Environment variables are now considered as higher-precedence than
configuration by our build system. This means that if the same value is
set in `.metamaskrc` and in an environment variable, the environment
variable is what will be used. Previously the reverse was true, the
configuration would take precedence.
It is conventional for CLI tools to consider environment variables as
higher precedence than configuration. This makes our build system less
surprising for most people.
We are working on migrating the extension to a unified network
controller, but before we do so we want to extract some of the existing
pieces, specifically `createInfuraClient` and `createJsonRpcClient`,
which provide the majority of the behavior exhibited within the provider
API that the existing NetworkController exposes. This necessitates that
we understand and test that behavior as a whole.
With that in mind, this commit starts with the Infura-specific network
client and adds some initial functional tests for `createInfuraClient`,
specifically covering three pieces of middleware provided by
`eth-json-rpc-middleware`: `createNetworkAndChainIdMiddleware`,
`createBlockCacheMiddleware`, and `createBlockRefMiddleware`.
These tests exercise logic that originate from multiple different places
and combine in sometimes surprising ways, and as a result, understanding
the nature of the tests can be tricky. I've tried to explain the logic
(both of the implementation and the tests) via comments. Additionally,
debugging why a certain test is failing is not the most fun thing in the
world, so to aid with this, I've added some logging to the underlying
packages used when a request passes through the middleware stack.
Because some middleware change the request being made, or make new
requests altogether, this greatly helps to peel back the curtain, as
failures from Nock do not supply much meaningful information on their
own. This logging is disabled by default, but can be activated by
setting `DEBUG=metamask:*,eth-query DEBUG_COLORS=1` alongside the `jest`
command.
We use this logging by bumping `eth-block-tracker`, and
`eth-json-rpc-middleware`.
* Update `eth-json-rpc-infura`
The package `eth-json-rpc-infura@5` has been updated to
`@metamask/eth-json-rpc-infura@7`. This update includes TypeScript
support, and it drops support for older node.js versions. The exports
have also been changed from default to named exports.
See here for a full list of changes: https://github.com/MetaMask/eth-json-rpc-infura/blob/main/CHANGELOG.md#700
* Fix LavaMoat policy issue
The `web3` package used by `@metamask/controllers` unintentionally
overwrites the `XMLHttpRequest` global, which breaks things. This was
fixed by revoking `web3`'s write access to that global using a policy
override.
Previously this policy override was applied to `web3`, but for some
unknown reason, this update caused that override to no longer apply.
* using the aggregators from tokenList instead of detectedToken to avoid conflicts between static and dynamic list
* removing aggregator from the detectTokens object List
A patch made in #15672 was found to be unnecessary. Instead of setting
a `rootGlobals` object upon construction of the root compartment, we
are now creating a `sentryHooks` object in the initial top-level
compartment. I hadn't realized at the time that the root compartment
would inherit all properties of the initial compartment `globalThis`.
This accomplishes the same goals as #15672 except without needing a
patch.
The Sentry `Dedupe` integration has been filtering out our events, even
when they were never sent due to our `beforeSend` handler. It was
wrongly identifying them as duplicates because it has no knowledge of
`beforeSend` or whether they were actually sent or not.
To resolve this, the filtering we were doing in `beforeSend` has been
moved to a Sentry integration. This integration is installed ahead of
the `Dedupe` integration, so `Dedupe` should never find out about any
events that we filter out, and thus will never consider them as sent
when they were not.
Our Sentry setup relies upon application state, but it wasn't able to
access it in LavaMoat builds because it's running in a separate
Compartment.
A patch has been introduced to the LavaMoat runtime to allow the root
Compartment to mutate the `rootGlobals` object, which is accessible
from outside the compartment as well. This lets us expose application
state to our Sentry integration.
* addding the legacy tokenlist, tuning token detection OFF by default, adding new message while importing tokens
updating the controller version and calling detectNewToken on network change
fixing rebase error
Run yarn lavamoat:auto for updating policies
updating lavamoat
Deleted node modules and run again lavamoat auto
fixing rebase issues
updating lavamoat policies
updating lavamoat after rebasing
policies
updating custom token warning and blocking detectedtoken link when tpken detection is off for supported networks
to update the token in fetchTosync
updating the contract map object
Revert build-system lavamoat policy changes
Move token list selection logic from components to getTokenList selector
updating the tokenList
Update lavamoat
Fix error
updating lavamoat
lint fix
fix unit test fail
fix unit test fail
lint fix
fixing rebase locale error
rebase fix
Revert build-system policy changes
temp
addressing review comments
* rebase fix
* Backup user data
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Tests for prependZero (utils.js)
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix advancedtab test
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
backup controller tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Backup controller don't have a store.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Restore from file.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Advanced Tab tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fix
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
e2e tests for backup
unit tests for restore.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix comments on PR.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
restore style
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
We should move the exportAsFile to a utility file in the shared/ directory
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Move export as file to shared folder
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Refactor create download folder methods
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Move the backup/restore buttons closer to 3box
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Change descriptions
Add to search
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
refactor code to use if instead of &&
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Restore button should change cursor to pointer.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix restore not uploading same file twice.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not backup these items in preferences
identities
lostIdentities
selectedAddress
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Only update what is needed.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fixed test for search
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* remove txError as it currently does nothing.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove dispatch, not needed since we're not dispatching any actions.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Event should be title case.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Make backup/restore normal async functions
rename event as per product suggestion.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Use success Actionable message for success message and danger for error
message
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* change event name to match with backup
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* fix e2e
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Two comments have been added to reference a longer explanation of what
the legacy provider streams are, why we still have them, and why we
want to remove them.
* Fix "app-init" injection
The way we were injecting variables into the `app-init.js` bundle was
accidentally overwriting the bundle output with the raw `app-init.js`
source file. This is a problem because the bundling process handles a
lot of things we care about like source maps, polyfills and other
necessary Babel transformations, environment variable injection, and
minification.
Instead of using string replacement to inject variables, we are now
using environment variables. The old string replacement strategy has
been removed, and the `app-init.js` module is now generated using the
same process as our other bundles.
A new option, "extraEnvironmentVariables", was added to allow us to
inject environment variables specifically for this bundle.
* Add check to ensure APPLY_LAVAMOAT is set
* Stop throwing an error when adding gas defaults for a simple send, that has data, to an address without a response code
* Lint fix
* fixup lint
Co-authored-by: brad-decker <bhdecker84@gmail.com>
* remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down
* add migration
* remove nock of on chain registry call in getMethodDataAsync test
* Don't send errors to sentry if users have not opted-in to participate in metametrics
* Don't capture opt-out metrics
* Move the metrics-opt in screen to immediately after the welcome screen
* Ensure that global.getSentryState is set in the background
* Fix e2e tests after rearranging onboardin flow
* Fix unit tests
* More e2e test fixes
* Remove unnecessary wrappers around capture exception
* Ensure that editing a transaction from a transfer to a simple send properly resets data and updates type
* Handle case where there are no unapproved txes
* Improve comment in updateSendAsset
* Remove unnecessary code in send transaction edit function
* Fix
* Ensure hex data is properly reset when changing from a safe transfer from tx to native send
* set more appropriate default for ticker symbol when wallet_addEthereumChain is called
* throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user
Renames the `MetaMaskController.workerController` property to `snapExecutionService`, which better matches the naming scheme used throughout the Snaps codebase. No functional changes.
* Increase likelyhood of valid method signatures being returned by getMethodData
* Update coverage
* Update coverage
* Update coverage
* add a migration to clear knownMethodData
* Small typo changes
Co-authored-by: Alex <adonesky@gmail.com>
* Only have timeout for when payload is getState
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix test
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* we should not call normalize if we're failing the transaction
refactor out update history
we should fail if un update we get an error and the warning message is
error submitting.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* refactor _setTransactionStatus
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* add function to check if url is localhost
* allow localhost rpcUrls in `wallet_addEthereumChain`
* allow localhost blockExplorerUrls
* wrap new URL in try/catch
* Return an estimated amount for a completed swap if an RPC provider has a delay
* Create a recursive function for updating post tx balance
* Add a few tests for the "getSwapsTokensReceivedFromTxMeta" fn
* Trigger Build
* When background port closes, UI should display a user friendly error.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove console.log
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
A couple of fixes
1. Use timeout in metaRPCClientFactory to check if UI can't
communicate with bg
2. Refactor locale setup
3. Fixed wording/capitalization
4. Fix locales usage so that linting works
5. Refactor CSS
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
do not simulate errorwq
Refactor loading css
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove the onDisconnect event handler in ui as this is handled in
metarpcclientfactory
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not throw in bg
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix PR comments
Remove unused message 'failedToLoadMessage'
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Move usage of locales to shared/** so that linter can see it.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not simulate error.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
metarpc can handle multiple requests, responseHandled should be a map.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
reload metamask button on critical error
Use metamask state (if available) to the locale, else read locale files
manually.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
use constant and numeric separator
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
refactor error utils
remove error simulation
Memoize setupLocale function
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
test cases
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not simulate error
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
1. store should be metamask state
2. code refactorings.
Tests: mock setupLocale
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Mock fetchLocale instead
Test setup locale
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
UI/CSS changes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not simulate failure
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* spell MetaMask correctly
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Rename state to mockStore
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* we should clean up this.responseHandled[id] in the error case.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fixed PR comments.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* clean up response handled.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* origin/develop: (131 commits)
Update `protobufjs` and remove obsolete advisory exclusion (#14841)
Include snap version in pill (#14803)
Update PULL_REQUEST_TEMPLATE.md (#14790)
fix: keystone transaction qrcode has no white spacing (#14798)
Snap notifications integration (#14605)
Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
snaps-skunkworks@0.15.0 (#14772)
Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
Ensure transaction type is correctly updated on edit (#14721)
Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
Migrate the "estimateGas" API call to "getFees" for STX (#14767)
Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
Adding flag for MV3 (#14762)
Add types to send state (#14740)
Remove site origin on snap install (#14752)
Update design tokens library from 1.5 to 1.6 WIP (#14732)
Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
remove draft transaction (#14701)
...
* origin/master: (101 commits)
Updating changelog
Add token standard to custom token details (#14506)
Revert "Dark Mode: What's New Announcement (#14346)"
Ensure network name in confirm page container is defined (#14520)
Updating lavamoat policies
Fix the alerts toggles in settings (#14498)
Disable swaps whenever the environment is not development or testing, so that behaviour follows production for QA purposes (#14499)
[skip e2e] Updating changelog for v10.14.0 (#14487)
Version v10.14.0
Docs - segment metrics (#14435)
Add snaps view search (#14419)
Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470)
Modify import SRP page (#14425)
Dark Mode: Implement Metrics (#14455)
HoldToRevealButton component (#13785)
e2e test import json file as import account strategy (#14449)
MetaMetrics: Identify 'number_of_tokens' user trait (#14427)
MetaMetrics: Identify 'nft_autodetection_enabled' & 'opensea_api_enabled' (#14367)
Swaps: Sort "token_from" dropdown tokens by their fiat value first and "token_to" by top tokens (#14436)
Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
...
* updated state on edit
* Update transaction type in updateEditableParams method instead of in the send duck
* Fix unit test
* Fix unit tests
* Fix and improve unit tests
Co-authored-by: dragana8 <dragana.simic@consensys.net>
The phishing warning page URL environment variable has been renamed
from `PHISHING_PAGE_URL` to `PHISHING_WARNING_PAGE_URL`. We call this
page the "phishing warning page" everywhere else, and this name seemed
better suited (it's not a phishing page itself).
The variable has been listed and documented in `.metamaskrc.dist` as
well.
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.
The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.
The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.
The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.
New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
* Update version parsing to allow rollback release
When we want to rollback a release on Chrome, sometimes we use the
fourth part of the version for the rollback release. This is because
the Chrome web stores does not directly allow rolling back, but instead
requires us to re-submit the release we want to roll back to with a
higher version number.
The manifest version parsing now allows for a fourth version part.
The comments have also been updated to be more descriptive, and to fix
a minor inaccuracy.
* Fix typo in comment
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
* Rename NotificationController to AnnouncementController
* Fix test
* Add test for missing NotificationController state
* Bump controllers
* Move test to correct file
* Rename config key
* Add migration 71 to list of migrations
* Fix selector after migration
* fix failed off chain tx mismatch with next confirmed transaction
* dont drop failed txs when tx in confirmed
* add comment for reassigning logic
* resolve change requests
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.
In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.
This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.
* MetaMetrics: identify number_of_tokens
* MetaMetrics: update number_of_tokens
do not filter by unique addresses.
Each token contract x chain id combo is a unique contract
* MetaMetrics: update MetaMetricsTraits @typedef
- add number_of_tokens
* MetaMetrics: clean up number_of_tokens
* MetaMetrics: alphabetize in test
* segment: instantiate w/out SEGMENT_HOST check
If SEGMENT_HOST is null, then the analytics-node library will usea defaulted host
* Segment: rm IN_TEST check for instantiation
* Add new user trait for 'Number of NFT collections'.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
FIx JS DOC
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Arrange TRAITS in alphabetical order
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Unit Tests for allCollectibles traits tracking.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
change cid to chainId
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* invert condition
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* jsdoc - alphabetical order
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* change {string} to the literal {number_of_nft_collections}
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Optimize _getNumberOfNFTs
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Set up correct timer value for fetching new quotes
* Show red timer in Swaps if quotes fetching will happen in less than 10s (previously it was 30s)
* Fix a UI issue with the notification close button
* Make stx refresh rates optional, since not every network supports them
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.
A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.
A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
* Set up correct timer value for fetching new quotes
* Show red timer in Swaps if quotes fetching will happen in less than 10s (previously it was 30s)
* Fix a UI issue with the notification close button
* Make stx refresh rates optional, since not every network supports them