1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-30 16:18:07 +01:00
Commit Graph

11659 Commits

Author SHA1 Message Date
Brad Decker
f311d31736 fix metametrics option tracking (#10071) 2020-12-14 21:13:16 -03:30
Etienne Dusseault
16efd7c933 Disable console in contentscript (#10040)
* Maintain console logging in dev mode

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-14 21:13:03 -03:30
Nicholas Rodrigues Lordello
288760cffe Display boolean values when signing typed data (#10048) 2020-12-14 21:07:51 -03:30
Mark Stacey
c30a42ab8e Fix token validation in Send flow (#10045)
Additional validation was added in #9907 to ensure that the "Known
contract address" warning was shown when sending tokens to another
token address after switching assets on the Send screen. Unfortunately
this change had the unintended side-effect of preventing _all_ token
sends after switching assets, so long as the recipient was not an
internal address.

The problem is that the `validate` function expects to be passed the
address of the token send recipient in the case where a token is
selected. Instead the token address was being passed to the validate
function.

The `query` state is now used, which should always contain the
recipient address. This is the same state used in the only other place
the `validate` function is called.
2020-12-14 21:07:15 -03:30
Mark Stacey
7879481569 Fix contentscript injection failure on Firefox 56 (#10034)
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.

To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
2020-12-14 21:07:01 -03:30
Mark Stacey
98d6f71754 Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-14 21:06:47 -03:30
Erik Marks
eeee8852cd
Add eth_getProof to safe methods (#10070)
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186

It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
2020-12-14 15:21:15 -08:00
Brad Decker
3cabe7525f
fix metametrics option tracking (#10071) 2020-12-14 15:54:33 -06:00
Etienne Dusseault
69df19f195
Disable console in contentscript (#10040)
* Maintain console logging in dev mode

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-14 11:17:13 -08:00
David Walsh
9a1548368f
Use Boolean for filters (#10066) 2020-12-14 11:03:59 -06:00
Erik Marks
8f40d03299
Add approval controller (#9401)
This PR introduces the new approval controller to the extension codebase. We use it for the permissions controller's pending approval functionality.

The approval controller sets us up for a new pattern of requesting and managing user confirmations in RPC methods. Along with the generic RPC method middleware, the approval controller will allow us to eliminate our message managers, and decouple various method handlers from our provider stack, making the implementations more portable between the extension and mobile.
2020-12-14 08:04:26 -08:00
Mark Stacey
5e01602a01
Cache dependencies (#10065)
Dependencies are now cached between builds, using a checksum of the
`yarn.lock` file as the cache key. The `node_modules` directory and the
`.har` file from the install are cached and restored, so that we ensure
the record of the install is always preserved alongside the
dependencies.

The consolidation of the `collect-har-artifact` script was to make it
easier to cache the `.har` file along with the dependencies.
2020-12-14 11:46:42 -03:30
dependabot[bot]
45b737fca0
Bump ini from 1.3.5 to 1.3.7 (#10064)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-11 18:27:42 -03:30
Mark Stacey
94f0588f0e
Add HTML coverage report to MetaMask bot comment (#10061)
The HTML code coverage report generated by `nyc` is now included in the
MetaMask bot comment. It has been saved as an artifact on CircleCI.
2020-12-11 16:21:00 -03:30
Mark Stacey
da1aae772b
Remove coveralls (#10063)
We don't look at coveralls very much. We might occasionally consult it
to see a report on our code coverage, but that report is already
generated entirely locally, and has been added to the MetaMask bot
comment in #10061.
2020-12-11 16:20:45 -03:30
David Walsh
b16737454e
Prevent metaMaskFee prop error in FeeCard (#10047) 2020-12-11 12:03:51 -06:00
Nicholas Rodrigues Lordello
fcf75d6438
Display boolean values when signing typed data (#10048) 2020-12-11 11:40:34 -06:00
Mark Stacey
caa5c73697
Use CircleCI executors to simplify CI config (#10055)
The CI config has been updated to use CircleCI executors. This allows
us to define the container environments used in one place, and reuse
these environment definitions between jobs.

This should result in no functional changes.
2020-12-11 14:07:13 -03:30
Mark Stacey
d8ec5f19f6
Use .zip for Firefox e2e tests (#10056)
The Firefox e2e tests now use the `.zip` file for testing the
extension. We've found this to produce more similar results to
production, compared to the old method of loading the unzipped
directory.

Passing in a `.zip` file to the Chrome driver didn't seem to work. I
didn't investigate this further to see if it was possible, but I'm not
sure it makes a difference on Chrome anyway.
2020-12-11 12:54:17 -03:30
Mark Stacey
4a5a2881d0
Update selenium-webdriver and geckodriver (#10057)
Update `geckodriver` to the latest version, and `selenium-webdriver`
to the second-most-recent version. Updates include various dependency
updates, bug fixes, and minor features. None of the updates seem to
directly affect us, aside from one new feature of `selenium-webdriver`
that updates the `installAddon` function to support `.zip` files, which
will be used in a subsequent PR.

`selenium-webdriver` was pinned one version behind latest because the
latest version caused our Chrome e2e tests to fail with a mysterious
error whenever `getAttribute` was called on a WebElement.
2020-12-11 12:03:20 -03:30
Mark Stacey
0b7579b5d8
Update Firefox version used on CI for e2e tests (#10058)
The Firefox version has been updated to the latest stable version: v83.
This was required to replicate production Firefox errors we saw
recently.
2020-12-11 12:03:00 -03:30
Erik Marks
54e9c53b27
Add web3 shim usage notification (#10039)
* Add web3 shim usage alert background state and logic
* Cleanup alert background state, constants
* Implement web3 shim usage notification and settings
* nodeify alert controller background hooks
* Remove svg icon, again
* Tweak alert controller initialization
* Add support article URL
* Un-thunk alert UI "actions"
* Delete connect.svg file (unused)
2020-12-10 15:40:29 -08:00
Erik Marks
db004d4486
Refactor home notification (#10046)
Co-authored-by: Brad Decker <git@braddecker.dev>
2020-12-10 12:02:21 -08:00
David Walsh
07c5527b1e
Use consistent font size for modal top right Close links (#10000) 2020-12-10 12:02:57 -06:00
Mark Stacey
4350a1422e
Fix token validation in Send flow (#10045)
Additional validation was added in #9907 to ensure that the "Known
contract address" warning was shown when sending tokens to another
token address after switching assets on the Send screen. Unfortunately
this change had the unintended side-effect of preventing _all_ token
sends after switching assets, so long as the recipient was not an
internal address.

The problem is that the `validate` function expects to be passed the
address of the token send recipient in the case where a token is
selected. Instead the token address was being passed to the validate
function.

The `query` state is now used, which should always contain the
recipient address. This is the same state used in the only other place
the `validate` function is called.
2020-12-10 14:28:19 -03:30
Mark Stacey
86fba2dac1
Fix contentscript injection failure on Firefox 56 (#10034)
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.

To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
2020-12-10 14:03:04 -03:30
Mark Stacey
4587e984f5
Increase Chrome minimum version (#10019)
The Chrome minimum version has been increased from v58 to v63. We found
that we had very few users on versions below v63, and v62 is
incompatible with our SES lockdown dependency.

This also makes us compatible with Object rest/spread syntax, so we
might not have to transpile that anymore. I'll revisit that separately.
2020-12-10 01:59:47 -03:30
Mark Stacey
9f50d8a300
Merge pull request #10033 from MetaMask/sync-master
Sync `master` with `develop`
2020-12-09 18:42:30 -03:30
Mark Stacey
b2aa14d676 Merge remote-tracking branch 'origin/develop' into sync-master
* origin/develop: (22 commits)
  Fix TokenList component name (#10030)
  Update `tweetnacl` dependencies (#10028)
  Rename `lockdown.cjs` to `lockdown.js` (#10026)
  Revert "Revert "Add SES lockdown to extension webapp (#9729)""
  Revert "Revert "Remove redundant babelify (#9945)""
  Add hidden tokens to store (#9320)
  @metamask/inpage-provider@^8.0.0 (#8640)
  Log persistence errors with Sentry (#10018)
  Fix SES lockdown on older browsers (#10014)
  Reapply view quote screen designs (#9905)
  Fix unbound metrics track function (#10016)
  Deobfuscate error message (#10012)
  Add SES lockdown and Sentry to all pages (#10013)
  Remove web3 injection (#9156)
  Initialize network controller provider chainId to the appropriate default networks (#9999)
  Fix Infura network chain IDs (#8629)
  Prevent props error in swaps gas modal (#10001)
  Fix 9906 - Prevent unwanted 'no quotes available' message when going back to build quote screen while having insufficient funds (#9994)
  Fix 9988 - Don't allow more than 15% slippage (#9991)
  Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
  ...
2020-12-09 18:11:19 -03:30
Mark Stacey
b0579f9e09
Merge pull request #10024 from MetaMask/Version-v8.1.8
Version v8.1.8 RC
2020-12-09 18:00:50 -03:30
Mark Stacey
6304ce15a2
Fix TokenList component name (#10030)
The TokenList component on the `add-token` page had the name `InfoBox`,
which doesn't seem applicable. It has been renamed to `TokenList`, to
match the module filename and the component name we use elsewhere.
2020-12-09 17:02:38 -03:30
Mark Stacey
8ab5230115
Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-09 15:40:33 -03:30
Mark Stacey
f579acc36d Update v8.1.8 changelog
All user-facing changes have been listed.
2020-12-09 12:19:46 -03:30
MetaMask Bot
d5be047b7b Version v8.1.8 2020-12-09 12:19:45 -03:30
Mark Stacey
07fab76dd0 Rename lockdown.cjs to lockdown.js (#10026)
When you load an extension `.zip` file in Firefox, it fails to load
scripts with the `.cjs` file extension. However, it works if you load
the extension via the `manifest.json` file instead.

After renaming the `lockdown.cjs` file to `lockdown.js`, it works in
Firefox in all cases, regardless whether it's loaded by manifest or by
`.zip`.
2020-12-09 12:19:17 -03:30
Mark Stacey
e9b5386f74 Log persistence errors with Sentry (#10018)
Failures to persist state are now logged in Sentry. Previously they
were only logged to the background console.
2020-12-09 12:19:16 -03:30
Mark Stacey
ba2c56c871 Fix SES lockdown on older browsers (#10014)
On older browsers that don't support `globalThis`[1], the SES lockdown
throws an error. The `globalthis` shim has been added to all pages, to
the background process, and to the `contentscript`. This should prevent
the error on older browsers.

[1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#Browser_compatibility
2020-12-09 12:19:16 -03:30
Mark Stacey
b75863dc00 Fix unbound metrics track function (#10016)
The new metrics controller has a `trackEvent` function that was being
called unbound, so `this` references were undefined. It is now bound
early in both places where it is passed in as a parameter.
2020-12-09 12:19:16 -03:30
Mark Stacey
01c0775486 Deobfuscate error message (#10012)
The SES lockdown added in #9729 had the effect of obfuscating our error
messages. Any messages printed to the console would have the error
message replaced with the string "Error #" followed by a number. The
stack was also updated to point at `lockdown.cjs`, though the original
stack was preserved beneath the top stack frame.

Marking the `console` API as untamed seems to have fixed both issues.
The original error message is now printed to the console, along with
the original stack.
2020-12-09 12:19:16 -03:30
Mark Stacey
4ae911eb23 Add SES lockdown and Sentry to all pages (#10013)
When the SES lockdown was added in #9729, the lockdown and the Sentry
initialization were migrated from the main bundle into separate
modules, which were run as separate `<script>` tags. These extra tags
were accidentally omitted for `home.html` and `notification.html`. As
a result Sentry was not initialized on these pages, so any errors
thrown on them would not be collected. They also do not benefit from
the SES lockdown.

The SES lockdown and Sentry initialization modules have been added to
both pages where they were missing.
2020-12-09 12:19:16 -03:30
Thomas Huang
6ecc3dee22 Initialize network controller provider chainId to the appropriate default networks (#9999) 2020-12-09 12:19:16 -03:30
David Walsh
55d3802b46 Prevent props error in swaps gas modal (#10001) 2020-12-09 12:19:16 -03:30
David Walsh
374dc0ffd8 Fix 9906 - Prevent unwanted 'no quotes available' message when going back to build quote screen while having insufficient funds (#9994) 2020-12-09 12:19:16 -03:30
David Walsh
b9cb0014ab Fix 9988 - Don't allow more than 15% slippage (#9991) 2020-12-09 12:19:16 -03:30
dependabot[bot]
79a56060ca Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.0 to 10.4.1.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.0...10.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-09 12:19:16 -03:30
Mark Stacey
01f1f403ce Add timeout to wait-until-called (#9996)
The `waitUntilCalled` utility now has a timeout. It will now throw an
error if the stub is not called enough times, rather than blocking
forever.

The return type had to be changed to a function, so that we could throw
when the timeout is triggered. I tried returning an error that rejected
first, but if you don't handle the error synchronously Node.js will
consider it to be an unhandled Promise rejected (even if it _is_
handled later on).

I worked around this by resolving in the timeout case as well, so that
there is never a "deferred" Promise exception in the timeout case. The
returned function re-throws the error if it's given. That way there is
never any unhandled Promise rejection.
2020-12-09 12:17:46 -03:30
Erik Marks
0ed9ed008b Update transaction params validation (#9992)
* Update transaction params validation

* fixup! Update transaction params validation

* Update to/data error message

* fixup! Update to/data error message
2020-12-09 12:17:44 -03:30
Mark Stacey
ffcdd1e76a Revert "Revert "Add SES lockdown to extension webapp (#9729)""
This reverts commit d783966065.
2020-12-09 12:11:55 -03:30
Mark Stacey
882e30e5ce Revert "Revert "Remove redundant babelify (#9945)""
This reverts commit 7696de2e4e.
2020-12-09 12:11:48 -03:30
Mark Stacey
f386e4ce4b
Rename lockdown.cjs to lockdown.js (#10026)
When you load an extension `.zip` file in Firefox, it fails to load
scripts with the `.cjs` file extension. However, it works if you load
the extension via the `manifest.json` file instead.

After renaming the `lockdown.cjs` file to `lockdown.js`, it works in
Firefox in all cases, regardless whether it's loaded by manifest or by
`.zip`.
2020-12-09 12:04:11 -03:30