1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Commit Graph

165 Commits

Author SHA1 Message Date
Erik Marks
cef95f8733
Stop storing request and response objects in the permission activity log (#14485)
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.

In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.

This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.
2022-04-21 08:44:15 -07:00
Mark Stacey
3732c5f71e
Add JSDoc ESLint rules (#12112)
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.

Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.

Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
2022-01-07 12:27:33 -03:30
Mark Stacey
ba54a3d83b
Update ESLint config to v8 (#12886)
The ESLint config has been updated to v8. The breaking changes are:

* The Prettier rule `quoteProps` has been changed from `consistent` to
`as-needed`, meaning that if one key requires quoting, only that key is
quoted rather than all keys.
* The ESLint rule `no-shadow` has been made more strict. It now
prevents globals from being shadowed as well.

Most of these changes were applied with `yarn lint:fix`. Only the
shadowing changes required manual fixing (shadowing variable names were
either replaced with destructuring or renamed).

The dependency `globalThis` was added to the list of dynamic
dependencies in the build system, where it should have been already.
This was causing `depcheck` to fail because the new lint rules required
removing the one place where `globalThis` had been erroneously imported
previously.

A rule requiring a newline between multiline blocks and expressions has
been disabled temporarily to make this PR smaller and to avoid
introducing conflicts with other PRs.
2021-12-09 15:36:24 -03:30
Erik Marks
fc1ffae406
Add subject types (#13026)
This PR introduces the concept of subject _types_ to be associated with each subject in the `SubjectMetadataController`, and used for control flow in our RPC stack (`setupProviderEngine` and so forth).

We already differentiate between "types" of subjects in various places on an ad hoc basis via boolean flags (e.g. `isInternal` in our RPC stack) or the presence/absence of certain values in the subject's metadata (specifically `metadata.extensionId`). The status quo is manageable if not ideal, but will start to become untenable with the introduction of Snaps in the near future.

Therefore, this PR establishes a `SUBJECT_TYPES` enum and adds the `subjectType` property to the metadata of each subject. A new migration is added to accomplish this. Finally, we specify and `INTERNAL` subject type to distinguish internal from external requests.
2021-12-08 15:37:29 -08:00
Erik Marks
31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00
Alex Donesky
9e2935dd55
Revert "Feat/collectibles display (#12873)" (#12934)
This reverts commit 81ea24f08a.
2021-12-01 17:46:26 -06:00
Alex Donesky
81ea24f08a
Feat/collectibles display (#12873)
* Wiring up Collectibles lists/items

* wip

* more wip

* more more wip

* yet more wip

* wippp

* more wipppp

* closer

* wroking

* more wip

* cleanup

* cleanup

* add-collectible form validation

* update default ipfs-gateway

* update refresh button

* fix proptypes issue + add more padding to asset background

* css tweaking

* more cleanup

* more cleanup

* more cleanup

* add migration

* address feedback

* fix migration + cleanup

* bumping controllers version + adapting new collectiblesController shape

* fix yarn dedupe
2021-12-01 10:10:17 -06:00
Dan J Miller
2ced3a8bfa
Add migration to set showTestNetworks to true if there is evidence of testnet use (#12675)
* Add migration to set showTestNetworks to true if there is evidence the user has used a test network

* Add migration to index file

* Remove console.log

* Clean up conditional structure in migration 67
2021-11-15 15:50:33 -03:30
Dan J Miller
9d70c60c22
Connect Ledger via WebHID (#12411)
* Connect ledger via webhid if that option is available

* Explicitly setting preference for webhid

* Use ledgerTransportType enum instead of booleans for ledger live and webhid preferences

* Use single setLEdgerTransport preference methods and property

* Temp

* Lint fix

* Unit test fix

* Remove async keyword from setLedgerTransportPreference function definition in preferences controller

* Fix ledgelive setting toggle logic

* Migrate useLedgerLive preference property to ledgerTransportType

* Use shared constants for ledger transport type enums

* Use constant for ledger usb vendor id

* Use correct property to check if ledgerLive preference is set when deciding whether to ask for webhid connection

* Update eth-ledger-bridge-keyring to v0.9.0

* Only show ledger live transaction helper messages if using ledger live

* Only show ledger live part of tutorial if ledger live setting is on

* Fix ledger related prop type errors

* Explicitly use u2f enum instead of empty string as a transport type; default transport type to webhid if available; use constants for u2f and webhid

* Cleanup

* Wrap ledger webhid device request in try/catch

* Clean up

* Lint fix

* Ensure user can easily connect their ledger wallet when they need to.

* Fix locales

* Fix/improve locales changes

* Remove unused isFirefox property from confirm-transaction-base.container.js

* Disable transaction and message signing confirmation if ledger webhid requires connection

* Ensure translation keys for ledger connection options in settings dropdown can be properly detected by verify-locales

* Drop .component from ledger-instruction-field file name

* Move renderLedgerLiveStep to module scope

* Remove ledgerLive from function and message names in ledger-instruction-field

* Wrap ledger connection logic in ledger-instruction-field in try catch

* Clean up signature-request.component.js

* Check whether the signing address, and not the selected address, is a ledger account in singature-request.container

* Ensure ledger instructions and webhid connection button are shown on signature-request-original signatures

* Improve webhid selection handling in select-ledger-transport-type onChange handler

* Move metamask redux focused ledger selectors to metamask duck

* Lint fix

* Use async await in checkWebHidStatusRef.current

* Remove unnecessary use of ref in ledger-instruction-field.js

* Lint fix

* Remove unnecessary try/catch in ledger-instruction-field.js

* Check if from address, not selected address, is from a ledger account in confirm-approve

* Move findKeyringForAddress to metamask duck

* Fix typo in function name

* Ensure isEqualCaseInsensitive handles possible differences in address casing

* Fix Learn More link size in advanced settings tab

* Update app/scripts/migrations/066.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update ui/pages/settings/advanced-tab/advanced-tab.component.test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Add jsdoc comments for new selectors

* Use jest.spyOn for mocking navigator in ledger webhid migration tests

* Use LEDGER_TRANSPORT_TYPES values to set proptype of ledgerTransportType

* Use LEDGER_TRANSPORT_TYPES values to set proptype of ledgerTransportType

* Fix font size of link in ledger connection description in advanced settings

* Fix return type in setLedgerTransportPreference comment

* Clean up connectHardware code for webhid connection in actions.js

* Update app/scripts/migrations/066.test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update ui/ducks/metamask/metamask.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Add migration test for when useLedgerLive is true in a browser that supports webhid

* Lint fix

* Fix inline-link size

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-10-21 16:47:03 -02:30
Alex Donesky
71f91568db
Migrate completedOnboarding and firstTimeFlowType state into onboardingController (#12356)
* migrate completedOnboarding state into onboardingController

* migrate firstTimeFlowType state from preferencesController to onboardingController
2021-10-15 13:52:52 -05:00
Thomas Huang
1cc45774dc
Jestify continue (#12173) 2021-09-22 08:15:40 -07:00
Thomas Huang
e78e82205a
Jestify migrations/ (#12106)
* Jestify migrations/

* Lint exclude migrations from mocha config, and add inclusion to jest config

* Add migration tests to jest config

* Exclude/ignore migration tests

* Set process.env.IN_TEST to true when running tests locally
2021-09-21 09:28:13 -07:00
Alex Donesky
2a9fbffb6c
Replace hardcoded sent ether label on confirm screen (#11802)
* Replace hardcoded sent ether label on confirm screen

* replace transaction type SENT_ETHER with network agnostic SENDING_NATIVE_ASSET

* remove sentEther translation base

* make backwards compatible with lingering transaction of legacy sentEther type

* update localalization files

* fixup legacy sentEther transaction type

* changing new transaction type away from localization string

* revert migration tests

* update fixtures and test data

* update name of new transaction type

* add migration

* remove legacy SENT_ETHER from transaction types enum object
2021-09-15 16:54:51 -05:00
Alex Donesky
490d3b8d40
Integrate TokensController (#11552)
* Integrate controllers/tokensController

* address rebase issues

* small cleanup

* addressing feedback

* more feedback
2021-09-10 12:37:19 -05:00
ryanml
d96973e55b
Improving handling for non-existent props in state migrations (#11829) 2021-08-17 19:18:53 -07:00
muji
aef1cd2450
Use ESM imports in migrations index. (#11443)
So that spack does not complain about mixing CommonJs and ESM.
2021-07-13 17:11:53 -05:00
ryanml
a69ed05141
Removing obsolete client-side transaction metrics events (#11329)
* Removing metametrics send count tracking

* Removing client side Transaction Completed and Canceled events
2021-06-24 15:37:44 -07:00
ryanml
9932c40651
Adding periodic reminder modal for backing up recovery phrase (#11021)
* Adding recurring recovery phrase reminder modal

* Refactoring per PR feedback
2021-06-04 23:33:58 -07:00
ryanml
86b61a2fc2
Removing support survey notification from What's New (#11118)
* Removing support notification from what's new

* Adding migration for support notification removal

* Expanding test cases, using async/await for storage comparison
2021-05-18 10:55:55 -07:00
Brad Decker
d9a2165f69
use safer toChecksum utility (#11117) 2021-05-17 16:19:39 -05:00
Brad Decker
8f44383837
Migration to remove erroneous tx state (#11107) 2021-05-17 12:44:47 -05:00
Mark Stacey
f47cfbbb3e
Use strict assertion mode everywhere (#11012)
The `assert` module has two modes: "Legacy" and "strict". When using
strict mode, the "strict" version of each assertion method is implied.
Whereas in legacy mode, by default it will use the deprecated, "loose"
version of each assertion.

We now use strict mode everywhere. A few tests required updates where
they were asserting the wrong thing, and it was passing beforehand due
to the loose matching.
2021-05-07 17:08:24 -02:30
Dan J Miller
b73f543b23
Whats new popup (#10583)
* Add 'What's New' notification popup

* Move selectors from shared/notifications into ui/ directory

* Use keys for localized message in whats new notifications objects, to ensure notifications will be translated.

* Remove unused swaps intro popup locale messages

* Fix keys of whats new notification locales

* Remove notifications messages and descriptions from comment in shared/notifications

* Move notifcationActionFunctions to shared/notifications and make it stateless

* Get notification data from constants instead of state in whats-new-popup

* Code cleanup

* Fix build quote reference to swapsEthToken, broken during rebase

* Rename notificationFilters to notificationToExclude to clarify its purpose

* Documentation for getSortedNotificationsToShow

* Move notification action functions from shared/ to whats-new-popup.js

* Stop setting swapsWelcomeMessageHasBeenShown to state in app-state controller

* Update e2e tests for whats new popup changes

* Updating migration files

* Addressing feedback part 1

* Addressing feedback part 2

* Remove unnecessary div in whats-new-popup

* Change getNotificationsToExclude to getNotificationsToInclude for use in the getSortedNotificationsToShow selector

* Delete intro-popup directory and test files

* Lint fix

* Add notifiction state to address-entry fixture

* Use two separate functions for rendering first and subsequent notifications in the whats-new-popup

* Ensure that string literals are passed to t for whats new popup text

* Update import-ui fixtures to include notificaiton controller state

* Remove unnecessary, accidental change confirm-approve

* Remove swaps notification in favour of mobile swaps as first notifcation and TBD 3rd notification

* Update whats-new-popup to use intersection observer api to detect if notification has been seen

* Add notifications to send-edit and threebox e2e test fixtures

* Update ui/app/selectors/selectors.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update ui/app/selectors/selectors.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Clean up locale code for whats-new-popup notifications

* Disconnect observers in whats-new-popup when their callback is first called

* Add test case for migration 58 for when the AppStateController does not exist

* Rename popover components containerRef to popoverWrapRef

* Fix messages.json

* Update notification messages and images

* Rename popoverWrapRef -> popoverRef in whats-new-popup and popover.component

* Only create one observer, and only after images have loaded, in whats-new-popup

* Set width and height on whats-new-popup image, instead of setting state on img load

* Update ui/app/components/app/whats-new-popup/whats-new-popup.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Code clean up in whats new popup re: notification rendering and action functions

* Code cleanup in render notification functions of whats-new-popup

* Update ui/app/components/app/whats-new-popup/whats-new-popup.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* lint fix

* Update and localize  notification dates

* Clean up date code in shred/notifications/index.js

Co-authored-by: ryanml <ryanlanese@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-04-28 14:21:41 -02:30
Brad Decker
d1f8171877
upgrade ethereumjs util (#10886) 2021-04-16 10:05:13 -05:00
David Walsh
fc30fd44d7
Fix 10036 - Prevent odd localStorage migration error in Firefox (#10884) 2021-04-14 09:24:17 -05:00
Erik Marks
e18deda0da
@metamask/eslint-config*@6.0.0 (#10858)
* @metamask/eslint-config*@6.0.0

* Minor eslintrc reorg
2021-04-08 14:34:55 -07:00
Brad Decker
4080ed63a4
Refactor Tx State Manager (#10672)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-03-30 09:54:05 -05:00
David Walsh
29cc31afe8
Fix 10517 - Prevent tokens without addresses from being added to token list (#10593) 2021-03-29 16:05:36 -05:00
Brad Decker
1b4504e233
make migration more safe (#10689) 2021-03-22 10:21:52 -05:00
Brad Decker
a81629e104
refactor incoming tx controller (#10639) 2021-03-19 16:54:30 -05:00
ryanml
530e8c132f
Fixing incorrectly typed token decimal attribute (#10666) 2021-03-19 10:17:39 -07:00
Brad Decker
5a233e4634
colocate tests in flat structure (#10655) 2021-03-16 16:00:08 -05:00
Brad Decker
2ed5bafa11
remove transactionCategory in favor of more types (#10615)
* remove transactionCategory in favor of more types

* remove reference to STANDARD in stubs
2021-03-10 14:16:44 -06:00
Brad Decker
caa32d87fb
key tokens by chainId (#10510) 2021-02-26 09:40:25 -06:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
Erik Marks
90289ec22a
Further improve organization of constants (#10200) 2021-01-20 08:13:14 -08:00
Dan J Miller
2431a5821c
Migration 51: ensure chainId is set in state for default/infura providers (#10170)
* Migration 51: ensure chainId is set in network controller provider state for all infura/default networks

* Clean up

* Migrate incorrect as well as falsy chainIds

Co-authored-by: Erik Marks <rekmarks@protonmail.com>
2021-01-11 11:09:15 -03:30
Dan J Miller
1661953e23
Migration to remove legacy local storage keys from localStorage (#9986)
* Migration to remove legacy local storage keys from localStorage

* Update app/scripts/migrations/050.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update app/scripts/migrations/050.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Fix unit tests for migration 50

* Fixing stubbing and localstorage reference in migration 50

* Update test/helper.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-03 20:25:23 -03:30
Brad Decker
0653a489b0
add new MetaMetricsController (#9857) 2020-12-02 15:41:30 -06:00
Brad Decker
a49a4a066c
expand transaction constants coverage (#9790)
* expand transaction constants coverage

* touchups

* dont import inside of e2e

* Update app/scripts/controllers/transactions/tx-state-manager.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update test/unit/app/controllers/transactions/tx-controller-test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-07 01:38:12 -06:00
Patryk Łucka
ee205b893f
Create custom addHexPrefix function (#9306)
* create custom addHexPrefix function

* switch to custom addHexPrefix

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
2020-11-06 13:18:00 -08:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
Whymarrh Whitby
3c492a2ff7
Remove incorrect Migrator comment (#9659)
This change removes an incorrect comment about migrations
2020-10-20 11:34:55 -02:30
Erik Marks
6e8c9aede8
Migrate 'localhost' tokens (#9570)
* Delete localhost state from incoming tx controller

* Migrate localhost tokens

Co-authored-by: Dan Finlay <542863+danfinlay@users.noreply.github.com>
2020-10-13 07:07:00 -07:00
Erik Marks
4ce04b5cb9
Delete localhost state from incoming tx controller (#9569) 2020-10-13 06:18:24 -07:00
Erik Marks
f9e0c64abe
Fix migration 048 chainId conversion (#9567) 2020-10-12 19:24:45 -07:00
Erik Marks
e071b4482e
Use chainId values for the address book (#9565)
* Delete CachedBalancesController.cachedBalances

* Migrate provider to Rinkeby instead of deleting it

* Convert hex transaction metamaskNetworkId values to decimal

* Don't migrate provider state in e2e tests

* Don't kick custom RPC users to Rinkeby unnecessarily

* Use provider.chainId for address book chainId values

* Add address book migration

* Fix failing unit test

* fixup! Merge branch 'develop' into address-book-use-chainId

* Select address book entries for display by chainId

* Merge all address book entry keys

* fixup! Merge all address book entry keys
2020-10-12 16:35:55 -07:00
Erik Marks
bdd6416ba0
Update migration 048 (#9560)
* Delete CachedBalancesController.cachedBalances

* Migrate provider to Rinkeby instead of deleting it

* Convert hex transaction metamaskNetworkId values to decimal

* Don't migrate provider state in e2e tests

* Don't kick custom RPC users to Rinkeby unnecessarily
2020-10-12 14:09:08 -07:00
Erik Marks
5b8c07817a
Remove localhost provider type (#9551)
* Delete localhost provider type

* Use ganache-cli default chain ID for tests

* Delete unused test firstTimeState variable

* Migrate default ganache-cli network to frequentRpcListDetail

* Add default test provider state

* Add test functionality to createJsonRpcClient

* Lint locales

* Update test middleware creation

* fixup! Update test middleware creation
2020-10-12 12:05:40 -07:00
Erik Marks
088d4c34f1
Merge pull request from GHSA-c2xw-px2x-pr65
* Remove network config store
* Remove inline networks variable in network controller
* Re-key network controller 'rpcTarget' to 'rpcUrl'
* Require chainId in lookupNetwork, implement eth_chainId
* Require chain ID in network form
* Add alert, migrations, and tests
* Add chainId validation to addToFrequentRpcList
* Update public config state selector to match new network controller
state
* Use network enums in networks-tab.constants
* Ensure chainId in provider config is current
* Update tests
2020-10-06 15:27:02 -02:30