1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-11 20:27:12 +01:00
Commit Graph

78 Commits

Author SHA1 Message Date
Frederik Bolding
305574703d [FLASK] snaps-skunkworks@0.22.0 (#16069)
* snaps-skunkworks@0.22.0

* Update LavaMoat policies

* Bump execution environment and fix a breaking change

* Fix caveat and permissions

* Fix test

* Exclude keyring endowment for now

* Fix test

* Fix snap_confirm missing title
2022-10-27 20:27:17 +02:00
Jyoti Puri
8c8539d1f5
Making addPermittedAccount and removePermittedAccount methods idempotent (#15709) 2022-09-07 01:17:48 +05:30
Frederik Bolding
7fc418a96d
[FLASK] snaps-skunkworks@0.20.0 (#15706)
* snaps-skunkworks@0.20.0

* Generate LavaMoat policy

* Fix some breaking changes

* Update iframe execution env

* Fix unit tests

* Implement snap_getBip44Entropy

* Regenerate LavaMoat policy

* Prefer ControllerMessenger over direct calls

* Fix not showing warning for BIP44 legacy permission and E2E test

Co-authored-by: Maarten Zuidhoorn <maarten@zuidhoorn.com>
2022-08-26 13:48:53 +02:00
Maarten Zuidhoorn
a52c6a4908
[FLASK] snaps-skunkworks@0.19.0 (#15619)
* Bump snaps-skunkworks to 0.19.0

* Improve snap_getBip32Entropy UI

* Remove console.log

* Update LavaMoat policy

* Dedupe Yarn lock

* Update LavaMoat policy again

* Fix tests

* Update policies and e2e tests

* Update policy again

* Update iframe-execution-environment

* Dedupe yarn.lock

* Update snapshots

* Fix PR comments

* Add TODO

* Trigger CI
2022-08-18 17:07:34 +02:00
Brad Decker
c72199a1a6
update prettier (#15360) 2022-07-31 13:26:40 -05:00
Brad Decker
652d631cda
remove exclusions for mismatched object jsdoc type casing (#15351) 2022-07-27 08:28:05 -05:00
Frederik Bolding
66c049bb35
snaps-skunkworks@0.14.0 (#14700)
* snaps-skunkworks@0.13.0

* snaps-skunkworks@0.14.0

* Fix test

* Add long-running permission copy and icon

* Run linting

* Fix typo

* Bump E2E version
2022-05-18 13:49:26 +02:00
Erik Marks
cef95f8733
Stop storing request and response objects in the permission activity log (#14485)
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.

In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.

This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.
2022-04-21 08:44:15 -07:00
Erik Marks
118480280c
snaps-skunkworks@0.10.2 (#13901) 2022-03-14 12:37:19 -07:00
Erik Marks
35ac762e10
Add Snaps via Flask (#13462)
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.

Closes #11626
2022-02-14 16:02:51 -08:00
Dan J Miller
0a4432513d
captureKeyringTypesWithMissingIdentities() when 'Missing identity for address' in permissions/specifications (#13521)
* captureKeyringTypesWithMissingIdentities() when 'Missing identity for address' in permissions/specifications

* Fix unit tests
2022-02-07 15:30:37 -03:30
Erik Marks
a5873eb7ff
Fix manually connecting sites (#13320) 2022-01-14 14:31:32 -08:00
Mark Stacey
c17fa40114
Consolidate permission exports (#13012)
The permission-related modules are now all exported together in the
index of the `app/scripts/controllers/permissions` directory.
2021-12-08 07:07:35 -03:30
Erik Marks
31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00
Dan Finlay
2df159841a
Add eth_feeHistory to safe method list (#11999)
So that we can expose this method to dapps.
2021-09-02 10:26:32 -07:00
Erik Marks
8a8ce3a0c0
@metamask/controllers@15.0.0 (#11975)
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.

This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.

As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
2021-08-31 12:27:13 -07:00
Erik Marks
e142bf0c5e
Fix _getPermittedAccounts type safety (#10819) 2021-04-05 11:32:46 -07:00
Brad Decker
5a233e4634
colocate tests in flat structure (#10655) 2021-03-16 16:00:08 -05:00
Erik Marks
a29fc51838
Ensure permission log will only store JSON-able data (#10524) 2021-03-10 11:50:06 -08:00
Shane
e3084b87cc
fix: manually connect accountsChanged (#10477)
fixes #9933
2021-02-19 09:48:49 -08:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
Thomas Huang
1dad4abfdc
Fix site metadata JSON-RPC handler (#10243)
* Fix getting the site metadata from the request origin params.

Regressed from inpage-provider ts migration the request. The property domainMetadata is now set as a params key for the request.

https://github.com/MetaMask/inpage-provider/blob/v7.0.0/src/siteMetadata.js#L19-L25
vs
https://github.com/MetaMask/inpage-provider/blob/main/src/siteMetadata.ts#L19-L27

* Change hardcoded mocked response of the request to the prod response.
2021-01-22 10:27:07 -08:00
Erik Marks
30ff153103
eth-rpc-errors@4.0.2 (#10226) 2021-01-20 22:06:41 -08:00
Erik Marks
90289ec22a
Further improve organization of constants (#10200) 2021-01-20 08:13:14 -08:00
Erik Marks
e05be40d92
@metamask/obs-store@5.0.0 (#10092) 2020-12-16 13:14:49 -08:00
Erik Marks
eeee8852cd
Add eth_getProof to safe methods (#10070)
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186

It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
2020-12-14 15:21:15 -08:00
Erik Marks
8f40d03299
Add approval controller (#9401)
This PR introduces the new approval controller to the extension codebase. We use it for the permissions controller's pending approval functionality.

The approval controller sets us up for a new pattern of requesting and managing user confirmations in RPC methods. Along with the generic RPC method middleware, the approval controller will allow us to eliminate our message managers, and decouple various method handlers from our provider stack, making the implementations more portable between the extension and mobile.
2020-12-14 08:04:26 -08:00
Erik Marks
3bf94164ac
@metamask/inpage-provider@^8.0.0 (#8640)
* @metamask/inpage-provider@^8.0.0
* Replace public config store with JSON-RPC notifications
* Encapsulate notification permissioning in permissions controller
* Update prefix of certain internal RPC methods and notifications
* Add accounts to getProviderState
* Send accounts with isUnlocked notification (#10007)
* Rename provider streams, notify provider of stream failures (#10006)
2020-12-08 11:48:47 -08:00
Erik Marks
1da9ad77a4
json-rpc-engine@6.1.0 (#9922) 2020-12-02 11:41:24 -08:00
Mark Stacey
14d85b1332
Make JSDoc formatting more consistent (#9796)
A few inconsistencies in JSDoc formatting have been fixed throughout
the project. Many issues remain; these were just the few things that
were easy to fix with a regular expression.

The changes include:

* Using lower-case for primitive types, but capitalizing non-primitive
 types
* Separating the parameter identifier and the description with a dash
* Omitting a dash between the return type and the return description
* Ensuring the parameter type is first and the identifier is second (in
 a few places it was backwards)
* Using square brackets to denote when a parameter is optional, rather
 than putting "(optional)" in the parameter description
* Including a type and identifier with every parameter
* Fixing inconsistent spacing, except where it's used for alignment
* Remove incorrectly formatted `@deprecated` tags that reference non-
 existent properties
* Remove lone comment block without accompanying function

Additionally, one parameter was renamed for clarity.
2020-11-10 14:00:41 -03:30
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
Mark Stacey
7d0a7ab301
Update @metamask/eslint-config to v4.1.0 (#9663)
`@metamask/eslint-config` has been updated to v4.1.0. This update
requires that we update `eslint` to v7 as well, which in turn requires
updating most `eslint`-related packages.

Most notably, `babel-eslint` was replaced with `@babel/eslint-parser`,
and `babel-eslint-plugin` was replaced by `@babel/eslint-plugin`. This
required renaming all the `babel/*` rules to `@babel/*`.

Most new or updated rules that resulted in lint errors have been
temporarily disabled. They will be fixed and re-enabled in subsequent
PRs.
2020-10-21 14:01:03 -02:30
Whymarrh Whitby
b6ccd22d6c
Update ESLint shared config to v3 (#9274)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-19 13:57:05 -02:30
Whymarrh Whitby
c11888f287
Fix no-empty-function issues (#9216)
See [`no-empty-function`](https://eslint.org/docs/rules/no-empty-function) for more information.

This change enables `no-empty-function` and fixes the issues raised by the rule.
2020-08-14 09:17:02 -02:30
Whymarrh Whitby
a8863a3446
Fix consistent-return issues (#9192)
See [`consistent-return`](https://eslint.org/docs/rules/consistent-return) for more information.

This change enables `consistent-return` and fixes the issues raised by the rule.
2020-08-12 16:36:57 -02:30
Whymarrh Whitby
885125ad03
Fix no-case-declarations issues (#9191)
See [`no-case-declarations`](https://eslint.org/docs/rules/no-case-declarations) for more information.

This change enables `no-case-declarations` and fixes the issues raised by the rule.
2020-08-12 14:11:27 -02:30
Erik Marks
e5cb63eea2
Add web3 usage metrics, prepare for web3 removal (#9144)
* add web3 usage metrics

* move web3 metrics method to new middleware

* rename some methods, files, and exports
2020-08-07 12:28:23 -07:00
Whymarrh Whitby
e0cc84bbfa
Use async/await for getRestrictedMethods (#9099) 2020-07-29 19:50:20 -02:30
Whymarrh Whitby
68a64af5b3
Fix callback-return issues (#8996)
See [`callback-return`](https://eslint.org/docs/rules/callback-return) for more information.

This change enables `callback-return` and fixes the resulting issues.
2020-07-17 20:19:52 -02:30
Mark Stacey
01301087ea
Fix web3_clientVersion method (#8998)
This method was accidentally broken with the introduction of the
permissions controller, as this was missing from the list of safe
methods.

It is now included in the list of safe methods.

Fixes #8993
2020-07-15 15:34:10 -03:00
Whymarrh Whitby
4f0a205369
Use eslint@6.8.0 (#8978)
* Use eslint@6.8.0
* yarn lint:fix
2020-07-14 12:50:41 -02:30
Erik Marks
8bc02d4b5e
rpc-cap@3.0.0 (#8924)
* rpc-cap@3.0.0

* adapt use of rpc-cap for new major version
2020-07-05 12:49:22 -07:00
Erik Marks
04de9a92c5
Fix signing method bugs (#8833)
* update signTypedData validation

* update tests for new eth-json-rpc-middleware

* remove lowercasing of tx 'from' addresses
2020-06-23 09:12:11 -07:00
Mark Stacey
6ca18c3573
Fix handling of permissions of removed accounts (#8803)
Imported accounts can be removed, but the permissions controller is not
informed when this happens. Permissions are now removed as part of the
account removal process.

Additionally, the `getPermittedIdentitiesForCurrentTab` selector now
filters out any non-existent accounts, in case a render occurs in the
middle of an account removal.

This was resulting in a render crash upon opening the popup on a site
that was connected to the removed account.
2020-06-15 10:27:27 -03:00
Erik Marks
a84eedb7da
Permissions: Do not display HTTP/HTTPS URL schemes for unique hosts (#8768)
* only show URL.host in connected-accounts component

* strip scheme from URL for unique hosts

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-06-09 13:56:24 -07:00
Erik Marks
c8a995dd9b
Send accountsChanged notification for wallet_requestPermissions (#8742)
* emit accountsChanged for eth_accounts via wallet_requestPermissions

* add/update tests
2020-06-04 12:15:52 -07:00
Whymarrh Whitby
a75dcae9bb
Merge branch 'develop' into manual-connect 2020-05-28 07:20:26 -02:30
Brad Decker
34fb525ce5
Limit Dapp permissions to primary account (#8653) 2020-05-27 22:35:09 -05:00
Whymarrh Whitby
5b1608681c Manually connect via the full connect flow 2020-05-27 21:45:41 -02:30
Whymarrh Whitby
4802ed1df5
Localize permission descriptions (#8661) 2020-05-27 18:15:10 -02:30