* fix(settings): fixed two IPFS gateway issues
- adds back in two bugfixes that were originally in #19283
- fixes#16871
- fixes#18140
- achieves 100% code coverage for /ui/pages/settings/security-tab
- removes the npm package `valid-url`, which has not been updated in 10 years
* changes after #20172 was merged
* improved URL validation (specifically spaces)
* better Jest coverage
* response to legobeat review
* fixing lint and Jest
Remove the IncomingTransactionController and replace it with an internal helper class.
Move incoming transactions into the central transactions object.
Create a new RemoteTransactionSource interface to decouple incoming transaction support from Etherscan.
Split the incoming transaction logic into multiple files for easier maintenance.
This commit fulfills a long-standing desire to get the extension using
the same network controller as mobile by removing NetworkController from
this repo and replacing it with NetworkController from the
`@metamask/network-controller` package.
The new version of NetworkController is different the old one in a few
ways:
- The new controller inherits from BaseControllerV2, so the `state`
property is used to access the state instead of `store.getState()`.
All references of the latter have been replaced with the former.
- As the new controller no longer has a `store` property, it cannot be
subscribed to; the controller takes a messenger which can be
subscribed to instead. There were various places within
MetamaskController where the old way of subscribing has been replaced
with the new way. In addition, DetectTokensController has been updated
to take a messenger object so that it can listen for NetworkController
state changes.
- The state of the new controller is not updatable from the outside.
This affected BackupController, which dumps state from
NetworkController (among other controllers), but also loads the same
state into NetworkController on import. A method `loadBackup` has been
added to NetworkController to facilitate this use case, and
BackupController is now using this method instead of attempting to
call `update` on NetworkController.
- The new controller does not have a `getCurrentChainId` method;
instead, the chain ID can be read from the provider config in state.
This affected MmiController. (MmiController was also updated to read
custom networks from the new network controller instead of the
preferences controller).
- The default network that the new controller is set to is always
Mainnet (previously it could be either localhost or Goerli in test
mode, depending on environment variables). This has been addressed
by feeding the NetworkController initial state using the old logic, so
this should not apply.
* Use fake provider for NetworkController unit tests
In the unit tests for NetworkController, it's important to prevent
network requests from occurring. Currently we do that by using Nock.
However, the `core` version of NetworkController uses a fake provider
object. This is arguably a better approach for unit tests because it
prevents us from having to think about the behavior that a specific
middleware may have. For instance, the Infura middleware intercepts
`eth_chainId` to return a static result, and the block cache middleware
replaces the `latest` block tag with the latest block number, making an
extra call to `eth_blockNumber` in doing so. We have to account for
these kinds of behaviors when using Nock, but we do not need to do this
when using a fake provider.
This should make it easier to compare the difference between the unit
tests in this repo vs. in the `core` repo, which should ultimately help
us merge the two controllers together.
* Rename fake-provider-engine to fake-provider
* Rearrange imports
* Move fake-provider and fake-block-tracker into a directory and exclude it from coverage
* Make FakeBlockTracker inert, and fix JSDocs
* Remove generics from FakeProvider
* Call beforeCompleting (and beforeResolving) using async/await
* Fix signature of sendAsync; align other signatures within FakeProvider
* No need to check whether error is not a string
* Don't exclude the provider-api-tests directory from coverage
* Make sure to mock both net_version and eth_getBlockByNumber when testing network status
* Fix FakeProvider so that none of the methods have optional callbacks
This helps us more easily compare the unit tests for NetworkController
in this repo and the NetworkController in the `core` repo.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
* Adding browser outdated notification
* updating dependency
* adding unit tests for util function
* adding unit tests for selectors, lintfix
* Added Tests, refactored notification delay logic
* lint:fix
* adding test coverage for method parameter
* Update app/scripts/controllers/app-state.js
adding documentation details
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* moving declaration into test
* Update app/scripts/controllers/app-state.test.js
spacing in test file
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Update jest.config.js
removing duplicate entries
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* using async submitRequestToBackground method
* removing unused import
* removing unnecessary link syntax in notification
* adding opera and edge and associated tests
* handling the undefined case in bowser.satisfies
* setOutdatedBrowserWarningLastShown try/catch
* lint:fix
* Removing try/catch and letting errors bubble up
Removing deprecated displayWarning method
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* taking out forceMetamaskUpdateState call
* excludint app-state test from mocha test suite
* Added note: Jest files should match Mocha excluded
* syntax error, lint:fix
---------
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Storing the icon name env var as a string and parsing to use with components
* Moving icon env vars to jest specific env.js file
* Updating snapshots
Add tests for the `block-tracker-inspector` middleware — which makes
sure that the block tracker never has a reference to the latest block
which is less than a block number that shows up in an RPC method's
response — and the Infura middleware — which takes care of sending the
request to Infura, and will retry the request up to 5 times if Infura
sends back a certain type of error.
Note that the `retry-on-empty` middleware is not tested because it
currently has a [bug][1] which is making it ineffective.
[1]: https://github.com/MetaMask/eth-json-rpc-middleware/issues/139
Refactor code and add unit tests for blocklist
Add small fix for undefined
Update property names
Structural refactoring
Refactor and improve unit tests
Add comment that explains part of snaps blocking logic
Refactor blocklist utility
* Increase likelyhood of valid method signatures being returned by getMethodData
* Update coverage
* Update coverage
* Update coverage
* add a migration to clear knownMethodData
* Small typo changes
Co-authored-by: Alex <adonesky@gmail.com>
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.
Closes#11626
The ESLint config has been updated to v8. The breaking changes are:
* The Prettier rule `quoteProps` has been changed from `consistent` to
`as-needed`, meaning that if one key requires quoting, only that key is
quoted rather than all keys.
* The ESLint rule `no-shadow` has been made more strict. It now
prevents globals from being shadowed as well.
Most of these changes were applied with `yarn lint:fix`. Only the
shadowing changes required manual fixing (shadowing variable names were
either replaced with destructuring or renamed).
The dependency `globalThis` was added to the list of dynamic
dependencies in the build system, where it should have been already.
This was causing `depcheck` to fail because the new lint rules required
removing the one place where `globalThis` had been erroneously imported
previously.
A rule requiring a newline between multiline blocks and expressions has
been disabled temporarily to make this PR smaller and to avoid
introducing conflicts with other PRs.
# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
The coverage reporter for the console has been changed from `text` to
`text-summary` because `text` was too long. It exceeded the maximum
length of the CircleCI terminal output shown on their jobs page, making
it very difficult to see why the unit test coverage job failed.
The text summary only displays overall coverage metrics, but that is
usually enough to indicate when the test fails due to a drop in
coverage. The more detailed breakdown is still available as a HTML
report linked in the `metamaskbot` comment, and in the `jest-coverage`
directory when run locally.
The three on-disk coverage reports used previously (`lcov`, `json`, and
`clover`) have been replaced with just `html`. The HTML report was part
of the `lcov` report, and it was the only one we were using.
* add storybook unit tests with CI integration
* fix command and fix casing for test
* change ci ordering for storybook tasks
* fix syntax error
* fix jest
* lint
* Add transaction-total-banner render test to Storybook (#12517)
* transaction-total-banner
* lint
* confirm to spec
* lint
* fix jest ocnfig for snapshot test failure
The extension version used throughout the wallet is now normalized to a
SemVer-compliant version that matches the version used in
`package.json`. We use this version for display on the "About" page,
and we attach it to all error reports and metric events, so it's
important that we format it consistently so that we can correlate
events on the same version across different browsers.
This normalization step is necessary because Firefox and Chrome both
have different requirements for the extension version, and neither is
SemVer-compliant.
* Jestify migrations/
* Lint exclude migrations from mocha config, and add inclusion to jest config
* Add migration tests to jest config
* Exclude/ignore migration tests
* Set process.env.IN_TEST to true when running tests locally
This PR adds build-time code exclusion by means of code fencing. For details, please see the README in `./development/build/transforms`. Note that linting of transformed files as a form of validation is added in a follow-up, #12075.
Hopefully exhaustive tests are added to ensure that the transform works according to its specification. Since these tests are Node-only, they required their own Jest config. The recommended way to work with multiple Jest configs is using the `projects` field in the Jest config, however [that feature breaks coverage collection](https://github.com/facebook/jest/issues/9628). That being the case, I had to set up two separate Jest configs. In order to get both test suites to run in parallel, Jest is now invoked via a script, `./test/run-jest.sh`.
By way of example, this build system feature allows us to add fences like this:
```javascript
this.store.updateStructure({
...,
GasFeeController: this.gasFeeController,
TokenListController: this.tokenListController,
///: BEGIN:ONLY_INCLUDE_IN(beta)
PluginController: this.pluginController,
///: END:ONLY_INCLUDE_IN
});
```
Which at build time are transformed to the following if the build type is not `beta`:
```javascript
this.store.updateStructure({
...,
GasFeeController: this.gasFeeController,
TokenListController: this.tokenListController,
});
```
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
wip
Documentation improvements for send slice support of EIP1559
Remove console.log in send duck
Property lookup safety improvement in selectors/confirm-transaction
Add code accidentally removed in rebase
Update addTxGasDefaults and _getDefaultGasFees to work with new estimate types, and ensure we correctly handle gas price estimates when on EIP1559 networks (#11615)
* Fix typo
Remove console.log in send duck
* Update addTxGasDefaults and _getDefaultGasFees to work correctly with all new gas fee estimate types
* Don't show gas timing support when not on eip1559 compatible network
* Hide gas timing component on transaction screen when on a non-1559 network
* Improve comments, tests and edge case handling
* Ensure eip1559 fees are applied and updated correctly when eip1559 estimate api fails
* Lint fix
Co-authored-by: Brad Decker <git@braddecker.dev>
Remove console.log
Handle possible gasEstimateType undefined
Remove unnecessary nonce field position change in confirm-page-container-content__details
