1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-13 13:17:13 +01:00
metamask-extension/app/scripts/lib/personal-message-manager.js
Sam Gbafa 3233f76041
Sign-in with Ethereum Domain Binding (#16616)
* message error exploration

* validate siwe domain

* remove log

* added addUnapprovedMessage siwe tests

* updated error message + test

* improve detection test with counter-example

* fix test with mock

* added rejects
2023-02-08 22:06:01 +07:00

380 lines
13 KiB
JavaScript

import EventEmitter from 'events';
import { ObservableStore } from '@metamask/obs-store';
import { bufferToHex } from 'ethereumjs-util';
import { ethErrors } from 'eth-rpc-errors';
import log from 'loglevel';
import { MESSAGE_TYPE } from '../../../shared/constants/app';
import { METAMASK_CONTROLLER_EVENTS } from '../metamask-controller';
import createId from '../../../shared/modules/random-id';
import { EVENT } from '../../../shared/constants/metametrics';
import { detectSIWE } from '../../../shared/modules/siwe';
import { stripHexPrefix } from '../../../shared/modules/hexstring-utils';
import { addHexPrefix } from './util';
const hexRe = /^[0-9A-Fa-f]+$/gu;
/**
* Represents, and contains data about, an 'personal_sign' type signature request. These are created when a
* signature for an personal_sign call is requested.
*
* @see {@link https://web3js.readthedocs.io/en/1.0/web3-eth-personal.html#sign}
* @typedef {object} PersonalMessage
* @property {number} id An id to track and identify the message object
* @property {object} msgParams The parameters to pass to the personal_sign method once the signature request is
* approved.
* @property {object} msgParams.metamaskId Added to msgParams for tracking and identification within MetaMask.
* @property {string} msgParams.data A hex string conversion of the raw buffer data of the signature request
* @property {number} time The epoch time at which the this message was created
* @property {string} status Indicates whether the signature request is 'unapproved', 'approved', 'signed' or 'rejected'
* @property {string} type The json-prc signing method for which a signature request has been made. A 'Message' will
* always have a 'personal_sign' type.
*/
export default class PersonalMessageManager extends EventEmitter {
/**
* Controller in charge of managing - storing, adding, removing, updating - PersonalMessage.
*
* @param options
* @param options.metricsEvent
* @param options.securityProviderRequest
*/
constructor({ metricsEvent, securityProviderRequest }) {
super();
this.memStore = new ObservableStore({
unapprovedPersonalMsgs: {},
unapprovedPersonalMsgCount: 0,
});
this.resetState = () => {
this.memStore.updateState({
unapprovedPersonalMsgs: {},
unapprovedPersonalMsgCount: 0,
});
};
this.messages = [];
this.metricsEvent = metricsEvent;
this.securityProviderRequest = securityProviderRequest;
}
/**
* A getter for the number of 'unapproved' PersonalMessages in this.messages
*
* @returns {number} The number of 'unapproved' PersonalMessages in this.messages
*/
get unapprovedPersonalMsgCount() {
return Object.keys(this.getUnapprovedMsgs()).length;
}
/**
* A getter for the 'unapproved' PersonalMessages in this.messages
*
* @returns {object} An index of PersonalMessage ids to PersonalMessages, for all 'unapproved' PersonalMessages in
* this.messages
*/
getUnapprovedMsgs() {
return this.messages
.filter((msg) => msg.status === 'unapproved')
.reduce((result, msg) => {
result[msg.id] = msg;
return result;
}, {});
}
/**
* Creates a new PersonalMessage with an 'unapproved' status using the passed msgParams. this.addMsg is called to add
* the new PersonalMessage to this.messages, and to save the unapproved PersonalMessages from that list to
* this.memStore.
*
* @param {object} msgParams - The params for the eth_sign call to be made after the message is approved.
* @param {object} [req] - The original request object possibly containing the origin
* @returns {promise} When the message has been signed or rejected
*/
addUnapprovedMessageAsync(msgParams, req) {
return new Promise((resolve, reject) => {
if (!msgParams.from) {
reject(
new Error('MetaMask Message Signature: from field is required.'),
);
return;
}
this.addUnapprovedMessage(msgParams, req).then((msgId) => {
this.once(`${msgId}:finished`, (data) => {
switch (data.status) {
case 'signed':
resolve(data.rawSig);
return;
case 'rejected':
reject(
ethErrors.provider.userRejectedRequest(
'MetaMask Message Signature: User denied message signature.',
),
);
return;
case 'errored':
reject(new Error(`MetaMask Message Signature: ${data.error}`));
return;
default:
reject(
new Error(
`MetaMask Message Signature: Unknown problem: ${JSON.stringify(
msgParams,
)}`,
),
);
}
});
});
});
}
/**
* Creates a new PersonalMessage with an 'unapproved' status using the passed msgParams. this.addMsg is called to add
* the new PersonalMessage to this.messages, and to save the unapproved PersonalMessages from that list to
* this.memStore.
*
* @param {object} msgParams - The params for the eth_sign call to be made after the message is approved.
* @param {object} [req] - The original request object possibly containing the origin
* @returns {number} The id of the newly created PersonalMessage.
*/
async addUnapprovedMessage(msgParams, req) {
log.debug(
`PersonalMessageManager addUnapprovedMessage: ${JSON.stringify(
msgParams,
)}`,
);
// add origin from request
if (req) {
msgParams.origin = req.origin;
}
msgParams.data = this.normalizeMsgData(msgParams.data);
// check for SIWE message
const siwe = detectSIWE(msgParams);
msgParams.siwe = siwe;
if (siwe.isSIWEMessage && req.origin) {
const { host } = new URL(req.origin);
if (siwe.parsedMessage.domain !== host) {
throw new Error(
`SIWE domain is not valid: "${host}" !== "${siwe.parsedMessage.domain}"`,
);
}
}
// create txData obj with parameters and meta data
const time = new Date().getTime();
const msgId = createId();
const msgData = {
id: msgId,
msgParams,
time,
status: 'unapproved',
type: MESSAGE_TYPE.PERSONAL_SIGN,
};
this.addMsg(msgData);
const securityProviderResponse = await this.securityProviderRequest(
msgData,
msgData.type,
);
msgData.securityProviderResponse = securityProviderResponse;
// signal update
this.emit('update');
return msgId;
}
/**
* Adds a passed PersonalMessage to this.messages, and calls this._saveMsgList() to save the unapproved PersonalMessages from that
* list to this.memStore.
*
* @param {Message} msg - The PersonalMessage to add to this.messages
*/
addMsg(msg) {
this.messages.push(msg);
this._saveMsgList();
}
/**
* Returns a specified PersonalMessage.
*
* @param {number} msgId - The id of the PersonalMessage to get
* @returns {PersonalMessage|undefined} The PersonalMessage with the id that matches the passed msgId, or undefined
* if no PersonalMessage has that id.
*/
getMsg(msgId) {
return this.messages.find((msg) => msg.id === msgId);
}
/**
* Approves a PersonalMessage. Sets the message status via a call to this.setMsgStatusApproved, and returns a promise
* with any the message params modified for proper signing.
*
* @param {object} msgParams - The msgParams to be used when eth_sign is called, plus data added by MetaMask.
* @param {object} msgParams.metamaskId - Added to msgParams for tracking and identification within MetaMask.
* @returns {Promise<object>} Promises the msgParams object with metamaskId removed.
*/
approveMessage(msgParams) {
this.setMsgStatusApproved(msgParams.metamaskId);
return this.prepMsgForSigning(msgParams);
}
/**
* Sets a PersonalMessage status to 'approved' via a call to this._setMsgStatus.
*
* @param {number} msgId - The id of the PersonalMessage to approve.
*/
setMsgStatusApproved(msgId) {
this._setMsgStatus(msgId, 'approved');
}
/**
* Sets a PersonalMessage status to 'signed' via a call to this._setMsgStatus and updates that PersonalMessage in
* this.messages by adding the raw signature data of the signature request to the PersonalMessage
*
* @param {number} msgId - The id of the PersonalMessage to sign.
* @param {buffer} rawSig - The raw data of the signature request
*/
setMsgStatusSigned(msgId, rawSig) {
const msg = this.getMsg(msgId);
msg.rawSig = rawSig;
this._updateMsg(msg);
this._setMsgStatus(msgId, 'signed');
}
/**
* Removes the metamaskId property from passed msgParams and returns a promise which resolves the updated msgParams
*
* @param {object} msgParams - The msgParams to modify
* @returns {Promise<object>} Promises the msgParams with the metamaskId property removed
*/
async prepMsgForSigning(msgParams) {
delete msgParams.metamaskId;
return msgParams;
}
/**
* Sets a PersonalMessage status to 'rejected' via a call to this._setMsgStatus.
*
* @param {number} msgId - The id of the PersonalMessage to reject.
* @param reason
*/
rejectMsg(msgId, reason = undefined) {
if (reason) {
const msg = this.getMsg(msgId);
this.metricsEvent({
event: reason,
category: EVENT.CATEGORIES.TRANSACTIONS,
properties: {
action: 'Sign Request',
type: msg.type,
},
});
}
this._setMsgStatus(msgId, 'rejected');
}
/**
* Sets a Message status to 'errored' via a call to this._setMsgStatus.
*
* @param {number} msgId - The id of the Message to error
* @param error
*/
errorMessage(msgId, error) {
const msg = this.getMsg(msgId);
msg.error = error;
this._updateMsg(msg);
this._setMsgStatus(msgId, 'errored');
}
/**
* Clears all unapproved messages from memory.
*/
clearUnapproved() {
this.messages = this.messages.filter((msg) => msg.status !== 'unapproved');
this._saveMsgList();
}
/**
* Updates the status of a PersonalMessage in this.messages via a call to this._updateMsg
*
* @private
* @param {number} msgId - The id of the PersonalMessage to update.
* @param {string} status - The new status of the PersonalMessage.
* @throws A 'PersonalMessageManager - PersonalMessage not found for id: "${msgId}".' if there is no PersonalMessage
* in this.messages with an id equal to the passed msgId
* @fires An event with a name equal to `${msgId}:${status}`. The PersonalMessage is also fired.
* @fires If status is 'rejected' or 'signed', an event with a name equal to `${msgId}:finished` is fired along
* with the PersonalMessage
*/
_setMsgStatus(msgId, status) {
const msg = this.getMsg(msgId);
if (!msg) {
throw new Error(
`PersonalMessageManager - Message not found for id: "${msgId}".`,
);
}
msg.status = status;
this._updateMsg(msg);
this.emit(`${msgId}:${status}`, msg);
if (status === 'rejected' || status === 'signed') {
this.emit(`${msgId}:finished`, msg);
}
}
/**
* Sets a PersonalMessage in this.messages to the passed PersonalMessage if the ids are equal. Then saves the
* unapprovedPersonalMsgs index to storage via this._saveMsgList
*
* @private
* @param {PersonalMessage} msg - A PersonalMessage that will replace an existing PersonalMessage (with the same
* id) in this.messages
*/
_updateMsg(msg) {
const index = this.messages.findIndex((message) => message.id === msg.id);
if (index !== -1) {
this.messages[index] = msg;
}
this._saveMsgList();
}
/**
* Saves the unapproved PersonalMessages, and their count, to this.memStore
*
* @private
* @fires 'updateBadge'
*/
_saveMsgList() {
const unapprovedPersonalMsgs = this.getUnapprovedMsgs();
const unapprovedPersonalMsgCount = Object.keys(
unapprovedPersonalMsgs,
).length;
this.memStore.updateState({
unapprovedPersonalMsgs,
unapprovedPersonalMsgCount,
});
this.emit(METAMASK_CONTROLLER_EVENTS.UPDATE_BADGE);
}
/**
* A helper function that converts raw buffer data to a hex, or just returns the data if it is already formatted as a hex.
*
* @param {any} data - The buffer data to convert to a hex
* @returns {string} A hex string conversion of the buffer data
*/
normalizeMsgData(data) {
try {
const stripped = stripHexPrefix(data);
if (stripped.match(hexRe)) {
return addHexPrefix(stripped);
}
} catch (e) {
log.debug(`Message was not hex encoded, interpreting as utf8.`);
}
return bufferToHex(Buffer.from(data, 'utf8'));
}
}