Previously Chrome would ignore an attempt to navigate to a restricted
URL like an extension page that is not web accessible. In a recent
Chrome update, this has changed. Now it does perform the navigation,
but to an error page that explains that the request was invalid.
The last assertion, responsible for checking that the warning page is
still shown, has been removed. The test still ensures the main wallet
UI is not loaded, that assertion was not needed.
* origin/develop: (131 commits)
Update `protobufjs` and remove obsolete advisory exclusion (#14841)
Include snap version in pill (#14803)
Update PULL_REQUEST_TEMPLATE.md (#14790)
fix: keystone transaction qrcode has no white spacing (#14798)
Snap notifications integration (#14605)
Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
snaps-skunkworks@0.15.0 (#14772)
Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
Ensure transaction type is correctly updated on edit (#14721)
Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
Migrate the "estimateGas" API call to "getFees" for STX (#14767)
Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
Adding flag for MV3 (#14762)
Add types to send state (#14740)
Remove site origin on snap install (#14752)
Update design tokens library from 1.5 to 1.6 WIP (#14732)
Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
remove draft transaction (#14701)
...
* origin/master: (101 commits)
Updating changelog
Add token standard to custom token details (#14506)
Revert "Dark Mode: What's New Announcement (#14346)"
Ensure network name in confirm page container is defined (#14520)
Updating lavamoat policies
Fix the alerts toggles in settings (#14498)
Disable swaps whenever the environment is not development or testing, so that behaviour follows production for QA purposes (#14499)
[skip e2e] Updating changelog for v10.14.0 (#14487)
Version v10.14.0
Docs - segment metrics (#14435)
Add snaps view search (#14419)
Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470)
Modify import SRP page (#14425)
Dark Mode: Implement Metrics (#14455)
HoldToRevealButton component (#13785)
e2e test import json file as import account strategy (#14449)
MetaMetrics: Identify 'number_of_tokens' user trait (#14427)
MetaMetrics: Identify 'nft_autodetection_enabled' & 'opensea_api_enabled' (#14367)
Swaps: Sort "token_from" dropdown tokens by their fiat value first and "token_to" by top tokens (#14436)
Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
...
The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`.
The iframe case was updated with a new design, which required test
changes. The third test that was meant to ensure the phishing page
can't redirect to an extension page has been updated to navigate
directly to the phishing warning page and setting the URL manually via
query parameters, as that was the only way to test that redirect.
* styling updates
Co-authored-by: Alex Donesky <adonesky@gmail.com>
Co-authored-by: George Marshall <george.marshall@consensys.net>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.
The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.
The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.
The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.
New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
* created new test for bip-44 snap test
* added driver.Key.SPACE to allow sending spacebar
* made changes to final result check
* fixed expected pk result to proper value
* fixed to use npm package instead of local
* removed comment
* removed const delay - not needed (lint error)
* Redirect infura requests to localhost while e2e
* Change requests from Infura to localhost (ganache)
* Included blacklisted hosts
* Fix behaviour for all urls
* Added a couple of explorers and reorg
* Remove repeated line
* Lint fix
* Removed other services aside from infura
* Includes changed for 'ends with'
* Fix security handling of host by including listed of arrays
* Connect to a second Dapp when MM is locked
* Refactored dapp server setup to allow multiple servers
* Triggering notification with MM locked
* Fix testcase description
* Fix lint
* Merge develop and remove extra line
* Updated baseport and included iselementPresent for a clearer assertion
* Fix lint issues
* Use Ganache pattern for defining number of Dapp servers
* Fix lint issues
* Draft methods to brak updateTransaction into smaller more targeted
methods.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* This is a combination of 76 commits.
normalize and validate tx params.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Method to normalize tx and check if it's unapproved.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Move the methods to controllers/transactions/index.js
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Flesh out the methods to update transaction with custom notes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
enforce that only the properties for the specific methid can be updated via the method.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Test update gas fees
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update swap approval transaction
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
use lodash to remove undefined properties
update swap transaction tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Updates transaction user settings.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Add more parameters to updateSwapTransaction
approvalTxId
estimatedBaseFee
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Add Update Transaction Metrics
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update transaction gas fees actions.js
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update EIP 1559 Params.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint Fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Documentations.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove metrics from this PR
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes: Removed unused variables
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Add more params to updateTransactionGasFees.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update eip1559 method to editableParams.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix Mocha tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
add gasPrice to updateEditableParams
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove duplicated Params in notes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
A few more tests to cover if
transaction status is not unapproved
transaction is passed more parameters than it requires.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update Transaction Gas Fees.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update gas fees in edit-gas-popover.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove metrics.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update gas settings and user settings.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix unit tests.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Draft methods to brak updateTransaction into smaller more targeted
methods.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
normalize and validate tx params.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Method to normalize tx and check if it's unapproved.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Move the methods to controllers/transactions/index.js
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Flesh out the methods to update transaction with custom notes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Test update gas fees
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update swap approval transaction
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
use lodash to remove undefined properties
update swap transaction tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Updates transaction user settings.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Add Update Transaction Metrics
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update transaction gas fees actions.js
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update EIP 1559 Params.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint Fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Documentations.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove metrics from this PR
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes: Removed unused variables
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Add more params to updateTransactionGasFees.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update eip1559 method to editableParams.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix Mocha tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
add gasPrice to updateEditableParams
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove duplicated Params in notes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
A few more tests to cover if
transaction status is not unapproved
transaction is passed more parameters than it requires.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update Transaction Gas Fees.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove metrics.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Update gas settings and user settings.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Fix unit tests.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Remove dup;icated method from rebase.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
unrelated change
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Force re-run workflow
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fix
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Do not hideLoading since we're not showing it.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
UpdateTransaction should be renamed to updateGasFees
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
updateGasFees in gas-modal-page-container.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
fix:
update previous gas params update method
add types to the jsdoc comments.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
updateTransactionGasFees should have been updatePreviousGasParams
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Previous gas fees can be updated for confirmed transactions.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
add updatePreviousGasParams to mocked functions.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* we need to await the first dispatch before we call the second
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* update values to make tests pass
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* More changes to make e2e pass
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Need to wait a bit after save for changes to take effect.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove merge comments.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Await one dispatch before calling another
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* We don't need goHome anymore.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Tests must use async...await syntax too since we have await in the
useTranasctionFunction
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Add delay after button click for values to update
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Wait a moment after clicking save for values to update
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Wait after clicking save...
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Merge update transaction gas fees and transaction user settings
Show loading indicator on edit gas popover
Fix tests.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix JSDoc
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* updatePreviousGasParams should also return updated transaction meta.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Initial implementation of new SrpInput component
This new version of the SrpInput component uses a separate field for
each word of the SRP. Only one field can be revealed at a time, making
it less likely that it gets accidentally revealed to somebody.
* Fix copy mistakes
* Move container div from 'create vault' to 'srp-input', and setup grid layout
* Increase size of title
* Remove hard-coded width in Storybook to allow testing different viewport sizes
* Improve layout
* Improve margins
* Update dropdown text
* Expand SRP input section
* Remove unused localized messages
* Update dropdown option names in unit tests
* Replace checkbox with show/hide toggle
* Remove unused localized message
* Fix 'data-testid' prop name
* Fix e2e test imports using paste
* Use 'ActionableMessage' component for error message
* Convert error popover to actionable message
* Add tip about pasting the SRP
* Remove invalid prop
The "info" style of `ActionableMessage` is the default, so no type is
required.
* Use more readable test convenience methods
The method `toBeInTheDocument()` is now used over `not.toBeNull()` to
improve the readability of tests. Likewise, the convenience method
`.clear` is now used to clear fields rather than manually entering the
key combination to clear a field.
* Fix misspelled word
* deprecate extensionizer for webextension-polyfill
* fix tests
* remove extensionizer
* fix browser windows api calls
* fix broken on firefox
* fix getAcceptLanguages call
* update more browser apis that are now promisified
* remove unnecessary console error ignoring in e2e tests
A new method has been added to the e2e webdriver for pasting text into
a field. This will be required to properly test a change to the SRP
input, which will be coming in a separate PR.
A few existing e2e tests have been updated to use this method to input
the SRP, to show that it works properly.
* Added Wait for Element Containing certain value function and made more robust Edit-Gas-Fee test
* Fix: changed wait for containing value and included extra waitforelements
* Fix: fix lint issue
The snap e2e tests introduced in #13671 were broken due to a conflict
with the changes in #13895. The latter PR changed the version name for
non-main builds so that it always includes the build type.
The Firefox webdriver has been updated to use the new `getVersion`
utility, ensuring that it always looks for the correct build filename.
* Changed registryUrl for snaps only in firefox
Fixed getPlatform to only be imported into metamask-controller in flask
Removed snaps specific testrunner script and use run-all with a cli option
* Fixed flakey tests
* Removed unneeded await
* Added delay
* Fixed linting
* make use of getTokenStandardAndDetails method exposed on assetsContractController to determine how to represent the contract being interacted with in token contract method calls
* Add e2e testcase for token details functionality
* Remove unnecessary delays on token details testcase
* Add helper function for check if element exists
* Move helper function to driver.js
* Improve name of function
We would like to insert TypeScript into the ESLint configuration, and
because of the way that the current config is organized, that is not
easy to do.
Most files are assumed to be files that are suited for running in a
browser context. This isn't correct, as we should expect most files to
work in a Node context instead. This is because all browser-based files
will be run through a transpiler that is able to make use of
Node-specific variables anyway.
There are a couple of important ways we can categories files which our
ESLint config should be capable of handling well:
* Is the file a script or a module? In other words, does the file run
procedurally or is the file intended to be brought into an existing
file?
* If the file is a module, does it use the CommonJS syntax (`require()`)
or does it use the ES syntax (`import`/`export`)?
When we introduce TypeScript, this set of questions will become:
* Is the file a script or a module?
* If the file is a module, is it a JavaScript module or a TypeScript
module?
* If the file is a JavaScript module, does it use the CommonJS syntax
(`require()`) or does it use the ES syntax (`import`/`export`)?
To represent these divisions, this commit removes global rules — so now
all of the rules are kept in `overrides` for explicitness — and sets up
rules for CommonJS- and ES-module-compatible files that intentionally do
not overlap with each other. This way TypeScript (which has its own set
of rules independent from JavaScript and therefore shouldn't overlap
with the other rules either) can be easily added later.
Finally, this commit splits up the ESLint config into separate files and
adds documentation to each section. This way sets of rules which are
connected to a particular plugin (`jsdoc`, `@babel`, etc.) can be easily
understood instead of being obscured.
This is a pure refactor that extracts the SRP input from the
`CreateNewVault` component. This is intended to make future changes to
the SRP input easier, and to reduce duplication between the old and new
onboarding flows.
Extensive unit tests have been added for the new SRP input component.
A new test library was added (`@testing-library/user-event`) for
simulating user events with components rendered using the
`@testing-library` library.
A new helper method has been added (`renderWithLocalization`) for
rendering components using `@testing-library` with just our
localization contexts added as a wrapper. The localization contexts
were already added by the `renderWithProviders` helper function, but
there is no need for a Redux provider in these unit tests.
* fix error with color variable - fix rebase
* clean list search & fuse threshold decreased
* update search-icon , fix tests
* nice to have highlighting text & cleaning
* unit test on settings & search input ui up on expanded view
* fix color variable in alert scss
* setting search input padding right up
* fix dom warning
* util/search test added & Dom element warning fix
* renaming files
* fix color text in settings search
* settings search highlight text refacto & fix ui
* fix settings-search test & renaming
* Fix styling on search field for edge cases, update components and e2e
E2E tests update for search feature
Update components from class to functional component
#
Fix storybook for search box
Fix styling
Fix unit tests
fix: remove z-index
Fix unit tests
Co-authored-by: amerkadicE <amer.kadic@endava.com>
* mock gas price api
* fix error
* full url
* remove duplicated packages
* full url
* customise mock per test
* customise mock per test
* enable mocking
* enable mocking
* enable mocking by default
* duplicated packages
* update mockttp
* pass through
* pass through
* Ensure sign message button is only enabled on scroll
* Add button for message scrolling to signature request screen
* lint fix
* Only show scroll button if message is scrollable
Co-authored-by: ryanml <ryanlanese@gmail.com>
* Fixing signature request formatting, requiring scroll before sign
* Ensure sign button not disable when no scroll is required
* Test fix attempt #1
* Clean up e2e tests
Co-authored-by: Dan Miller <danjm.com@gmail.com>
The form used for creating a vault on the "Import" page of onboarding
and on the "Restore vault" page is nearly identical, yet the
implementation is totally separate. It has now been extracted to a
separate component, consolidating the two implementations.
There is a "terms of use" checkbox on the import page that isn't on the
restore vault page, so that part has been made optional. The "submit"
button text differs between the two uses as well, so that is
customizable.
There are slight styling differences between the old and new versions
of this form. The fonts and spacing are all using our new standard
design system guidelines, and we're using our standard checkbox now as
well. The spacing and font sizes were chosen somewhat arbitrarily by me
to resemble the old styles, so please feel free to suggest changes if
you think they can be improved upon.
There are some slight copy changes to the "Restore vault" page as well;
the placeholder text and the label for the "Secret Recovery Phrase"
field now matches the "Import" page copy.
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.
Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.
Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
The 4Byte API can sometimes fail during e2e tests with a 502 error.
Ideally we would avoid calling it at all during e2e tests, but in the
meantime we shouldn't treat this as a reason to fail the e2e test.
We have multiple fallbacks for 4Byte, it isn't relied upon by any
tests.
* Make this a form
Similar to "import-with-seed-phrase" I would like to be able to restore my vault by pressing `<enter>` on my keyboard.
* actually test enter
* preventDefault()
# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* integration for tx decoding confirmation and history view
* upgrading @truffle/decoder to latest release 5.1.0
* Update acorn and colors patches
* feat: remove redundant styling
* feat: basic integration for nickname components
* feat: wiring functionality of adding new nickname
* feat: wire functionality of showing nickname modal
* feat: link the nickname popover with add/update popover
* feat: moving forward with address nicknames integration
* feat: fixing a bug related to passing chainId in addressBook
* feat: populating memo prop in addressbook entry
* feat: add explorer link
* feat: bug fixing update nickname component
* feat: fix proptypes
* feat: adding tooltip for copying nickname address
* featL fix styling for tx-details page
* feat: optimize code for error handling
* feat: limiting transaction decoding to tx with data
* feat: remove tree UI component
* feat: adding request to check for tx decoding supported networks
* feat: showing data hex component
* feat: fix react warnings
* feat: remove extra margin in tx decoding
* Remove unused package @truffle/source-map-utils
* Ensure messages get translated
* feat: link tx-decoding addresses with nicknames
* Omit value for boolean attributes
* Fix props reading in CopyRawData
* fix: fixing issue with transaltion
* Fix lint errors in TransactionDecoding
- Remove unused import
- Reorder imports
- Address conflict between caught `error` and error state flag by
renaming state flag to `hasError`
- Fix requestUrl identifier casing and use of template string
- Ensure `useEffect` gets passed the deps it needs
- Add scope braces around case statement where it's needed
- Omit literal `true` for boolean jsx attribute
- Refactor nested ternary as `if` statements
* fix: revert fetchWithCache modifications
* Fix linting for TransactionListItemDetails
- Remove unused import
- Fix import spacing
- Remove unused prop dereference
- Fix string interpolation for translated From/To
* Moving to popover pattern
* fix: sass color variable
* Omit value for boolean attribute
* Remove changes from modal.js
* fix: refactor nickname popovers
* Ensure const gets declared before it's used
* Fix linting for ConfirmTransactionBase
- Remove unused prop chainId
- Stop destructuring an unused field
* fix: refactor usage of nicknames popovers in send-content-container
* fix: remove extra prop updateAccountNicknameModal
* fix: refactor code for address.component
* fix: remove extra tooltip
* Ensure NicknamePopovers always returns component
* Fix linting for NicknamePopover component
- Fix useCallback deps
- Switch ternary to logical-or
* Fix linting for SenderToRecipient
... by fixing import order
* Remove unused addressCopied state
* Delete empty file
* fix: remove sender-to-recipient.container
* fix: refactor usage of nickname popovers in confirm-page-container
* fix: bug related to state variable
* Stylelint fix
* Lint fix
* Change "Total Amount" to "Total"
* Lint fix locales
* Update address-book.spec.js
* e2e test update
* Update e2e tests
* Fix issue where absence of function params in data hex tab would result in rendering a string
* Fix border radius, and width and height in small notification windows, of the update-nickname-popover
* Remove fake await
* Clean up
* Clean up
Co-authored-by: Alaa Hadad <alaahd@Alaas-MacBook-M1-Pro-14-inch.local>
Co-authored-by: Dan Miller <danjm.com@gmail.com>
Co-authored-by: g. nicholas d'andrea <gnidan@trufflesuite.com>
* Ignore sentry server errors in e2e tests
* Update test/e2e/webdriver/driver.js
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
We're bumping from `^6` to `^8`. All imports are now named, and they have been updated. This is a breaking change, in that support for `eth_signTransaction` is added in `^8.0.0`. We do not support this method in our UI, so our middleware stack has been instrumented to reject.
In addition, there are some non-breaking behavioral changes in this version that reviewers should be aware of, see the [7.0.0 release](https://github.com/MetaMask/eth-json-rpc-middleware/releases).
* Upgrade style from Enzyme to React Testing Library
* Use real i18n provider instead of a fake one so that we can look for
English text instead of just i18n strings, improving readability
* Add delay to fix flaky account removal e2e test
* Await for element to update instead of awaiting an arbitrary delay
* Update test/e2e/tests/from-import-ui.spec.js
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* code formatting
* Remove redundant code
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
* Add notification for ledger live users about how they can switch to WebHID
* Add action button so that users can go right to settings from the what's new popup
* Fix
* Add notification 8 to e2e fixtures
* Lint fix
* Update ledger webhid notification wording
* Update app/_locales/en/messages.json
* Update ui/selectors/selectors.js
This PR adds an e2e test to ensure that the background and UI environments are locked down. It reuses the logic from the `protect-intrinsics.test.js`, and runs in both Chrome and Firefox.
* Turn off all old notifications
* Remove unnecessary attempt to close whats new popup in e2e test
* Remove unneeded whats new popup closes in e2e tests
* Lint fix
* Show test networks toggle button in settings/advanced tab.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Apply toggle testnet settings and show/hide testnets when on/off
Add localhost to testnet.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Show add network button
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Open full screen when add network is called.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Show custonm rpc before testnet rpcs
lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Test cases for network dropdown.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Test cases for toggle test networks in advanced tab component.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix Locales.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* E2E Tests: Custom RPC is now called Add Network
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fix
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* E2E: When Add Network button is clicked, wait for the full screen window to
be visible
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* findVisibleElement should use a class. i.e start with a dot
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Hide Dropdown when Add Netwok is clicked.
Only show full screen if it's not already showing.
E2E tests passing.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix tests for jest
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Testnets are not being shown by default anymore, tests should use
Mainnet instead.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Import Button from ui
Change selector name to getShowTestnetworks
Fix button to show full width
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix e2e tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove localhost from INFURA provider types.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix errors in Advanced Tab Component tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix unit tests for advanced tab component.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove deleted elements from e2e tests
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Make sure all tests passed.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
The fixture server now supports state substitutions. This allows us to
embed dynamic values in our fixtures.
The `custom-token` fixture has been updated to include such a fixture.
The date that the seed phrase reminder was last shown has been updated
to always be the current date, to prevent the reminder from showing up
during e2e tests. This fixes the e2e test failure for the test
"add-hide-token.spec.js" that we've been seeing on CI lately.
The npm scripts used to run Mocha scripts have been greatly simplified.
As we transition more tests from Mocha to Jest it was becoming
increasingly difficult to update the CLI arguments to keep all of these
scripts working correctly. This reorganization should make that process
much simpler.
The base Mocha options are in `.mocharc.js` - all except for the target
tests to run. Those are still given via the CLI. There is a second
config file specifically for the `test:unit:lax` tests (i.e. the Mocha
tests that have no coverage requirements) because it requires a change
to the `ignored` configuration property. We can create an additional
configuration file for each test script we add that needs further
configuration changes.
The `test:unit:path` script used to be used to run Mocha tests at a
given path. Now that can be done using `yarn mocha` instead, so this
script has been removed.
The `yarn watch` command has been broken for some time now, so it has
been removed as well. Mocha tests can still be run with a file watcher
using `yarn mocha --watch <path>` or `yarn test:unit:mocha --watch`.
The README has been updated to remove references about the `watch`
command that was removed. I considered explaining the other test
scripts there as well, but they were difficult to explain I will
attempt to update the README after making further simplifications
instead.
This PR fixes our local unit test package scripts. When the state migration unit tests were migrated to Jest in #12106, it left the `test:unit` script in a broken state, because it didn't tell `mocha` to ignore the state migration tests.
Arguably, that script was already broken, since the most reasonably expectation from its name is that it runs _all_ unit tests. The PR makes it so that it does just that, by means of `concurrently`.
Unfortunately, `concurrently` only outputs errors from child processes once (at the time when they exit, https://github.com/open-cli-tools/concurrently/issues/134). This means that we have to search/navigate the output for this combined script to identify the failure. That said, it's better than the status quo.
* lavamoat - add lavamoat to webapp background
* test:e2e - add delay to resolve failure
* test:e2e - add delay to resolve failure
* build - add a switch for applying lavamoat, currently off for all
* test/e2e - remove delays added for lavamoat
* Revert "test/e2e - remove delays added for lavamoat"
This reverts commit 79c3479f15c072ed362ba1d4f1af41ea11a17d63.
* lockdown - breakout making globalThis properties non-writable into lockdown-more.js
* Update app/scripts/lockdown-more.js
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
* Update app/scripts/lockdown-more.js
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
* Jestify migrations/
* Lint exclude migrations from mocha config, and add inclusion to jest config
* Add migration tests to jest config
* Exclude/ignore migration tests
* Set process.env.IN_TEST to true when running tests locally
* Replace hardcoded sent ether label on confirm screen
* replace transaction type SENT_ETHER with network agnostic SENDING_NATIVE_ASSET
* remove sentEther translation base
* make backwards compatible with lingering transaction of legacy sentEther type
* update localalization files
* fixup legacy sentEther transaction type
* changing new transaction type away from localization string
* revert migration tests
* update fixtures and test data
* update name of new transaction type
* add migration
* remove legacy SENT_ETHER from transaction types enum object
This PR adds build-time code exclusion by means of code fencing. For details, please see the README in `./development/build/transforms`. Note that linting of transformed files as a form of validation is added in a follow-up, #12075.
Hopefully exhaustive tests are added to ensure that the transform works according to its specification. Since these tests are Node-only, they required their own Jest config. The recommended way to work with multiple Jest configs is using the `projects` field in the Jest config, however [that feature breaks coverage collection](https://github.com/facebook/jest/issues/9628). That being the case, I had to set up two separate Jest configs. In order to get both test suites to run in parallel, Jest is now invoked via a script, `./test/run-jest.sh`.
By way of example, this build system feature allows us to add fences like this:
```javascript
this.store.updateStructure({
...,
GasFeeController: this.gasFeeController,
TokenListController: this.tokenListController,
///: BEGIN:ONLY_INCLUDE_IN(beta)
PluginController: this.pluginController,
///: END:ONLY_INCLUDE_IN
});
```
Which at build time are transformed to the following if the build type is not `beta`:
```javascript
this.store.updateStructure({
...,
GasFeeController: this.gasFeeController,
TokenListController: this.tokenListController,
});
```
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* bump @metamask/controllers to v15.0.1 and remove AbortController workaround in e2e tests
* remove old abortcontroller polyfill
* bump @metamask/controllers to v15.0.2
There are a few issues encountered when running `yarn setup` on new
Apple Silicon (aka M1, aka arm64) Macs:
* The script halts when attempting to run the install step for
the `chromedriver` package with the message "Only Mac 64 bits
supported". This is somewhat misleading as it seems to indicate that
chromedriver can only be installed on a 64-bit Mac. However, what I
think is happening is that the installation script for `chromedriver`
is not able to detect that an arm64 CPU *is* a 64-bit CPU. After
looking through the `chromedriver` repo, it appears that 87.0.1 is the
first version that adds a proper check ([1]).
Note that upgrading chromedriver caused the Chrome-specific tests to
fail intermittently on CI. I was not able to 100% work out the reason
for this, but ensuring that X (which provides a way for Chrome to run
in a GUI setting from the command line) is available seems to fix
these issues.
* The script also halts when attempting to run the install step for
the `electron` package. This happens because for the version of
`electron` we are using (9.4.2), there is no available binary for
arm64. It appears that Electron 11.x was the first version to support
arm64 Macs ([2]). This is a bit trickier to resolve because we don't
explicitly rely on `electron` — that's brought in by `react-devtools`.
The first version of `react-devtools` that relies on `electron` 11.x
is 4.11.0 ([3]).
[1]: 469dd0a6ee
[2]: https://www.electronjs.org/blog/apple-silicon
[3]: https://github.com/facebook/react/blob/main/packages/react-devtools/CHANGELOG.md#4110-april-9-2021
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.
This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.
As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
This PR makes ~all named intrinsics in all of our JavaScript processes non-modifiable. A named intrinsic is any property specified by the ECMAScript specification that exists on `globalThis` when the JavaScript process starts. We say that a property is non-modifiable if it is non-configurable and non-writable. We make exceptions for properties that meet any of the following criteria:
1. Properties that are non-configurable by the time `lockdown-run.js` is executed are not modified, because they can't be.
2. Properties that have accessor properties (`get` or `set`) are made non-configurable, but their writability cannot be modified, and is therefore left unchanged. It's unclear how many of the named intrinsics this applies to, if any, but it's good defensive programming, regardless.