The "MetaMask middleware" is the set of middleware for handling methods that
we don't send to the network. This includes signing, encryption, `getAccounts`,
and methods that rely on pending transaction state.
Previously this middleware was setup as part of the network client, despite
having nothing to do with the network. They have been moved into the main RPC
pipeline established in `metamask-controller.js` instead.
This is a pure refactor, and should have no functional changes. The middleware
are still run in exactly the same order with the same arguments.
The network state is now passed to the TransactionController via a
getter function and a subscription function, instead of passing one of
the network controller stores directly.
This way of passing the state makes further refactoring easier, as we
don't have to change the input when the store is changed or replaced.
It's also more aligned with our conventions today.
This change was made as part of a larger refactor of the network
controller, as part of the effort to merge the mobile and extension
network controllers.
* Simplify MV3 initialization
The MV3 initialization logic was complicated and introduced race
difficult-to-reproduce race conditions when dapps connect during
initialization.
It seems that problems were encountered after the UI tried to connect
before the background was initialized. To address this, the
initialization step was _delayed_ until after the first connection.
That first connection was then passed into the initialization function,
and setup properly after initialization had begun.
However, this special treatment is only given for the first connection.
Subsequent connections that still occur during initialization would
fail. This also results in the initialization being needlessly delayed,
which is concerning given that our main performance goal is to speed it
up.
* Setup connect listeners before controller initialization
* Add comments
* Add comment explaining isInitialized step
* Add all controllers in memstore to store
Add methods to controller to reset memstore
Reset memstore when popup or tab is closed.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* When profile is loaded, set isFirstTime to true..
After resetting the controllers, set the flag to false.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove console.logs
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* For some reason programmatically computing the store is not working.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Proper check for browser.storage
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* do a list of rest methods instead of reset controllers.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Mock controller resetStates and localstore get/set
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Comments about TLC
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* bind this.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* use globalThis instead of locastore to store first time state.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Test to check that resetStates is not called a second time
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Set init state in GasFeeController and other controllers so that their
state is persisted accross SW restarts
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Revert localstore changes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* wrap the reset states changes in MV3 flag
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove localstore from metamask-controller
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Always reset state on MMController start in MV2.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Use relative path for import of isManifestV3
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix unit test
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove 3box feature and delete ThreeBoxController
Lint locale messages
lavamoat policy updates
* Restore 3Box user trait with value `false`
The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.
A deprecation comment has been left in various places for this trait.
* Remove unused state
* Remove additional 3box-related things
* Run `yarn-deduplicate`
* Restore migration that was lost while rebasing
* Remove obsolete override
* Remove additional unused resolutions/dependencies
* Update LavaMoat policies
* Remove obsolete security advisory ignore entries
* Remove 3Box fixture builder method
* Update unit tests
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Deprecating Rinkeby, setting default debug network to Goerli
* Deprecating Ropsten and Kovan
* Conflict fix
* Remove unused localization, test fixes
* Add migration for moving used deprecated testnets to custom networks
* Fix migrator test
* Add more unit tests
* Migration updates provider type to rpc if deprecated network is selected
* Migration fully and correctly updates the provider if selected network is a deprecated testnet
* Continue to show deprecation warning on each of rinkeby, ropsten and kovan
* Add rpcUrl deprecation message to loading screen
* Removing mayBeFauceting prop
Co-authored-by: Dan Miller <danjm.com@gmail.com>
* deprecate extensionizer for webextension-polyfill
* fix tests
* remove extensionizer
* fix browser windows api calls
* fix broken on firefox
* fix getAcceptLanguages call
* update more browser apis that are now promisified
* remove unnecessary console error ignoring in e2e tests
The `nodeify` utility is no longer needed for the background API.
Instead each method is assumed to be either synchronous or Promise-
returning.
The error handling was updated to at least log the error in the case
where a method fall fails after the connection is broken.
# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Add support for eip-1559 on Trezor
* temp
* Lint fix
* Store trezor model type in background state instead attempting to get it in the frontend
* code simplification
* Temp update to eth-trezor-keyring version
* Tempory update to eth-trezor-keyring version
* Temp update to eth-trezor-keyring version
* Fix display of hdpath selector in connect hardware flow for trezor
* Updating the package version but we still need to run yarn setup and update the lockfile, once the package is updated
* Update yarn.lock
* Fix unit tests
* Fix#5039
* Converted function into async
* Added more explicit explanation of why the number of bits for EcSign
* eth_sign and eth_personalSign now report errors correctly back to the user
* Added leeway to unsigned message byte check
* Fix lint
* add command to debug unit tests
* remove extra zero balance account potentially created from seeking ahead
* Add PR 12074 to CHANGELOG
* Revert "Add PR 12074 to CHANGELOG"
This reverts commit 9f6f7eec1cac163c0ce1c711b1c205322aa5b2af.
* Remove test debug command
* bump @metamask/controllers to v15.0.1 and remove AbortController workaround in e2e tests
* remove old abortcontroller polyfill
* bump @metamask/controllers to v15.0.2
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.
This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.
As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
The CurrencyRateController has been migrated to the BaseControllerV2
API, which includes various API changes. These changes include:
* The constructor now expects to be passed a
`RestrictedControllerMessenger`.
* State changes are subscribed to via the `ControllerMessenger` now,
rather than via a `subscribe` function.
* The state and configration are passed in as one "options" object,
rather than as two separate parameters
* The polling needs to be started explicitly by calling `start`. It
can be stopped and started on-demand now as well.
* Changing the current currency or native currency will now throw an
error if we fail to update the conversion rate.
The `ComposableObservableStore` has been updated to accomodate these
new types of controllers. The constructor has been updated to use an
options bag pattern as well, to make the addition of the new required
`controllerMessenger` parameter a bit less unweildly.
The `assert` module has two modes: "Legacy" and "strict". When using
strict mode, the "strict" version of each assertion method is implied.
Whereas in legacy mode, by default it will use the deprecated, "loose"
version of each assertion.
We now use strict mode everywhere. A few tests required updates where
they were asserting the wrong thing, and it was passing beforehand due
to the loose matching.
