-
Notifications
You must be signed in to change notification settings - Fork 5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure user is prompted for password during reminder based backup (#2…
…2307) During the backup flow, we should prompt a user for a password. This provides extra friction during a security sensitive step. 1. Build, install and onboard 2. Make sure to back up your seed phrase during onboarding. Onboarding should work as normal 3. Once you get to the home screen, replace `home.html` in the url browsers url bar with `home.html#onboarding/secure-your-wallet/?isFromReminder=true` and press enter 4. Click "Secure my wallet" 5. You should then be prompted to enter your password. 6. After entering your password, you should be able to proceed as normal If you repeat those steps but click cancel when being prompted to enter your password, you should be taken to the home screen. If you repeat those steps, but on step 2 don't back up your seed phrase, the remaining steps should work as described above. https://github.com/MetaMask/metamask-extension/assets/7499938/ac8b5dfb-ca7b-4622-95b8-07db5405abfe - [ ] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've clearly explained what problem this PR is solving and how it is solved. - [ ] I've linked related issues - [ ] I've included manual testing steps - [ ] I've included screenshots/recordings if applicable - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. - [ ] I’ve properly set the pull request status: - [ ] In case it's not yet "ready for review", I've set it to "draft". - [ ] In case it's "ready for review", I've changed it from "draft" to "non-draft". - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Pedro Figueiredo <[email protected]>
- Loading branch information
1 parent
c8e8a10
commit 92545de
Showing
13 changed files
with
1,759 additions
and
865 deletions.
There are no files selected for viewing
12 changes: 12 additions & 0 deletions
12
.yarn/patches/@metamask-keyring-controller-npm-9.0.0-f57ed3ebea.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| diff --git a/dist/KeyringController.js b/dist/KeyringController.js | ||
| index da9523afe0a83e3fa298b47a518cb583eb509e52..8fe701103975335ff02ed8195f250f35eedccbab 100644 | ||
| --- a/dist/KeyringController.js | ||
| +++ b/dist/KeyringController.js | ||
| @@ -662,7 +662,6 @@ class KeyringController extends base_controller_1.BaseControllerV2 { | ||
| throw new Error('Seed phrase imported different accounts.'); | ||
| } | ||
| }); | ||
| - return seedWords; | ||
| }); | ||
| } | ||
| // QR Hardware related methods |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| { | ||
| "name": "metamask-crx", | ||
| "version": "11.7.1", | ||
| "version": "11.7.0", | ||
| "private": true, | ||
| "repository": { | ||
| "type": "git", | ||
|
|
@@ -15,6 +15,7 @@ | |
| "dist": "yarn build dist", | ||
| "dist:mv3": "ENABLE_MV3=true yarn build dist", | ||
| "dist:mmi": "yarn dist --build-type mmi", | ||
| "dist:mmi:debug": "yarn dist --build-type mmi --apply-lavamoat=false", | ||
| "build": "yarn lavamoat:build", | ||
| "build:dev": "node development/build/index.js", | ||
| "start:test": "BLOCKAID_FILE_CDN=static.metafi-dev.codefi.network/api/v1/confirmations/ppom SEGMENT_HOST='https://api.segment.io' SEGMENT_WRITE_KEY='FAKE' SENTRY_DSN_DEV=https://[email protected]/0000000 yarn build:dev testDev --apply-lavamoat=false --snow=false", | ||
|
|
@@ -216,11 +217,13 @@ | |
| "[email protected]": "^7.5.4", | ||
| "[email protected]": "^7.5.4", | ||
| "@metamask/eth-keyring-controller@npm:^13.0.1": "patch:@metamask/eth-keyring-controller@npm%3A13.0.1#~/.yarn/patches/@metamask-eth-keyring-controller-npm-13.0.1-06ff83faad.patch", | ||
| "nonce-tracker@npm:^3.0.0": "patch:nonce-tracker@npm%3A3.0.0#~/.yarn/patches/nonce-tracker-npm-3.0.0-c5e9a93f9d.patch" | ||
| "nonce-tracker@npm:^3.0.0": "patch:nonce-tracker@npm%3A3.0.0#~/.yarn/patches/nonce-tracker-npm-3.0.0-c5e9a93f9d.patch", | ||
| "@metamask/accounts-controller@npm:^4.0.0": "patch:@metamask/accounts-controller@npm%3A4.0.0#~/.yarn/patches/@metamask-accounts-controller-npm-4.0.0-3127b56d14.patch", | ||
| "@trezor/connect-web": "9.0.11" | ||
| }, | ||
| "dependencies": { | ||
| "@babel/runtime": "^7.23.2", | ||
| "@blockaid/ppom_release": "^1.2.8", | ||
| "@blockaid/ppom_release": "^1.3.3", | ||
| "@ensdomains/content-hash": "^2.5.6", | ||
| "@ethereumjs/common": "^3.1.1", | ||
| "@ethereumjs/tx": "^4.1.1", | ||
|
|
@@ -242,40 +245,40 @@ | |
| "@metamask-institutional/rpc-allowlist": "^1.0.0", | ||
| "@metamask-institutional/sdk": "^0.1.23", | ||
| "@metamask-institutional/transaction-update": "^0.1.32", | ||
| "@metamask/accounts-controller": "^4.0.0", | ||
| "@metamask/address-book-controller": "^3.0.0", | ||
| "@metamask/announcement-controller": "^4.0.0", | ||
| "@metamask/approval-controller": "^3.4.0", | ||
| "@metamask/assets-controllers": "patch:@metamask/assets-controllers@npm%3A18.0.0#~/.yarn/patches/@metamask-assets-controllers-npm-18.0.0-48bf74a7fa.patch", | ||
| "@metamask/base-controller": "^3.2.0", | ||
| "@metamask/browser-passworder": "^4.1.0", | ||
| "@metamask/assets-controllers": "^21.0.0", | ||
| "@metamask/base-controller": "^4.0.0", | ||
| "@metamask/browser-passworder": "^4.3.0", | ||
| "@metamask/contract-metadata": "^2.3.1", | ||
| "@metamask/controller-utils": "^5.0.0", | ||
| "@metamask/design-tokens": "^1.12.0", | ||
| "@metamask/desktop": "^0.3.0", | ||
| "@metamask/eth-json-rpc-middleware": "^12.0.1", | ||
| "@metamask/eth-keyring-controller": "^13.0.1", | ||
| "@metamask/eth-keyring-controller": "^15.1.0", | ||
| "@metamask/eth-ledger-bridge-keyring": "^2.0.1", | ||
| "@metamask/eth-query": "^3.0.1", | ||
| "@metamask/eth-snap-keyring": "^1.0.0", | ||
| "@metamask/eth-snap-keyring": "^2.0.0", | ||
| "@metamask/eth-token-tracker": "^4.0.0", | ||
| "@metamask/eth-trezor-keyring": "^2.0.0", | ||
| "@metamask/eth-trezor-keyring": "^3.0.0", | ||
| "@metamask/etherscan-link": "^2.2.0", | ||
| "@metamask/ethjs-query": "^0.5.0", | ||
| "@metamask/gas-fee-controller": "^6.0.1", | ||
| "@metamask/gas-fee-controller": "^10.0.1", | ||
| "@metamask/jazzicon": "^2.0.0", | ||
| "@metamask/key-tree": "^9.0.0", | ||
| "@metamask/keyring-api": "^1.0.0", | ||
| "@metamask/keyring-controller": "^8.0.3", | ||
| "@metamask/keyring-controller": "patch:@metamask/keyring-controller@npm%3A9.0.0#~/.yarn/patches/@metamask-keyring-controller-npm-9.0.0-f57ed3ebea.patch", | ||
| "@metamask/logging-controller": "^1.0.1", | ||
| "@metamask/logo": "^3.1.2", | ||
| "@metamask/message-manager": "^7.3.0", | ||
| "@metamask/metamask-eth-abis": "^3.0.0", | ||
| "@metamask/name-controller": "^3.0.0", | ||
| "@metamask/network-controller": "^15.2.0", | ||
| "@metamask/network-controller": "^16.0.0", | ||
| "@metamask/notification-controller": "^3.0.0", | ||
| "@metamask/obs-store": "^8.1.0", | ||
| "@metamask/permission-controller": "^6.0.0", | ||
| "@metamask/phishing-controller": "^7.0.1", | ||
| "@metamask/phishing-controller": "^8.0.0", | ||
| "@metamask/polling-controller": "^1.0.1", | ||
| "@metamask/post-message-stream": "^7.0.0", | ||
| "@metamask/ppom-validator": "^0.10.0", | ||
|
|
@@ -286,12 +289,11 @@ | |
| "@metamask/scure-bip39": "^2.0.3", | ||
| "@metamask/selected-network-controller": "^3.1.0", | ||
| "@metamask/signature-controller": "^6.1.2", | ||
| "@metamask/slip44": "^3.1.0", | ||
| "@metamask/smart-transactions-controller": "^6.2.2", | ||
| "@metamask/snaps-controllers": "^3.4.1", | ||
| "@metamask/snaps-rpc-methods": "^4.0.1", | ||
| "@metamask/snaps-controllers": "^3.5.1", | ||
| "@metamask/snaps-rpc-methods": "^4.0.3", | ||
| "@metamask/snaps-sdk": "^1.2.0", | ||
| "@metamask/snaps-utils": "^5.0.0", | ||
| "@metamask/snaps-utils": "^5.1.0", | ||
| "@metamask/transaction-controller": "^18.3.0", | ||
| "@metamask/utils": "^8.2.1", | ||
| "@ngraveio/bc-ur": "^1.1.6", | ||
|
|
@@ -354,6 +356,7 @@ | |
| "qrcode-generator": "1.4.1", | ||
| "qrcode.react": "^1.0.1", | ||
| "react": "^16.12.0", | ||
| "react-beautiful-dnd": "^13.1.1", | ||
| "react-dom": "^16.12.0", | ||
| "react-focus-lock": "^2.9.4", | ||
| "react-idle-timer": "^4.2.5", | ||
|
|
@@ -393,6 +396,7 @@ | |
| "@lavamoat/allow-scripts": "^2.3.1", | ||
| "@lavamoat/lavapack": "^5.2.4", | ||
| "@metamask/auto-changelog": "^2.1.0", | ||
| "@metamask/build-utils": "^1.0.0", | ||
| "@metamask/eslint-config": "^9.0.0", | ||
| "@metamask/eslint-config-jest": "^9.0.0", | ||
| "@metamask/eslint-config-mocha": "^9.0.0", | ||
|
|
@@ -436,13 +440,15 @@ | |
| "@types/jest": "^29.1.2", | ||
| "@types/madge": "^5.0.0", | ||
| "@types/mocha": "^10.0.3", | ||
| "@types/node": "^17.0.21", | ||
| "@types/node": "^18", | ||
| "@types/pify": "^5.0.1", | ||
| "@types/pump": "^1.1.1", | ||
| "@types/react": "^16.9.53", | ||
| "@types/react-beautiful-dnd": "^13", | ||
| "@types/react-dom": "^17.0.11", | ||
| "@types/react-redux": "^7.1.25", | ||
| "@types/react-router-dom": "^5.3.3", | ||
| "@types/readable-stream": "^4.0.4", | ||
| "@types/remote-redux-devtools": "^0.5.5", | ||
| "@types/sass": "^1.43.1", | ||
| "@types/selenium-webdriver": "^4.1.19", | ||
|
|
@@ -602,9 +608,6 @@ | |
| "eth-sig-util>ethereumjs-util>keccak": false, | ||
| "eth-sig-util>ethereumjs-util>secp256k1": false, | ||
| "eth-trezor-keyring>hdkey>secp256k1": false, | ||
| "eth-trezor-keyring>trezor-connect>@trezor/transport>protobufjs": false, | ||
| "eth-trezor-keyring>trezor-connect>@trezor/utxo-lib>blake-hash": false, | ||
| "eth-trezor-keyring>trezor-connect>@trezor/utxo-lib>tiny-secp256k1": false, | ||
| "ethereumjs-util>ethereum-cryptography>keccak": false, | ||
| "ganache>@trufflesuite/bigint-buffer": false, | ||
| "ganache>bufferutil": false, | ||
|
|
@@ -640,7 +643,12 @@ | |
| "@storybook/manager-webpack5>core-js": false, | ||
| "@storybook/react-webpack5>@storybook/preset-react-webpack>@pmmmwh/react-refresh-webpack-plugin>core-js-pure": false, | ||
| "ethjs-contract>babel-runtime>core-js": false, | ||
| "ts-node>@swc/core": false | ||
| "ts-node>@swc/core": false, | ||
| "@trezor/connect-web>@trezor/connect>@trezor/transport>protobufjs": false, | ||
| "@trezor/connect-web>@trezor/connect>@trezor/transport>usb": false, | ||
| "@trezor/connect-web>@trezor/connect>@trezor/utxo-lib>blake-hash": false, | ||
| "@trezor/connect-web>@trezor/connect>@trezor/utxo-lib>tiny-secp256k1": false, | ||
| "@metamask/eth-trezor-keyring>@trezor/connect-web>@trezor/connect>@trezor/transport>usb": false | ||
| } | ||
| }, | ||
| "packageManager": "[email protected]" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| export { default } from './reveal-SRP-modal'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| import PropTypes from 'prop-types'; | ||
| import React, { useCallback, useState } from 'react'; | ||
| import { | ||
| Display, | ||
| TextVariant, | ||
| FontWeight, | ||
| } from '../../../helpers/constants/design-system'; | ||
| import { useI18nContext } from '../../../hooks/useI18nContext'; | ||
| import { getSeedPhrase } from '../../../store/actions'; | ||
| import { | ||
| Box, | ||
| Modal, | ||
| ModalContent, | ||
| ModalHeader, | ||
| ModalOverlay, | ||
| ButtonPrimary, | ||
| ButtonSecondary, | ||
| FormTextField, | ||
| } from '../../component-library'; | ||
|
|
||
| export default function RevealSRPModal({ | ||
| setSecretRecoveryPhrase, | ||
| onClose, | ||
| isOpen, | ||
| }) { | ||
| const t = useI18nContext(); | ||
|
|
||
| const [password, setPassword] = useState(''); | ||
|
|
||
| const onSubmit = useCallback( | ||
| async (_password) => { | ||
| const seedPhrase = await getSeedPhrase(_password); | ||
| setSecretRecoveryPhrase(seedPhrase); | ||
| }, | ||
| [setSecretRecoveryPhrase], | ||
| ); | ||
|
|
||
| return ( | ||
| <Modal isOpen={isOpen} onClose={onClose}> | ||
| <ModalOverlay /> | ||
| <ModalContent> | ||
| <ModalHeader onClose={onClose}>{t('revealSeedWords')}</ModalHeader> | ||
| <Box paddingLeft={4} paddingRight={4}> | ||
| <form | ||
| onSubmit={(e) => { | ||
| e.preventDefault(); | ||
| onSubmit(password); | ||
| }} | ||
| > | ||
| <FormTextField | ||
| marginTop={6} | ||
| id="account-details-authenticate" | ||
| label={t('enterYourPassword')} | ||
| placeholder={t('password')} | ||
| onChange={(e) => setPassword(e.target.value)} | ||
| value={password} | ||
| variant={TextVariant.bodySm} | ||
| type="password" | ||
| labelProps={{ fontWeight: FontWeight.Medium }} | ||
| autoFocus | ||
| /> | ||
| </form> | ||
| <Box display={Display.Flex} marginTop={6} gap={2}> | ||
| <ButtonSecondary onClick={onClose} block> | ||
| {t('cancel')} | ||
| </ButtonSecondary> | ||
| <ButtonPrimary | ||
| onClick={() => onSubmit(password)} | ||
| disabled={password === ''} | ||
| block | ||
| > | ||
| {t('confirm')} | ||
| </ButtonPrimary> | ||
| </Box> | ||
| </Box> | ||
| </ModalContent> | ||
| </Modal> | ||
| ); | ||
| } | ||
|
|
||
| RevealSRPModal.propTypes = { | ||
| /** | ||
| * A function to set a secret receovery phrase in the context that is rendering the RevealSRPModal | ||
| */ | ||
| setSecretRecoveryPhrase: PropTypes.func.isRequired, | ||
| onClose: PropTypes.func.isRequired, | ||
| isOpen: PropTypes.bool.isRequired, | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.