1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Commit Graph

2388 Commits

Author SHA1 Message Date
Dan Finlay
4b4bee77c7 Move signTypedData signing out to keyrings
This simplifies the logic of signing and improves security:
- Private keys are never moved to the base controller.
- Hardware wallets are abstracted in the same way as local keys.

This also paves the way for allowing even more modular accounts,
provided by plugins:
https://github.com/MetaMask/metamask-plugin-beta/pull/63

Fixes #7075.
2019-10-22 11:37:04 -07:00
Dan J Miller
55bc9936c6 Turn off full screen vs popup a/b test (#7298) 2019-10-21 20:59:02 -03:00
Whymarrh Whitby
06536b1d0f
Fix phishing detect script (#7287) 2019-10-18 13:35:32 -02:30
Dan J Miller
f1c774d8f3 Handle empty fetch response (#7111) 2019-10-09 11:41:18 -03:00
Dan J Miller
38df64783d Ensure correct tx category when sending to contracts without tx data (#7252)
* Ensure correct transaction category when sending to contracts but there is no txParams data

* Update gas when pasting address in send

* Gracefully fall back is send.util/estimateGas when blockGasLimit from background is falsy

* Remove network request frontend fallback for blockGasLimit

* Add some needed slow downs to e2e tests
2019-10-08 04:29:37 +09:00
Mark Stacey
9541d1e281
Don't wait for 3Box initialization during login (#7242)
The 3Box initialization is triggered by login, but it no longer blocks
the login from finishing. The 3Box initialization is designed to run in
the background, so there's no reason to block on it.
2019-10-02 16:12:20 -03:00
Dan J Miller
e6e8897434
Custom nonce fixes (#7240)
* Allow default nextNonce to be the custom nonce in cases where highest locally pending is higher than nextNonce

* Reset custom nonce in cases of transaction submission failures

* Make the recommended nonce in the custom nonce field the true 'nextNonce'

* Revert automatic setting of custom nonce to nextNonce

* Make the nextNonce the default placeholder value

* Fix getNextNonce

* Remove unused nonceFieldPlaceholder message

* Fix nits in getPendingNonce and getNextNonce

* Properly handle errors in getNextNonce

* Improve placeholder and value defaults in custom nonce field

* Remove custom error message from getNextNonce
2019-10-02 15:42:04 -02:30
Dan J Miller
daf4fe439c Ensure 3box validation uses the correct address (#7235) 2019-10-01 10:03:13 -03:00
Mark Stacey
8d97bdc5c9
Fix error handling when checking for 3Box backup (#7232)
The 3Box SDK throws an HTTP 404 error when attempting to get the config
for an account that doesn't yet exist in 3Box. The regex we were using
to differentiate this error from others was broken. This ended up
preventing the user from logging in if they had 3Box enabled but hadn't
yet synced.

The regex has been corrected to catch this case, while allowing other
errors to propogate upward. Other 3Box errors will now be caught and
reported rather than interrupting login completely.

At some point in the future, we should expose these errors to the user
in some way, and allow them to retry in case 3Box was just temporarily
offline.
2019-10-01 10:01:57 -03:00
ricky
5f254f7325 Add advanced setting to enable editing nonce on confirmation screens (#7089)
* Add UseNonce toggle

* Get the toggle actually working and dispatching

* Display nonce field on confirmation page

* Remove console.log

* Add placeholder

* Set customNonceValue

* Add nonce key/value to txParams

* remove customNonceValue from component state

* Use translation file and existing CSS class

* Use existing TextField component

* Remove console.log

* Fix lint nits

* Okay this sorta works?

* Move nonce toggle to advanced tab

* Set min to 0

* Wrap value in Number()

* Add customNonceMap

* Update custom nonce translation

* Update styles

* Reset CustomNonce

* Fix lint

* Get tests passing

* Add customNonceValue to defaults

* Fix test

* Fix comments

* Update tests

* Use camel case

* Ensure custom nonce can only be whole number

* Correct font size for custom nonce input

* UX improvements for custom nonce feature

* Fix advanced-tab-component tests for custom nonce changes

* Update title of nonce toggle in settings

* Remove unused locale message

* Cast custom nonce to string in confirm-transaction-base.component

* Handle string conversion and invalid values for custom nonces in handler

* Don't call getNonceLock in tx controller if there is a custom nonce

* Set nonce details for cases where nonce is customized

* Fix incorrectly use value for deciding whether to getnoncelock in approveTransaction

* Default nonceLock to empty object in approveTransaction

* Reapply use on nonceLock in cases where customNonceValue in approveTransaction.

* Show warning message if custom nonce is higher than MetaMask's next nonce

* Fix e2e test failure caused by custom nonce and 3box toggle conflict

* Update nonce warning message to include the suggested nonce

* Handle nextNonce comparison and update logic in lifecycle

* Default nonce field to suggested nonce

* Clear custom nonce on reject or confirm

* Fix bug where nonces are not shown in tx list on self sent transactions

* Ensure custom nonce is reset after tx is created in background

* Convert customNonceValue to number in approve tranasction controller

* Lint fix

* Call getNextNonce after updating custom nonce
2019-09-27 00:30:36 -04:00
Dan J Miller
970e90ea70
Add migration on 3box imports and remove feature flag (#7209)
* Delete unused code

* Run threebox imports through migrations

* Remove 3box feature flag

* Remove unnecessary use of 'type' in threebox._updatePlugin

* Fix threebox controller getLastUpdated

* Turn off threebox by default

* Rename restoredFromThreeBox to showRestorePrompt

* Remove accientally added method from threebox controller

* Restore from threebox on import from unlock screen

* Throw on non 404 errors from Box.getconfig in new3Box
2019-09-26 03:24:52 -04:00
Dan J Miller
1bd22b58c0
Add a/b test for full screen transaction confirmations (#7162)
* Adds ab test controller with a fullScreenVsPopup test

* Add migration for fullScreenVsPopup state

* Move abtest state under an 'abtests' object.

* MetaMask shows fullScreen group of a/b test unapproved txs in a full browser tab

* Ensure cancel metrics event in confirm-transaction-base.component.js is sent in all cases

* Switch to existing tab for unapproved tx if it exists when opening in full screen

* Send metrics event for entering a/b test from confirm screen

* Fix lint, unit and integration tests related to a/b test code

* Remove unnecessary tabs.query call in triggerUiInNewTab
2019-09-24 17:08:38 -04:00
kumavis
4d71f3f854 mesh-testing - submit infura rpc requests to mesh-testing container (#7031) 2019-09-23 02:54:41 -07:00
kumavis
f5b2977764
obs-store/local-store should upgrade webextension error to real error (#7207)
* obs-store/local-store should upgrade webextension error to real error

* lint fix

* local-store - allow lastError through unchanged if error-like
2019-09-23 11:45:20 +08:00
Jenny Pollack
e86cebde3b address book entries by chainId (#7205) 2019-09-21 14:36:05 -03:00
Dan Finlay
85cbf8a894
Merge pull request #7173 from rekmarks/fix-errors
Fix RPC error messages
2019-09-19 09:40:11 -07:00
Erik Marks
672ade33a6 add user rejected errors 2019-09-18 19:19:12 -07:00
Erik Marks
58c5fe01bf use eth-json-rpc-errors 2019-09-18 19:17:31 -07:00
Jenny Pollack
03f216e27c add goerli to incoming tx 2019-09-18 10:04:39 -07:00
Mark Stacey
b5da8a237e
Remove the disk store (#7170)
The disk store has not been written to since MetaMask v4.3.0, as it was
removed in #3083. It was kept around so that anything written to disk
prior to v4.3.0 could still be restored.

It has been a year and a half since that release, so I think it's time
to remove the disk store altogether. The consequences of losing locally
stored data are small anyway - it's an inconvenience at worst.
2019-09-16 19:29:26 -03:00
Dan J Miller
7985f4f4f8
3box integration 2.0 (#6972)
* Adds threebox controller

* Adds threebox approval modal

* Fix unit tests and lint after addition of threebox

* Correct threebox behaviour after rejecting request for backup; fixes e2e tests.

* Update threebox controller for automatic syncing

* Ensure frontend locale updates when preferences are changed via direct update within controller

* Add toggle in settings for 3box syncing

* Update threebox controller for latest 3box version

* Delete unnecessary frontend changes for threebox integration

* Backing up address book contacts with threebox

* Update unit tests for 3box-integration additions

* Only enable threebox by default for new wallets

* Mock globals for correct unit tests

* 3box '1.10.2' -> '^1.10.2'

* Correct capilalization on 3Box

* Use log.debug instead of console.log in threebox controller

* Update yarn.lock

* Remove edge build

* Split 3box module into background deps js file

* extra bundle opts for bg-libs

* sync yarn.lock

* new3Box logic

* Show confirm threebox restore after import

* Remove bg-libs.js from manifest file for dev builds

* Switch 3Box controller to using the spaces api (instead of the profile api)

* Finalize switching to spaces api and only restoring from 3box after import

* Update metamask-controller-test.js for threebox controller changes

* Make threebox modal style consistent with others and update success button wording

* Use mock 3box when in test

* Correct 3box modal header

* Remove unnecessary property of threebox controller provider

* Remove unnecessary method calls after restoration from 3box in the threebox-restore-confirm modal.

* Replace setThreeBoxSyncingPermission calls in routes/index.js with turnThreeBoxSyncingOn

* Replace erroneous use of  with

* Replace erroneous use of threeboxSyncing with threeBoxSyncingAllowed in advancted-tab directory

* Lint fixes for 3box changes

* Log errors encountered when updating 3Box

* Remove unnecessary parameter from state update

* Add timeout to initial 3Box sync

The initial 3Box sync will now timeout after 1 minute. If the timeout
is triggered, 3Box is disabled and cannot be re-enabled unless the
initial sync does finally finish. If it never finishes, 3Box cannot
be enabled unless the extension is reinstalled.

The Advanced Settings page was updated to show this option as disabled
in that circumstance, with a new discription explaining why it's
disabled. The UI here could certainly be improved.

Additionally, "on" and "off" labels were added to the toggle to match
the other toggles on the Advanced Settings page.

* Use non-minified 3Box module

We had previously used the minified 3Box module to avoid a build error
encountered when `envify` was processing the `libp2p` module (which is
used by 3Box). The build would fail because `esprima` (used by `envify`)
is incompatible with the object spread/rest operator (which is used in
`libp2p`).

That issue has been solved by adding a global Babelify transformation
specifically for transpiling out the object rest/spread operator from
dependencies. It has been targetted to only affect `libp2p` to avoid
extending the build time too much. This workaround can be used until
a new version of `esprima` is released that includes this bug fix.

* Use app key addresses for threebox

* Replace use of modal for confirming 3box restoration with a home notification

* Adds e2e tests for restoring from threebox

* Update eth-keyring-controller to 5.1.0

* Correct parameters passed to getAppKeyAddress in threebox.js

* Add prefix to origin passed to getAppKeyAddress in threebox.js

* Remove unused locale message.

* Prevent CORS errors in firefox e2e tests

* Ensure extraneous scripts are excluded from the local test dev build

* Move threeBoxLastUpdate state from home.component to redux

* Threebox PR code cleanup

* Always use first address when initializing threebox

* Replace setRestoredFromThreeBox api with setRestoredFromThreeBoxToFalse and setRestoredFromThreeBoxToTrue

* Update development/metamaskbot-build-announce.js to include ui-libs and bg-libs in hard coded bundle list

* Update test/e2e/threebox.spec.js to use new helpers added with pull #7144

* Make setFeatureFlag available on the ui window during testing

* Hide threebox feature behind a feature flag that can only be activated via dev console

* Remove unnecessary migration of threebox feature flag

* Prevent this.init() call in threebox constructor if feature flag is not turned on

* Prevent threebox notification from showing if feature flag is falsy

* http://localhost/8889 -> http://localhost/* in gulp manifest:testing tasks
2019-09-16 14:41:01 -02:30
Mark Stacey
95b4d91116
Replace undefined selectedAddress with null (#7161)
* Replace `undefined` selectedAddress with `null`

The `runtime.Port.postMessage` API will drop keys with a value of
`undefined` on Chrome, but not on Firefox. This was a problem for the
`publicConfig` stream, which passed the key `selectedAddress` with the
value of `undefined` to communicate to dapps that the user had logged
out.

Instead a `null` is now passed for `selectedAddress` upon logout, which
is correctly sent by the `runtime.Port.postMessage` API on both Chrome
and Firefox.

closes #7101
closes #7109

* Update `metamask-inpage-provider` to v3.0.0

The v3.0.0 update includes a change to the `accountsChanged` event. The
event will now emit an empty array instead of an array with `undefined`
or `null`.

The previous behavior was to emit `[undefined]`. The previous commit
would have changed that to `[null]` anyway, so we figured if we're
going to make a public-facing change to the event anyway we should
change it to be correct. `[undefined]` was never intended, and it
technically violates EIP-1193, which states that the `accountsChanged`
event should emit an array of strings.
2019-09-13 11:32:55 -03:00
Mark Stacey
50e9c4e5ad
Add polyfill for AbortController (#7157)
The AbortController is used in both the background and the UI. Support
for AbortController was added to Chrome in version 66, which is above
our minimum supported version.

I did consider increasing the minimum Chrome version to 66, but we have
a decent number of users still on Chrome 65 unfortunately.
2019-09-12 17:07:27 -03:00
Mark Stacey
a00493fdbd
Remove redundant error logging (#7158)
The `_fetchAll` function is expected to return values, so catching
errors and logging them only results in an additional error at the
place where `_fetchAll` is called. It's better instead to let the
error get thrown as normal.

In this particular case `_fetchAll` is only called in once place. The
error is still correctly caught and logged (in the `_update` function)
2019-09-12 17:00:35 -03:00
Erik Marks
38f6550951 fix rinkeby spelling (#7148) 2019-09-10 12:51:34 -10:00
Dan J Miller
7af902e500
Make chainId available in the metamask-inpage-provider (#7110)
* Make chainId available in the metamask-inpage-provider

* Update metamask-inpage-provider to 2.1.0

* Add e2e tests for ethereum.on events

* Move chainId constants to lib/enums.js

* Don't use new chainId enums in createInfuraClient

* Fix app/scripts/lib/select-chain-id.js
2019-09-09 22:01:34 -02:30
Mark Stacey
1e7b37d1cc
Combine fetch-with-timeout implementations (#7084)
There were two competing utility functions for calling fetch with a
timeout. They have been combined into one.
2019-09-04 17:00:11 -03:00
Nick Doiron
d589d2dec0 Right-to-left CSS (using module for conversion) (#7072)
* Create RTL stylesheets using `gulp-rtl`

* Handle RTL stylesheet special cases

Certain blocks of Sass  were set to bypass "rtlcss" using ignore
comments. Certain icons had to be flipped 180 degrees.

* Switch stylesheets when locale changes

A second stylesheet has been added to each HTML page for use with
right-to-left locales. It is disabled by default. It is enabled on
startup if a RTL locale is set, and when switching to a RTL locale.
Similarly the LTR stylesheet is disabled when a RTL locale is used.

Unfortunately there is an unpleasant flash of unstyled content when
switching between a LTR and a RTL locale. There is also a slightly
longer page load time when using a RTL locale (<1s difference). We
couldn't think of an easy way to avoid these problems.

* Set `dir="auto"` as default on `TextFields`
2019-09-03 14:47:54 -03:00
Frankie
f6d25357db
transactions:tx-state-manager - optionally take a function as a search param (#7078) 2019-08-29 14:57:28 +02:00
Whymarrh Whitby
ecbde20949
Remove ComputedbalancesController (#7057) 2019-08-22 10:26:43 -02:30
Dan Finlay
7badc0ea1a
Merge pull request #7047 from Gudahtt/auto-reload-deprecation-warning
Add warning about reload on network change
2019-08-21 11:44:47 -07:00
Whymarrh Whitby
ef3859ff77
Add toggle for incoming transactions (#7049) 2019-08-21 16:12:14 -02:30
Mark Stacey
2ceac1f27f Add warning about reload on network change
We are soon removing the automatic refresh on network change behavior.
A warning has been added to ensure sites know about this upcoming
change.

Any site that calls `.enable` is advised to use a
`networkChanged` event handler to reload manually if they rely upon
that behavior. They are also advised to set the flag
`autoRefreshOnNetworkChange` to `false` to opt-out of the reload
behavior early.

This warning might be irritating for certain sites, as they might be
indifferent to whether or not the site reloads, and not eager to set a
flag to opt-in early just to silence the warning. However there was no
other obvious way to warning the right people about this change, as
any warning prior to an actual reload would only be seen by the few
people that set their browser console to preserve logs.

Relates to #3599
2019-08-21 14:14:35 -03:00
Brendan Chou
cc71b4f52b Add support for eth_signTypedData_v4 (#6930) 2019-08-20 17:22:59 -02:30
Esteban Miño
6e081eb17c Filter non-ERC-20 assets during mobile sync (#7035) 2019-08-20 16:23:21 -02:30
Whymarrh Whitby
e47448362d
Bug fixes for incoming transactions (#7043)
* Fix styling of `.transaction-list`
* Filter `incomingTxListSelector` by network as well
* Start and stop block tracker polling in incoming tx controller
* Add fetch with abort in bg for `IncomingTxController`
2019-08-20 16:22:00 -02:30
Dan J Miller
821529622e Fetch & display received transactions (#6996) 2019-08-16 16:24:10 -02:30
Whymarrh Whitby
247659ca65
Connections settings tab (#7013)
* Nix notification for Share Address

* Add Connections settings tab in place of privacy mode toggle

* Split ProviderApprovalController into two stores

* Remove privacyMode feature flag altogether

* Add migration to remove privacyMode feature flag
2019-08-15 18:37:18 -02:30
Jenny Pollack
f34afee081 Add migration 34 and 35 (#7001) 2019-08-14 10:06:04 -02:30
Dan J Miller
043920c9ff
Address book fixes (#6978)
* Ensure address book send flow correctly matches address book addresses to ens addresses

* Use nodify on background.setAddressBook to receive correct result in actions.js

* Better error handling for actions.js addToAddressBook

* Eliminate unnecessary data normalization and move more data manipluation to ens-input and send-content containers
2019-08-13 20:43:05 -02:30
Whymarrh Whitby
22b20837d4
Remove reload from Share Address button (#6991)
* Update tooltip words for Share Address

* Don't forceReload anything on Share Address
2019-08-09 15:00:59 -02:30
Whymarrh Whitby
ceace71bf5
Remove unused lostAccounts state (#6979) 2019-08-08 17:03:10 -02:30
Mark Stacey
12e055a37c
Close window after opening fullscreen (#6966)
* Add background environment type

The `getEnvironmentType` method now checks for the background
environment as well, instead of returning 'notification' for that case.

Instead of adding another regex for the background path, the regexes
for each environment have been replaced with the URL constructor[0].
This is the standard method of parsing URLs, and is available in all
supported browsers.

[0]: https://developer.mozilla.org/en-US/docs/Web/API/URL

* Add note regarding a missing manifest permission

The `url` parameter to `tabs.query(...)` requires the `tabs` permission,
and will be ignored otherwise. We are missing this permission, so that
call does not work.

* Close window after opening full screen

The browser behaviour when opening a new tab differs between Chrome and
Firefox. In the case of a popup, Chrome will close the popup whereas
Firefox will leave it open. In the case of the notification window,
Chrome will move the new tab to the foreground, whereas Firefox will
leave the notification window in the foreground when opening a new tab.

We always want to close the current UI (popup or notification) when
switching to a full-screen view. The only exception to this is when the
switch is triggered from the background, which has no UI.

Closes #6513, #6685
2019-08-08 11:50:32 -03:00
Dan J Miller
da7fe65599
Ensure seed phrase backup only shows up for new users (#6975) 2019-08-08 09:08:41 -02:30
Dan J Miller
9d5be5d29f
New notification fixes (#6955)
* Replace use of backup-notification with use of home notification

* Pin notifications relative to window

* Remove unneeded isRequired condition on some home.component properties

* Refactor rendering of home notifications

* UX for multiple notifications

* Adds dismissal to provider request notification.

* Fix test failures

The e2e tests have been updated to reference `home-notification`
classnames instead of the removed `background-notification`. The
active tab proptypes and default values were updated as well.
2019-08-02 18:01:26 -02:30
Mark Stacey
75d5374582
Restrict unconnected notice to specific protocols (#6954)
The notice asking whether you wanted to connect to a site was showing
up in places it shouldn't, like on the Firefox/Chrome settings pages
and on our fullscreen extension. It has now been restricted to only
be displayed for active tabs with specific protocols:

* http
* https
* dat
* dweb
* ipfs
* ipns
* ssb

This prevents the notice from being shown on settings pages, browser
extensions, and files such as PDFs.
2019-08-02 16:29:28 -02:30
Mark Stacey
bb87a0b92c
Add migration to remove seedWords state (#6937)
The `seedWords` state was removed from the PreferencesController
recently in #6920. That state hadn't been used in some time, and there
was a long period during which `seedWords` was periodically scrubbed
from the state, so it's highly unlikely that it still exists in state
for most users. It's hard to guarantee that it _doesn't_ though,
especially if a user hasn't opened MetaMask in a few months.
2019-08-02 10:28:25 -02:30
Dan J Miller
3eff478775
I5849 incremental account security (#6874)
* Implements ability to defer seed phrase backup to later

* Adds incremental-security.spec.js, including test dapp that sends signed tx with stand alone localhost provider

* Update metamask-responsive-ui for incremental account security changes

* Update backup-notification style and fix responsiveness of seed phrase screen

* Remove uneeded files from send-eth-with-private-key-test/

* Apply linguist flags in .gitattributes for send-eth-with-private-key-test/ethereumjs-tx.js

* Improve docs in controllers/onboarding.js

* Clean up metamask-extension/test/e2e/send-eth-with-private-key-test/index.html

* Remove unnecessary newlines in a couple first-time-flow/ files

* Fix import of backup-notification in home.component

* Fix git attrs file
2019-08-02 01:27:26 -02:30
Whymarrh Whitby
e9a63d5d5b
Default Privacy Mode to ON, allow force sharing address (#6904) 2019-08-01 10:54:33 -02:30
Whymarrh Whitby
4d88e1cf86 Enable indent linting via ESLint (#6936)
* Enable indent linting via ESLint

* yarn run lint:fix
2019-07-31 10:17:11 -10:00