1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-20 00:13:22 +01:00
Commit Graph

11668 Commits

Author SHA1 Message Date
Thomas Huang
8c658e3f11 Update changelog for v8.1.9 (#10075) 2020-12-15 16:56:00 -03:30
MetaMask Bot
5d30613120 Version v8.1.9 2020-12-15 16:56:00 -03:30
David Walsh
c4aa0b3c9a Fetch swap quote refresh time from API (#10069) 2020-12-15 16:56:00 -03:30
Mark Stacey
820decab1c Fix fetch-with-cache handling of interwoven requests (#10079)
A data race was introduced in #9919 when the old synchronous storage
API was replaced with an async storage API. The problem arises when
`fetchWithCache` is called a second time while it's still processing
another call. In this case, the `cachedFetch` object can become
stale while blocked waiting for a fetch response, and result in a cache
being overwritten unintentionally.

See this example (options omitted for simplicity, and assuming an empty
initial cache):

```
await Promise.all([
  fetchWithCache('https://metamask.io/foo'),
  fetchWithCache('https://metamask.io/bar'),
]
```

The order of events could be as follows:

1. Empty cache retrieved for `/foo` route
2. Empty cache retrieved for `/bar` route
3. Call made to `/foo` route
4. Call made to `/bar` route
5. `/foo` response is added to the empty cache object retrieved in
  step 1, then is saved in the cache.
6. `/bar` response is added to the empty cache object retrieved in
  step 2, then is saved in the cache.

In step 6, the cache object saved would not contain the `/foo`
response set in step 5. As a result, `/foo` would never be cached.

This problem was resolved by embedding the URL being cached directly in
the cache key. This prevents simultaneous responses from overwriting
each others caches.

Technically a data race still exists when handing simultaneous
responses to the same route, but the result would be that the last call
to finish would overwrite the previous. This seems acceptable.
2020-12-15 16:56:00 -03:30
David Walsh
b801ccdb35 Fix 9874 - Improve gas maximum estimation (#10043) 2020-12-15 16:56:00 -03:30
David Walsh
88525ec392
Fetch swap quote refresh time from API (#10069) 2020-12-15 16:54:22 -03:30
Mark Stacey
6c637bba9c
Fix fetch-with-cache handling of interwoven requests (#10079)
A data race was introduced in #9919 when the old synchronous storage
API was replaced with an async storage API. The problem arises when
`fetchWithCache` is called a second time while it's still processing
another call. In this case, the `cachedFetch` object can become
stale while blocked waiting for a fetch response, and result in a cache
being overwritten unintentionally.

See this example (options omitted for simplicity, and assuming an empty
initial cache):

```
await Promise.all([
  fetchWithCache('https://metamask.io/foo'),
  fetchWithCache('https://metamask.io/bar'),
]
```

The order of events could be as follows:

1. Empty cache retrieved for `/foo` route
2. Empty cache retrieved for `/bar` route
3. Call made to `/foo` route
4. Call made to `/bar` route
5. `/foo` response is added to the empty cache object retrieved in
  step 1, then is saved in the cache.
6. `/bar` response is added to the empty cache object retrieved in
  step 2, then is saved in the cache.

In step 6, the cache object saved would not contain the `/foo`
response set in step 5. As a result, `/foo` would never be cached.

This problem was resolved by embedding the URL being cached directly in
the cache key. This prevents simultaneous responses from overwriting
each others caches.

Technically a data race still exists when handing simultaneous
responses to the same route, but the result would be that the last call
to finish would overwrite the previous. This seems acceptable.
2020-12-15 16:51:13 -03:30
David Walsh
1b19f5e7ad
Fix 9874 - Improve gas maximum estimation (#10043) 2020-12-15 11:16:51 -06:00
Erik Marks
62b00f62db Add eth_getProof to safe methods (#10070)
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186

It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
2020-12-14 21:15:54 -03:30
Brad Decker
f311d31736 fix metametrics option tracking (#10071) 2020-12-14 21:13:16 -03:30
Etienne Dusseault
16efd7c933 Disable console in contentscript (#10040)
* Maintain console logging in dev mode

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-14 21:13:03 -03:30
Nicholas Rodrigues Lordello
288760cffe Display boolean values when signing typed data (#10048) 2020-12-14 21:07:51 -03:30
Mark Stacey
c30a42ab8e Fix token validation in Send flow (#10045)
Additional validation was added in #9907 to ensure that the "Known
contract address" warning was shown when sending tokens to another
token address after switching assets on the Send screen. Unfortunately
this change had the unintended side-effect of preventing _all_ token
sends after switching assets, so long as the recipient was not an
internal address.

The problem is that the `validate` function expects to be passed the
address of the token send recipient in the case where a token is
selected. Instead the token address was being passed to the validate
function.

The `query` state is now used, which should always contain the
recipient address. This is the same state used in the only other place
the `validate` function is called.
2020-12-14 21:07:15 -03:30
Mark Stacey
7879481569 Fix contentscript injection failure on Firefox 56 (#10034)
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.

To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
2020-12-14 21:07:01 -03:30
Mark Stacey
98d6f71754 Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-14 21:06:47 -03:30
Erik Marks
eeee8852cd
Add eth_getProof to safe methods (#10070)
`eth_getProof` is an unpermissioned, read-only RPC method for getting account-related Merkle proofs, specified here: https://eips.ethereum.org/EIPS/eip-1186

It's been supported by major Ethereum clients, and Infura, for some time. By adding it to the safe methods list, we enable this method for our users.
2020-12-14 15:21:15 -08:00
Brad Decker
3cabe7525f
fix metametrics option tracking (#10071) 2020-12-14 15:54:33 -06:00
Etienne Dusseault
69df19f195
Disable console in contentscript (#10040)
* Maintain console logging in dev mode

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Erik Marks <rekmarks@protonmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-12-14 11:17:13 -08:00
David Walsh
9a1548368f
Use Boolean for filters (#10066) 2020-12-14 11:03:59 -06:00
Erik Marks
8f40d03299
Add approval controller (#9401)
This PR introduces the new approval controller to the extension codebase. We use it for the permissions controller's pending approval functionality.

The approval controller sets us up for a new pattern of requesting and managing user confirmations in RPC methods. Along with the generic RPC method middleware, the approval controller will allow us to eliminate our message managers, and decouple various method handlers from our provider stack, making the implementations more portable between the extension and mobile.
2020-12-14 08:04:26 -08:00
Mark Stacey
5e01602a01
Cache dependencies (#10065)
Dependencies are now cached between builds, using a checksum of the
`yarn.lock` file as the cache key. The `node_modules` directory and the
`.har` file from the install are cached and restored, so that we ensure
the record of the install is always preserved alongside the
dependencies.

The consolidation of the `collect-har-artifact` script was to make it
easier to cache the `.har` file along with the dependencies.
2020-12-14 11:46:42 -03:30
dependabot[bot]
45b737fca0
Bump ini from 1.3.5 to 1.3.7 (#10064)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-11 18:27:42 -03:30
Mark Stacey
94f0588f0e
Add HTML coverage report to MetaMask bot comment (#10061)
The HTML code coverage report generated by `nyc` is now included in the
MetaMask bot comment. It has been saved as an artifact on CircleCI.
2020-12-11 16:21:00 -03:30
Mark Stacey
da1aae772b
Remove coveralls (#10063)
We don't look at coveralls very much. We might occasionally consult it
to see a report on our code coverage, but that report is already
generated entirely locally, and has been added to the MetaMask bot
comment in #10061.
2020-12-11 16:20:45 -03:30
David Walsh
b16737454e
Prevent metaMaskFee prop error in FeeCard (#10047) 2020-12-11 12:03:51 -06:00
Nicholas Rodrigues Lordello
fcf75d6438
Display boolean values when signing typed data (#10048) 2020-12-11 11:40:34 -06:00
Mark Stacey
caa5c73697
Use CircleCI executors to simplify CI config (#10055)
The CI config has been updated to use CircleCI executors. This allows
us to define the container environments used in one place, and reuse
these environment definitions between jobs.

This should result in no functional changes.
2020-12-11 14:07:13 -03:30
Mark Stacey
d8ec5f19f6
Use .zip for Firefox e2e tests (#10056)
The Firefox e2e tests now use the `.zip` file for testing the
extension. We've found this to produce more similar results to
production, compared to the old method of loading the unzipped
directory.

Passing in a `.zip` file to the Chrome driver didn't seem to work. I
didn't investigate this further to see if it was possible, but I'm not
sure it makes a difference on Chrome anyway.
2020-12-11 12:54:17 -03:30
Mark Stacey
4a5a2881d0
Update selenium-webdriver and geckodriver (#10057)
Update `geckodriver` to the latest version, and `selenium-webdriver`
to the second-most-recent version. Updates include various dependency
updates, bug fixes, and minor features. None of the updates seem to
directly affect us, aside from one new feature of `selenium-webdriver`
that updates the `installAddon` function to support `.zip` files, which
will be used in a subsequent PR.

`selenium-webdriver` was pinned one version behind latest because the
latest version caused our Chrome e2e tests to fail with a mysterious
error whenever `getAttribute` was called on a WebElement.
2020-12-11 12:03:20 -03:30
Mark Stacey
0b7579b5d8
Update Firefox version used on CI for e2e tests (#10058)
The Firefox version has been updated to the latest stable version: v83.
This was required to replicate production Firefox errors we saw
recently.
2020-12-11 12:03:00 -03:30
Erik Marks
54e9c53b27
Add web3 shim usage notification (#10039)
* Add web3 shim usage alert background state and logic
* Cleanup alert background state, constants
* Implement web3 shim usage notification and settings
* nodeify alert controller background hooks
* Remove svg icon, again
* Tweak alert controller initialization
* Add support article URL
* Un-thunk alert UI "actions"
* Delete connect.svg file (unused)
2020-12-10 15:40:29 -08:00
Erik Marks
db004d4486
Refactor home notification (#10046)
Co-authored-by: Brad Decker <git@braddecker.dev>
2020-12-10 12:02:21 -08:00
David Walsh
07c5527b1e
Use consistent font size for modal top right Close links (#10000) 2020-12-10 12:02:57 -06:00
Mark Stacey
4350a1422e
Fix token validation in Send flow (#10045)
Additional validation was added in #9907 to ensure that the "Known
contract address" warning was shown when sending tokens to another
token address after switching assets on the Send screen. Unfortunately
this change had the unintended side-effect of preventing _all_ token
sends after switching assets, so long as the recipient was not an
internal address.

The problem is that the `validate` function expects to be passed the
address of the token send recipient in the case where a token is
selected. Instead the token address was being passed to the validate
function.

The `query` state is now used, which should always contain the
recipient address. This is the same state used in the only other place
the `validate` function is called.
2020-12-10 14:28:19 -03:30
Mark Stacey
86fba2dac1
Fix contentscript injection failure on Firefox 56 (#10034)
On Firefox 56 and Waterfox Classic, our `runLockdown.js` script throws
an error. This is fine on the HTML pages, as the next script tags still
get run without issue (though they don't benefit from the SES lockdown
sadly). But in the `contentscript`, an exception thrown here appears to
halt the execution of subsequent scripts.

To prevent the `contentscript` from crashing completely, lockdown
errors are now caught and logged. They are also logged to Sentry on the
pages where Sentry is setup.
2020-12-10 14:03:04 -03:30
Mark Stacey
4587e984f5
Increase Chrome minimum version (#10019)
The Chrome minimum version has been increased from v58 to v63. We found
that we had very few users on versions below v63, and v62 is
incompatible with our SES lockdown dependency.

This also makes us compatible with Object rest/spread syntax, so we
might not have to transpile that anymore. I'll revisit that separately.
2020-12-10 01:59:47 -03:30
Mark Stacey
9f50d8a300
Merge pull request #10033 from MetaMask/sync-master
Sync `master` with `develop`
2020-12-09 18:42:30 -03:30
Mark Stacey
b2aa14d676 Merge remote-tracking branch 'origin/develop' into sync-master
* origin/develop: (22 commits)
  Fix TokenList component name (#10030)
  Update `tweetnacl` dependencies (#10028)
  Rename `lockdown.cjs` to `lockdown.js` (#10026)
  Revert "Revert "Add SES lockdown to extension webapp (#9729)""
  Revert "Revert "Remove redundant babelify (#9945)""
  Add hidden tokens to store (#9320)
  @metamask/inpage-provider@^8.0.0 (#8640)
  Log persistence errors with Sentry (#10018)
  Fix SES lockdown on older browsers (#10014)
  Reapply view quote screen designs (#9905)
  Fix unbound metrics track function (#10016)
  Deobfuscate error message (#10012)
  Add SES lockdown and Sentry to all pages (#10013)
  Remove web3 injection (#9156)
  Initialize network controller provider chainId to the appropriate default networks (#9999)
  Fix Infura network chain IDs (#8629)
  Prevent props error in swaps gas modal (#10001)
  Fix 9906 - Prevent unwanted 'no quotes available' message when going back to build quote screen while having insufficient funds (#9994)
  Fix 9988 - Don't allow more than 15% slippage (#9991)
  Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
  ...
2020-12-09 18:11:19 -03:30
Mark Stacey
b0579f9e09
Merge pull request #10024 from MetaMask/Version-v8.1.8
Version v8.1.8 RC
2020-12-09 18:00:50 -03:30
Mark Stacey
6304ce15a2
Fix TokenList component name (#10030)
The TokenList component on the `add-token` page had the name `InfoBox`,
which doesn't seem applicable. It has been renamed to `TokenList`, to
match the module filename and the component name we use elsewhere.
2020-12-09 17:02:38 -03:30
Mark Stacey
8ab5230115
Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-09 15:40:33 -03:30
Mark Stacey
f579acc36d Update v8.1.8 changelog
All user-facing changes have been listed.
2020-12-09 12:19:46 -03:30
MetaMask Bot
d5be047b7b Version v8.1.8 2020-12-09 12:19:45 -03:30
Mark Stacey
07fab76dd0 Rename lockdown.cjs to lockdown.js (#10026)
When you load an extension `.zip` file in Firefox, it fails to load
scripts with the `.cjs` file extension. However, it works if you load
the extension via the `manifest.json` file instead.

After renaming the `lockdown.cjs` file to `lockdown.js`, it works in
Firefox in all cases, regardless whether it's loaded by manifest or by
`.zip`.
2020-12-09 12:19:17 -03:30
Mark Stacey
e9b5386f74 Log persistence errors with Sentry (#10018)
Failures to persist state are now logged in Sentry. Previously they
were only logged to the background console.
2020-12-09 12:19:16 -03:30
Mark Stacey
ba2c56c871 Fix SES lockdown on older browsers (#10014)
On older browsers that don't support `globalThis`[1], the SES lockdown
throws an error. The `globalthis` shim has been added to all pages, to
the background process, and to the `contentscript`. This should prevent
the error on older browsers.

[1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#Browser_compatibility
2020-12-09 12:19:16 -03:30
Mark Stacey
b75863dc00 Fix unbound metrics track function (#10016)
The new metrics controller has a `trackEvent` function that was being
called unbound, so `this` references were undefined. It is now bound
early in both places where it is passed in as a parameter.
2020-12-09 12:19:16 -03:30
Mark Stacey
01c0775486 Deobfuscate error message (#10012)
The SES lockdown added in #9729 had the effect of obfuscating our error
messages. Any messages printed to the console would have the error
message replaced with the string "Error #" followed by a number. The
stack was also updated to point at `lockdown.cjs`, though the original
stack was preserved beneath the top stack frame.

Marking the `console` API as untamed seems to have fixed both issues.
The original error message is now printed to the console, along with
the original stack.
2020-12-09 12:19:16 -03:30
Mark Stacey
4ae911eb23 Add SES lockdown and Sentry to all pages (#10013)
When the SES lockdown was added in #9729, the lockdown and the Sentry
initialization were migrated from the main bundle into separate
modules, which were run as separate `<script>` tags. These extra tags
were accidentally omitted for `home.html` and `notification.html`. As
a result Sentry was not initialized on these pages, so any errors
thrown on them would not be collected. They also do not benefit from
the SES lockdown.

The SES lockdown and Sentry initialization modules have been added to
both pages where they were missing.
2020-12-09 12:19:16 -03:30
Thomas Huang
6ecc3dee22 Initialize network controller provider chainId to the appropriate default networks (#9999) 2020-12-09 12:19:16 -03:30