1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-28 23:06:37 +01:00
Commit Graph

393 Commits

Author SHA1 Message Date
Mark Stacey
d55507615c
Fix Sentry in LavaMoat contexts (#15672)
Our Sentry setup relies upon application state, but it wasn't able to
access it in LavaMoat builds because it's running in a separate
Compartment.

A patch has been introduced to the LavaMoat runtime to allow the root
Compartment to mutate the `rootGlobals` object, which is accessible
from outside the compartment as well. This lets us expose application
state to our Sentry integration.
2022-08-23 11:12:50 -02:30
Dan J Miller
fc232da4c4
Fix state creation in setupSentryGetStateGlobal (#15635) 2022-08-18 15:25:28 -02:30
Jyoti Puri
eb85fc266d
Refactoring isManifestV3 variable (#15568) 2022-08-16 20:51:42 +05:30
Daniel
2eb0fe6978
Add more tracking for MetaMask (#15462) 2022-08-11 19:33:33 +02:00
Brad Decker
c72199a1a6
update prettier (#15360) 2022-07-31 13:26:40 -05:00
Brad Decker
652d631cda
remove exclusions for mismatched object jsdoc type casing (#15351) 2022-07-27 08:28:05 -05:00
Dan J Miller
101fe0b27a
Metrics adjustments (#15313)
* Don't send errors to sentry if users have not opted-in to participate in metametrics

* Don't capture opt-out metrics

* Move the metrics-opt in screen to immediately after the welcome screen

* Ensure that global.getSentryState is set in the background

* Fix e2e tests after rearranging onboardin flow

* Fix unit tests

* More e2e test fixes

* Remove unnecessary wrappers around capture exception
2022-07-22 18:09:48 -02:30
Mark Stacey
e6d5af5f9a Merge remote-tracking branch 'origin/develop' into master-sync
* origin/develop: (131 commits)
  Update `protobufjs` and remove obsolete advisory exclusion (#14841)
  Include snap version in pill (#14803)
  Update PULL_REQUEST_TEMPLATE.md (#14790)
  fix: keystone transaction qrcode has no white spacing (#14798)
  Snap notifications integration (#14605)
  Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
  snaps-skunkworks@0.15.0 (#14772)
  Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
  Ensure transaction type is correctly updated on edit (#14721)
  Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
  Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
  Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
  Migrate the "estimateGas" API call to "getFees" for STX (#14767)
  Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
  Adding flag for MV3 (#14762)
  Add types to send state (#14740)
  Remove site origin on snap install (#14752)
  Update design tokens library from 1.5 to 1.6 WIP (#14732)
  Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
  remove draft transaction (#14701)
  ...
2022-06-03 11:53:40 -02:30
Jyoti Puri
25082ae272
Adding flag for MV3 (#14762) 2022-05-26 10:18:23 +05:30
Mark Stacey
d1ac1a8389 Rename phishing warning page environment variable
The phishing warning page URL environment variable has been renamed
from `PHISHING_PAGE_URL` to `PHISHING_WARNING_PAGE_URL`. We call this
page the "phishing warning page" everywhere else, and this name seemed
better suited (it's not a phishing page itself).

The variable has been listed and documented in `.metamaskrc.dist` as
well.
2022-05-16 18:48:20 -02:30
Mark Stacey
7199d9c567 Use externally hosted phishing warning page
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.

The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.

The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.

The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.

New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
2022-05-16 14:40:50 -02:30
Alex Donesky
8df8f81df7
Deprecate extensionizer for webextension-polyfill (#13960)
* deprecate extensionizer for webextension-polyfill

* fix tests

* remove extensionizer

* fix browser windows api calls

* fix broken on firefox

* fix getAcceptLanguages call

* update more browser apis that are now promisified

* remove unnecessary console error ignoring in e2e tests
2022-03-18 14:07:05 -05:00
Jyoti Puri
9d26bd762f
Improvements in connectRemote function in background.js (#13762) 2022-03-09 20:45:07 +05:30
Shane
3772dfee11
Added subjectType to setupProviderConnection and setupUntrustedCommunication (#13437)
These changes were split off from the snaps branch [here](https://github.com/MetaMask/metamask-extension/pull/11837#discussion_r792942834).

The `subjectType` is necessary to handle connecting to snaps using these methods.
2022-01-28 13:42:32 -08:00
Mark Stacey
3732c5f71e
Add JSDoc ESLint rules (#12112)
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.

Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.

Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
2022-01-07 12:27:33 -03:30
Mark Stacey
22f931e6b2
Prevent automatic rejection of confirmations (#13194)
* Prevent automatic rejection of confirmations

Confirmations are now only automatically rejected if a user explicitly
closes the notification window. If we close the window programmatically
because there are no notifications left to show, nothing gets rejected.

This partially avoids a race condition where a confirmation gets
rejected automatically without the user having seen the confirmation
first. This could happen if the confirmation was processed just as the
notification window was being closed.

It's still possible for a confirmation that the user has never seen to
get rejected as a result of the user closing the window. But at least
now it's no longer possible for a confirmation to get rejected in this
manner after the user resolves the last confirmation in the queue.

* Fix bug that prevented automatic closure detection

All windows were being detected as explicit window closures,
essentially just as they were previously, because this variable was
cleared too soon.

* Re-open popup when necessary

After the window is automatically closed, a confirmation may have been
queued up while the window was closing. If so, the popup is now re-
opened.
2022-01-05 13:39:19 -03:30
Alex Donesky
c266d4e6af
Feat/check update collectible ownership (#13110)
* Use method to check and update collectible ownership
2022-01-03 14:39:41 -06:00
Erik Marks
31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00
Mark Stacey
7226357422
Fix isMainnet propType error (#12951)
A propType error was showing up during e2e tests with a `testDev`
build. It was caused by `process.env.IN_TEST` being treated as a
boolean, when in fact it is either the string `'true'` or a boolean.

`IN_TEST` has been updated to always be a boolean. `loose-envify` has
no trouble injecting boolean values, so there's no reason to treat this
as a string.
2021-12-02 14:46:46 -03:30
Olaf Tomalka
a323a5fe59
Reject popup confirmations on close (#12643)
* Background clears confirmations on popup close

* [WIP] Remove clearing confirmations through UI

* Confirmations are now rejected instead of cleared

* Erased commented out code

* Fix linter errors

* Changes after code review

* Moved metrics events from onWindowUnload to background

* PR review fixes

* Added abillity to add reason to rejection of messages

* Fix prettier

* Added type metrics event to signature cancel

* Fix test

* The uncofirmed transactions are now cleared even if Metamask is locked
2021-11-15 17:13:51 +01:00
Alex Donesky
e8ab578ed0
bump @metamask/controllers to v15.0.2 and remove AbortController workaround in e2e tests (#11988)
* bump @metamask/controllers to v15.0.1 and remove AbortController workaround in e2e tests

* remove old abortcontroller polyfill

* bump @metamask/controllers to v15.0.2
2021-09-03 09:34:21 -05:00
Erik Marks
8a8ce3a0c0
@metamask/controllers@15.0.0 (#11975)
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.

This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.

As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
2021-08-31 12:27:13 -07:00
Alex Donesky
d359429f04
Stop GasFeeController polling when pop closes (#11746)
* Stop GasFeeController polling when pop closes

* Stop estimate gas polling on window unload

* lint + comments

* Improve client closed logic

* lint

* Add back _beforeUnload on unmount in gas-modal-page-container

* Add full check and call onClientClosed method for notifcation environment

* Add gas pollingToken tracking to appStateController and use to disconnect polling for each environment type

* remove unused method

* move controller manipulation logic from background.js to metamask-controller, disaggregate methods

* add beforeunload handling to reset gas polling tokens from root of send page

* cleanup, lint and address feedback

* clear appState gasPollingTokens when all instances of all env types are closed, fix pollingTokenType arg from onEnvironmentTypeClosed call in metamask-controller

* mock new methods to fix tests

* final bit of cleanup + comments

Co-authored-by: Dan Miller <danjm.com@gmail.com>
2021-08-04 16:53:13 -05:00
kumavis
66eb4fb5a0
Update background.js (#11663) 2021-07-30 08:02:48 -05:00
ryanml
2bfc3a093f
Using values from shared/constants/time to represent timing values (#11241) 2021-06-10 12:27:03 -07:00
kumavis
bfdc1e68f5
Delete setupFetchDebugging.js (#10636)
* Delete setupFetchDebugging.js

* remove fetch-debugging (now handled corrently by sentry)
2021-03-23 18:05:49 +08:00
Brad Decker
a81629e104
refactor incoming tx controller (#10639) 2021-03-19 16:54:30 -05:00
Brad Decker
15d78b8158
use chain id for enabling ENS IPFS resolution (#10507) 2021-02-25 05:40:57 -06:00
jpatel888
38078d7a8d
Fix BatchRequest.execute() multiple window issue (#10423) 2021-02-11 18:37:56 -03:30
Brad Decker
19fa2f5962
cancel unapproved confirmations on network change (#10357) 2021-02-08 17:22:30 -06:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
Erik Marks
90289ec22a
Further improve organization of constants (#10200) 2021-01-20 08:13:14 -08:00
Mark Stacey
d2b6376c3d
Skip reporting of successive persistence failures (#10099)
Failure to persist state will now only report to Sentry if the last
attempt to save state succeeded. This ensures that if anyone is stuck
in a state where state can't be saved (e.g. low disk space), we aren't
flooded with repeated errors on Sentry.
2020-12-17 15:39:01 -03:30
Erik Marks
e05be40d92
@metamask/obs-store@5.0.0 (#10092) 2020-12-16 13:14:49 -08:00
Erik Marks
8f40d03299
Add approval controller (#9401)
This PR introduces the new approval controller to the extension codebase. We use it for the permissions controller's pending approval functionality.

The approval controller sets us up for a new pattern of requesting and managing user confirmations in RPC methods. Along with the generic RPC method middleware, the approval controller will allow us to eliminate our message managers, and decouple various method handlers from our provider stack, making the implementations more portable between the extension and mobile.
2020-12-14 08:04:26 -08:00
Mark Stacey
55e5f5513c
Log persistence errors with Sentry (#10018)
Failures to persist state are now logged in Sentry. Previously they
were only logged to the background console.
2020-12-08 16:17:51 -03:30
Etienne Dusseault
9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00
Erik Marks
5a80f04dca
Consolidate notification UI openers (#9885)
* Consolidate notification UI openers

* Update tests
2020-11-16 08:32:53 -08:00
Mark Stacey
14d85b1332
Make JSDoc formatting more consistent (#9796)
A few inconsistencies in JSDoc formatting have been fixed throughout
the project. Many issues remain; these were just the few things that
were easy to fix with a regular expression.

The changes include:

* Using lower-case for primitive types, but capitalizing non-primitive
 types
* Separating the parameter identifier and the description with a dash
* Omitting a dash between the return type and the return description
* Ensuring the parameter type is first and the identifier is second (in
 a few places it was backwards)
* Using square brackets to denote when a parameter is optional, rather
 than putting "(optional)" in the parameter description
* Including a type and identifier with every parameter
* Fixing inconsistent spacing, except where it's used for alignment
* Remove incorrectly formatted `@deprecated` tags that reference non-
 existent properties
* Remove lone comment block without accompanying function

Additionally, one parameter was renamed for clarity.
2020-11-10 14:00:41 -03:30
Patryk Łucka
d1430e733e
Do not check popupIsOpen on Vivaldi (#9271) 2020-11-06 10:38:48 -08:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
Erik Marks
5b8c07817a
Remove localhost provider type (#9551)
* Delete localhost provider type

* Use ganache-cli default chain ID for tests

* Delete unused test firstTimeState variable

* Migrate default ganache-cli network to frequentRpcListDetail

* Add default test provider state

* Add test functionality to createJsonRpcClient

* Lint locales

* Update test middleware creation

* fixup! Update test middleware creation
2020-10-12 12:05:40 -07:00
Dan J Miller
30d13422b5
Add MetaMask Swaps (#9482) 2020-10-06 15:58:38 -02:30
Erik Marks
088d4c34f1
Merge pull request from GHSA-c2xw-px2x-pr65
* Remove network config store
* Remove inline networks variable in network controller
* Re-key network controller 'rpcTarget' to 'rpcUrl'
* Require chainId in lookupNetwork, implement eth_chainId
* Require chain ID in network form
* Add alert, migrations, and tests
* Add chainId validation to addToFrequentRpcList
* Update public config state selector to match new network controller
state
* Use network enums in networks-tab.constants
* Ensure chainId in provider config is current
* Update tests
2020-10-06 15:27:02 -02:30
Whymarrh Whitby
e2dedaacdb
Use Infura v3 API (#9368)
* Use eth-json-rpc-infura@5.0.0
* Use Infura v3 API
* Add example .metamaskrc file
2020-09-10 13:46:00 -02:30
Whymarrh Whitby
b6ccd22d6c
Update ESLint shared config to v3 (#9274)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-19 13:57:05 -02:30
Whymarrh Whitby
6ab12001e3
Fix prefer-destructuring issues (#9263)
See [`prefer-destructuring`](https://eslint.org/docs/rules/prefer-destructuring) for more information.

This change enables `prefer-destructuring` and fixes the issues raised by the rule.
2020-08-18 17:36:58 -02:30
Whymarrh Whitby
c1e3c229bc
Fix import/order issues (#9239)
See [`import/order`](https://eslint.org/docs/rules/import/order) for more information.

This change enables `import/order` and fixes the issues raised by the rule.
2020-08-18 16:48:25 -02:30
Whymarrh Whitby
9b78d3ab07
Fix import/extensions issues (#9217)
See [`import/extensions`](https://eslint.org/docs/rules/import/extensions) for more information.

This change enables `import/extensions` and fixes the issues raised by the rule.
2020-08-14 09:16:45 -02:30
Whymarrh Whitby
a8863a3446
Fix consistent-return issues (#9192)
See [`consistent-return`](https://eslint.org/docs/rules/consistent-return) for more information.

This change enables `consistent-return` and fixes the issues raised by the rule.
2020-08-12 16:36:57 -02:30
Whymarrh Whitby
4f0a205369
Use eslint@6.8.0 (#8978)
* Use eslint@6.8.0
* yarn lint:fix
2020-07-14 12:50:41 -02:30
Mark Stacey
1fb15a52bb
Stop reporting failed transactions to Sentry (#8795)
These error reports are not useful.
2020-06-12 16:41:57 -03:00
Whymarrh Whitby
87c2c81da7
Remove some unused state keys (#8776)
* Remove unused networkEndpointType state key

* Remove unused coinOptions state key
2020-06-10 14:51:12 -02:30
Whymarrh Whitby
f4c255b7c7
Delete unused InfuraController & tests (#8773) 2020-06-10 11:44:04 -02:30
Erik Marks
56004db8bf blocklisted -> blocked 2020-06-08 17:57:59 -07:00
Erik Marks
8f086087d8 blacklist -> blocklist; whitelist -> safelist 2020-06-08 17:49:36 -07:00
Erik Marks
616a446832
Use URL origin instead of hostname for permission domains (#8717)
* use URL.origin instead of hostname for tabs and permissions
2020-06-01 16:24:27 -07:00
Mark Stacey
df85ab6e10
Implement asset page (#8696)
A new page has been created for viewing assets. This replaces the old
`selectedToken` state, which previously would augment the home page
to show token-specific information.

The new asset page shows the standard token overview as seen previously
on the home page, plus a history filtered to show just transactions
relevant to that token.

The actions that were available in the old token list menu have been
moved to a "Token Options" menu that mirrors the "Account Options"
menu.

The `selectedTokenAddress` state has been removed, as it is no longer
being used for anything.

`getMetaMetricState` has been renamed to `getBackgroundMetaMetricState`
because its sole purpose is extracting data from the background state
to send metrics from the background. It's not really a selector, but
it was convenient for it to use the same selectors the UI uses to
extract background data, so I left it there for now.

A new Redux store has been added to track state related to browser history.
The most recent "overview" page (i.e. the home page or the asset page) is
currently being tracked, so that actions taken from the asset page can return
the user back to the asset page when the action has finished.
2020-06-01 14:54:32 -03:00
Erik Marks
0470386326
Delete recent blocks controller (#8575)
* delete recent blocks controller

* delete percentile from direct dependencies
2020-05-12 12:40:33 -07:00
Erik Marks
79d9209473
Open notification UI when eth_requestAccounts waits for unlock (#8508) 2020-05-05 07:03:21 -07:00
Erik Marks
5b06bf795b
Delete amountConversionRate and selectors (#8503) 2020-05-04 10:54:54 -07:00
Mark Stacey
165666b315
Remove unnecessary tx meta properties (#8489)
* Remove `estimatedGas` property from `txMeta`

The `estimatedGas` property was a cache of the gas value estimated for
a transaction when the default gas limit was set. This property wasn't
used anywhere. It may have been useful for debugging purposes, but the
same gas estimate is already stored on the `history` property so it
should be present in state logs regardless.

* Remove `gasLimitSpecified` txMeta property

The `gasLimitSpecified` property of `txMeta` wasn't used for anything.
It might have been useful for debugging purposes, but whether or not
the gas limit was specified can also be determined from looking at the
transaction history, so it's not a huge loss.

* Remove `gasPriceSpecified` txMeta property

The `gasPriceSpecified` property of `txMeta` wasn't used for anything.
It might have been useful for debugging purposes, but whether or not
the gas price was specified can also be determined from looking at the
transaction history, so it's not a huge loss.

* Remove `simpleSend` txMeta property

The `simpleSend` property of `txMeta` was used to ensure a buffer was
not added to the gas limit during gas estimation for simple send
transactions. It was made redundant by #8484, which accomplishes this
without the use of this property.
2020-05-01 08:44:05 -03:00
Mark Stacey
bace02ad02
Remove unused ShapeShift components (#8402)
The `shift-list-item` component for displaying ShapeShift transactions
has been removed, along with three other components that were used
solely by that component (`copyButton`, `eth-balance`, and
`fiat-value`).

This component hasn't been used in some time, as ShapeShift
transactions no longer exist to display. The controller that ShapeShift
transactions originated from was removed in #8118, and it became
impossible to create new ShapeShift transactions from within MetaMask
in #6746
2020-04-24 12:33:24 -03:00
Mark Stacey
a36e6d414b
Remove unused currentAccountTab state (#8404)
This state has been removed from the background. It was used for the
old UI, and has been unused for some time. A migration has been added
to delete this state as well.

The action creator responsible for updating this state has been removed
from the UI as well, along with the `callBackgroundThenUpdateNoSpinner`
convenience function, which was only used for this action.
2020-04-24 00:23:28 -03:00
Mark Stacey
e02a0221fc
Focus the notification popup if it's already open (#8318)
Any action in the background that would have opened the notification
window will now focus the window instead if it was already open.
Previously it would leave the window unfocused. This was particularly
inconvenient when taking multiple actions in quick succession that all
require confirmations (e.g. triggering multiple transactions).
2020-04-11 20:43:55 -03:00
Mark Stacey
852277b2ae
Refactor notification manager and triggerUi to use extension platform (#8317)
The notification manager has been refactored to use the extension
platform module instead of using `extensionizer` directly. The
extension platform API presents a more ergonomic API, and it correctly
handles errors (which the old notification manager did not). Methods
that the extension platform lacked have been added.

It has been updated to use `async/await` instead of callbacks as well,
for readability.

The `triggerUI` function has also been updated to use the extension
platform instead of `extensionizer`.
2020-04-11 12:12:45 -03:00
Mark Stacey
e720843517
Fix popup not opening (#8314)
MetaMask would sometimes get into a state where the notification popup
would never open. This could happen if the notification window was
closed shortly after being opened. After this happened, no popups would
show up until after the extension was reset.

This was happening because the background thought the popup was already
open. The variable it uses to track whether the popup was open or not
was being set to `true` immediately after the background asked the
browser to open a new window, before a handler was attached that could
respond to the window being closed.

Removing this line seems to solve the problem.

This line was added originally in #5437, which dealt with batch
transactions. Batches of transactions seem to work just fine without
this line though (from local testing), and I can't think of why this
would be required.

Closes #7051
2020-04-09 20:43:32 -03:00
Mark Stacey
11c6839b91
Remove unused option (#8315)
This `closePopup` option to the MetamaskController was never used.
2020-04-09 20:15:38 -03:00
Dan J Miller
d1e078b8de
Connect flow via popup (#8269)
* Connect screen popup redesign

* Open permission request in notification instead of tab

* Remove no longer user locales

* Update permissions unit test mock to accout for change of opts passed to permissions controller

* Lint fix

* Inline broken line svg in permission-page-container-content.component.js for faster loading

* Add back button to second screen on connect flow

* Add xOfY locale and use for the page count in the connect flow

* Lint fix for svgs permission-page-container-content.component.js

* Fix rebase error

* Lint fix

* Clean up styles on the connect-screen-into-popup branch

* Use closeCurrentWindow to close window on cancel when in full screen connect flow

* Handle errors in rejectPermissionsRequest

* Full screen styles for connect flow

* Lint fixed in permissions-connect and actions.js

* Redirect screen now shows metamask icon instead of users identicon

* Fix subtitle spacing in permissions-connect-header'

* Use window.close instead of closeCurrentWindow() in cancelPermissionsRequest

* Use permissions-connect-header__subtitle in permissions-connect-header.component
2020-04-07 16:08:15 -02:30
Mark Stacey
12536aa47f
Remove unused isPopup state (#8280)
This property was being set upon each change to background state.
2020-04-01 20:01:47 -03:00
Erik Marks
2301d9980e
Wait for extension unlock before processing eth_requestAccounts (#8149)
* eth_requestAccounts: wait on unlock

return error on duplicate eth_requestAccounts
add getUnlockPromise mock to permissions unit tests

* only await unlock if already permitted

* add notification badge for wait on unlock

* fixup

* more fixup

* cleanup

* update keyring controller, us its unlock event

* move keyring update unlock logic to unlock event handler

* fix unit tests

* delete onUnlock handler

* fix eth-keyring-controller resolution

* update eth-keyring-controller
2020-03-23 09:25:55 -07:00
Erik Marks
2df8b85c5f
LoginPerSite: Support multiple accounts without automatic switching (#8079)
* transaction editing: use txParams 'from' account

* signature-request: use txParams 'from' account

* signature-request-original: use txParams 'from' account

* encryption/decryption: use txParams 'from' account

* update tests

* set 'send' state 'from' address in confirm containers
2020-03-06 13:34:56 -08:00
Konstantin
6f47fece56
Implementation encrypt/decrypt feature (#7831)
Implement `eth_decrypt` and `eth_getEncryptionPublicKey`. This allows decryption backed by the user's private key. The message decryption uses a confirmation flow similar to the messaging signing flow, where the message to be decrypted is also able to be decrypted inline for the user to read directly before confirming.
2020-02-19 14:24:16 -04:00
Whymarrh Whitby
a78cf0ef3a Enable arrow-parens ESLint rule 2020-02-15 17:04:21 -03:30
Mark Stacey
ee415058cc
Only resolve ENS on mainnet (#7944)
The ENS resolver will now bail on any network other than mainnet.
2020-01-29 20:57:14 -04:00
Mark Stacey
7b35ea6400
Allow exporting state during e2e tests (#7860)
As of #7663, an in-memory store was used in place of local storage
during e2e tests, to facilitate the use of state fixtures. However,
this made it difficult to export state during a test run. The
instructions for exporting state to create fixtures assumed that local
storage was being used.

A new global function has been added to the background context to allow
exporting state. This method is available during testing and
development, and it works with either local storage or the in-memory
store. The fixture instructions have been updated to reference this new
function.
2020-01-17 18:59:25 -04:00
Whymarrh Whitby
76a31c3175 Clean up Migrator test cases (#7835) 2020-01-15 13:54:28 -08:00
Whymarrh Whitby
a891fa36b6
Remove MetaMask Mesh testing client (#7818) 2020-01-14 15:44:12 -03:30
Mark Stacey
ac01c5c89a
Consistent jsdoc syntax (#7755)
* Specify type before parameter name

Various JSDoc `@param` entries were specified as `name {type}` rather
than `{type} name`.

A couple of `@return` entries have been given types as well.

* Use JSDoc optional syntax rather than Closure syntax

* Use @returns rather than @return

* Use consistent built-in type capitalization

Primitive types are lower-case, and Object is upper-case.

* Separate param/return description with a dash
2020-01-13 14:36:36 -04:00
Whymarrh Whitby
92971d3c87
Migrate codebase to use ESM (#7730)
* Update eslint-plugin-import version

* Convert JS files to use ESM

* Update ESLint rules to check imports

* Fix test:unit:global command env

* Cleanup mock-dev script
2020-01-09 00:04:58 -03:30
Mark Stacey
09859d48b0
Prevent install popup during e2e tests (#7760)
Typically the fullscreen UI will open upon installation, though this
behaviour was suppressed in development. This was dealt with in the e2e
tests by waiting for it to open, then closing it.

Instead this behaviour is now suppressed for test builds as well.
2020-01-08 11:47:45 -04:00
Mark Stacey
69d418a5a3
Login per site onboarding (#7602)
* Remove unused onboarding stream

* Pass `sender` through to `setupProviderEngine`

The Port `sender` has been passed down a few more layers. This allows
us to get more information from the sender deeper in the stack, but
also simplifies things a bit as well. For example, now the "fake"
URL object with the `metamask` hostname is no longer needed.

* Create onboarding middleware

This middleware intercepts `wallet_registerOnboarding` RPC messages. It
will register the sender as an oboarding initiator if possible, and
otherwise ignores the message.
2019-12-20 12:02:31 -03:30
Whymarrh Whitby
6c1bce28ac
Fix a few instances of signature mismatches (#7704)
Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2019-12-16 19:54:52 -03:30
pldespaigne
0ef7f603d6 Ipfs cid v1 base32 (#7362)
add ipfs gateway to advanced settings
use ipfs gateway from settings
use ipfs.dweb.link as default CID gateway
disallow gateway.ipfs.io as gateway
2019-12-12 11:28:07 -08:00
Mark Stacey
eadeaa7883 End-to-end test state fixtures (#7663)
* Add network store for testing

An alternative persistent state store has been created for use with e2e
tests. Instead of reading state from disk, it tries to load state from
a local fixture server running on port `12345` and serving state from
the path `/state.json`, and returns a blank state otherwise.

* Add e2e test fixture server

A fixture server has been added for serving background state, which the
background will read upon startup as part of restoring persisted state.

The `signature-request` e2e test has been updated to use a fixture to
bypass the registration step. The fixture used (`imported-account`) was
generated by pausing midway through that test run
2019-12-11 09:26:20 -08:00
Whymarrh Whitby
34b674c3d7
Remove unneeded Edge-specific encryption code (#7683) 2019-12-10 16:34:50 -03:30
Whymarrh Whitby
274a9ecf53 yarn lint --fix 2019-12-03 17:20:55 -03:30
Dan Finlay
f519fa1ed3
Connect distinct accounts per site (#7004)
* add PermissionsController

remove provider approval controller
integrate rpc-cap
create PermissionsController
move provider approval functionality to permissions controller
add permissions approval ui, settings page
add permissions activity and history
move some functionality to metamask-inpage-provider
rename siteMetadata -> domainMetadata

add accountsChange notification to inpage provider
move functionality to inpage provider
update inpage provider
Remove 'Connections' settings page (#7369)
add hooks for exposing accounts in settings
rename unused messages in non-English locales

Add external extension id to metadata (#7396)

update inpage provider, rpc-cap
add eth_requestAccounts handling to background
prevent notifying connections if extension is locked
update inpage provider
Fix lint errors
add migration
review fixes
transaction controller review updates
removed unused messages

* Login Per Site UI (#7368)

* LoginPerSite original UI changes to keep

* First commit

* Get necessary connected tab info for redirect and icon display for permissioned sites

* Fix up designs and add missing features

* Some lint fixes

* More lint fixes

* Ensures the tx controller + tx-state-manager orders transactions in the order they are received

* Code cleanup for LoginPerSite-ui

* Update e2e tests to use new connection flow

* Fix display of connect screen and app header after login when connect request present

* Update metamask-responsive-ui.spec for new item in accounts dropdown

* Fix approve container by replacing approvedOrigins with domainMetaData

* Adds test/e2e/permissions.spec.js

* Correctly handle cancellation of a permissions request

* Redirect to home after disconnecting all sites / cancelling all permissions

* Fix display of site icons in menu

* Fix height of permissions page container

* Remove unused locale messages

* Set default values for openExternalTabs and tabIdOrigins in account-menu.container

* More code cleanup for LoginPerSite-ui

* Use extensions api to close tab in permissions-connect

* Remove unnecessary change in domIsReady() in contentscript

* Remove unnecessary private function markers and class methods (for background tab info) in metamask-controller.

* Adds getOriginOfCurrentTab selector

* Adds IconWithFallback component and substitutes for appropriate cases

* Add and utilize font mixins

* Remove unused  method in disconnect-all.container.js

* Simplify buttonSizeLarge code in page-container-footer.component.js

* Add and utilize getAccountsWithLabels selector

* Remove console.log in ui/app/store/actions.js

* Change last connected time format to yyyy-M-d

* Fix css associated with IconWithFallback change

* Ensure tracked openNonMetamaskTabsIDs are correctly set to inactive on tab changes

* Code cleanup for LoginPerSite-ui

* Use reusable function for modifying openNonMetamaskTabsIDs in background.js

* Enables automatic switching to connected account when connected domain is open

* Prevent exploit of tabIdOriginMap in background.js

* Remove unneeded code from contentscript.js

* Simplify current tab origin and window opener logic using remotePort listener tabs.queryTabs

* Design and styling fixes for LoginPerSite-ui

* Fix permissionHistory and permission logging for eth_requestAccounts and eth_accounts

* Front end changes to support display of lastConnected time in connected and permissions screens

* Fix lint errors

* Refactor structure of permissionsHistory

* Fix default values and object modifications for domain and permissionsHistory related data

* Fix connecting to new accounts from modal

* Replace retweet.svg with connect-white.svg

* Fix signature-request.spec

* Update metamask-inpage-provider version

* Fix permissions e2e tests

* Remove unneeded delay from test/e2e/signature-request.spec.js

* Add delay before attempting to retrieve network id in dapp in ethereum-on=.spec

* Use requestAccountTabIds strategy for determining tab id that opened a given window

* Improve default values for permissions requests

* Add some message descriptions to app/_locales/en/messages.json

* Code clean up in permission controller

* Stopped deep cloning object in mapObjectValues

* Bump metamask-inpage-provider version

* Add missing description in app/_locales/en/messages.json

* Return promises from queryTabs and switchToTab of extension.js

* Remove unused getAllPermissions function

* Use default props in icon-with-fallback.component.js

* Stop passing  to permissions controller

* Delete no longer used clear-approved-origins modal code

* Remove duplicate imports in ui/app/components/app/index.scss

* Use URL instead of regex in getOriginFromUrl()

* Add runtime error checking to platform, promise based extension.tab methods

* Support permission requests from external extensions

* Improve font size and colour of the domain origin on the permission confirmation screen

* Add support for toggling permissions

* Ensure getRenderablePermissionsDomains only returns domains with exposedAccount caveat permissions

* Remove unused code from LoginPerSite-ui branch

* Ensure modal closes on Enter press for new-account-modal.component.js

* Lint fix

* fixup! Login Per Site UI (#7368)

* Some code cleanup for LoginPerSite

* Adds UX for connecting to dapps via the connected sites screen (#7593)

* Adds UX for connecting to dapps via the connected sites screen

* Use openMetaMaskTabIds from background.js to determine if current active tab is MetaMask

* Delete unused permissions controller methods

* Fixes two small bugs in the LoginPerSite ui (#7595)

* Restore `providerRequest` message translations (#7600)

This message was removed, but it was replaced with a very similar
message called `likeToConnect`. The only difference is that the new
message has "MetaMask" in it. Preserving these messages without
"MetaMask" is probably better than deleting them, so these messages
have all been restored and renamed to `likeToConnect`.

* Login per site no sitemetadata fix (#7610)

* Support connected sites for which we have no site metadata.

* Change property containing subtitle info often populated by origin to a more accurate of purpose name

* Lint fix

* Improve disconnection modal messages (#7612)

* Improve disconnectAccountModalDescription and disconnectAllModalDescription messages

* Update disconnectAccountModalDescription app/_locales/en/messages.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Improve disconnectAccount modal message clarity

* Adds cancel button to the account selection screen of the permissions request flow (#7613)

* Fix eth_accounts permission language & selectability (#7614)

* fix eth_accounts language & selectability

* fix MetaMask capitalization in all messages

* Close sidebar when opening connected sites (#7611)

The 'Connected Sites' button in the accounts details now closes the
sidebar, if it is open. This was accomplished by pulling the click
handler for that button up to the wallet view component, where another
button already followed a similar pattern of closing the sidebar.

It seemed confusing to me that one handler was in the `AccountsDetails`
container component, and one was handed down from above, so I added
PropTypes to the container component.

I'm not sure that the WalletView component is the best place for this
logic, but I've put it there for now to be consistent with the add
token button.

* Reject permissions request upon tab close (#7618)

Permissions requests are now rejected when the page is closed. This
only applies to the full-screen view, as that is the view permission
requests should be handled in. The case where the user deals with the
request through a different view is handled in #7617

* Handle tab update failure (#7619)

`extension.tabs.update` can sometimes fail if the user interacts with
the tabs directly around the same time. The redirect flow has been
updated to ensure that the permissions tab is still closed in that
case. The user is on their own to find the dapp tab again in that case.

* Login per site tab popup fixes (#7617)

* Handle redirect in response to state update in permissions-connect

* Ensure origin is available to permissions-connect subcomponents during redirect

* Hide app bar whenever on redirect route

* Improvements to handling of redirects in permissions-connect

* Ensure permission request id change handling only happens when page is not null

* Lint fix

* Decouple confirm transaction screen from the selected address (#7622)

* Avoid race condtion that could prevent contextual account switching (#7623)

There was a race condition in the logic responsible for switching the
selected account based upon the active tab. It was asynchronously
querying the active tab, then assuming it had been retrieved later.

The active tab info itself was already in the redux store in another
spot, one that is guaranteed to be set before the UI renders. The
race condition was avoided by deleting the duplicate state, and using
the other active tab state.

* Only redirect back to dapp if current tab is active (#7621)

The "redirect back to dapp" behaviour can be disruptive when the
permissions connect tab is not active. The purpose of the redirect was
to maintain context between the dapp and the permissions request, but
if the user has already moved to another tab, that no longer applies.

* Fix JSX style lint errors

* Remove unused state
2019-12-03 09:35:56 -08:00
Mark Stacey
f763979bed
Add support for one-click onboarding (#7017)
* Add support for one-click onboarding

MetaMask now allows sites to register as onboarding the user, so that
the user is redirected back to the initiating site after onboarding.
This is accomplished through the use of the `metamask-onboarding`
library and the MetaMask forwarder.

At the end of onboarding, a 'snackbar'-stype component will explain to the
user they are about to be moved back to the originating dapp, and it will
show the origin of that dapp. This is intended to help prevent phishing
attempts, as it highlights that a redirect is taking place to an untrusted
third party.

If the onboarding initiator tab is closed when onboarding is finished,
the user is redirected to the onboarding originator as a fallback.

Closes #6161

* Add onboarding button to contract test dapp

The `contract-test` dapp (run with `yarn dapp`, used in e2e tests) now
uses a `Connect` button instead of connecting automatically. This
button also serves as an onboarding button when a MetaMask installation
is not detected.

* Add new static server for test dapp

The `static-server` library we were using for the `contract-test` dapp
didn't allow referencing files outside the server root. This should
have been possible to work around using symlinks, but there was a bug
that resulted in symlinks crashing the server.

Instead it has been replaced with a simple static file server that
will serve paths starting with `node_modules` from the project root.
This will be useful in testing the onboarding library without vendoring
it.

* Add `@metamask/onboarding` and `@metamask/forwarder`

Both libraries used to test onboarding are now included as dev
dependencies, to help with testing. A few convenience scripts
were added to help with this (`yarn forwarder` and `yarn dapp-forwarder`)
2019-11-22 13:03:51 -04:00
Whymarrh Whitby
aa41057628
Update ESLint rules for curly braces style (#7477)
* eslint: Enable curly and brace-style

* yarn lint --fix
2019-11-19 20:33:20 -03:30
Mark Stacey
5bce060985 Update badge colour
The badge colour is now '#037DD6', which stands out a bit more on both
light and dark modes.
2019-11-14 18:19:03 -04:00
Mark Stacey
99b8f2d544
Fix provider approval metadata (#7349)
* Omit MetaMask `extensionId` from site metadata

The site metadata was updated in #7218 to include the extension id of
the extension connecting to MetaMask. This was done to allow external
extensions to connect with MetaMask, so that we could show the id on
the provider approval screen.

Unbeknownst to me at the time, the extension id was being set for all
connections to MetaMask from dapps. The id was set to MetaMask's id,
because the connections are made through MetaMask's contentscript.

This has been updated to only set the id when accepting a connection
from a different extension.

* Fix `siteMetadata` property names

In #7218 a few things were added to the site metadata, so the provider
approval controller was middleware was updated to accept the site
metadata as an object rather than accepting each property as a separate
parameter. Unfortunately we failed to notice that the site name and
icon were named differently in the site metadata than they were in the
provider approval controller, so the names of those properties were
unintentionally changed in the controller state.

The provider approval controller has been updated to restore the
original property names of `siteTitle` and `siteIcon`. An unused prop
that was added to the provider approval page in #7218 has also been
removed.
2019-11-04 17:28:50 -04:00
Mark Stacey
8dfb0e8154
Add hostname and extensionId to site metadata (#7218)
If the extension ID is set, an alternate title and subtitle are used
for the Connect Request screen. The title is always `External
Extension`, and the subtitle is `Extension ID: [id]` instead of the
origin (which would just be `[extension-scheme]://[id]` anyway).

The hostname for the site is used as a fallback in case it has no
title.

The artificial hostname set for internal connections has been renamed
from 'MetaMask' to 'metamask' because URL objects automatically
normalize hostnames to be all lower-case, and it was more convenient to
use a URL object so that the parameter would be the same type as used
for an untrusted connection.
2019-10-29 13:14:41 -03:00
Erik Marks
478d6563f2
Freeze Promise global on boot (#7309)
* freeze background and UI Promise globals on boot

* add new tests

* remove tape
2019-10-24 06:54:32 -07:00
Dan J Miller
55bc9936c6 Turn off full screen vs popup a/b test (#7298) 2019-10-21 20:59:02 -03:00
Dan J Miller
1bd22b58c0
Add a/b test for full screen transaction confirmations (#7162)
* Adds ab test controller with a fullScreenVsPopup test

* Add migration for fullScreenVsPopup state

* Move abtest state under an 'abtests' object.

* MetaMask shows fullScreen group of a/b test unapproved txs in a full browser tab

* Ensure cancel metrics event in confirm-transaction-base.component.js is sent in all cases

* Switch to existing tab for unapproved tx if it exists when opening in full screen

* Send metrics event for entering a/b test from confirm screen

* Fix lint, unit and integration tests related to a/b test code

* Remove unnecessary tabs.query call in triggerUiInNewTab
2019-09-24 17:08:38 -04:00
kumavis
4d71f3f854 mesh-testing - submit infura rpc requests to mesh-testing container (#7031) 2019-09-23 02:54:41 -07:00
Mark Stacey
b5da8a237e
Remove the disk store (#7170)
The disk store has not been written to since MetaMask v4.3.0, as it was
removed in #3083. It was kept around so that anything written to disk
prior to v4.3.0 could still be restored.

It has been a year and a half since that release, so I think it's time
to remove the disk store altogether. The consequences of losing locally
stored data are small anyway - it's an inconvenience at worst.
2019-09-16 19:29:26 -03:00
Mark Stacey
50e9c4e5ad
Add polyfill for AbortController (#7157)
The AbortController is used in both the background and the UI. Support
for AbortController was added to Chrome in version 66, which is above
our minimum supported version.

I did consider increasing the minimum Chrome version to 66, but we have
a decent number of users still on Chrome 65 unfortunately.
2019-09-12 17:07:27 -03:00
Whymarrh Whitby
ecbde20949
Remove ComputedbalancesController (#7057) 2019-08-22 10:26:43 -02:30