1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Commit Graph

1336 Commits

Author SHA1 Message Date
Mark Stacey
7199d9c567 Use externally hosted phishing warning page
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.

The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.

The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.

The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.

New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
2022-05-16 14:40:50 -02:30
Lachlan Tweedie
eee4cc3100
Add Coinbase Pay as fiat onramp option (#14648) 2022-05-12 18:27:49 -05:00
Niranjana Binoy
6c757ab5e0
Event tracking for Token Detection V2 (#14441) 2022-05-11 16:27:58 -04:00
Shane
74b5401302
Fixed API for watchAsset (#14545)
* Fixed API for watchAsset

* Fixed boolean return value for watchAsset
2022-04-27 07:47:10 -07:00
Ariella Vu
78f4684b2a
MetaMetrics: Add EVENT.CATEGORIES const (#14474)
* MetaMetrics: add EVENT.CATEGORIES const

* MetaMetrics: add EVENT.CATEGORIES.INPAGE_PROVIDER

* MetaMetrics: add EVENT.CATEGORIES.AUTH

* MetaMetrics: add EVENT.CATEGORIES.ACCOUNTS pt. 1

* MetaMetrics: add EVENT.CATEGORIES.ACCOUNTS pt. 2
confirm we want to use 'Accounts' instead of 'Account'

* MetaMetrics: add EVENT.CATEGORIES.MESSAGES

* MetaMetrics: add EVENT.CATEGORIES.RETENTION const

* MetaMetrics: add EVENT.CATEGORIES.SETTINGS

* MetaMask: add missing EVENT.CATEGORIES.SNAPS

* MetaMetrics: add EVENT.CATEGORIES.WALLET const

* MetaMetrics: add EVENT.CATEGORIES.ONBOARDING const

* MetaMetrics: add EVENT.CATEGORIES.ONBOARDING
& EVENT.CATEGORIES.TRANSACTIONS consts

* MetaMetrics: use EVENT.CATEGORIES

* ducks/swaps: revert slice name

* MetaMetrics: add missing EVENT.CATEGORIES.NETWORK
2022-04-22 13:09:10 -03:00
Ariella Vu
0c52723885
Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
* segment: instantiate w/out SEGMENT_HOST check

If SEGMENT_HOST is null, then the analytics-node library will usea defaulted host

* Segment: rm IN_TEST check for instantiation
2022-04-14 18:31:54 -03:00
ryanml
b8c9f370ef Merge remote-tracking branch 'origin/master' into Version-v10.13.0 2022-04-07 02:32:07 -07:00
Mark Stacey
831d274a40 Restore version missing from certain build steps (#14344)
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.

A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
2022-04-04 21:06:12 -02:30
Brad Decker
d6df3700f7
track rpc method usage (#14269) 2022-04-04 14:26:13 -05:00
Mark Stacey
2d08fe35e5
Restore version missing from certain build steps (#14344)
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.

A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
2022-04-04 16:44:32 -02:30
Mark Stacey
646bad8a58 Merge remote-tracking branch 'origin/develop' into master-sync
* origin/develop: (210 commits)
  Dark Mode: Remove unwanted background for price quote (#14278)
  Dark Mode: Fix colors in toggle button (#14280)
  Ensure proper color for swaps edit link (#14273)
  Dark Mode: Ensure actionable message button colors are the same color as previously (#14271)
  Add token standard to Token Added event. (#14253)
  Token Aggregators component for Tokens Detected page (#14157)
  Ensure Metafox follows cursor on Fetching quotes screen (#14261)
  TransactionsControllerTest: catch uncaught errors (#14196)
  GasModalPageContainer story: convert knobs and actions to controls / args (#13516)
  Show STX switch for wrapping / unwrapping (#14225)
  Change over ImportToken stories to use controls instead of knobs, update props in stories (#14246)
  Change over FeeCard stories to use controls instead of knobs, update props in stories (#13766)
  Update What's new screen with Token Detection information (#14124)
  Improvements for multi-layer fee UX (#13547)
  metaMetricsEvent -> trackEvent (#14249)
  E2e dapp interactions (#14149)
  failing contract interaction e2e (#14227)
  Removed metrics event (#14042)
  Add TypeScript to the build system (#13489)
  Build user traits object when metamask state changes (#14192)
  ...
2022-03-30 22:54:28 -02:30
Mark Stacey
98f187c301 Update SRP representation
An array of integers is now used to represent the SRP in three cases:

* In the import wallet flow, the UI uses it to pass the user-provided
  SRP to the background (which converts the array to a buffer).
* In the create wallet flow, the UI uses it to retrieve the generated
  SRP from the background.
* When persisting the wallet to state, the background uses it to
  serialize the SRP.

Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
2022-03-30 21:01:26 -02:30
PeterYinusa
1130b58910 E2e metrics (#13904)
* remove metrics build

* remove segment server from tests

* enable cors

* mock segment globally

* metrics e2e test

* running test builds

* move file

* destructuring
2022-03-29 07:35:06 -02:30
Dan Miller
d5c693d9db Merge remote-tracking branch 'origin/master' into Version-v10.12.0-alt 2022-03-25 14:56:57 -02:30
Erik Marks
680d30f095 snaps-skunkworks@0.10.2 (#13901) 2022-03-22 19:55:51 -07:00
Daniel
95f830438a
Add a new fiat onboarding option via MoonPay (#13934) 2022-03-21 10:26:52 +01:00
Alex Donesky
8df8f81df7
Deprecate extensionizer for webextension-polyfill (#13960)
* deprecate extensionizer for webextension-polyfill

* fix tests

* remove extensionizer

* fix browser windows api calls

* fix broken on firefox

* fix getAcceptLanguages call

* update more browser apis that are now promisified

* remove unnecessary console error ignoring in e2e tests
2022-03-18 14:07:05 -05:00
Shane
bba8b214b9
Fixed error thrown for 712 errors (#14008) 2022-03-16 16:42:55 -07:00
Shane
4c908d7413
Better 712 errors (#13939)
* Added more info for EIP-712 schema errors

* Changed EthereumProviderError to EthereumRpcError

* Fixed error code to not be hardcoded for signTypedData
2022-03-16 15:27:11 -07:00
PeterYinusa
c07e477c13
E2e metrics (#13904)
* remove metrics build

* remove segment server from tests

* enable cors

* mock segment globally

* metrics e2e test

* running test builds

* move file

* destructuring
2022-03-15 13:17:48 -03:00
Erik Marks
118480280c
snaps-skunkworks@0.10.2 (#13901) 2022-03-14 12:37:19 -07:00
Olusegun Akintayo
e7bf63a6d6 Fixes an issue where metamask popup is not loading on eth_accounts (#13840)
(first time).

Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
2022-03-09 23:50:02 -03:30
Mark Stacey
c3feabf4de Update SRP representation
An array of integers is now used to represent the SRP in three cases:

* In the import wallet flow, the UI uses it to pass the user-provided
  SRP to the background (which converts the array to a buffer).
* In the create wallet flow, the UI uses it to retrieve the generated
  SRP from the background.
* When persisting the wallet to state, the background uses it to
  serialize the SRP.

Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
2022-03-08 17:15:11 -03:30
Olusegun Akintayo
7ecb37ddf2
Fixes an issue where metamask popup is not loading on eth_accounts (#13840)
(first time).

Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
2022-03-07 19:09:03 +04:00
ryanml
5b96e3370e
Using correct metricsEvent arg (#13684) 2022-02-21 10:39:01 -07:00
Erik Marks
35ac762e10
Add Snaps via Flask (#13462)
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.

Closes #11626
2022-02-14 16:02:51 -08:00
Dan J Miller
8ad85e6413
Replace use of .flat with _.flatten, to accomodate chrome < 69 (#13520) 2022-02-07 11:28:28 -03:30
David Walsh
851fce9a3b
Enable buying MATIC on Polygon, BNB on BSC, AVAX on Avalanche, FTM on Fantom, CELO on Celo, and respective stablecoins on Transak (#13398) 2022-01-28 07:46:26 -06:00
Mark Stacey
3732c5f71e
Add JSDoc ESLint rules (#12112)
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.

Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.

Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
2022-01-07 12:27:33 -03:30
Mark Stacey
22f931e6b2
Prevent automatic rejection of confirmations (#13194)
* Prevent automatic rejection of confirmations

Confirmations are now only automatically rejected if a user explicitly
closes the notification window. If we close the window programmatically
because there are no notifications left to show, nothing gets rejected.

This partially avoids a race condition where a confirmation gets
rejected automatically without the user having seen the confirmation
first. This could happen if the confirmation was processed just as the
notification window was being closed.

It's still possible for a confirmation that the user has never seen to
get rejected as a result of the user closing the window. But at least
now it's no longer possible for a confirmation to get rejected in this
manner after the user resolves the last confirmation in the queue.

* Fix bug that prevented automatic closure detection

All windows were being detected as explicit window closures,
essentially just as they were previously, because this variable was
cleared too soon.

* Re-open popup when necessary

After the window is automatically closed, a confirmation may have been
queued up while the window was closing. If so, the popup is now re-
opened.
2022-01-05 13:39:19 -03:30
Erik Marks
75e8b4f8b9
Add missing permissions middleware hook (#13205)
Adds a missing middleware hook for `wallet_requestPermissions` that we failed to add in #12243. Also adds a runtime check that throws an error if any expected hooks are not provided to `createMethodMiddleware`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2022-01-04 12:57:18 -08:00
Ikko Ashimine
066b78c722
Fix typo in ComposableObservableStore.js (#13151) 2022-01-04 12:59:08 -06:00
Mark Stacey
fe77367837
Update the Sentry setup log with the build type (#13157)
The `environment` field we use for Sentry includes the build type for
all build types except `main`, but the log message indicating that
Sentry did not include this. This log message is useful for ensuring
that Sentry is setup correctly, so it should display the same
environment that Sentry is using. It has been updated to do just that.
2022-01-03 10:29:44 -03:30
Hassan Malik
f946c030b5
Choose accounts refactor (#13039)
* added wrapper around account list to prevent storybook from collapsing the list

* updated translation files

* added snap-connect page

* refactored account list out of the choose account component

* fixed width

* removed unnecessary scss from choose-account component, fixed props in choose account story

* removed snaps-connect page, added comments to ChooseAccount

* updated choose account subtitle text, updated styling for title & subtitle, removed redundant account list story

* updated component name, updated paths

* fixed linter errors

* added comments

* removed unused message

* removed selectAccounts key from all locales

* updated class name for account list header, updated allAreSelected function to use length checks

* Revert "removed unused message"

This reverts commit 32771bc83c08f120825ef75f0741f3034e7dbecb.

* Revert "removed selectAccounts key from all locales"

This reverts commit ccfa4a860f9a75693d893d7c404384e719de297e.

* updated locale messages to use selectAccounts key

* removed stray import

* updated scss

* updated translation key

* removed chooseAccounts key from en locale

* removed optional chaining

* changes

* updated subjectMetadata

* updated subject types

* update useOriginMetadata function to include unknown subject type

* updated permission connect header props, removed host and added subjectType to targetSubjectMetadata

* added subjectType to targetSubjectMetadata

* removed console.log

* changed prop name to iconUrl
2021-12-14 18:54:46 -05:00
Alex Donesky
1b6e58c417
Feat/collectibles the return (#12970)
* Wire collectibles frontend UI with controller data
2021-12-13 17:41:10 -06:00
Mark Stacey
ba54a3d83b
Update ESLint config to v8 (#12886)
The ESLint config has been updated to v8. The breaking changes are:

* The Prettier rule `quoteProps` has been changed from `consistent` to
`as-needed`, meaning that if one key requires quoting, only that key is
quoted rather than all keys.
* The ESLint rule `no-shadow` has been made more strict. It now
prevents globals from being shadowed as well.

Most of these changes were applied with `yarn lint:fix`. Only the
shadowing changes required manual fixing (shadowing variable names were
either replaced with destructuring or renamed).

The dependency `globalThis` was added to the list of dynamic
dependencies in the build system, where it should have been already.
This was causing `depcheck` to fail because the new lint rules required
removing the one place where `globalThis` had been erroneously imported
previously.

A rule requiring a newline between multiline blocks and expressions has
been disabled temporarily to make this PR smaller and to avoid
introducing conflicts with other PRs.
2021-12-09 15:36:24 -03:30
Mark Stacey
670bed4c61
Add @metamask/rpc-methods package (#13027)
The `selectHooks` function has been replaced with the equivalent
function from the `@metamask/rpc-methods` package, which is
functionally equivalent.

The function was included in that package so that it could be used
elsewhere in the `snaps-skunkworks` repo. Eventually the goal is to
migrate much of our RPC logic into this package so that it can be
shared across products, and by our libraries as needed.
2021-12-09 11:22:53 -03:30
Erik Marks
fc1ffae406
Add subject types (#13026)
This PR introduces the concept of subject _types_ to be associated with each subject in the `SubjectMetadataController`, and used for control flow in our RPC stack (`setupProviderEngine` and so forth).

We already differentiate between "types" of subjects in various places on an ad hoc basis via boolean flags (e.g. `isInternal` in our RPC stack) or the presence/absence of certain values in the subject's metadata (specifically `metadata.extensionId`). The status quo is manageable if not ideal, but will start to become untenable with the introduction of Snaps in the near future.

Therefore, this PR establishes a `SUBJECT_TYPES` enum and adds the `subjectType` property to the metadata of each subject. A new migration is added to accomplish this. Finally, we specify and `INTERNAL` subject type to distinguish internal from external requests.
2021-12-08 15:37:29 -08:00
Mark Stacey
5076e5057f
Remove nodeify (#13003)
The `nodeify` utility is no longer needed for the background API.
Instead each method is assumed to be either synchronous or Promise-
returning.

The error handling was updated to at least log the error in the case
where a method fall fails after the connection is broken.
2021-12-08 18:06:53 -03:30
Erik Marks
31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00
Thomas Huang
d78cfebd43
Jestify app/scripts/lib/**/*.test.js (#12890)
* Jestify app/scripts/lib/*.test.js

* Mocha config on mocha test script

* Add app/scripts/lib to include subdirs
2021-12-06 10:40:39 -06:00
Alex Donesky
9e2935dd55
Revert "Feat/collectibles display (#12873)" (#12934)
This reverts commit 81ea24f08a.
2021-12-01 17:46:26 -06:00
Alex Donesky
81ea24f08a
Feat/collectibles display (#12873)
* Wiring up Collectibles lists/items

* wip

* more wip

* more more wip

* yet more wip

* wippp

* more wipppp

* closer

* wroking

* more wip

* cleanup

* cleanup

* add-collectible form validation

* update default ipfs-gateway

* update refresh button

* fix proptypes issue + add more padding to asset background

* css tweaking

* more cleanup

* more cleanup

* more cleanup

* add migration

* address feedback

* fix migration + cleanup

* bumping controllers version + adapting new collectiblesController shape

* fix yarn dedupe
2021-12-01 10:10:17 -06:00
Olaf Tomalka
3f3479bf6e
Fix: eth_sign does not validate input (#12679)
* Fix #5039

* Converted function into async

* Added more explicit explanation of why the number of bits for EcSign

* eth_sign and eth_personalSign now report errors correctly back to the user

* Added leeway to unsigned message byte check

* Fix lint
2021-11-19 17:05:24 +01:00
Daniel
ecceb4d6da
Use v2 API for fiat onboarding URL creation, fix wrapping / unwrapping (#12729)
* Use a Swaps v2 API to get a fiat onboarding URL

* Fix an issue with wrapping / unwrapping if an address contained uppercase chars

* Rename a constant

* Use a constant in a test
2021-11-17 18:04:50 +01:00
Erik Marks
05fae3fa1e
Add RPC method handler hook selection (#12664)
Adds a property, `hookNames`, to each RPC method handler export in `app/scripts/lib/rpc-method-middleware` and a function, `selectHooks`, to select from them.

`createMethodMiddleware` receives a giant `opts` object that includes a bunch of different methods from `MetaMaskController` and its subcontrollers. Each method implementation only requires a subset of these methods to do its work. Because they need some kind of name, we call these methods "hooks". With this change, whenever an RPC method is called, `selectHooks` will be called to ensure that each method only receives the hooks that it needs in order to do its job.

This implementation is based on [work in `snaps-skunkworks`](https://github.com/MetaMask/snaps-skunkworks/blob/a3e1248/packages/rpc-methods/src/utils.ts#L17-L34) that will be merged in the near future.
2021-11-15 15:11:51 -08:00
Olaf Tomalka
a323a5fe59
Reject popup confirmations on close (#12643)
* Background clears confirmations on popup close

* [WIP] Remove clearing confirmations through UI

* Confirmations are now rejected instead of cleared

* Erased commented out code

* Fix linter errors

* Changes after code review

* Moved metrics events from onWindowUnload to background

* PR review fixes

* Added abillity to add reason to rejection of messages

* Fix prettier

* Added type metrics event to signature cancel

* Fix test

* The uncofirmed transactions are now cleared even if Metamask is locked
2021-11-15 17:13:51 +01:00
Erik Marks
b3963daaab
eth-json-rpc-middleware@8.0.0 (#10738)
We're bumping from `^6` to `^8`. All imports are now named, and they have been updated. This is a breaking change, in that support for `eth_signTransaction` is added in `^8.0.0`. We do not support this method in our UI, so our middleware stack has been instrumented to reject.

In addition, there are some non-breaking behavioral changes in this version that reviewers should be aware of, see the [7.0.0 release](https://github.com/MetaMask/eth-json-rpc-middleware/releases).
2021-11-11 12:26:49 -08:00
David Walsh
2822379bdc
Improve browser detection code (#12456)
* Improve browser detection code

* Add unit tests for platform detection

* Add test

* Use key check instead of object presence
2021-11-05 17:28:44 -07:00
Mark Stacey
345ed9f6f2
Add build type to Sentry environment (#12441)
The build type (i.e. the distribution) is now included in the Sentry
environment during setup, for all builds except the "main" build. This
will allow us to track Flask and beta errors separately from other
errors.

A constant was created for the build types. The equivalent constant in
our build scripts was updated to match it more closely, for
consistency. We can't use the same constant in both places because our
shared constants are in modules that use ES6 exports, and our build
script does not yet support ES6 exports.

The singular `BuildType` was used rather than `BuildTypes` to match our
naming conventions elsewhere for enums. We name them like classes or
types, rather than like a collection.

Relates to #11896
2021-10-25 14:27:30 -02:30
Alex Donesky
22378e4f72
fix issue where regional locales are not matched against our locales list (#12403)
* fix issue where regional locales are not matched against our locales list
2021-10-19 14:32:13 -05:00
Thomas Huang
02a4da9ad2
Fix 12145 - Ledger errors being set as Error: [object, object] (#12176)
* Fixes #12145

When transactions fail, preserve error message when presented with an error object. Fallback to stringified error for other cases.

* Perserve error stack when err.stack is present, else set stack to message.

* Use optional chaining
2021-09-22 10:41:23 -07:00
Alex Donesky
490d3b8d40
Integrate TokensController (#11552)
* Integrate controllers/tokensController

* address rebase issues

* small cleanup

* addressing feedback

* more feedback
2021-09-10 12:37:19 -05:00
Shane
362b54b2dd
Added getPersistentState support for V2 controllers persist metadata (#12007) 2021-09-05 19:33:37 -07:00
Alex Donesky
33849bfec6
Fix issue with chainId comparison in sign typed message param validation (#11900) 2021-08-24 11:23:29 -05:00
Peter-Jan Brone
3fada25dfc
Add Skylink support to ENS resolver (#11401)
* Add Skynet support to ENS to IPFS resolver

* Remove newline

* Fix lint

* Fix lint

* Remove mistakenly committed zip file

* Update
2021-07-16 10:22:04 -05:00
Dan J Miller
932444c355
Ensure transaction controller correctly estimates gas for special custom networks (#11441) 2021-07-02 13:01:27 -02:30
Daniel
a1d7271ed7
Call Wyre’s API via our backend to generate Wyre’s Checkout URL (#11387)
* Call Wyre’s API via our backend to generate Wyre’s Checkout URL

* Add back paymentMethod=debit-card, use a fallback URL if no url is returned from BE

* Fix a lint issue

* Refactor how to return Wyre’s Checkout URL

* Add 2 constants into a test file, refactoring
2021-06-25 09:52:29 -05:00
Brad Decker
cb652c0fae
remove unused sufficient balance method (#11381)
this method relied on gasPrice being present and is safe to remove
2021-06-25 09:52:18 -05:00
Daniel
ba3f51d6ed
Add support for fiat on-ramp via Transak (#11376) 2021-06-25 08:10:24 -05:00
ryanml
a69ed05141
Removing obsolete client-side transaction metrics events (#11329)
* Removing metametrics send count tracking

* Removing client side Transaction Completed and Canceled events
2021-06-24 15:37:44 -07:00
Alex Donesky
23f0270af2
add back strict equality checks in typed-message-manager, ensure that chainId comparison bases are both ints (#11340) 2021-06-23 16:32:23 -05:00
Alex Donesky
be98e05c58
patch breaking change in signTypeData param validation (#11309) 2021-06-15 13:17:38 -05:00
ryanml
2bfc3a093f
Using values from shared/constants/time to represent timing values (#11241) 2021-06-10 12:27:03 -07:00
ryanml
a75092762f
Fix built-in networks switch-ethereum-chain, Including RPC url in switchEthereumChain requestData (#11268)
* Moving RPC Urls to network constants

* Including RPC url in switchEthereumChain requestData

* Setting project id to var

* Fix built-in networks switch-ethereum-chain

`switch-ethereum-chain` did not work correctly with built-in networks.
It was treating them as custom networks, rather than as built-in
networks. This affected how they were displayed in the network
dropdown, and resulted in slight differences to the network stack used
as well.

The problem was that `updateRpcTarget` was used, which was meant for
custom networks only. Now that `setProviderType` is used in the case of
a built-in network, the behaviour should match the network switcher
exactly.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-06-09 15:18:38 -07:00
ryanml
3242710f3d
Supporting existing default networks in switchEthereumChain (#11184) 2021-05-26 09:17:18 -07:00
Mark Stacey
5009ceae53
Migrate to new CurrencyRateController (#11005)
The CurrencyRateController has been migrated to the BaseControllerV2
API, which includes various API changes. These changes include:
* The constructor now expects to be passed a
`RestrictedControllerMessenger`.
* State changes are subscribed to via the `ControllerMessenger` now,
rather than via a `subscribe` function.
* The state and configration are passed in as one "options" object,
rather than as two separate parameters
* The polling needs to be started explicitly by calling `start`. It
can be stopped and started on-demand now as well.
* Changing the current currency or native currency will now throw an
error if we fail to update the conversion rate.

The `ComposableObservableStore` has been updated to accomodate these
new types of controllers. The constructor has been updated to use an
options bag pattern as well, to make the addition of the new required
`controllerMessenger` parameter a bit less unweildly.
2021-05-20 00:27:51 -02:30
Mark Stacey
37dc19a352
Migrate Sentry settings to environment variables (#11085)
Sentry is now configured with environment variables, rather than with
hard-coded values. This makes it easier to test Sentry functionality
using a different Sentry account, as we did recently during QA of
v9.5.1.

The only change for the normal build process is the introduction of the
`SENTRY_DSN_DEV` variable, which can be set via `.metamaskrc` or via an
environment variable. This determines where error reports are sent. It
still defaults to our team Sentry account's `metamask-testing` project.

The `sentry:publish` script now requires SENTRY_ORG and SENTRY_PROJECT
to be set in order to publish release artifacts. The CircleCI
configuration has been updated with these values, so it should act the
same as it did before. Previously we had used a CLI flag to specify the
organization and project, but Sentry already natively supports these
environment variables [1].

[1]: https://docs.sentry.io/product/cli/configuration/#configuration-values
2021-05-18 13:56:22 -02:30
Shane
abba7f4159
fix metaRPCClientFactory id handling (#11116)
* fix metaRPCClientFactory id handling
2021-05-17 14:46:00 -07:00
Brad Decker
9386e3cb03
create safer isValidAddress method (#11089) 2021-05-17 14:00:59 -05:00
Shane
cacefc72fc
return early from metaRPCHandler if stream has ended (#11065)
* return early from metaRPCHandler if stream has ended

* add write after end guard to handleUpdate
2021-05-12 15:12:46 -07:00
Mark Stacey
89ef78674d
Replace uses of hasOwnProperty.call with simpler alternatives (#11009)
Three uses of `hasOwnProperty.call` have been replaced with simpler
alternatives. I did this because I found this convention confusing.

The `ComposableObservableStore` changes required adding a check for
whether the `config` is defined, because the old syntax would allow
iterating over `undefined` as if it was an empty object. Functionally
it should be identical. A new test was added to highlight this
functionality.
2021-05-11 14:09:17 -02:30
Erik Marks
35531d8360
Fix error behavior of addEthereumChain (#11031) 2021-05-11 09:34:52 -07:00
Erik Marks
2289e47e87
Update switchEthereumChain unrecognized chain error (#11030) 2021-05-10 15:29:07 -07:00
Brad Decker
c188e3fda0
rough in switchEthereumChain (#10905) 2021-05-10 14:14:21 -05:00
Mark Stacey
f47cfbbb3e
Use strict assertion mode everywhere (#11012)
The `assert` module has two modes: "Legacy" and "strict". When using
strict mode, the "strict" version of each assertion method is implied.
Whereas in legacy mode, by default it will use the deprecated, "loose"
version of each assertion.

We now use strict mode everywhere. A few tests required updates where
they were asserting the wrong thing, and it was passing beforehand due
to the loose matching.
2021-05-07 17:08:24 -02:30
Brad Decker
f1825e850d
use one segment instance (#10915) 2021-04-26 11:05:43 -05:00
Brad Decker
d1f8171877
upgrade ethereumjs util (#10886) 2021-04-16 10:05:13 -05:00
kumavis
bfdc1e68f5
Delete setupFetchDebugging.js (#10636)
* Delete setupFetchDebugging.js

* remove fetch-debugging (now handled corrently by sentry)
2021-03-23 18:05:49 +08:00
Brad Decker
a81629e104
refactor incoming tx controller (#10639) 2021-03-19 16:54:30 -05:00
Shane
b50fe3184a
fix: replace dnode background with JSON-RPC (#10627)
fixes #10090
2021-03-18 11:23:46 -07:00
Brad Decker
5a233e4634
colocate tests in flat structure (#10655) 2021-03-16 16:00:08 -05:00
Brad Decker
3d4dfc74a8
prefer chainId over networkId in most cases (#10594) 2021-03-12 16:23:26 -06:00
Niranjana Binoy
84b1379b40
Setting balance to 0x0 when the original value is undefined (#10634) 2021-03-12 10:20:33 -05:00
Brad Decker
1a2dc850a3
addEthereumChain bug fixes (#10520) 2021-02-25 16:25:51 -06:00
Brad Decker
15d78b8158
use chain id for enabling ENS IPFS resolution (#10507) 2021-02-25 05:40:57 -06:00
Brad Decker
aaec480e32
fix misuse of getCurrentNetwork (#10504) 2021-02-23 12:33:33 -06:00
Brad Decker
823466b62a
Re-add handler for addEthereumChain (#10489) 2021-02-23 10:32:46 -06:00
Brad Decker
1d23b59af3
add Custom Network Added event (#10484) 2021-02-23 09:58:35 -06:00
Erik Marks
e48053a6d5
Add custom network RPC method (#9724)
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Co-authored-by: Brad Decker <git@braddecker.dev>
2021-02-12 09:25:58 -06:00
Brad Decker
19fa2f5962
cancel unapproved confirmations on network change (#10357) 2021-02-08 17:22:30 -06:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
Erik Marks
7ebab83e40
Fix logWeb3ShimUsage metrics (#10286) 2021-01-25 14:20:44 -08:00
Erik Marks
30ff153103
eth-rpc-errors@4.0.2 (#10226) 2021-01-20 22:06:41 -08:00
Erik Marks
4fef2b7443
Add MAX_SAFE_CHAIN_ID and refactor chain ID validation (#10224)
* Add MAX_SAFE_CHAIN_ID constant
* Add isSafeChainId to shared utils module
* Move isPrefixedFormattedHexString to shared utils module
* Validate custom RPC chain IDs in network controller
* Update some network controller error messages.
* Add isSafeChainId validation to UI
2021-01-20 15:37:18 -08:00
Erik Marks
90289ec22a
Further improve organization of constants (#10200) 2021-01-20 08:13:14 -08:00
Erik Marks
7159dd6867
Fetch with a timeout everywhere (#10101)
* Use fetchWithTimeout everywhere
* Memoize getFetchWithTimeout
* Require specified timeout
2021-01-19 08:41:57 -08:00
David Walsh
c42087d044
Use destructured signal (#10115) 2020-12-23 10:15:07 -06:00
Erik Marks
e05be40d92
@metamask/obs-store@5.0.0 (#10092) 2020-12-16 13:14:49 -08:00
Erik Marks
54e9c53b27
Add web3 shim usage notification (#10039)
* Add web3 shim usage alert background state and logic
* Cleanup alert background state, constants
* Implement web3 shim usage notification and settings
* nodeify alert controller background hooks
* Remove svg icon, again
* Tweak alert controller initialization
* Add support article URL
* Un-thunk alert UI "actions"
* Delete connect.svg file (unused)
2020-12-10 15:40:29 -08:00
Erik Marks
3bf94164ac
@metamask/inpage-provider@^8.0.0 (#8640)
* @metamask/inpage-provider@^8.0.0
* Replace public config store with JSON-RPC notifications
* Encapsulate notification permissioning in permissions controller
* Update prefix of certain internal RPC methods and notifications
* Add accounts to getProviderState
* Send accounts with isUnlocked notification (#10007)
* Rename provider streams, notify provider of stream failures (#10006)
2020-12-08 11:48:47 -08:00
Erik Marks
6795298c65
Remove web3 injection (#9156)
* Remove web3 injection
* Implement logWeb3ShimUsage
2020-12-07 12:09:02 -08:00
Brad Decker
0653a489b0
add new MetaMetricsController (#9857) 2020-12-02 15:41:30 -06:00
Erik Marks
5fb2e544d4
Add __isMetaMaskShim__ property to injected web3 (#9972) 2020-12-02 12:35:45 -08:00
Erik Marks
c3eb272af9
Use method middleware for watchAsset (#9943)
* Use method middleware for watchAsset
* Update validation error messages
* Make addSuggestedERC20Asset private
* Remove redundant check in _handleWatchAssetERC20
2020-12-02 08:49:49 -08:00
Etienne Dusseault
9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00
Mark Stacey
31a3541105
Remove invalid matomo metric event option (#9897)
The `matomo` option passed to the send metrics function is invalid. The
intent was to set the `matomoEvent` option, but instead of rectifying
that, we've decide to keep sending this event to the production Segment
project for now. The invalid option has been removed.
2020-11-17 15:59:05 -03:30
Erik Marks
2687163dbb
Fix minor issues with web3 metrics (#9895)
* Fix minor issues with web3 metrics

* Log error, use try/catch
2020-11-17 11:07:59 -08:00
Nate Chastain
179dbcb41c
Remove CoinSwitch from Deposit screen(#9869)
Remove all CoinSwitch references and functionality, and bump Wyre to top spot on Deposit screen unless user on test network
2020-11-16 13:57:53 -03:30
Mark Stacey
14d85b1332
Make JSDoc formatting more consistent (#9796)
A few inconsistencies in JSDoc formatting have been fixed throughout
the project. Many issues remain; these were just the few things that
were easy to fix with a regular expression.

The changes include:

* Using lower-case for primitive types, but capitalizing non-primitive
 types
* Separating the parameter identifier and the description with a dash
* Omitting a dash between the return type and the return description
* Ensuring the parameter type is first and the identifier is second (in
 a few places it was backwards)
* Using square brackets to denote when a parameter is optional, rather
 than putting "(optional)" in the parameter description
* Including a type and identifier with every parameter
* Fixing inconsistent spacing, except where it's used for alignment
* Remove incorrectly formatted `@deprecated` tags that reference non-
 existent properties
* Remove lone comment block without accompanying function

Additionally, one parameter was renamed for clarity.
2020-11-10 14:00:41 -03:30
Erik Marks
0555cb856e Only import used sig-util exports 2020-11-09 08:59:44 -08:00
Erik Marks
6aa6052318 eth-sig-util@3.0.0 2020-11-09 08:57:18 -08:00
Patryk Łucka
ee205b893f
Create custom addHexPrefix function (#9306)
* create custom addHexPrefix function

* switch to custom addHexPrefix

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
2020-11-06 13:18:00 -08:00
Erik Marks
6426816411
Log web3 usage for functions and nested properties only (#9797)
* Log web3 usage for functions and nested properties only

* Change web3 metrics source to legacy

* Update web3 metrics properties and event name

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-05 14:55:28 -08:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
Brad Decker
7d50357684
remove matomo and route to segment (#9646) 2020-10-26 14:05:57 -05:00
Whymarrh Whitby
362e717eef
Fix node/no-deprecated-api issues (#9670)
Refs #9663

See [`node/no-deprecated-api`][1] for more information.

This change enables `node/no-deprecated-api` and fixes the issues raised by the rule.

  [1]:https://github.com/mysticatea/eslint-plugin-node/blob/v11.1.0/docs/rules/no-deprecated-api.md

The change to the way that `punycode` is imported is to address the fact that
third-party module is hidden by the built-in. This is a silly hack but it works.
2020-10-22 11:33:45 -02:30
Mark Stacey
07cffe92c6
Fix ENS resolution of .eth URLs with query strings (#9674)
Our ENS resolver for the browser address bar was incorrectly resolving
addresses that included query strings. We were concatenating the `path`
property with the `search` property, despite the fact that the `path`
property already contains `search`. As a result, `search` was
duplicated in the resolved addresses.

For example, if an IPFS content ID was found for this address, the
resolved address for `metamask.eth/?foo=bar` would have the path
`/?foo=bar?foo=bar`

The original intent was likely to use `pathname` in place of `path`.
The resolver has been updated to use `pathname`, and the query string
now appears only once in the resolved address.
2020-10-22 10:45:26 -02:30
Brad Decker
e5688c024e
consolidate segment setup (#9617)
Consolidates the background and UI segment implementations into a shared solution.

This results in the introduction of our first shared module.

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2020-10-21 16:10:55 -05:00
Mark Stacey
003f1306d3
Split the account tracker doc comments (#9574)
The account tracker had one doc comment above the constructor that
partially served to document the constructor, but mostly contained a
type definition for the class itself. It has been split into two
blocks; one for the class, one for the constructor. The constructor doc
comment has also been expanded to document all constructor options.
2020-10-15 13:09:13 -02:30
Mark Stacey
a53121a763
Use chainId in account tracker (#9573)
The `chainId` is now used by the account tracker to identify the
current network, instead of the `networkId`. This should have no
functional impact, aside from that different chains with the same
`networkId` will now be correctly distinguished from each other.
2020-10-15 11:18:30 -02:30
Erik Marks
45ba657ca1
Fix signTypedData_v4 chainId param validation (#9552) 2020-10-12 12:10:19 -07:00
Erik Marks
7870d6d194
Use Segment for web3 usage metrics; fix background Segment bugs (#9525)
* Use segment for window.web3 usage metrics
* Add Segment referrer information
* Fix track segment event bug
* Fix missing category bug in tx segment event

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-10-08 11:00:56 -07:00
Erik Marks
30d6ad83f7
Refactor background Segment usage (#9509)
* Create wrapper function for segment events
* Extract transaction controller metrics calls into own function

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-10-08 09:41:23 -07:00
Whymarrh Whitby
4411f0eb9c
Fix environment variable inlining (#9517) 2020-10-08 13:52:14 -02:30
Dan J Miller
30d13422b5
Add MetaMask Swaps (#9482) 2020-10-06 15:58:38 -02:30
Erik Marks
088d4c34f1
Merge pull request from GHSA-c2xw-px2x-pr65
* Remove network config store
* Remove inline networks variable in network controller
* Re-key network controller 'rpcTarget' to 'rpcUrl'
* Require chainId in lookupNetwork, implement eth_chainId
* Require chain ID in network form
* Add alert, migrations, and tests
* Add chainId validation to addToFrequentRpcList
* Update public config state selector to match new network controller
state
* Use network enums in networks-tab.constants
* Ensure chainId in provider config is current
* Update tests
2020-10-06 15:27:02 -02:30
Erik Marks
1b00062649
Refactor method middleware (#9436)
* Refactor method middleware

* Vastly improve comments
2020-09-18 11:55:05 -07:00
Pedro Pablo Aste Kompen
e205124db4
Update Wyre purchase URL (#9414) 2020-09-15 17:56:51 -02:30
Whymarrh Whitby
b6ccd22d6c
Update ESLint shared config to v3 (#9274)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-19 13:57:05 -02:30
Whymarrh Whitby
6ab12001e3
Fix prefer-destructuring issues (#9263)
See [`prefer-destructuring`](https://eslint.org/docs/rules/prefer-destructuring) for more information.

This change enables `prefer-destructuring` and fixes the issues raised by the rule.
2020-08-18 17:36:58 -02:30
Whymarrh Whitby
c1e3c229bc
Fix import/order issues (#9239)
See [`import/order`](https://eslint.org/docs/rules/import/order) for more information.

This change enables `import/order` and fixes the issues raised by the rule.
2020-08-18 16:48:25 -02:30
Whymarrh Whitby
b7259e5d6a
Fix radix issues (#9247)
See [`radix`](https://eslint.org/docs/rules/radix) for more information.

This change enables `radix` and fixes the issues raised by the rule.
2020-08-18 16:38:22 -02:30
Mark Stacey
27e1189c91
Handle non-String web3 property access (#9256)
The web3 usage metrics added in #9144 assumed that all web3 properties
were strings. When a `Symbol` property is accessed, our `inpage.js`
script crashes because the `Symbol` cannot be serialized correctly.

A check has been added for non-string property access. The metric event
in these cases is set to the string "typeof ", followed by the type of
the key. (e.g. `typeof symbol` for a `Symbol` property).

Fixes #9234
2020-08-18 12:01:43 -03:00
Whymarrh Whitby
e803807dd9
Fix no-param-reassign issues (#9235)
See [`no-param-reassign`](https://eslint.org/docs/rules/no-param-reassign) for more information.

This change enables `no-param-reassign` and fixes the issues raised by the rule.
2020-08-15 09:28:11 -02:30
Mark Stacey
f77151003e
Send web3 usage metrics once per origin/property (#9237)
The usage metrics for the injected web3 instance were being sent upon
each use, which exceeded the limits of our Matomo plan. These metrics
are now only being sent upon the first usage, for each origin and
property.
2020-08-14 19:15:21 -03:00
Whymarrh Whitby
e021acdc0a
Fix max-statements-per-line issues (#9218)
See [`max-statements-per-line`](https://eslint.org/docs/rules/max-statements-per-line) for more information.

This change enables `max-statements-per-line` and fixes the issues raised by the rule.
2020-08-14 15:13:56 -02:30
Whymarrh Whitby
5d42a9b773
Fix require-unicode-regexp issues (#9212)
* Fix require-unicode-regexp issues

See [`require-unicode-regexp`](https://eslint.org/docs/rules/require-unicode-regexp) for more information.

This change enables `require-unicode-regexp` and fixes the issues raised by the rule.

* Remove case-insensitive flag from regexps
2020-08-14 09:18:42 -02:30
Whymarrh Whitby
884775cf71
Fix no-negated-condition issues (#9222)
See [`no-negated-condition`](https://eslint.org/docs/rules/no-negated-condition) for more information.

This change enables `no-negated-condition` and fixes the issues raised by the rule.
2020-08-14 09:17:43 -02:30
Whymarrh Whitby
9b78d3ab07
Fix import/extensions issues (#9217)
See [`import/extensions`](https://eslint.org/docs/rules/import/extensions) for more information.

This change enables `import/extensions` and fixes the issues raised by the rule.
2020-08-14 09:16:45 -02:30
Whymarrh Whitby
3bd22a2058
Fix no-template-curly-in-string issues (#9221)
See [`no-template-curly-in-string`](https://eslint.org/docs/rules/no-template-curly-in-string) for more information.

This change enables `no-template-curly-in-string` and fixes the issues raised by the rule.
2020-08-13 19:01:55 -02:30
Whymarrh Whitby
82a0ee27f3
Fix prefer-rest-params issues (#9215)
See [`prefer-rest-params`](https://eslint.org/docs/rules/prefer-rest-params) for more information.

This change enables `prefer-rest-params` and fixes the issues raised by the rule.
2020-08-13 18:05:18 -02:30
Whymarrh Whitby
146127c474
Fix no-prototype-builtins issues (#9213)
See [`no-prototype-builtins`](https://eslint.org/docs/rules/no-prototype-builtins) for more information.

This change enables `no-prototype-builtins` and fixes the issues raised by the rule.
2020-08-13 18:04:51 -02:30
Whymarrh Whitby
310b15ba4a
Fix no-plusplus issues (#9206)
See [`no-plusplus`](https://eslint.org/docs/rules/no-plusplus) for more information.

This change enables `no-plusplus` and fixes the issues raised by the rule.
2020-08-12 20:36:44 -02:30
Whymarrh Whitby
a8863a3446
Fix consistent-return issues (#9192)
See [`consistent-return`](https://eslint.org/docs/rules/consistent-return) for more information.

This change enables `consistent-return` and fixes the issues raised by the rule.
2020-08-12 16:36:57 -02:30
Whymarrh Whitby
885125ad03
Fix no-case-declarations issues (#9191)
See [`no-case-declarations`](https://eslint.org/docs/rules/no-case-declarations) for more information.

This change enables `no-case-declarations` and fixes the issues raised by the rule.
2020-08-12 14:11:27 -02:30
Mark Stacey
cb503d9403
Refactor assignment of "Background" metrics category (#9168)
The "Background" metrics category was being set in the
`backgroundMetaMetricsEvent` function. This function might not
necessarily include any event at all though, so setting it here seemed
inappropriate. It would also crash if `eventData.eventOpts` was not
set, which is not great since that property is optional.

The background category is now set in the `sendBackgroundMetaMetrics`
function in `metamask-controller`. This method is used solely for event
data, so it would make sense for this category to be always set.

There is no functional difference, since `backgroundMetaMetricsEvent`
is called solely by `sendBackgroundMetaMetrics`.
2020-08-10 12:38:56 -03:00
Mark Stacey
c557e25ba6
Add version dimension to background metrics (#9167)
The background metrics were missing the `version` custom dimension. It
has now been added to all background metric events.
2020-08-10 12:10:30 -03:00
Thomas Huang
3a7097a4cf
Add category in eventOpts (#9164) 2020-08-09 00:42:36 -03:00
Erik Marks
e5cb63eea2
Add web3 usage metrics, prepare for web3 removal (#9144)
* add web3 usage metrics

* move web3 metrics method to new middleware

* rename some methods, files, and exports
2020-08-07 12:28:23 -07:00
Mark Stacey
1419c14fb6
Use pathname instead of URL for currentPath metrics parameter (#9158)
The `currentPath` parameter passed to our metrics utility had been
passed the full URL rather than just the path, contrary to what the
name would imply. We only used the path portion, so passing the full
URL did lead to complications.

Now just the `pathname` is passed in, rather than the full URL. This
simplifies the metrics logic, and it incidentally fixes two bugs.

The main bug fixed is regarding Firefox metrics. Previously we had
assumed the `currentPath` would start with `chrome-extension://`, which
of course was not true on Firefox. This lead to us incorrectly parsing
the `currentPath`, so path tracking was broken for Firefox events.
This broken parsing is now bypassed entirely, so metrics should now
work the same on Firefox as on Chrome.

The second bug was that we were incorrectly setting the tracking URL
for background events during tests. As a result, we were incorrectly
detecting ourselves as an internal site that had referred the user to
us. But this was not of major concern, since it only affected test
metrics (which get sent to the development Matomo project).

Lastly, this change let us discard the `pathname` parameter used in
the `overrides` parameter of the `metricsEvent` function. Now that
`currentPath` is equivalent to `pathname`, the `pathname` parameter is
redundant.
2020-08-07 15:32:46 -03:00
Mark Stacey
8713927e5e
Remove url parameter from metricsEvent (#9157)
* Remove `url` parameter from `metricsEvent`

The `url` parameter was used to override the `currentPath`, but it
never worked correctly. It was supposed to be used for setting the
`url` query parameter that was sent to Matomo, but `currentPath` was
always used even if it `url` was set and `currentPath` was empty.

Instead, `currentPath` is now always used. There was never a need to
provide an "override" for `currentPath` when it can be set directly.
The metrics provider does set `currentPath` automatically by default,
but this can be overwritten already by passing a second parameter to
`metricsEvent`.

There were two places this `url` parameter was being used: background
events, and path changes. Background events were submitted with no
`currentPath`, so because of the bug with the `url` parameter, the
metrics utility would crash upon each event. So those were never
actually sent. This commit will fix that crash.

The `currentPath` parameter was supplied as an empty string for the
path change events, so those never crashed. They just had the `url`
query string parameter set incorrectly (to an empty string). It should
now be correctly populated, which should mean we'll be capturing all
path changes now. Previously we were only capturing path changes to
pages that happened to include an event, because of this blank `url`
problem.

* Use `url` query parameter as fallback for generating `pv_id`

The `pv_id` parameter currently isn't generated correctly on Firefox,
as the generation assumes that the current URL starts with
`chrome-extension://`. The `url` query parameter is still unique for
each path, so it's probably good enough for generating an id for each
page.

This is just a temporary fix; it will be removed in a future PR, where
Firefox will be properly supported.
2020-08-07 14:57:27 -03:00
Mark Stacey
1d84f33dbd
Change MetaMetrics category for background events (#9155)
Background events are now sent in the `Background` category, rather
than `backend`. Conventionally we use the term "background" over
"backend", as it's not really a "backend" in the normal sense since
it's a client background process. Also it's capitalized because all of
the other event categories are capitalized as well.

The metrics URL has been updated to use `background` instead of
`backend` as well, for consistency.

Luckily we don't have to worry about our metrics being disjointed due
to this name change, because the background metrics never worked to
begin with! So there will be none under the old name. The metrics will
be made functional in a separate PR.
2020-08-07 13:45:49 -03:00
Whymarrh Whitby
002f021fc0
Use async/await for seedPhraseVerifier.verifyAccounts (#9100) 2020-07-29 19:50:38 -02:30
Mark Stacey
d7a5319222
Use environment variable for production Sentry DSN (#9097)
The Sentry DSN is now expected to be provided via environment variable
for production builds. The build script will fail if it is missing, and
an error will be thrown at runtime if it is missing.

The `SENTRY_DSN` environment variable has been set in CI to the old
value for `SENTRY_PROD_DSN`. We can migrate to a new DSN at some point
in the future.
2020-07-29 13:14:08 -03:00
Mark Stacey
869c252088
Disable Sentry in development (#9095)
In a non-production environment, Sentry was configured to send error
reports to a "test" MetaMask project. It will still do this during e2e
tests, but in development Sentry is now disabled completely.

In practice this was never useful in development.
2020-07-28 16:59:47 -03:00
Thomas Huang
ef1b1d5738
Fix popup/notification when browser is in fullscreen, primarily on macOS. (#9075)
* Fix popup/notification when browser is in fullscreen, primarily on OSX.

The issue was reported internally via Slack. User was running Mac OSX Chrome in fullscreen mode where Chrome is created in a new Desktop workspace.

The issue reproduced on OSX Chrome in fullscreen/maximized view overrides the explicitly set width and height for `windows.create()`. Possibly not overrides, but creates a window based off of the window that it was created from. Found a related [Chromium bug](https://bugs.chromium.org/p/chromium/issues/detail?id=263092&q=window%20create%20width%20os%3DMac&can=2).
The fullscreen `popup.left` pixel will calculate the window position incorrectly since we set and assume the width of the created window. The incorrect `left` position the window and transition the focus Desktop/Workspace incorrectly and make is seem to lose focus of the new window/workspace. Incidentally this will make the popup full width/height, and create a new workspace for the view, which we have no control over until Chrome
fixes it.

This will check if the popup is 'fullscreen', which it gets passed from the origin window, if so then don't reposition the window. If Chrome fixes the issue we can revert this change.

* Feedback commit

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-07-27 11:33:25 -07:00
Whymarrh Whitby
bf6578c6b8
Enable guard-for-in rule (#9000) 2020-07-21 18:40:45 -02:30
Whymarrh Whitby
2ae4720443
Fix words (#9038) 2020-07-20 14:32:49 -02:30
Mark Stacey
4d66223f5c
Initialize extra report property (#9033)
The `extra` property of errors sent to Sentry is sometimes not
initialized when we add the application state. A check has been added
to initialize it if it's missing.

I suspect that this changed with v5 of `@sentry/browser`, though I
can't find any explicit confirmation of this in their changelog.
2020-07-17 20:31:18 -03:00
Mark Stacey
e8b33fb7c8
Restore state snapshot for Sentry errors (#9028)
The state snapshot that was attached to Sentry errors was removed
recently in #8794 because it had become too large. The snapshot has
now been restored and reduced in size.

A utility function has been written to reduce the state object to just
the requested properties. This seemed safer than filtering out state
that is known to be large or to contain identifiable information.
This is not a great solution, as now knowledge about the state shape
resides in this large constant, but it will suffice for now. I am
hopeful that we can decorate our controllers with this metadata in the
future instead, as part of the upcoming background controller refactor.

A separate `getSentryState` global function has been added to get the
reduced state, so that the old `getCleanAppState` function that we used
to use could remain unchanged. It's still useful to get that full state
copy while debugging, and in e2e tests.
2020-07-17 12:09:38 -03:00
Thomas Huang
f02478e026
Clear AccountTracker accounts and CachedBalances on createNewVaultAndRestore (#9023) 2020-07-16 19:09:38 -07:00
Whymarrh Whitby
4f0a205369
Use eslint@6.8.0 (#8978)
* Use eslint@6.8.0
* yarn lint:fix
2020-07-14 12:50:41 -02:30
Whymarrh Whitby
46a6027a4e
Remove isBrave Sentry flag (#8967) 2020-07-10 17:23:57 -02:30
Erik Marks
652db3fd36
Use string network and chain IDs (#8628)
* convert network id enums to string

* stringify appropriate chain/network ids in tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-07-08 14:05:09 -07:00
Mark Stacey
429af23ea0
Fix account tracker optimization (#8936)
An optimization in `account-tracker.js` was being skipped consistently
due to a type error (a number was being compared to a string).

The optimization in this case was to update the balances for all
accounts with a single request, rather than one request per account.
2020-07-07 19:16:38 -03:00
Erik Marks
242db43700
Update inpage provider, deprecation warnings (#8854) 2020-06-24 15:21:57 -07:00
Mark Stacey
828ec0530a
Return after 'reject' in Promise constructor (#8857)
There were three cases where execution unintentionally continued after
an error was encountered. These cases likely are impossible to
encounter in practice due to recent validation improvements in the
`eth-json-rpc-middleware/wallet` module, but they were broken
nonetheless.

Execution inside the Promise constructor now halts immediately after
`reject` is called.
2020-06-24 16:38:53 -03:00
Erik Marks
04de9a92c5
Fix signing method bugs (#8833)
* update signTypedData validation

* update tests for new eth-json-rpc-middleware

* remove lowercasing of tx 'from' addresses
2020-06-23 09:12:11 -07:00
Erik Marks
0813cc5c88
Fix encrypt/decrypt beforeunload bugs (#8816) 2020-06-16 07:40:00 -07:00
Mark Stacey
1fb15a52bb
Stop reporting failed transactions to Sentry (#8795)
These error reports are not useful.
2020-06-12 16:41:57 -03:00
Mark Stacey
37da64aa7e
Omit state snapshot from Sentry errors (#8794)
The state snapshot we were attaching to Sentry errors was too large.
As a temporary solution, it has been removed completely. We can re-add
it later after reducing its size.
2020-06-12 16:13:14 -03:00
Mark Stacey
e85b162651
Add MESSAGE_TYPE enum (#8743)
Each "message" requiring a user confirmation has a unique `type`
property. These `type` properties have all been added as enums, and the
enum is now used wherever the literal string was used previously.
2020-06-04 16:22:45 -03:00
Mark Stacey
df85ab6e10
Implement asset page (#8696)
A new page has been created for viewing assets. This replaces the old
`selectedToken` state, which previously would augment the home page
to show token-specific information.

The new asset page shows the standard token overview as seen previously
on the home page, plus a history filtered to show just transactions
relevant to that token.

The actions that were available in the old token list menu have been
moved to a "Token Options" menu that mirrors the "Account Options"
menu.

The `selectedTokenAddress` state has been removed, as it is no longer
being used for anything.

`getMetaMetricState` has been renamed to `getBackgroundMetaMetricState`
because its sole purpose is extracting data from the background state
to send metrics from the background. It's not really a selector, but
it was convenient for it to use the same selectors the UI uses to
extract background data, so I left it there for now.

A new Redux store has been added to track state related to browser history.
The most recent "overview" page (i.e. the home page or the asset page) is
currently being tracked, so that actions taken from the asset page can return
the user back to the asset page when the action has finished.
2020-06-01 14:54:32 -03:00
Mark Stacey
9e2e353a24
Define global web3 as non-enumerable (#8634)
We inject `web3` globally on most websites. This has been breaking
websites that attempted to serialize the `window` object, because any
attempt to access certain `web3` properties (such as `web3.eth.mining`)
would throw an error. This is because `web3` defined a getter for these
properties that would call `.send([method])`, which doesn't work for
most methods.

An example of a site that this breaks is `Storybook`, when the
`@storybook/addon-actions` addon is being used. When using storybook
with this addon and with the MetaMask extension installed, actions
would not be properly dispatched because an error would be thrown in
the attempt to serialize the event (which includes a reference to the
`window`).

The `web3` global we inject is now defined as non-enumerable, so it
will be skipped automatically in any attempt to serialize the `window`
object.
2020-05-20 20:18:25 -07:00
Erik Marks
f748664638
Cleanup network enums (#8627)
* cleanup & consolidate network enums
2020-05-20 08:57:45 -07:00
Whymarrh Whitby
9c1eae2965
Delete unused util functions (#8622) 2020-05-20 10:36:41 -02:30
Whymarrh Whitby
a03ef1b002
Memoize getEnvironmentType function (#8624)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-05-20 10:36:18 -02:30
Whymarrh Whitby
97d65b645a
Delete the ABTestController and its state (#8620) 2020-05-19 13:27:06 -02:30
Henrique Dias
890bc25e28
Support IPNS address translations (#8502)
License: MIT
Signed-off-by: Henrique Dias <hacdias@gmail.com>

Co-authored-by: Whymarrh Whitby <whymarrh.whitby@gmail.com>
2020-05-14 07:56:27 -02:30
Mark Stacey
7e75eb15ef
Delete Balance controller and pending balances calculator (#8542)
This controller was not used. It was used by the
`ComputedBalancesController`, which was removed in #7057 (as it was
also unused).

The pending balances calculator was only used by the balances
controller.
2020-05-06 20:19:28 -03:00
Whymarrh Whitby
ceb5970afd
Remove unused NotificationManager#closePopup (#8530) 2020-05-05 21:02:29 -02:30
Whymarrh Whitby
6b5bbe50ee
Delete createDnodeRemoteGetter.js (#8523) 2020-05-05 20:10:07 -02:30
Whymarrh Whitby
f5a125fe61
Move export defaults statements alongside their objects (#8525) 2020-05-05 19:49:38 -02:30
Erik Marks
786e82791e
Reorganize selectors directory (#8497) 2020-05-02 12:41:17 -07:00
Brad Decker
0c7269f599
fixes firefox popup location (#8467)
Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com>
2020-04-29 17:04:03 -05:00
Erik Marks
c011c0406b
Add new inpage provider package (#8442)
* add @metamask/inpage-provider

* fix failing e2e tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-04-28 17:14:51 -07:00
Whymarrh Whitby
d612f9988e
Move default export declaration to Migrator class (#8407) 2020-04-26 00:02:41 -02:30
Mark Stacey
cc41dee92c
Remove leftover references to Coinbase (#8403)
Coinbase was removed as a deposit option some time ago.
2020-04-23 20:32:15 -03:00
Brad Decker
f9989c52c5
Position notification relative to last focused window (#8356) 2020-04-19 19:30:17 -02:30
Mark Stacey
5ee1291662
Prevent accidental use of globals (#8340)
Previously all browser globals were allowed to be used anywhere by
ESLint because we had set the `env` property to `browser` in the ESLint
config. This has made it easy to accidentally use browser globals
(e.g. #8338), so it has been removed. Instead we now have a short list
of allowed globals.

All browser globals are now accessed as properties on `window`.

Unfortunately this change resulted in a few different confusing unit
test errors, as some of our unit tests setup assumed that a particular
global would be used via `window` or `global`. In particular,
`window.fetch` didn't work correctly because it wasn't patched by the
AbortController polyfill (only `global.fetch` was being patched).
The `jsdom-global` package we were using complicated matters by setting
all of the JSDOM `window` properties directly on `global`, overwriting
the `AbortController` for example.

The `helpers.js` test setup module has been simplified somewhat by
removing `jsdom-global` and constructing the JSDOM instance manually.
The JSDOM window is set on `window`, and a few properties are set on
`global` as well as needed by various dependencies. `node-fetch` and
the AbortController polyfill/patch now work as expected as well,
though `fetch` is only available on `window` now.
2020-04-15 14:23:27 -03:00
Mark Stacey
852277b2ae
Refactor notification manager and triggerUi to use extension platform (#8317)
The notification manager has been refactored to use the extension
platform module instead of using `extensionizer` directly. The
extension platform API presents a more ergonomic API, and it correctly
handles errors (which the old notification manager did not). Methods
that the extension platform lacked have been added.

It has been updated to use `async/await` instead of callbacks as well,
for readability.

The `triggerUI` function has also been updated to use the extension
platform instead of `extensionizer`.
2020-04-11 12:12:45 -03:00
Mark Stacey
28e2354583
Fix Sentry error processing for errors missing a stack (#8179)
Errors without stack traces would break the Sentry error processing,
which assumes the presence of a stack trace. Many errors don't have any
stack trace though, such as uncaught promises.

This breakage resulting in the app state being missing from the error
report, and a console warning.
2020-03-12 10:51:05 -03:00
Erik Marks
2df8b85c5f
LoginPerSite: Support multiple accounts without automatic switching (#8079)
* transaction editing: use txParams 'from' account

* signature-request: use txParams 'from' account

* signature-request-original: use txParams 'from' account

* encryption/decryption: use txParams 'from' account

* update tests

* set 'send' state 'from' address in confirm containers
2020-03-06 13:34:56 -08:00
Dan J Miller
1d2c57a2f3
Assign tabId to middleware request, if provided (#7695)
The `tabId` of the message sender is now added to the middleware
request object. This step is omitted if the `tabId` is not provided.
This is done early in the middleware stack, so the `tabId` should be
available for any subsequent middleware to use.

The Onboarding Middleware has also been modified to get the `tabId`
from the request object, rather than expecting it as a parameter upon
creation.

This refactor will enable further uses of the `tabId`.
2020-02-20 18:39:00 -04:00
Konstantin
6f47fece56
Implementation encrypt/decrypt feature (#7831)
Implement `eth_decrypt` and `eth_getEncryptionPublicKey`. This allows decryption backed by the user's private key. The message decryption uses a confirmation flow similar to the messaging signing flow, where the message to be decrypted is also able to be decrypted inline for the user to read directly before confirming.
2020-02-19 14:24:16 -04:00
Jenny Pollack
c1453c7528
Merge pull request #8056 from whymarrh/arrow-parens
Enable arrow-parens ESLint rule
2020-02-17 15:26:43 -07:00
Whymarrh Whitby
a78cf0ef3a Enable arrow-parens ESLint rule 2020-02-15 17:04:21 -03:30
Mark Stacey
62c5ea4f80
Update Wyre ETH purchase url (#8051)
* Revert "Revert "Update Wyre ETH purchase url" (#7631)"

This reverts commit bc67d1eeca.

* Restrict widget to just debit card payments

Apple Pay apparently only works on Safari.
2020-02-14 14:07:24 -08:00
Erik Marks
8e307f8d71
update inpage-provider; minor fixes (#7997) 2020-02-06 07:57:54 -08:00