mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-11-27 04:46:10 +01:00
449 lines
14 KiB
JavaScript
449 lines
14 KiB
JavaScript
import { errorCodes } from 'eth-rpc-errors';
|
|
import { detectSIWE } from '@metamask/controller-utils';
|
|
import { MESSAGE_TYPE } from '../../../shared/constants/app';
|
|
import {
|
|
MetaMetricsEventName,
|
|
MetaMetricsEventUiCustomization,
|
|
} from '../../../shared/constants/metametrics';
|
|
import { SECOND } from '../../../shared/constants/time';
|
|
import createRPCMethodTrackingMiddleware from './createRPCMethodTrackingMiddleware';
|
|
|
|
const trackEvent = jest.fn();
|
|
const metricsState = { participateInMetaMetrics: null };
|
|
const getMetricsState = () => metricsState;
|
|
|
|
let flagAsDangerous = 0;
|
|
|
|
const securityProviderRequest = () => {
|
|
return {
|
|
flagAsDangerous,
|
|
};
|
|
};
|
|
|
|
const handler = createRPCMethodTrackingMiddleware({
|
|
trackEvent,
|
|
getMetricsState,
|
|
rateLimitSeconds: 1,
|
|
securityProviderRequest,
|
|
});
|
|
|
|
function getNext(timeout = 500) {
|
|
let deferred;
|
|
const promise = new Promise((resolve) => {
|
|
deferred = {
|
|
resolve,
|
|
};
|
|
});
|
|
const cb = () => deferred.resolve();
|
|
let triggerNext;
|
|
setTimeout(() => {
|
|
deferred.resolve();
|
|
}, timeout);
|
|
return {
|
|
executeMiddlewareStack: async () => {
|
|
if (triggerNext) {
|
|
triggerNext(() => cb());
|
|
}
|
|
return await deferred.resolve();
|
|
},
|
|
promise,
|
|
next: (postReqHandler) => {
|
|
triggerNext = postReqHandler;
|
|
},
|
|
};
|
|
}
|
|
|
|
const waitForSeconds = async (seconds) =>
|
|
await new Promise((resolve) => setTimeout(resolve, SECOND * seconds));
|
|
|
|
jest.mock('@metamask/controller-utils', () => ({
|
|
detectSIWE: jest.fn().mockImplementation(() => {
|
|
return { isSIWEMessage: false };
|
|
}),
|
|
}));
|
|
|
|
describe('createRPCMethodTrackingMiddleware', () => {
|
|
afterEach(() => {
|
|
jest.resetAllMocks();
|
|
metricsState.participateInMetaMetrics = null;
|
|
});
|
|
|
|
describe('before participateInMetaMetrics is set', () => {
|
|
it('should not track an event for a signature request', async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { executeMiddlewareStack, next } = getNext();
|
|
handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
expect(trackEvent).not.toHaveBeenCalled();
|
|
});
|
|
});
|
|
|
|
describe('participateInMetaMetrics is set to false', () => {
|
|
beforeEach(() => {
|
|
metricsState.participateInMetaMetrics = false;
|
|
});
|
|
|
|
it('should not track an event for a signature request', async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { executeMiddlewareStack, next } = getNext();
|
|
handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
expect(trackEvent).not.toHaveBeenCalled();
|
|
});
|
|
});
|
|
|
|
describe('participateInMetaMetrics is set to true', () => {
|
|
beforeEach(() => {
|
|
metricsState.participateInMetaMetrics = true;
|
|
});
|
|
|
|
it(`should immediately track a ${MetaMetricsEventName.SignatureRequested} event`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next } = getNext();
|
|
await handler(req, res, next);
|
|
expect(trackEvent).toHaveBeenCalledTimes(1);
|
|
expect(trackEvent.mock.calls[0][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureRequested,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN,
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
|
|
it(`should track a ${MetaMetricsEventName.SignatureApproved} event if the user approves`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN_TYPED_DATA_V4,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
await handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
expect(trackEvent.mock.calls[1][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureApproved,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN_TYPED_DATA_V4,
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
|
|
it(`should track a ${MetaMetricsEventName.SignatureRejected} event if the user approves`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.PERSONAL_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: { code: errorCodes.provider.userRejectedRequest },
|
|
};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
await handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
expect(trackEvent.mock.calls[1][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureRejected,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.PERSONAL_SIGN,
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
|
|
it(`should track a ${MetaMetricsEventName.PermissionsApproved} event if the user approves`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_REQUEST_ACCOUNTS,
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
await handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
expect(trackEvent.mock.calls[1][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.PermissionsApproved,
|
|
properties: { method: MESSAGE_TYPE.ETH_REQUEST_ACCOUNTS },
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
|
|
it(`should never track blocked methods such as ${MESSAGE_TYPE.GET_PROVIDER_STATE}`, () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.GET_PROVIDER_STATE,
|
|
origin: 'www.notadapp.com',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
handler(req, res, next);
|
|
expect(trackEvent).not.toHaveBeenCalled();
|
|
executeMiddlewareStack();
|
|
});
|
|
|
|
it(`should only track events when not rate limited`, async () => {
|
|
const req = {
|
|
method: 'eth_chainId',
|
|
origin: 'some.dapp',
|
|
};
|
|
|
|
const res = {
|
|
error: null,
|
|
};
|
|
|
|
let callCount = 0;
|
|
|
|
while (callCount < 3) {
|
|
callCount += 1;
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
if (callCount !== 3) {
|
|
await waitForSeconds(0.6);
|
|
}
|
|
}
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
expect(trackEvent.mock.calls[0][0].properties.method).toBe('eth_chainId');
|
|
expect(trackEvent.mock.calls[1][0].properties.method).toBe('eth_chainId');
|
|
});
|
|
|
|
it('should track Sign-in With Ethereum (SIWE) message if detected', async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.PERSONAL_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
|
|
detectSIWE.mockImplementation(() => {
|
|
return { isSIWEMessage: true };
|
|
});
|
|
|
|
await handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
|
|
expect(trackEvent.mock.calls[1][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureApproved,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.PERSONAL_SIGN,
|
|
ui_customizations: [MetaMetricsEventUiCustomization.Siwe],
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
|
|
describe(`when '${MESSAGE_TYPE.ETH_SIGN}' is disabled in advanced settings`, () => {
|
|
it(`should track ${MetaMetricsEventName.SignatureFailed} and include error property`, async () => {
|
|
const mockError = { code: errorCodes.rpc.methodNotFound };
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
const res = {
|
|
error: mockError,
|
|
};
|
|
const { next, executeMiddlewareStack } = getNext();
|
|
|
|
await handler(req, res, next);
|
|
await executeMiddlewareStack();
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(2);
|
|
|
|
expect(trackEvent.mock.calls[1][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureFailed,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN,
|
|
error: mockError,
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('when request is flagged as safe by security provider', () => {
|
|
it(`should immediately track a ${MetaMetricsEventName.SignatureRequested} event`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next } = getNext();
|
|
|
|
await handler(req, res, next);
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(1);
|
|
expect(trackEvent.mock.calls[0][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureRequested,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN,
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('when request is flagged as malicious by security provider', () => {
|
|
beforeEach(() => {
|
|
flagAsDangerous = 1;
|
|
});
|
|
|
|
it(`should immediately track a ${MetaMetricsEventName.SignatureRequested} event which is flagged as malicious`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next } = getNext();
|
|
|
|
await handler(req, res, next);
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(1);
|
|
expect(trackEvent.mock.calls[0][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureRequested,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN,
|
|
ui_customizations: ['flagged_as_malicious'],
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('when request flagged as safety unknown by security provider', () => {
|
|
beforeEach(() => {
|
|
flagAsDangerous = 2;
|
|
});
|
|
|
|
it(`should immediately track a ${MetaMetricsEventName.SignatureRequested} event which is flagged as safety unknown`, async () => {
|
|
const req = {
|
|
method: MESSAGE_TYPE.ETH_SIGN,
|
|
origin: 'some.dapp',
|
|
};
|
|
const res = {
|
|
error: null,
|
|
};
|
|
const { next } = getNext();
|
|
|
|
await handler(req, res, next);
|
|
|
|
expect(trackEvent).toHaveBeenCalledTimes(1);
|
|
expect(trackEvent.mock.calls[0][0]).toMatchObject({
|
|
category: 'inpage_provider',
|
|
event: MetaMetricsEventName.SignatureRequested,
|
|
properties: {
|
|
signature_type: MESSAGE_TYPE.ETH_SIGN,
|
|
ui_customizations: ['flagged_as_safety_unknown'],
|
|
},
|
|
referrer: { url: 'some.dapp' },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('when signature requests are received', () => {
|
|
let securityProviderReq, fnHandler;
|
|
beforeEach(() => {
|
|
securityProviderReq = jest.fn().mockReturnValue(() =>
|
|
Promise.resolve({
|
|
flagAsDangerous: 0,
|
|
}),
|
|
);
|
|
|
|
fnHandler = createRPCMethodTrackingMiddleware({
|
|
trackEvent,
|
|
getMetricsState,
|
|
rateLimitSeconds: 1,
|
|
securityProviderRequest: securityProviderReq,
|
|
});
|
|
});
|
|
it(`should pass correct data for personal sign`, async () => {
|
|
const req = {
|
|
method: 'personal_sign',
|
|
params: [
|
|
'0x4578616d706c652060706572736f6e616c5f7369676e60206d657373616765',
|
|
'0x8eeee1781fd885ff5ddef7789486676961873d12',
|
|
'Example password',
|
|
],
|
|
jsonrpc: '2.0',
|
|
id: 1142196570,
|
|
origin: 'https://metamask.github.io',
|
|
tabId: 1048582817,
|
|
};
|
|
const res = { id: 1142196570, jsonrpc: '2.0' };
|
|
const { next } = getNext();
|
|
|
|
await fnHandler(req, res, next);
|
|
|
|
expect(securityProviderReq).toHaveBeenCalledTimes(1);
|
|
const call = securityProviderReq.mock.calls[0][0];
|
|
expect(call.msgParams.data).toStrictEqual(req.params[0]);
|
|
});
|
|
it(`should pass correct data for typed sign`, async () => {
|
|
const req = {
|
|
method: 'eth_signTypedData_v4',
|
|
params: [
|
|
'0x8eeee1781fd885ff5ddef7789486676961873d12',
|
|
'{"domain":{"chainId":"5","name":"Ether Mail","verifyingContract":"0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC","version":"1"},"message":{"contents":"Hello, Bob!","from":{"name":"Cow","wallets":["0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826","0xDeaDbeefdEAdbeefdEadbEEFdeadbeEFdEaDbeeF"]},"to":[{"name":"Bob","wallets":["0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB","0xB0BdaBea57B0BDABeA57b0bdABEA57b0BDabEa57","0xB0B0b0b0b0b0B000000000000000000000000000"]}]},"primaryType":"Mail","types":{"EIP712Domain":[{"name":"name","type":"string"},{"name":"version","type":"string"},{"name":"chainId","type":"uint256"},{"name":"verifyingContract","type":"address"}],"Group":[{"name":"name","type":"string"},{"name":"members","type":"Person[]"}],"Mail":[{"name":"from","type":"Person"},{"name":"to","type":"Person[]"},{"name":"contents","type":"string"}],"Person":[{"name":"name","type":"string"},{"name":"wallets","type":"address[]"}]}}',
|
|
],
|
|
jsonrpc: '2.0',
|
|
id: 1142196571,
|
|
origin: 'https://metamask.github.io',
|
|
tabId: 1048582817,
|
|
};
|
|
const res = { id: 1142196571, jsonrpc: '2.0' };
|
|
const { next } = getNext();
|
|
|
|
await fnHandler(req, res, next);
|
|
|
|
expect(securityProviderReq).toHaveBeenCalledTimes(1);
|
|
const call = securityProviderReq.mock.calls[0][0];
|
|
expect(call.msgParams.data).toStrictEqual(req.params[1]);
|
|
});
|
|
});
|
|
});
|
|
});
|