# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
A redundant comparison for the `EIP_1559_V2_ENABLED` variable has been
removed. This variable is a boolean, so it can be treated as a boolean
directly in most cases.
One such comparison has been preserved for the purpose of allowing unit
testing, because `process.env` entries are always strings in Node.js. A
comment was added to explain this.
* Trigger Build
* Trigger Build
* Move swaps index variables to redux
* all optimizations so far
* Add better equality checks for selectors in swaps index and build quote
* Clean up PR, remove extra code and logs
* Clean up lavamoat file
* Fixes for optimizations
* Update tests and test snapshots
* Remove unnecessary tests
* Remove unnecessary console log
* Trigger Build
* Trigger Build
* Add delay to account for remote call made by trezor keyring
Co-authored-by: Dan Miller <danjm.com@gmail.com>
* fix missing conversion rates in swaps token drop down
* make defaultToken appear at the top of the owned section of the dropdown with full renderable data regardless of whether swaps tokens are available
* revert change to filter non-native tokens with symbol ETH
* Replace hardcoded sent ether label on confirm screen
* replace transaction type SENT_ETHER with network agnostic SENDING_NATIVE_ASSET
* remove sentEther translation base
* make backwards compatible with lingering transaction of legacy sentEther type
* update localalization files
* fixup legacy sentEther transaction type
* changing new transaction type away from localization string
* revert migration tests
* update fixtures and test data
* update name of new transaction type
* add migration
* remove legacy SENT_ETHER from transaction types enum object
* Allow submission of transactions with dapp suggested gas fees, while estimates are loading
* Allow editing of transactions with dapp suggested feeds, while estimates are still loading
* Ensure that advanced gas is always editible inline when gas is loading
* Ensure that insufficient balance error is shown when gas is loading if the user has customized the gas
* Only set gas price insufficient errors if the current network is non-eip-1559, or the txparams actually have a gas price
* Remove unnecessary param
* lint fix
* ensure insufficient balance warning is showing when loading
* Ensure that eip1559 network transactions do not combined eip1559 and non-eip1559 gas fee properties
* Lint fix
* Hide gasTiming on edit-gas-popover when form is in error
* Show unknown processing error if maxFeePerGas is too low for network conditions
* remove unnecessary change
* remove unnecessary function wrapper
* Fixes updates on the confirm screen.
* Better handling of internal send transactions
* maxFee -> maxFeePerGas property name fix
* Remove redundant setEstimateToUse call in onManualChange
* Fix unit tests
* rebase error fix
* Fixes to speedup loading and transaction breakdown priority fee
* Fix lint and unit tests
* Ensure gas price based transaction that have been customized (e.g. speed up and retry) are properly initialized in useGasFeeInputs
* Clean up
* Link fix
* Stop GasFeeController polling when pop closes
* Stop estimate gas polling on window unload
* lint + comments
* Improve client closed logic
* lint
* Add back _beforeUnload on unmount in gas-modal-page-container
* Add full check and call onClientClosed method for notifcation environment
* Add gas pollingToken tracking to appStateController and use to disconnect polling for each environment type
* remove unused method
* move controller manipulation logic from background.js to metamask-controller, disaggregate methods
* add beforeunload handling to reset gas polling tokens from root of send page
* cleanup, lint and address feedback
* clear appState gasPollingTokens when all instances of all env types are closed, fix pollingTokenType arg from onEnvironmentTypeClosed call in metamask-controller
* mock new methods to fix tests
* final bit of cleanup + comments
Co-authored-by: Dan Miller <danjm.com@gmail.com>
* Fix 11705 - Reset gas limit when radio button clicked
* Trigger manual change when gasLimit is changed
* Coordinate gas limit with radio buttons
* Revert "Coordinate gas limit with radio buttons"
This reverts commit 910327a408e32ae989c5565a107db24ac24f2a98.
* Cleanup default gas limit
* setEstimateToUse only update gasLimit on error, add default minimum gasLimit
* add minimum gasLimit fallback
Co-authored-by: Alex <adonesky@gmail.com>
Fixing up tests and add back old custom gas modal for non-eip1559 compliant networks
Remove unnecessary props from send-gas-row.component
fix breaking test
Fix primary and secondary title overrides
fix rebase issue
Fix rebase conflict
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
wip
Documentation improvements for send slice support of EIP1559
Remove console.log in send duck
Property lookup safety improvement in selectors/confirm-transaction
Add code accidentally removed in rebase
Update addTxGasDefaults and _getDefaultGasFees to work with new estimate types, and ensure we correctly handle gas price estimates when on EIP1559 networks (#11615)
* Fix typo
Remove console.log in send duck
* Update addTxGasDefaults and _getDefaultGasFees to work correctly with all new gas fee estimate types
* Don't show gas timing support when not on eip1559 compatible network
* Hide gas timing component on transaction screen when on a non-1559 network
* Improve comments, tests and edge case handling
* Ensure eip1559 fees are applied and updated correctly when eip1559 estimate api fails
* Lint fix
Co-authored-by: Brad Decker <git@braddecker.dev>
Remove console.log
Handle possible gasEstimateType undefined
Remove unnecessary nonce field position change in confirm-page-container-content__details
* EIP-1559 - Restore custom values in Edit Gas Popover
* Provide method to tell which radio button the user may have selected
* Use lodash's findKey
* Add case for legacy gas
* Use gas instead of gasLimit
* Remove unnecessary deletion and todo
* Restructure advanced gas form errors
* Use shared constant for gas errors
* Add validation for fields too low
* Add warnings for high max fee and max priority fee
* Fix lint
* Fix priority fee high warning string
* prepare for EIP1559 gas fields in speedup/cancel
* Update ui/components/app/gas-customization/gas-modal-page-container/gas-modal-page-container.container.js
* add erc-721 token detection and flag to disable sending
* addressing feedback
* remove redundant provider instantiation
* fix issue caused by unprotected destructuring
* add tests and documentation
* move add isERC721 flag to useTokenTracker hook
* Update and unit tests
* use memoizedTokens in useTokenTracker
Co-authored-by: Dan Miller <danjm.com@gmail.com>
* Show custom tokens in Swaps
* Add messages for adding a custom token in Swaps
* Add the first version of importing custom tokens in swaps
* Fix lint rules
* Create a new component: ImportToken
* Remove a pointer cursor from regular heading
* Fix a CSS issue for tokens with long names
* Update a comment
* Don’t return a custom token if it doesn’t have symbol or decimals
* Only search by contract address if nothing was found
* Track “Token Imported” event
* Fix unit tests
* Import tracking for “Token Imported”, increase token icon font size
* Disable token import for Source Token
* Update logic and content for notifications, update tests
* Do not hide a dropdown placeholder on click, so a user can click on a link
* Update a key name
* Update styling for the “danger” type notification in Swaps
* Show either a warning or danger notification based on token verification occurences
* Remove testnets from SWAPS_CHAINID_DEFAULT_BLOCK_EXPLORER_URL_MAP
* Use the “shouldSearchForImports” prop
* Create a new function for handling token import: “onOpenImportTokenModalClick”
* Filter token duplicities before iterating over tokens
* Use “address” instead of “symbol” for checking uniqueness
* Trigger Build
* Use a new API (/token) to get token data for importing in Swaps
* Temporarily decrese Jest threshold for functions