1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 01:39:44 +01:00
Commit Graph

11527 Commits

Author SHA1 Message Date
MetaMask Bot
a8d1cdb7ee Version v8.1.10 2020-12-23 14:04:00 -03:30
Brad Decker
1aa6d7bfea throw a new wrapped error instead of default one from segment (#10118) 2020-12-23 14:04:00 -03:30
Mark Stacey
a492a5b0d1 Use late-bound noop function when disabling console (#10110)
The `disable-console` script introduced in #10040 used an arrow-
function no-op function to replace `console.log` and `console.info`.
This replacement function was early-bound to the `this` context of the
`disable-console` script, because that's how arrow functions work.

This violates an assumption baked into Sentry, which also replaces the
`console` functions. It wraps them in a function it uses to track
console logs as breadcrumbs. This wrapper function blows up for some
reason if the "original" `console` function is early-bound to a `this`
value of `undefined`.

This resulted in various UI freezes. One example is during onboarding,
when using Firefox with Enhanced Tracking Protection set in "strict"
mode. After submitting a password in the 'Create wallet' flow, the
Sentry `console` wrapper would throw and leave the user stuck on the
loading screen.

By replacing the no-op arrow function with a no-op function
declaration, the problem has been resolved.

Relates to #10097
2020-12-23 14:04:00 -03:30
dependabot[bot]
d9e1b6ee5d Bump @metamask/contract-metadata from 1.19.0 to 1.20.0 (#10104)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.19.0...v1.20.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-23 14:04:00 -03:30
Erik Marks
11d176fde6 Tighten up loading indication logic (#10103)
Ensures that `hideLoadingIndication` is always called in all actions that call `showLoadingIndication`. It's unclear how many of these actions were failing to hide the loading indication, because other actions superset `hideLoadingIndication`. 

At the very least, `updateTransaction` was probably failing to hide the loading indication in the error case.

This PR also refactors a lot of actions to call `hideLoadingIndication` once in `finally` blocks as opposed to multiple times across `try` and `catch` blocks. We avoided making changes to functions using `Promise` methods, because `Promise.finally` is not supported by Waterfox, and it's not properly transpiled by Babel.
2020-12-18 17:37:07 -03:30
Mark Stacey
8dd8bfd690 Skip reporting of successive persistence failures (#10099)
Failure to persist state will now only report to Sentry if the last
attempt to save state succeeded. This ensures that if anyone is stuck
in a state where state can't be saved (e.g. low disk space), we aren't
flooded with repeated errors on Sentry.
2020-12-18 17:36:58 -03:30
Mark Stacey
26c8cd49e0 Update @metamask/controllers to v5.1.0 (#10096)
This update comes with a breaking change to the Approval controller. It
now requires a `defaultApprovalType` parameter.

I don't think we have any use for a default approval type, but I've
added a "NO_TYPE" one for now because it's a strict requirement. We
should consider making this parameter optional in the future, for cases
like this where it's not needed.

This update will hopefully address some caching issues we've been
seeing with our phishing configuration. See here for more details:
https://github.com/MetaMask/controllers/pull/297
2020-12-18 17:36:31 -03:30
Brad Decker
9946819ad9 set last provider when switching to a customRPC (#10084) 2020-12-18 17:35:07 -03:30
Mark Stacey
47734b2c63
Merge pull request #10072 from MetaMask/Version-v8.1.9
Version v8.1.9 RC
2020-12-15 19:39:26 -03:30
Mark Stacey
395e4c346e
Update v8.1.9 changelog (#10080)
Entries have been added for the three commits just added to the RC.
2020-12-15 17:34:37 -03:30
Thomas Huang
8c658e3f11 Update changelog for v8.1.9 (#10075) 2020-12-15 16:56:00 -03:30
MetaMask Bot
5d30613120 Version v8.1.9 2020-12-15 16:56:00 -03:30
David Walsh
c4aa0b3c9a Fetch swap quote refresh time from API (#10069) 2020-12-15 16:56:00 -03:30
Mark Stacey
820decab1c Fix fetch-with-cache handling of interwoven requests (#10079)
A data race was introduced in #9919 when the old synchronous storage
API was replaced with an async storage API. The problem arises when
`fetchWithCache` is called a second time while it's still processing
another call. In this case, the `cachedFetch` object can become
stale while blocked waiting for a fetch response, and result in a cache
being overwritten unintentionally.

See this example (options omitted for simplicity, and assuming an empty
initial cache):

```
await Promise.all([
  fetchWithCache('https://metamask.io/foo'),
  fetchWithCache('https://metamask.io/bar'),
]
```

The order of events could be as follows:

1. Empty cache retrieved for `/foo` route
2. Empty cache retrieved for `/bar` route
3. Call made to `/foo` route
4. Call made to `/bar` route
5. `/foo` response is added to the empty cache object retrieved in
  step 1, then is saved in the cache.
6. `/bar` response is added to the empty cache object retrieved in
  step 2, then is saved in the cache.

In step 6, the cache object saved would not contain the `/foo`
response set in step 5. As a result, `/foo` would never be cached.

This problem was resolved by embedding the URL being cached directly in
the cache key. This prevents simultaneous responses from overwriting
each others caches.

Technically a data race still exists when handing simultaneous
responses to the same route, but the result would be that the last call
to finish would overwrite the previous. This seems acceptable.
2020-12-15 16:56:00 -03:30
David Walsh
b801ccdb35 Fix 9874 - Improve gas maximum estimation (#10043) 2020-12-15 16:56:00 -03:30
Erik Marks
62b00f62db Add eth_getProof to safe methods (#10070)
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186

It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
2020-12-14 21:15:54 -03:30
Brad Decker
f311d31736 fix metametrics option tracking (#10071) 2020-12-14 21:13:16 -03:30
Etienne Dusseault
16efd7c933 Disable console in contentscript (#10040)
* Maintain console logging in dev mode

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-14 21:13:03 -03:30
Nicholas Rodrigues Lordello
288760cffe Display boolean values when signing typed data (#10048) 2020-12-14 21:07:51 -03:30
Mark Stacey
c30a42ab8e Fix token validation in Send flow (#10045)
Additional validation was added in #9907 to ensure that the "Known
contract address" warning was shown when sending tokens to another
token address after switching assets on the Send screen. Unfortunately
this change had the unintended side-effect of preventing _all_ token
sends after switching assets, so long as the recipient was not an
internal address.

The problem is that the `validate` function expects to be passed the
address of the token send recipient in the case where a token is
selected. Instead the token address was being passed to the validate
function.

The `query` state is now used, which should always contain the
recipient address. This is the same state used in the only other place
the `validate` function is called.
2020-12-14 21:07:15 -03:30
Mark Stacey
7879481569 Fix contentscript injection failure on Firefox 56 (#10034)
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.

To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
2020-12-14 21:07:01 -03:30
Mark Stacey
98d6f71754 Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-14 21:06:47 -03:30
Mark Stacey
b0579f9e09
Merge pull request #10024 from MetaMask/Version-v8.1.8
Version v8.1.8 RC
2020-12-09 18:00:50 -03:30
Mark Stacey
f579acc36d Update v8.1.8 changelog
All user-facing changes have been listed.
2020-12-09 12:19:46 -03:30
MetaMask Bot
d5be047b7b Version v8.1.8 2020-12-09 12:19:45 -03:30
Mark Stacey
07fab76dd0 Rename lockdown.cjs to lockdown.js (#10026)
When you load an extension `.zip` file in Firefox, it fails to load
scripts with the `.cjs` file extension. However, it works if you load
the extension via the `manifest.json` file instead.

After renaming the `lockdown.cjs` file to `lockdown.js`, it works in
Firefox in all cases, regardless whether it's loaded by manifest or by
`.zip`.
2020-12-09 12:19:17 -03:30
Mark Stacey
e9b5386f74 Log persistence errors with Sentry (#10018)
Failures to persist state are now logged in Sentry. Previously they
were only logged to the background console.
2020-12-09 12:19:16 -03:30
Mark Stacey
ba2c56c871 Fix SES lockdown on older browsers (#10014)
On older browsers that don't support `globalThis`[1], the SES lockdown
throws an error. The `globalthis` shim has been added to all pages, to
the background process, and to the `contentscript`. This should prevent
the error on older browsers.

[1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#Browser_compatibility
2020-12-09 12:19:16 -03:30
Mark Stacey
b75863dc00 Fix unbound metrics track function (#10016)
The new metrics controller has a `trackEvent` function that was being
called unbound, so `this` references were undefined. It is now bound
early in both places where it is passed in as a parameter.
2020-12-09 12:19:16 -03:30
Mark Stacey
01c0775486 Deobfuscate error message (#10012)
The SES lockdown added in #9729 had the effect of obfuscating our error
messages. Any messages printed to the console would have the error
message replaced with the string "Error #" followed by a number. The
stack was also updated to point at `lockdown.cjs`, though the original
stack was preserved beneath the top stack frame.

Marking the `console` API as untamed seems to have fixed both issues.
The original error message is now printed to the console, along with
the original stack.
2020-12-09 12:19:16 -03:30
Mark Stacey
4ae911eb23 Add SES lockdown and Sentry to all pages (#10013)
When the SES lockdown was added in #9729, the lockdown and the Sentry
initialization were migrated from the main bundle into separate
modules, which were run as separate `<script>` tags. These extra tags
were accidentally omitted for `home.html` and `notification.html`. As
a result Sentry was not initialized on these pages, so any errors
thrown on them would not be collected. They also do not benefit from
the SES lockdown.

The SES lockdown and Sentry initialization modules have been added to
both pages where they were missing.
2020-12-09 12:19:16 -03:30
Thomas Huang
6ecc3dee22 Initialize network controller provider chainId to the appropriate default networks (#9999) 2020-12-09 12:19:16 -03:30
David Walsh
55d3802b46 Prevent props error in swaps gas modal (#10001) 2020-12-09 12:19:16 -03:30
David Walsh
374dc0ffd8 Fix 9906 - Prevent unwanted 'no quotes available' message when going back to build quote screen while having insufficient funds (#9994) 2020-12-09 12:19:16 -03:30
David Walsh
b9cb0014ab Fix 9988 - Don't allow more than 15% slippage (#9991) 2020-12-09 12:19:16 -03:30
dependabot[bot]
79a56060ca Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.0 to 10.4.1.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.0...10.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-09 12:19:16 -03:30
Mark Stacey
01f1f403ce Add timeout to wait-until-called (#9996)
The `waitUntilCalled` utility now has a timeout. It will now throw an
error if the stub is not called enough times, rather than blocking
forever.

The return type had to be changed to a function, so that we could throw
when the timeout is triggered. I tried returning an error that rejected
first, but if you don't handle the error synchronously Node.js will
consider it to be an unhandled Promise rejected (even if it _is_
handled later on).

I worked around this by resolving in the timeout case as well, so that
there is never a "deferred" Promise exception in the timeout case. The
returned function re-throws the error if it's given. That way there is
never any unhandled Promise rejection.
2020-12-09 12:17:46 -03:30
Erik Marks
0ed9ed008b Update transaction params validation (#9992)
* Update transaction params validation

* fixup! Update transaction params validation

* Update to/data error message

* fixup! Update to/data error message
2020-12-09 12:17:44 -03:30
Mark Stacey
ffcdd1e76a Revert "Revert "Add SES lockdown to extension webapp (#9729)""
This reverts commit d783966065.
2020-12-09 12:11:55 -03:30
Mark Stacey
882e30e5ce Revert "Revert "Remove redundant babelify (#9945)""
This reverts commit 7696de2e4e.
2020-12-09 12:11:48 -03:30
Dan Finlay
1a3d3b46e7
Merge pull request #10020 from MetaMask/Version-v8.1.7
Version v8.1.7 RC
2020-12-08 21:04:16 -08:00
Mark Stacey
3160b9be78 Update v8.1.7 changelog 2020-12-09 01:08:24 -03:30
MetaMask Bot
ec1d5f3424 Version v8.1.7 2020-12-09 01:08:24 -03:30
Mark Stacey
7696de2e4e Revert "Remove redundant babelify (#9945)"
This reverts commit dd3f728e82.
2020-12-09 01:08:24 -03:30
Mark Stacey
d783966065 Revert "Add SES lockdown to extension webapp (#9729)"
This reverts commit 9f6fa64d67.
2020-12-09 01:00:58 -03:30
Mark Stacey
52e428fbe6
Merge pull request #9976 from MetaMask/Version-v8.1.6
Version v8.1.6 RC
2020-12-04 14:14:15 -03:30
Dan J Miller
fe44301552
Update changelog for v8.1.6 (#9998) 2020-12-04 04:11:11 -03:30
Dan J Miller
9bd1de6083 Update changelog for v8.1.6 (#9977) 2020-12-03 22:25:08 -03:30
MetaMask Bot
9fab240c72 Version v8.1.6 2020-12-03 22:25:08 -03:30
Dan J Miller
1661953e23
Migration to remove legacy local storage keys from localStorage (#9986)
* Migration to remove legacy local storage keys from localStorage

* Update app/scripts/migrations/050.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update app/scripts/migrations/050.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Fix unit tests for migration 50

* Fixing stubbing and localstorage reference in migration 50

* Update test/helper.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-03 20:25:23 -03:30