleIsApproved(origin) + this._handleIsApproved(origin, tab.id) break case 'init-is-unlocked': - this._handleIsUnlocked() + this._handleIsUnlocked(tab.id) break case 'init-privacy-request': - this._handlePrivacyRequest() + this._handlePrivacyRequest(tab.id) break } }) @@ -53,11 +53,11 @@ class ProviderApprovalController { * @param {string} siteTitle - The title of the document requesting full provider access * @param {string} siteImage - The icon of the window requesting full provider access */ - _handleProviderRequest (origin, siteTitle, siteImage, force) { - this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage }] }) + _handleProviderRequest (origin, siteTitle, siteImage, force, tabID) { + this.store.updateState({ providerRequests: [{ origin, siteTitle, siteImage, tabID }] }) const isUnlocked = this.keyringController.memStore.getState().isUnlocked if (!force && this.approvedOrigins[origin] && this.caching && isUnlocked) { - this.approveProviderRequest(origin) + this.approveProviderRequest(tabID) return } this.openPopup && this.openPopup() @@ -68,32 +68,32 @@ class ProviderApprovalController { * * @param {string} origin - Origin of the window */ - _handleIsApproved (origin) { + _handleIsApproved (origin, tabID) { this.platform && this.platform.sendMessage({ action: 'answer-is-approved', isApproved: this.approvedOrigins[origin] && this.caching, caching: this.caching, - }, { active: true }) + }, { id: tabID }) } /** * Called by a tab to determine if MetaMask is currently locked or unlocked */ - _handleIsUnlocked () { + _handleIsUnlocked (tabID) { const isUnlocked = this.keyringController.memStore.getState().isUnlocked - this.platform && this.platform.sendMessage({ action: 'answer-is-unlocked', isUnlocked }, { active: true }) + this.platform && this.platform.sendMessage({ action: 'answer-is-unlocked', isUnlocked }, { id: tabID }) } /** * Called to check privacy mode; if privacy mode is off, this will automatically enable the provider (legacy behavior) */ - _handlePrivacyRequest () { + _handlePrivacyRequest (tabID) { const privacyMode = this.preferencesController.getFeatureFlags().privacyMode if (!privacyMode) { this.platform && this.platform.sendMessage({ action: 'approve-legacy-provider-request', selectedAddress: this.publicConfigStore.getState().selectedAddress, - }, { active: true }) + }, { id: tabID }) this.publicConfigStore.emit('update', this.publicConfigStore.getState()) } } @@ -101,17 +101,18 @@ class ProviderApprovalController { /** * Called when a user approves access to a full Ethereum provider API * - * @param {string} origin - Origin of the target window to approve provider access + * @param {string} tabID - ID of the target window that approved provider access */ - approveProviderRequest (origin) { + approveProviderRequest (tabID) { this.closePopup && this.closePopup() const requests = this.store.getState().providerRequests + const origin = requests.find(request => request.tabID === tabID).origin this.platform && this.platform.sendMessage({ action: 'approve-provider-request', selectedAddress: this.publicConfigStore.getState().selectedAddress, - }, { active: true }) + }, { id: tabID }) this.publicConfigStore.emit('update', this.publicConfigStore.getState()) - const providerRequests = requests.filter(request => request.origin !== origin) + const providerRequests = requests.filter(request => request.tabID !== tabID) this.store.updateState({ providerRequests }) this.approvedOrigins[origin] = true } @@ -119,13 +120,14 @@ class ProviderApprovalController { /** * Called when a tab rejects access to a full Ethereum provider API * - * @param {string} origin - Origin of the target window to reject provider access + * @param {string} tabID - ID of the target window that rejected provider access */ - rejectProviderRequest (origin) { + rejectProviderRequest (tabID) { this.closePopup && this.closePopup() const requests = this.store.getState().providerRequests - this.platform && this.platform.sendMessage({ action: 'reject-provider-request' }, { active: true }) - const providerRequests = requests.filter(request => request.origin !== origin) + const origin = requests.find(request => request.tabID === tabID).origin + this.platform && this.platform.sendMessage({ action: 'reject-provider-request' }, { id: tabID }) + const providerRequests = requests.filter(request => request.tabID !== tabID) this.store.updateState({ providerRequests }) delete this.approvedOrigins[origin] } diff --git a/app/scripts/platforms/extension.js b/app/scripts/platforms/extension.js index e8779739c..3dadd5d34 100644 --- a/app/scripts/platforms/extension.js +++ b/app/scripts/platforms/extension.js @@ -65,9 +65,11 @@ class ExtensionPlatform { } sendMessage (message, query = {}) { - extension.tabs.query(query, tabs => { + const id = query.id + delete query.id + extension.tabs.query({ ...query }, tabs => { tabs.forEach(tab => { - extension.tabs.sendMessage(tab.id, message) + extension.tabs.sendMessage(id || tab.id, message) }) }) } diff --git a/notices/archive/notice_2.md b/notices/archive/notice_2.md index 62f368c50..8370f2ce2 100644 --- a/notices/archive/notice_2.md +++ b/notices/archive/notice_2.md @@ -1,6 +1,6 @@ MetaMask is beta software. -When you log in to MetaMask, your current account's address is visible to every new site you visit. This can be used to look up your account balances of Ether and other tokens. +When you log in to MetaMask and approve account access, your current account's address is visible to the site you're currently viewing. This can be used to look up your account balances of Ether and other tokens. -For your privacy, for now, please sign out of MetaMask when you're done using a site. +For your privacy, take caution when approving account access and sign out of MetaMask when you're done using a site. diff --git a/old-ui/app/provider-approval.js b/old-ui/app/provider-approval.js index c4c7ff64d..da128f147 100644 --- a/old-ui/app/provider-approval.js +++ b/old-ui/app/provider-approval.js @@ -4,7 +4,7 @@ import { approveProviderRequest, rejectProviderRequest } from '../../ui/app/acti import { connect } from 'react-redux' class ProviderApproval extends Component { render () { - const { approveProviderRequest, origin, rejectProviderRequest } = this.props + const { approveProviderRequest, origin, tabID, rejectProviderRequest } = this.props return (