1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-26 20:39:08 +01:00
Commit Graph

729 Commits

Author SHA1 Message Date
Whymarrh Whitby
d908102636
Update tx utils JSDoc comments (#8372)
Co-authored-by: Jenny Pollack <jennypollack3@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-04-20 16:42:24 -02:30
Whymarrh Whitby
9d535b949f
Rename recipientBlacklistChecker function (#8365) 2020-04-20 16:29:41 -02:30
Erik Marks
a2a51e78d1
Add PermissionsController.removePermittedAccount (#8354)
* add PermissionsController.removePermittedAccount and corresponding UI action

* remove eth_accounts permission on removing last account
2020-04-20 11:34:56 -07:00
Whymarrh Whitby
164923acd1
Export individual fns from tx-state-history-helpers (#8370) 2020-04-20 13:00:51 -02:30
Whymarrh Whitby
a83d26486c
Snapshot txMeta without cloning history (#8363) 2020-04-20 12:26:01 -02:30
Whymarrh Whitby
7c3ffeb841
Export blacklist direct from recipient-blacklist (#8364) 2020-04-20 12:06:02 -02:30
Erik Marks
5263395add
Fix background console errors on pending transaction (#8351)
* fix background console error on pending transaction
2020-04-17 09:53:46 -07:00
Mark Stacey
15616a33ca
Add 'addPermittedAccount' method to permissions controller (#8344)
This method adds the given account to the given origin's list of
exposed accounts. This method is not yet used, but it will be in
subsequent PRs (e.g. #8312)

This method has been added to the background API, and a wrapper action
creator has been written as well.
2020-04-16 19:23:36 -03:00
Mark Stacey
c26d272649
Synchronously validate accounts (#8343)
Now that identities are available synchronously in the permissions
controller, accounts can be validated synchronously as well. Any
account the user wants to give permissions to should already be tracked
as an identity in the preferences controller.
2020-04-16 15:58:36 -03:00
Mark Stacey
63633635ab
Fix order of accounts in eth_accounts response (#8342)
* Fix order of accounts in `eth_accounts` response

The accounts returned by `eth_accounts` were in a fixed order - the
order in which the keyring returned them - rather than ordered with the
selected account first. The accounts returned by the `accountsChanged`
event were ordered with the selected account first, but the same order
wasn't used for `eth_accounts`.

We needed to store additional state in order to determine the correct
account order correctly on all dapps. We had only been storing the
current selected account, but since we also need to determine the
primary account per dapp (i.e. the last "selected" account among the
accounts exposed to that dapp), that wasn't enough.

A `lastSelected` property has been added to each identity in the
preferences controller to keep track of the last selected time. This
property is set to the current time (in milliseconds) whenever a new
selection is made. The accounts returned with `accountsChanged` and by
`eth_accounts` are both ordered by this property.

The `updatePermittedAccounts` function was merged with the internal
methods for responding to account selection, to keep things simpler. It
wasn't called externally anyway, so it wasn't needed in the public API.

* Remove caveat update upon change in selected account

The order of accounts in the caveat isn't meaningful, so the caveat
doesn't need to be updated when the accounts get re-ordered.

* Emit event regardless of account order

Now that we're no longer relying upon the caveat for the account order,
we also have no way of knowing if a particular account selection
resulted in a change in order or not. The notification is now emitted
whenever an exposed account is selected - even if the order stayed the
same.

The inpage provider currently caches the account order, so it can be
relied upon to ignore these redundant events. We were already emiting
redundant `accountsChanged` events in some cases anyway.
2020-04-16 15:20:01 -03:00
Mark Stacey
b2882aa778
Handle account selection on all domains that can view the selection (#8341)
Selecting a new account now results in all domains that can view this
change being notified. Previously only the dapp in the active tab was
being notified (though not correctly, as the `origin` was accidentally
set to the MetaMask chrome extension origin).

This handling of account selection has been moved into the background
to minimize the gap between account selection and the notification
being sent out. It's simpler for the UI to not be involved anyway.
2020-04-16 13:16:53 -03:00
Mark Stacey
5ee1291662
Prevent accidental use of globals (#8340)
Previously all browser globals were allowed to be used anywhere by
ESLint because we had set the `env` property to `browser` in the ESLint
config. This has made it easy to accidentally use browser globals
(e.g. #8338), so it has been removed. Instead we now have a short list
of allowed globals.

All browser globals are now accessed as properties on `window`.

Unfortunately this change resulted in a few different confusing unit
test errors, as some of our unit tests setup assumed that a particular
global would be used via `window` or `global`. In particular,
`window.fetch` didn't work correctly because it wasn't patched by the
AbortController polyfill (only `global.fetch` was being patched).
The `jsdom-global` package we were using complicated matters by setting
all of the JSDOM `window` properties directly on `global`, overwriting
the `AbortController` for example.

The `helpers.js` test setup module has been simplified somewhat by
removing `jsdom-global` and constructing the JSDOM instance manually.
The JSDOM window is set on `window`, and a few properties are set on
`global` as well as needed by various dependencies. `node-fetch` and
the AbortController polyfill/patch now work as expected as well,
though `fetch` is only available on `window` now.
2020-04-15 14:23:27 -03:00
Mark Stacey
656dc4cf18
Cleanup detect-tokens controller and tests (#8329)
The tests for the detect-tokens controller were nearly all broken. They
have been fixed, and a few improvements were made to controller itself
to help with this.

* The core `detectNewTokens` method has been updated to be async, so
that the caller can know when the operation had completed.
* The part of the function that used `Web3` to check the token balances
has been split into a separate function, so that that part could be
stubbed out in tests. Eventually we should test this using `ganache`
instead, but this was an easier first step.
* The internal `tokenAddresses` array is now initialized on
construction, rather than upon the first Preferences controller update.
The `detectNewTokens` function would have previously failed if it ran
prior to this initialization, so it was failing if called before any
preferences state changes.

Additionally, the `detectTokenBalance` function was removed, as it was
no longer used.

The tests have been updated to ensure they're actually testing the
behavior they purport to be testing. I've simulated a test failure with
each one to check that it'd fail when it should. The preferences
controller instance was updated to set addresses correctly as well.
2020-04-13 17:14:42 -03:00
Dan J Miller
d1e078b8de
Connect flow via popup (#8269)
* Connect screen popup redesign

* Open permission request in notification instead of tab

* Remove no longer user locales

* Update permissions unit test mock to accout for change of opts passed to permissions controller

* Lint fix

* Inline broken line svg in permission-page-container-content.component.js for faster loading

* Add back button to second screen on connect flow

* Add xOfY locale and use for the page count in the connect flow

* Lint fix for svgs permission-page-container-content.component.js

* Fix rebase error

* Lint fix

* Clean up styles on the connect-screen-into-popup branch

* Use closeCurrentWindow to close window on cancel when in full screen connect flow

* Handle errors in rejectPermissionsRequest

* Full screen styles for connect flow

* Lint fixed in permissions-connect and actions.js

* Redirect screen now shows metamask icon instead of users identicon

* Fix subtitle spacing in permissions-connect-header'

* Use window.close instead of closeCurrentWindow() in cancelPermissionsRequest

* Use permissions-connect-header__subtitle in permissions-connect-header.component
2020-04-07 16:08:15 -02:30
Erik Marks
6ba3b7e282
Add signTypedData_v4 to safe methods (#8265) 2020-03-31 16:54:16 -07:00
Erik Marks
2301d9980e
Wait for extension unlock before processing eth_requestAccounts (#8149)
* eth_requestAccounts: wait on unlock

return error on duplicate eth_requestAccounts
add getUnlockPromise mock to permissions unit tests

* only await unlock if already permitted

* add notification badge for wait on unlock

* fixup

* more fixup

* cleanup

* update keyring controller, us its unlock event

* move keyring update unlock logic to unlock event handler

* fix unit tests

* delete onUnlock handler

* fix eth-keyring-controller resolution

* update eth-keyring-controller
2020-03-23 09:25:55 -07:00
Erik Marks
0af02d5194
Update address sync logic (#8224)
* update address sync logic

* error on sync with no addresses
2020-03-20 12:37:27 -07:00
Erik Marks
b1d090ac4d
Add permissions controller unit tests (#7969)
* add permissions controller, log, middleware, and restricted method unit tests

* fix permissions-related bugs

* convert permissions log to controller-like class

* add permissions unit test coverage requirements

* update rpc-cap

Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 10:13:22 -07:00
Mark Stacey
61fdb56864
Use specified gas limit when speeding up a transaction (#8178)
The sidebar used to speed up a transaction while it's pending or after
it has failed currently allows editing the gas limit, but that new
limit is ignored. This is especially problematic for transactions that
failed due to a low gas limit, as the problem becomes impossible to fix
by retrying.

The gas limit specified by the user is now used in the speed up
transaction.

Fixes #8156
Fixes #7977
2020-03-12 11:33:11 -03:00
Erik Marks
2df8b85c5f
LoginPerSite: Support multiple accounts without automatic switching (#8079)
* transaction editing: use txParams 'from' account

* signature-request: use txParams 'from' account

* signature-request-original: use txParams 'from' account

* encryption/decryption: use txParams 'from' account

* update tests

* set 'send' state 'from' address in confirm containers
2020-03-06 13:34:56 -08:00
Erik Marks
0775c61f09
Prevent external domains from submitting more than one perm request at a time (#8148) 2020-03-06 07:49:35 -08:00
ryanml
64aef5033d
Adding setting for disabling Eth Phishing Detection (#8125) 2020-02-27 02:29:41 -04:00
Erik Marks
83da3db37b
Remove selected address history (#8104)
* remove selected address history, account switching; fix perm selectors, bugs

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-02-25 14:39:38 -08:00
Konstantin
6f47fece56
Implementation encrypt/decrypt feature (#7831)
Implement `eth_decrypt` and `eth_getEncryptionPublicKey`. This allows decryption backed by the user's private key. The message decryption uses a confirmation flow similar to the messaging signing flow, where the message to be decrypted is also able to be decrypted inline for the user to read directly before confirming.
2020-02-19 14:24:16 -04:00
Whymarrh Whitby
da0300d3b1 Enable core ESLint no-mixed-operators rule 2020-02-17 21:06:36 -03:30
Whymarrh Whitby
a78cf0ef3a Enable arrow-parens ESLint rule 2020-02-15 17:04:21 -03:30
Erik Marks
0103bf8b29
fix faulty null checks 2020-02-12 08:17:13 -08:00
Whymarrh Whitby
b80afc6493
Use ethereum-ens-network-map for network support (#7960) 2020-01-31 09:56:50 -03:30
Mark Stacey
398a45bfdd
Replace clone dependency with cloneDeep from lodash (#7926)
This was done to reduce the number of direct dependencies we have. It
should be functionally equivalent. The bundle size should not change,
as we use `clone` as a transitive dependency in a number of places.
2020-01-29 13:14:33 -04:00
Whymarrh Whitby
5078598306
Remove usage of unlisted extend dependency (#7903) 2020-01-28 13:31:20 -03:30
Erik Marks
b75f812953
Improve LoginPerSite UX/devX and permissions logging (#7649)
Update accounts permission history on accountsChanged
Create PermissionsLogController
Fix permissions activity log pruning
Add selectors, background hooks for better UX
Make selected account the first account returned
Use enums for store keys in log controller
Add last selected address history to PreferencesController
2020-01-27 14:42:03 -08:00
Erik Marks
b095dc0347
Change "Log In/Out" terminology to "Unlock/Lock" (#7853)
* log out/in -> lock/unlock
2020-01-21 14:09:53 -08:00
Whymarrh Whitby
a891fa36b6
Remove MetaMask Mesh testing client (#7818) 2020-01-14 15:44:12 -03:30
Whymarrh Whitby
25fe4adaa7 Remove usages of xtend from the background scripts (#7796) 2020-01-13 08:59:36 -10:00
Mark Stacey
ac01c5c89a
Consistent jsdoc syntax (#7755)
* Specify type before parameter name

Various JSDoc `@param` entries were specified as `name {type}` rather
than `{type} name`.

A couple of `@return` entries have been given types as well.

* Use JSDoc optional syntax rather than Closure syntax

* Use @returns rather than @return

* Use consistent built-in type capitalization

Primitive types are lower-case, and Object is upper-case.

* Separate param/return description with a dash
2020-01-13 14:36:36 -04:00
Whymarrh Whitby
92971d3c87
Migrate codebase to use ESM (#7730)
* Update eslint-plugin-import version

* Convert JS files to use ESM

* Update ESLint rules to check imports

* Fix test:unit:global command env

* Cleanup mock-dev script
2020-01-09 00:04:58 -03:30
Jenny Pollack
c7a4d032c5 add watchAsset (#7726)
* add watchAsset

* add metamask_watchAsset
2019-12-24 09:46:11 -08:00
Mark Stacey
69d418a5a3
Login per site onboarding (#7602)
* Remove unused onboarding stream

* Pass `sender` through to `setupProviderEngine`

The Port `sender` has been passed down a few more layers. This allows
us to get more information from the sender deeper in the stack, but
also simplifies things a bit as well. For example, now the "fake"
URL object with the `metamask` hostname is no longer needed.

* Create onboarding middleware

This middleware intercepts `wallet_registerOnboarding` RPC messages. It
will register the sender as an oboarding initiator if possible, and
otherwise ignores the message.
2019-12-20 12:02:31 -03:30
Whymarrh Whitby
6c1bce28ac
Fix a few instances of signature mismatches (#7704)
Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2019-12-16 19:54:52 -03:30
pldespaigne
0ef7f603d6 Ipfs cid v1 base32 (#7362)
add ipfs gateway to advanced settings
use ipfs gateway from settings
use ipfs.dweb.link as default CID gateway
disallow gateway.ipfs.io as gateway
2019-12-12 11:28:07 -08:00
Whymarrh Whitby
f49bc58c09
Remove unused methods from the app/scripts/ (#7692) 2019-12-12 15:07:18 -03:30
Mark Stacey
63bd422840
Handle one specific permissions request per tab (#7620)
The connect route now takes a route parameter: the permissions request
id. This id is set whenever the permissions connect screen is opened,
ensuring that that tab is for that specific request alone.

This makes handling of multiple permissions requests a bit more
intuitive. Previously whenever opening multiple permissions requests,
the first one would be shown on each successive tab, whereas you
would expect each tab to show the request that prompted the tab to
open. Users may now address permissions request in whichever order
they'd like to, rather than being forced to deal with them
chronologically.
2019-12-05 17:05:50 -04:00
Frankie
71a89df8ee
transactions/pending - buffer 3 blocks before dropping a tx (#7483)
* transactions/pending - buffer 3 blocks before dropping a tx

* transactions/pending - only increment for dropped txs
2019-12-05 09:34:10 -10:00
Dan Finlay
30304913eb
Merge pull request #7591 from whymarrh/eslint-object-curly-spacing
Enable object-curly-spacing rule for ESLint
2019-12-04 10:25:32 -08:00
Dan Finlay
6aa0bec751
Merge pull request #7573 from whymarrh/eslint-no-confusing-arrow
Enable no-confusing-arrow rule for ESLint
2019-12-04 10:23:57 -08:00
Mark Stacey
5c5c90e70a
Ignore permission approval/rejection if request is missing (#7638)
Attempts to approve or reject a permissions request that is no longer
pending will now emit a warning instead of throwing an exception.

I _think_ this can happen by clicking 'Submit' on the Permission
Connect screen twice, though I've been unable to reproduce that. I know
that it can be done if using multiple windows though. While it is
possible we have a UI bug somewhere (e.g. maybe we're not preventing
'Submit' from being clicked twice), I don't think it's possible to
eliminate the chance of this happening altogether, so we'd best prepare
for it.
2019-12-03 23:13:47 -04:00
Whymarrh Whitby
03f53df3f3
Updates to account search functionality (#7637) 2019-12-03 23:25:00 -03:30
Mark Stacey
2d6ad7f6ca
Update permissions request parameter names and docs (#7636)
The parameter names and JSDoc comments for `approvePermissionsRequest`
and `rejectPermissionsRequest` were incorrect in a few places.
2019-12-03 22:52:14 -04:00
Whymarrh Whitby
274a9ecf53 yarn lint --fix 2019-12-03 17:20:55 -03:30
Dan Finlay
f519fa1ed3
Connect distinct accounts per site (#7004)
* add PermissionsController

remove provider approval controller
integrate rpc-cap
create PermissionsController
move provider approval functionality to permissions controller
add permissions approval ui, settings page
add permissions activity and history
move some functionality to metamask-inpage-provider
rename siteMetadata -> domainMetadata

add accountsChange notification to inpage provider
move functionality to inpage provider
update inpage provider
Remove 'Connections' settings page (#7369)
add hooks for exposing accounts in settings
rename unused messages in non-English locales

Add external extension id to metadata (#7396)

update inpage provider, rpc-cap
add eth_requestAccounts handling to background
prevent notifying connections if extension is locked
update inpage provider
Fix lint errors
add migration
review fixes
transaction controller review updates
removed unused messages

* Login Per Site UI (#7368)

* LoginPerSite original UI changes to keep

* First commit

* Get necessary connected tab info for redirect and icon display for permissioned sites

* Fix up designs and add missing features

* Some lint fixes

* More lint fixes

* Ensures the tx controller + tx-state-manager orders transactions in the order they are received

* Code cleanup for LoginPerSite-ui

* Update e2e tests to use new connection flow

* Fix display of connect screen and app header after login when connect request present

* Update metamask-responsive-ui.spec for new item in accounts dropdown

* Fix approve container by replacing approvedOrigins with domainMetaData

* Adds test/e2e/permissions.spec.js

* Correctly handle cancellation of a permissions request

* Redirect to home after disconnecting all sites / cancelling all permissions

* Fix display of site icons in menu

* Fix height of permissions page container

* Remove unused locale messages

* Set default values for openExternalTabs and tabIdOrigins in account-menu.container

* More code cleanup for LoginPerSite-ui

* Use extensions api to close tab in permissions-connect

* Remove unnecessary change in domIsReady() in contentscript

* Remove unnecessary private function markers and class methods (for background tab info) in metamask-controller.

* Adds getOriginOfCurrentTab selector

* Adds IconWithFallback component and substitutes for appropriate cases

* Add and utilize font mixins

* Remove unused  method in disconnect-all.container.js

* Simplify buttonSizeLarge code in page-container-footer.component.js

* Add and utilize getAccountsWithLabels selector

* Remove console.log in ui/app/store/actions.js

* Change last connected time format to yyyy-M-d

* Fix css associated with IconWithFallback change

* Ensure tracked openNonMetamaskTabsIDs are correctly set to inactive on tab changes

* Code cleanup for LoginPerSite-ui

* Use reusable function for modifying openNonMetamaskTabsIDs in background.js

* Enables automatic switching to connected account when connected domain is open

* Prevent exploit of tabIdOriginMap in background.js

* Remove unneeded code from contentscript.js

* Simplify current tab origin and window opener logic using remotePort listener tabs.queryTabs

* Design and styling fixes for LoginPerSite-ui

* Fix permissionHistory and permission logging for eth_requestAccounts and eth_accounts

* Front end changes to support display of lastConnected time in connected and permissions screens

* Fix lint errors

* Refactor structure of permissionsHistory

* Fix default values and object modifications for domain and permissionsHistory related data

* Fix connecting to new accounts from modal

* Replace retweet.svg with connect-white.svg

* Fix signature-request.spec

* Update metamask-inpage-provider version

* Fix permissions e2e tests

* Remove unneeded delay from test/e2e/signature-request.spec.js

* Add delay before attempting to retrieve network id in dapp in ethereum-on=.spec

* Use requestAccountTabIds strategy for determining tab id that opened a given window

* Improve default values for permissions requests

* Add some message descriptions to app/_locales/en/messages.json

* Code clean up in permission controller

* Stopped deep cloning object in mapObjectValues

* Bump metamask-inpage-provider version

* Add missing description in app/_locales/en/messages.json

* Return promises from queryTabs and switchToTab of extension.js

* Remove unused getAllPermissions function

* Use default props in icon-with-fallback.component.js

* Stop passing  to permissions controller

* Delete no longer used clear-approved-origins modal code

* Remove duplicate imports in ui/app/components/app/index.scss

* Use URL instead of regex in getOriginFromUrl()

* Add runtime error checking to platform, promise based extension.tab methods

* Support permission requests from external extensions

* Improve font size and colour of the domain origin on the permission confirmation screen

* Add support for toggling permissions

* Ensure getRenderablePermissionsDomains only returns domains with exposedAccount caveat permissions

* Remove unused code from LoginPerSite-ui branch

* Ensure modal closes on Enter press for new-account-modal.component.js

* Lint fix

* fixup! Login Per Site UI (#7368)

* Some code cleanup for LoginPerSite

* Adds UX for connecting to dapps via the connected sites screen (#7593)

* Adds UX for connecting to dapps via the connected sites screen

* Use openMetaMaskTabIds from background.js to determine if current active tab is MetaMask

* Delete unused permissions controller methods

* Fixes two small bugs in the LoginPerSite ui (#7595)

* Restore `providerRequest` message translations (#7600)

This message was removed, but it was replaced with a very similar
message called `likeToConnect`. The only difference is that the new
message has "MetaMask" in it. Preserving these messages without
"MetaMask" is probably better than deleting them, so these messages
have all been restored and renamed to `likeToConnect`.

* Login per site no sitemetadata fix (#7610)

* Support connected sites for which we have no site metadata.

* Change property containing subtitle info often populated by origin to a more accurate of purpose name

* Lint fix

* Improve disconnection modal messages (#7612)

* Improve disconnectAccountModalDescription and disconnectAllModalDescription messages

* Update disconnectAccountModalDescription app/_locales/en/messages.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Improve disconnectAccount modal message clarity

* Adds cancel button to the account selection screen of the permissions request flow (#7613)

* Fix eth_accounts permission language & selectability (#7614)

* fix eth_accounts language & selectability

* fix MetaMask capitalization in all messages

* Close sidebar when opening connected sites (#7611)

The 'Connected Sites' button in the accounts details now closes the
sidebar, if it is open. This was accomplished by pulling the click
handler for that button up to the wallet view component, where another
button already followed a similar pattern of closing the sidebar.

It seemed confusing to me that one handler was in the `AccountsDetails`
container component, and one was handed down from above, so I added
PropTypes to the container component.

I'm not sure that the WalletView component is the best place for this
logic, but I've put it there for now to be consistent with the add
token button.

* Reject permissions request upon tab close (#7618)

Permissions requests are now rejected when the page is closed. This
only applies to the full-screen view, as that is the view permission
requests should be handled in. The case where the user deals with the
request through a different view is handled in #7617

* Handle tab update failure (#7619)

`extension.tabs.update` can sometimes fail if the user interacts with
the tabs directly around the same time. The redirect flow has been
updated to ensure that the permissions tab is still closed in that
case. The user is on their own to find the dapp tab again in that case.

* Login per site tab popup fixes (#7617)

* Handle redirect in response to state update in permissions-connect

* Ensure origin is available to permissions-connect subcomponents during redirect

* Hide app bar whenever on redirect route

* Improvements to handling of redirects in permissions-connect

* Ensure permission request id change handling only happens when page is not null

* Lint fix

* Decouple confirm transaction screen from the selected address (#7622)

* Avoid race condtion that could prevent contextual account switching (#7623)

There was a race condition in the logic responsible for switching the
selected account based upon the active tab. It was asynchronously
querying the active tab, then assuming it had been retrieved later.

The active tab info itself was already in the redux store in another
spot, one that is guaranteed to be set before the UI renders. The
race condition was avoided by deleting the duplicate state, and using
the other active tab state.

* Only redirect back to dapp if current tab is active (#7621)

The "redirect back to dapp" behaviour can be disruptive when the
permissions connect tab is not active. The purpose of the redirect was
to maintain context between the dapp and the permissions request, but
if the user has already moved to another tab, that no longer applies.

* Fix JSX style lint errors

* Remove unused state
2019-12-03 09:35:56 -08:00