From 8551446523af4176d1c4e78f63c1b19b4464b950 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Mon, 7 Nov 2022 17:26:23 +0100 Subject: [PATCH 01/18] Initial commit --- app/scripts/controllers/transactions/index.js | 9 ++++ app/scripts/lib/security-provider-helpers.js | 19 ++++++++ app/scripts/metamask-controller.js | 48 +++++++++++++++++++ db.json | 19 ++++++++ package.json | 1 + ...onfirm-page-container-content.component.js | 3 +- .../signature-request-original.container.js | 2 + .../signature-request.component.js | 27 +++++++++++ ui/ducks/send/helpers.js | 32 +++++++++++++ 9 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 app/scripts/lib/security-provider-helpers.js create mode 100644 db.json diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 4c02f4374395..fd1e361e8395 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -150,6 +150,7 @@ export default class TransactionController extends EventEmitter { this.getDeviceModel = opts.getDeviceModel; this.getAccountType = opts.getAccountType; this.getTokenStandardAndDetails = opts.getTokenStandardAndDetails; + this.securityProviderRequest = opts.securityProviderRequest; this.memStore = new ObservableStore({}); @@ -336,6 +337,7 @@ export default class TransactionController extends EventEmitter { ); const initialTxMeta = await this.addUnapprovedTransaction( + opts.method, txParams, opts.origin, undefined, @@ -775,6 +777,7 @@ export default class TransactionController extends EventEmitter { async addUnapprovedTransaction( txParams, origin, + method, transactionType, sendFlowHistory = [], actionId, @@ -860,6 +863,12 @@ export default class TransactionController extends EventEmitter { txMeta = await this.addTransactionGasDefaults(txMeta); + const dataValidation = await this.securityProviderRequest(txMeta, method); + + txMeta.dataValidation = dataValidation; + + console.log('txMeta: ', txMeta); + return txMeta; } diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js new file mode 100644 index 000000000000..d8ce721e249c --- /dev/null +++ b/app/scripts/lib/security-provider-helpers.js @@ -0,0 +1,19 @@ +import fetch from 'node-fetch'; + +export async function securityProviderCheck(requestData) { + console.log('requestData: ', requestData); + const queryString = new URLSearchParams(requestData[0]).toString(); + console.log('queryString: ', queryString); + + // const response = await fetch('http://localhost:3000/security/2', { + const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { + method: 'GET', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'X-API-Key': 'NKYIN6cXkFaNnVIfzNx7s1z0p3b0B4SB6k29qA7n', + }, + }); + + return await response.json(); +} \ No newline at end of file diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index c4277d57669f..83749db38b72 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -168,6 +168,8 @@ import createRPCMethodTrackingMiddleware from './lib/createRPCMethodTrackingMidd import { checkSnapsBlockList } from './flask/snaps-utilities'; import { SNAP_BLOCKLIST } from './flask/snaps-blocklist'; ///: END:ONLY_INCLUDE_IN +import { securityProviderCheck } from './lib/security-provider-helpers'; +import fetch from 'node-fetch'; export const METAMASK_CONTROLLER_EVENTS = { // Fired after state changes that impact the extension badge (unapproved msg count) @@ -872,6 +874,7 @@ export default class MetamaskController extends EventEmitter { this.assetsContractController.getTokenStandardAndDetails.bind( this.assetsContractController, ), + securityProviderRequest: this.securityProviderRequest.bind(this), }); this.txController.on('newUnapprovedTx', () => opts.showUserConfirmation()); @@ -4529,4 +4532,49 @@ export default class MetamaskController extends EventEmitter { } } }; + + async securityProviderRequest(requestData, methodName) { + const transactionSecurityCheckEnabled = this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection + + // if (transactionSecurityCheckEnabled) { + // console.log('requestData: ', requestData); + // const response = await fetch('http://localhost:3000/security/1', { + // method: 'GET', + // headers: { + // 'Accept': 'application/json', + // 'Content-Type': 'application/json' + // }, + // // body: JSON.stringify(requestData), + // }); + + // return await response.json(); + // } + + + + // if (transactionSecurityCheckEnabled) { + const dataToValidate = [ + { + "host_name": requestData.origin, + "rpc_method_name": methodName, + "chain_id": requestData.chainId, + "data": { + "from_address": requestData.txParams.from, + "to_address": requestData.txParams.to, + "gas": requestData.defaultGasEstimates.gas, + "gasPrice": requestData.defaultGasEstimates.gasPrice, + "value": requestData.txParams.value, + "data": requestData.txParams.data, + } + } + ] + + const response = await securityProviderCheck(dataToValidate); + console.log('response: ', response); + + return await response; + // } + + // return null; + } } diff --git a/db.json b/db.json new file mode 100644 index 000000000000..ea6a7831f9f7 --- /dev/null +++ b/db.json @@ -0,0 +1,19 @@ +{ + "security": [ + { + "id": 1, + "flagAsDangerous": 0, + "reason": "abc" + }, + { + "id": 2, + "flagAsDangerous": 1, + "reason": "abc" + }, + { + "id": 3, + "flagAsDangerous": 2, + "reason": "abc" + } + ] +} \ No newline at end of file diff --git a/package.json b/package.json index 300c0c0d750c..405fb44b40c9 100644 --- a/package.json +++ b/package.json @@ -284,6 +284,7 @@ "jest-junit": "^14.0.1", "json-rpc-engine": "^6.1.0", "json-rpc-middleware-stream": "^2.1.1", + "json-server": "^0.17.0", "jsonschema": "^1.2.4", "labeled-stream-splicer": "^2.0.2", "localforage": "^1.9.0", diff --git a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js index d7fc17bf1249..a3b88f9d27fc 100644 --- a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js +++ b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js @@ -161,7 +161,8 @@ export default class ConfirmPageContainerContent extends Component { transactionType, isBuyableChain, } = this.props; - + console.log("HERE"); + console.log('currentTransaction: ', currentTransaction); const { t } = this.context; const showInsuffienctFundsError = diff --git a/ui/components/app/signature-request-original/signature-request-original.container.js b/ui/components/app/signature-request-original/signature-request-original.container.js index 3d7c9aa657bd..5c0f3f463eb2 100644 --- a/ui/components/app/signature-request-original/signature-request-original.container.js +++ b/ui/components/app/signature-request-original/signature-request-original.container.js @@ -11,6 +11,7 @@ import { doesAddressRequireLedgerHidConnection, unconfirmedMessagesHashSelector, getTotalUnapprovedMessagesCount, + getCurrentChainId, } from '../../../selectors'; import { getAccountByAddress, valuesFor } from '../../../helpers/utils/util'; import { clearConfirmTransaction } from '../../../ducks/confirm-transaction/confirm-transaction.duck'; @@ -40,6 +41,7 @@ function mapStateToProps(state, ownProps) { hardwareWalletRequiresConnection, isLedgerWallet, nativeCurrency: getNativeCurrency(state), + chainId, // not passed to component allAccounts: accountsWithSendEtherInfoSelector(state), subjectMetadata: getSubjectMetadata(state), diff --git a/ui/components/app/signature-request/signature-request.component.js b/ui/components/app/signature-request/signature-request.component.js index a55e595ba3cf..65ab12d784ec 100644 --- a/ui/components/app/signature-request/signature-request.component.js +++ b/ui/components/app/signature-request/signature-request.component.js @@ -19,6 +19,7 @@ import NetworkAccountBalanceHeader from '../network-account-balance-header'; import { NETWORK_TYPES } from '../../../../shared/constants/network'; import Footer from './signature-request-footer'; import Message from './signature-request-message'; +import { transactionSecurityCheck } from '../../../ducks/send/helpers'; export default class SignatureRequest extends PureComponent { static propTypes = { @@ -78,6 +79,32 @@ export default class SignatureRequest extends PureComponent { showContractDetails: false, }; + async componentDidMount() { + const { chainId, txData } = this.props; + + var data = [ + { + 'host_name': txData.msgParams.origin, + 'rpc_method_name': txData.type, + 'chain_id': chainId, + 'data': { + 'typedDataObject': '', + }, + }, + ] + + const checkSignature = await transactionSecurityCheck(data); + + this.setState({ isSignatureMalicious: checkSignature.flagAsDangerous }); + + // console.log('host_name : ', txData.msgParams.origin); + // console.log('rpc_method_name : ', txData.type); + // console.log('chain_id : ', chainId); + // console.log('signer_address : ', txData.msgParams.from); + // console.log('msg_to_sign : ', txData.msgParams.data); + // console.log('txData : ', txData); + } + setMessageRootRef(ref) { this.messageRootRef = ref; } diff --git a/ui/ducks/send/helpers.js b/ui/ducks/send/helpers.js index 6cf35b5f0875..f56dd15d2e0a 100644 --- a/ui/ducks/send/helpers.js +++ b/ui/ducks/send/helpers.js @@ -21,6 +21,8 @@ import { } from '../../pages/send/send.utils'; import { getGasPriceInHexWei } from '../../selectors'; import { estimateGas } from '../../store/actions'; +import fetchWithCache from '../../../shared/lib/fetch-with-cache'; +// import fetch from 'node-fetch'; export async function estimateGasLimitForSend({ selectedAddress, @@ -292,3 +294,33 @@ export async function getERC20Balance(token, accountAddress) { ).toString(16); return addHexPrefix(amount); } + +export async function transactionSecurityCheck(data) { + // console.log('data: ', data); + // (1) + const queryString = new URLSearchParams(data).toString(); + console.log('queryString: ', queryString); + const response = await fetchWithCache('http://localhost:3000/security/3'); // or fetch() + return response; + // (2) + // const fetchWithTimeout = getFetchWithTimeout(); + // const response = await fetchWithTimeout(data.host_name, { + // method: 'POST', + // body: JSON.stringify(data), + // }); + + // (3) + // const response = await jsonRpcRequest(data.host_name, 'POST', data); + // return await response.json(); + + // (4) + // const response = await fetch('http://localhost:3000/security', { + // method: 'POST', + // headers: { + // 'Accept': 'application/json', + // 'Content-Type': 'application/json' + // }, + // body: JSON.stringify(data), + // }); + // return await response.json(); +} \ No newline at end of file From 9f235c9d6aa29c3ecfec32d0ec2d492b1d4061b7 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Tue, 8 Nov 2022 17:16:18 +0100 Subject: [PATCH 02/18] Added more code --- app/scripts/lib/message-manager.js | 7 ++- app/scripts/lib/personal-message-manager.js | 9 ++- app/scripts/lib/security-provider-helpers.js | 8 +-- app/scripts/lib/typed-message-manager.js | 9 ++- app/scripts/metamask-controller.js | 63 +++++++++++++++----- 5 files changed, 68 insertions(+), 28 deletions(-) diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index dfc4e3ec3aaf..c559a40f5971 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -30,7 +30,7 @@ export default class MessageManager extends EventEmitter { * @param {object} opts - Controller options * @param {Function} opts.metricsEvent - A function for emitting a metric event. */ - constructor({ metricsEvent }) { + constructor({ metricsEvent, securityProviderRequest }) { super(); this.memStore = new ObservableStore({ unapprovedMsgs: {}, @@ -46,6 +46,7 @@ export default class MessageManager extends EventEmitter { this.messages = []; this.metricsEvent = metricsEvent; + this.securityProviderRequest = securityProviderRequest; } /** @@ -118,7 +119,7 @@ export default class MessageManager extends EventEmitter { * @param {object} [req] - The original request object where the origin may be specified * @returns {number} The id of the newly created message. */ - addUnapprovedMessage(msgParams, req) { + async addUnapprovedMessage(msgParams, req) { // add origin from request if (req) { msgParams.origin = req.origin; @@ -136,6 +137,8 @@ export default class MessageManager extends EventEmitter { }; this.addMsg(msgData); + await this.securityProviderRequest(msgData, msgData.type); + // signal update this.emit('update'); return msgId; diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 338458a66db0..4a937c91401a 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -37,7 +37,7 @@ export default class PersonalMessageManager extends EventEmitter { * @param options * @param options.metricsEvent */ - constructor({ metricsEvent }) { + constructor({ metricsEvent, securityProviderRequest }) { super(); this.memStore = new ObservableStore({ unapprovedPersonalMsgs: {}, @@ -53,6 +53,7 @@ export default class PersonalMessageManager extends EventEmitter { this.messages = []; this.metricsEvent = metricsEvent; + this.securityProviderRequest = securityProviderRequest; } /** @@ -134,7 +135,7 @@ export default class PersonalMessageManager extends EventEmitter { * @param {object} [req] - The original request object possibly containing the origin * @returns {number} The id of the newly created PersonalMessage. */ - addUnapprovedMessage(msgParams, req) { + async addUnapprovedMessage(msgParams, req) { log.debug( `PersonalMessageManager addUnapprovedMessage: ${JSON.stringify( msgParams, @@ -145,7 +146,7 @@ export default class PersonalMessageManager extends EventEmitter { msgParams.origin = req.origin; } msgParams.data = this.normalizeMsgData(msgParams.data); - + console.log('HERE'); // check for SIWE message const siwe = detectSIWE(msgParams); msgParams.siwe = siwe; @@ -162,6 +163,8 @@ export default class PersonalMessageManager extends EventEmitter { }; this.addMsg(msgData); + await this.securityProviderRequest(msgData, msgData.type); + // signal update this.emit('update'); return msgId; diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index d8ce721e249c..72808778b826 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -2,11 +2,11 @@ import fetch from 'node-fetch'; export async function securityProviderCheck(requestData) { console.log('requestData: ', requestData); - const queryString = new URLSearchParams(requestData[0]).toString(); - console.log('queryString: ', queryString); + // const queryString = new URLSearchParams(requestData[0]).toString(); + // console.log('queryString: ', queryString); - // const response = await fetch('http://localhost:3000/security/2', { - const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { + const response = await fetch('http://localhost:3000/security/2', { + // const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { method: 'GET', headers: { 'Accept': 'application/json', diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index 397e27b0c3c7..f248ba3e8927 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -36,7 +36,7 @@ export default class TypedMessageManager extends EventEmitter { * @param options.getCurrentChainId * @param options.metricsEvent */ - constructor({ getCurrentChainId, metricsEvent }) { + constructor({ getCurrentChainId, metricsEvent, securityProviderRequest }) { super(); this._getCurrentChainId = getCurrentChainId; this.memStore = new ObservableStore({ @@ -53,6 +53,7 @@ export default class TypedMessageManager extends EventEmitter { this.messages = []; this.metricsEvent = metricsEvent; + this.securityProviderRequest = securityProviderRequest; } /** @@ -129,7 +130,7 @@ export default class TypedMessageManager extends EventEmitter { * @param version * @returns {number} The id of the newly created TypedMessage. */ - addUnapprovedMessage(msgParams, req, version) { + async addUnapprovedMessage(msgParams, req, version) { msgParams.version = version; if (req) { msgParams.origin = req.origin; @@ -139,7 +140,7 @@ export default class TypedMessageManager extends EventEmitter { log.debug( `TypedMessageManager addUnapprovedMessage: ${JSON.stringify(msgParams)}`, ); - + console.log('HERE'); // create txData obj with parameters and meta data const time = new Date().getTime(); const msgId = createId(); @@ -152,6 +153,8 @@ export default class TypedMessageManager extends EventEmitter { }; this.addMsg(msgData); + console.log('msgData: ', msgData); + await this.securityProviderRequest(msgData, msgData.type); // signal update this.emit('update'); return msgId; diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 83749db38b72..3263743dbb0a 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -972,11 +972,13 @@ export default class MetamaskController extends EventEmitter { metricsEvent: this.metaMetricsController.trackEvent.bind( this.metaMetricsController, ), + securityProviderRequest: this.securityProviderRequest.bind(this), }); this.personalMessageManager = new PersonalMessageManager({ metricsEvent: this.metaMetricsController.trackEvent.bind( this.metaMetricsController, ), + securityProviderRequest: this.securityProviderRequest.bind(this), }); this.decryptMessageManager = new DecryptMessageManager({ metricsEvent: this.metaMetricsController.trackEvent.bind( @@ -995,6 +997,7 @@ export default class MetamaskController extends EventEmitter { metricsEvent: this.metaMetricsController.trackEvent.bind( this.metaMetricsController, ), + securityProviderRequest: this.securityProviderRequest.bind(this), }); this.swapsController = new SwapsController({ @@ -4535,6 +4538,7 @@ export default class MetamaskController extends EventEmitter { async securityProviderRequest(requestData, methodName) { const transactionSecurityCheckEnabled = this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection + const chainId = this.networkController.getCurrentChainId(); // if (transactionSecurityCheckEnabled) { // console.log('requestData: ', requestData); @@ -4553,23 +4557,50 @@ export default class MetamaskController extends EventEmitter { // if (transactionSecurityCheckEnabled) { - const dataToValidate = [ - { - "host_name": requestData.origin, - "rpc_method_name": methodName, - "chain_id": requestData.chainId, - "data": { - "from_address": requestData.txParams.from, - "to_address": requestData.txParams.to, - "gas": requestData.defaultGasEstimates.gas, - "gasPrice": requestData.defaultGasEstimates.gasPrice, - "value": requestData.txParams.value, - "data": requestData.txParams.data, - } - } - ] - const response = await securityProviderCheck(dataToValidate); + // transaction + // const dataToValidate = [ + // { + // "host_name": requestData.origin, + // "rpc_method_name": methodName, + // "chain_id": requestData.chainId, + // "data": { + // "from_address": requestData.txParams.from, + // "to_address": requestData.txParams.to, + // "gas": requestData.defaultGasEstimates.gas, + // "gasPrice": requestData.defaultGasEstimates.gasPrice, + // "value": requestData.txParams.value, + // "data": requestData.txParams.data, + // } + // } + // ] + + // eth_sign, personal_sign + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // "signer_address": requestData.msgParams.from, + // "msg_to_sign": requestData.msgParams.data, + // } + // } + // ] + + // eth_signTypedData + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // requestData.msgParams.data + // } + // } + // ] + + const response = await securityProviderCheck(requestData); // dataToValidate instead of requestData console.log('response: ', response); return await response; From 05e8a3f31a0e9d2f071f5c31526094be2614bf82 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Wed, 9 Nov 2022 13:13:16 +0100 Subject: [PATCH 03/18] Code refactor --- app/scripts/controllers/transactions/index.js | 11 +-- app/scripts/lib/message-manager.js | 8 +- app/scripts/lib/personal-message-manager.js | 9 +- app/scripts/lib/security-provider-helpers.js | 99 ++++++++++++++++++- app/scripts/lib/typed-message-manager.js | 9 +- app/scripts/metamask-controller.js | 66 +------------ db.json | 2 +- .../signature-request-original.container.js | 2 - .../signature-request.component.js | 27 ----- ui/ducks/send/helpers.js | 32 ------ 10 files changed, 122 insertions(+), 143 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index fd1e361e8395..384c370b11d4 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -858,16 +858,15 @@ export default class TransactionController extends EventEmitter { ? addHexPrefix(txMeta.txParams.value) : '0x0'; - this.addTransaction(txMeta); - this.emit('newUnapprovedTx', txMeta); - txMeta = await this.addTransactionGasDefaults(txMeta); + const flagAsDangerous = await this.securityProviderRequest(txMeta, method); - const dataValidation = await this.securityProviderRequest(txMeta, method); + txMeta.flagAsDangerous = flagAsDangerous; - txMeta.dataValidation = dataValidation; + this.addTransaction(txMeta); + this.emit('newUnapprovedTx', txMeta); - console.log('txMeta: ', txMeta); + txMeta = await this.addTransactionGasDefaults(txMeta); return txMeta; } diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index c559a40f5971..fb68cdd2c13f 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -29,6 +29,7 @@ export default class MessageManager extends EventEmitter { * * @param {object} opts - Controller options * @param {Function} opts.metricsEvent - A function for emitting a metric event. + * @param {Function} opts.securityProviderRequest - A function for verifying a message, whether it is malicious or not. */ constructor({ metricsEvent, securityProviderRequest }) { super(); @@ -135,9 +136,12 @@ export default class MessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.ETH_SIGN, }; - this.addMsg(msgData); - await this.securityProviderRequest(msgData, msgData.type); + const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + + msgData.flagAsDangerous = flagAsDangerous; + + this.addMsg(msgData); // signal update this.emit('update'); diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 4a937c91401a..e86344a7f0cb 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -36,6 +36,7 @@ export default class PersonalMessageManager extends EventEmitter { * * @param options * @param options.metricsEvent + * @param options.securityProviderRequest */ constructor({ metricsEvent, securityProviderRequest }) { super(); @@ -146,7 +147,6 @@ export default class PersonalMessageManager extends EventEmitter { msgParams.origin = req.origin; } msgParams.data = this.normalizeMsgData(msgParams.data); - console.log('HERE'); // check for SIWE message const siwe = detectSIWE(msgParams); msgParams.siwe = siwe; @@ -161,9 +161,12 @@ export default class PersonalMessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.PERSONAL_SIGN, }; - this.addMsg(msgData); - await this.securityProviderRequest(msgData, msgData.type); + const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + + msgData.flagAsDangerous = flagAsDangerous; + + this.addMsg(msgData); // signal update this.emit('update'); diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index 72808778b826..ecff48fbd1cf 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -1,8 +1,99 @@ import fetch from 'node-fetch'; +import { MESSAGE_TYPE } from '../../../shared/constants/app'; -export async function securityProviderCheck(requestData) { - console.log('requestData: ', requestData); - // const queryString = new URLSearchParams(requestData[0]).toString(); +export async function securityProviderCheck(requestData, methodName, chainId) { + console.log("requestData: ", requestData); + console.log("methodName: ", methodName); + console.log("chainId: ", chainId); + // transaction + // const dataToValidate = [ + // { + // "host_name": requestData.origin, + // "rpc_method_name": methodName, + // "chain_id": requestData.chainId, + // "data": { + // "from_address": requestData.txParams.from, + // "to_address": requestData.txParams.to, + // "gas": requestData.defaultGasEstimates.gas, + // "gasPrice": requestData.defaultGasEstimates.gasPrice, + // "value": requestData.txParams.value, + // "data": requestData.txParams.data, + // } + // } + // ] + + // eth_sign, personal_sign + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // "signer_address": requestData.msgParams.from, + // "msg_to_sign": requestData.msgParams.data, + // } + // } + // ] + + // eth_signTypedData + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // requestData.msgParams.data + // } + // } + // ] + + + + + + // let dataToValidate = []; + + // if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { + // dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": requestData.msgParams.data, + // } + // ] + // } else if (methodName === MESSAGE_TYPE.ETH_SIGN || methodName === MESSAGE_TYPE.PERSONAL_SIGN) { + // dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // "signer_address": requestData.msgParams.from, + // "msg_to_sign": requestData.msgParams.data, + // } + // } + // ] + // } + + // dataToValidate = [ + // { + // "host_name": requestData.origin, + // "rpc_method_name": methodName, + // "chain_id": requestData.chainId, + // "data": { + // "from_address": requestData.txParams.from, + // "to_address": requestData.txParams.to, + // "gas": requestData.defaultGasEstimates.gas, + // "gasPrice": requestData.defaultGasEstimates.gasPrice, // ? + // "value": requestData.txParams.value, + // "data": requestData.txParams.data, + // } + // } + // ] + + + // const queryString = new URLSearchParams(dataToValidate[0]).toString(); // console.log('queryString: ', queryString); const response = await fetch('http://localhost:3000/security/2', { @@ -16,4 +107,4 @@ export async function securityProviderCheck(requestData) { }); return await response.json(); -} \ No newline at end of file +} diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index f248ba3e8927..10c509bb8e66 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -35,6 +35,7 @@ export default class TypedMessageManager extends EventEmitter { * @param options * @param options.getCurrentChainId * @param options.metricsEvent + * @param options.securityProviderRequest */ constructor({ getCurrentChainId, metricsEvent, securityProviderRequest }) { super(); @@ -140,7 +141,6 @@ export default class TypedMessageManager extends EventEmitter { log.debug( `TypedMessageManager addUnapprovedMessage: ${JSON.stringify(msgParams)}`, ); - console.log('HERE'); // create txData obj with parameters and meta data const time = new Date().getTime(); const msgId = createId(); @@ -151,10 +151,13 @@ export default class TypedMessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.ETH_SIGN_TYPED_DATA, }; + + const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + + msgData.flagAsDangerous = flagAsDangerous; + this.addMsg(msgData); - console.log('msgData: ', msgData); - await this.securityProviderRequest(msgData, msgData.type); // signal update this.emit('update'); return msgId; diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 3263743dbb0a..b7e71fa1fb93 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -169,7 +169,6 @@ import { checkSnapsBlockList } from './flask/snaps-utilities'; import { SNAP_BLOCKLIST } from './flask/snaps-blocklist'; ///: END:ONLY_INCLUDE_IN import { securityProviderCheck } from './lib/security-provider-helpers'; -import fetch from 'node-fetch'; export const METAMASK_CONTROLLER_EVENTS = { // Fired after state changes that impact the extension badge (unapproved msg count) @@ -4537,70 +4536,11 @@ export default class MetamaskController extends EventEmitter { }; async securityProviderRequest(requestData, methodName) { - const transactionSecurityCheckEnabled = this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection + const isTransactionSecurityCheckEnabled = this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection const chainId = this.networkController.getCurrentChainId(); - // if (transactionSecurityCheckEnabled) { - // console.log('requestData: ', requestData); - // const response = await fetch('http://localhost:3000/security/1', { - // method: 'GET', - // headers: { - // 'Accept': 'application/json', - // 'Content-Type': 'application/json' - // }, - // // body: JSON.stringify(requestData), - // }); - - // return await response.json(); - // } - - - - // if (transactionSecurityCheckEnabled) { - - // transaction - // const dataToValidate = [ - // { - // "host_name": requestData.origin, - // "rpc_method_name": methodName, - // "chain_id": requestData.chainId, - // "data": { - // "from_address": requestData.txParams.from, - // "to_address": requestData.txParams.to, - // "gas": requestData.defaultGasEstimates.gas, - // "gasPrice": requestData.defaultGasEstimates.gasPrice, - // "value": requestData.txParams.value, - // "data": requestData.txParams.data, - // } - // } - // ] - - // eth_sign, personal_sign - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // "signer_address": requestData.msgParams.from, - // "msg_to_sign": requestData.msgParams.data, - // } - // } - // ] - - // eth_signTypedData - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // requestData.msgParams.data - // } - // } - // ] - - const response = await securityProviderCheck(requestData); // dataToValidate instead of requestData + // if (isTransactionSecurityCheckEnabled) { + const response = await securityProviderCheck(requestData, methodName, chainId); console.log('response: ', response); return await response; diff --git a/db.json b/db.json index ea6a7831f9f7..370148bb15e2 100644 --- a/db.json +++ b/db.json @@ -16,4 +16,4 @@ "reason": "abc" } ] -} \ No newline at end of file +} diff --git a/ui/components/app/signature-request-original/signature-request-original.container.js b/ui/components/app/signature-request-original/signature-request-original.container.js index 5c0f3f463eb2..3d7c9aa657bd 100644 --- a/ui/components/app/signature-request-original/signature-request-original.container.js +++ b/ui/components/app/signature-request-original/signature-request-original.container.js @@ -11,7 +11,6 @@ import { doesAddressRequireLedgerHidConnection, unconfirmedMessagesHashSelector, getTotalUnapprovedMessagesCount, - getCurrentChainId, } from '../../../selectors'; import { getAccountByAddress, valuesFor } from '../../../helpers/utils/util'; import { clearConfirmTransaction } from '../../../ducks/confirm-transaction/confirm-transaction.duck'; @@ -41,7 +40,6 @@ function mapStateToProps(state, ownProps) { hardwareWalletRequiresConnection, isLedgerWallet, nativeCurrency: getNativeCurrency(state), - chainId, // not passed to component allAccounts: accountsWithSendEtherInfoSelector(state), subjectMetadata: getSubjectMetadata(state), diff --git a/ui/components/app/signature-request/signature-request.component.js b/ui/components/app/signature-request/signature-request.component.js index 65ab12d784ec..a55e595ba3cf 100644 --- a/ui/components/app/signature-request/signature-request.component.js +++ b/ui/components/app/signature-request/signature-request.component.js @@ -19,7 +19,6 @@ import NetworkAccountBalanceHeader from '../network-account-balance-header'; import { NETWORK_TYPES } from '../../../../shared/constants/network'; import Footer from './signature-request-footer'; import Message from './signature-request-message'; -import { transactionSecurityCheck } from '../../../ducks/send/helpers'; export default class SignatureRequest extends PureComponent { static propTypes = { @@ -79,32 +78,6 @@ export default class SignatureRequest extends PureComponent { showContractDetails: false, }; - async componentDidMount() { - const { chainId, txData } = this.props; - - var data = [ - { - 'host_name': txData.msgParams.origin, - 'rpc_method_name': txData.type, - 'chain_id': chainId, - 'data': { - 'typedDataObject': '', - }, - }, - ] - - const checkSignature = await transactionSecurityCheck(data); - - this.setState({ isSignatureMalicious: checkSignature.flagAsDangerous }); - - // console.log('host_name : ', txData.msgParams.origin); - // console.log('rpc_method_name : ', txData.type); - // console.log('chain_id : ', chainId); - // console.log('signer_address : ', txData.msgParams.from); - // console.log('msg_to_sign : ', txData.msgParams.data); - // console.log('txData : ', txData); - } - setMessageRootRef(ref) { this.messageRootRef = ref; } diff --git a/ui/ducks/send/helpers.js b/ui/ducks/send/helpers.js index f56dd15d2e0a..6cf35b5f0875 100644 --- a/ui/ducks/send/helpers.js +++ b/ui/ducks/send/helpers.js @@ -21,8 +21,6 @@ import { } from '../../pages/send/send.utils'; import { getGasPriceInHexWei } from '../../selectors'; import { estimateGas } from '../../store/actions'; -import fetchWithCache from '../../../shared/lib/fetch-with-cache'; -// import fetch from 'node-fetch'; export async function estimateGasLimitForSend({ selectedAddress, @@ -294,33 +292,3 @@ export async function getERC20Balance(token, accountAddress) { ).toString(16); return addHexPrefix(amount); } - -export async function transactionSecurityCheck(data) { - // console.log('data: ', data); - // (1) - const queryString = new URLSearchParams(data).toString(); - console.log('queryString: ', queryString); - const response = await fetchWithCache('http://localhost:3000/security/3'); // or fetch() - return response; - // (2) - // const fetchWithTimeout = getFetchWithTimeout(); - // const response = await fetchWithTimeout(data.host_name, { - // method: 'POST', - // body: JSON.stringify(data), - // }); - - // (3) - // const response = await jsonRpcRequest(data.host_name, 'POST', data); - // return await response.json(); - - // (4) - // const response = await fetch('http://localhost:3000/security', { - // method: 'POST', - // headers: { - // 'Accept': 'application/json', - // 'Content-Type': 'application/json' - // }, - // body: JSON.stringify(data), - // }); - // return await response.json(); -} \ No newline at end of file From 1a8cce2d2ecdfc67ceec575fe9e54b5ec1c18e7f Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Wed, 9 Nov 2022 15:35:39 +0100 Subject: [PATCH 04/18] Lint fixed --- app/scripts/controllers/transactions/index.js | 2 +- app/scripts/lib/message-manager.js | 5 +- app/scripts/lib/personal-message-manager.js | 5 +- app/scripts/lib/security-provider-helpers.js | 193 +++++++++--------- app/scripts/lib/typed-message-manager.js | 5 +- app/scripts/metamask-controller.js | 13 +- ...onfirm-page-container-content.component.js | 2 +- 7 files changed, 117 insertions(+), 108 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 384c370b11d4..4ed3399c8df9 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -769,6 +769,7 @@ export default class TransactionController extends EventEmitter { * * @param txParams * @param origin + * @param method * @param transactionType * @param sendFlowHistory * @param actionId @@ -858,7 +859,6 @@ export default class TransactionController extends EventEmitter { ? addHexPrefix(txMeta.txParams.value) : '0x0'; - const flagAsDangerous = await this.securityProviderRequest(txMeta, method); txMeta.flagAsDangerous = flagAsDangerous; diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index fb68cdd2c13f..f16e3e95e7d1 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -137,7 +137,10 @@ export default class MessageManager extends EventEmitter { type: MESSAGE_TYPE.ETH_SIGN, }; - const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + const flagAsDangerous = await this.securityProviderRequest( + msgData, + msgData.type, + ); msgData.flagAsDangerous = flagAsDangerous; diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index e86344a7f0cb..65dfb859340f 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -162,7 +162,10 @@ export default class PersonalMessageManager extends EventEmitter { type: MESSAGE_TYPE.PERSONAL_SIGN, }; - const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + const flagAsDangerous = await this.securityProviderRequest( + msgData, + msgData.type, + ); msgData.flagAsDangerous = flagAsDangerous; diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index ecff48fbd1cf..8b5d9618e0d9 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -1,110 +1,105 @@ -import fetch from 'node-fetch'; -import { MESSAGE_TYPE } from '../../../shared/constants/app'; +// import fetch from 'node-fetch'; +// import { MESSAGE_TYPE } from '../../../shared/constants/app'; export async function securityProviderCheck(requestData, methodName, chainId) { - console.log("requestData: ", requestData); - console.log("methodName: ", methodName); - console.log("chainId: ", chainId); - // transaction - // const dataToValidate = [ - // { - // "host_name": requestData.origin, - // "rpc_method_name": methodName, - // "chain_id": requestData.chainId, - // "data": { - // "from_address": requestData.txParams.from, - // "to_address": requestData.txParams.to, - // "gas": requestData.defaultGasEstimates.gas, - // "gasPrice": requestData.defaultGasEstimates.gasPrice, - // "value": requestData.txParams.value, - // "data": requestData.txParams.data, - // } - // } - // ] + console.log('requestData: ', requestData); + console.log('methodName: ', methodName); + console.log('chainId: ', chainId); + // transaction + // const dataToValidate = [ + // { + // "host_name": requestData.origin, + // "rpc_method_name": methodName, + // "chain_id": requestData.chainId, + // "data": { + // "from_address": requestData.txParams.from, + // "to_address": requestData.txParams.to, + // "gas": requestData.defaultGasEstimates.gas, + // "gasPrice": requestData.defaultGasEstimates.gasPrice, + // "value": requestData.txParams.value, + // "data": requestData.txParams.data, + // } + // } + // ] - // eth_sign, personal_sign - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // "signer_address": requestData.msgParams.from, - // "msg_to_sign": requestData.msgParams.data, - // } - // } - // ] + // eth_sign, personal_sign + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // "signer_address": requestData.msgParams.from, + // "msg_to_sign": requestData.msgParams.data, + // } + // } + // ] - // eth_signTypedData - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // requestData.msgParams.data - // } - // } - // ] - + // eth_signTypedData + // const dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // requestData.msgParams.data + // } + // } + // ] + // let dataToValidate = []; + // if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { + // dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": requestData.msgParams.data, + // } + // ] + // } else if (methodName === MESSAGE_TYPE.ETH_SIGN || methodName === MESSAGE_TYPE.PERSONAL_SIGN) { + // dataToValidate = [ + // { + // "host_name": requestData.msgParams.origin, + // "rpc_method_name": methodName, + // "chain_id": chainId, + // "data": { + // "signer_address": requestData.msgParams.from, + // "msg_to_sign": requestData.msgParams.data, + // } + // } + // ] + // } + // dataToValidate = [ + // { + // "host_name": requestData.origin, + // "rpc_method_name": methodName, + // "chain_id": requestData.chainId, + // "data": { + // "from_address": requestData.txParams.from, + // "to_address": requestData.txParams.to, + // "gas": requestData.defaultGasEstimates.gas, + // "gasPrice": requestData.defaultGasEstimates.gasPrice, // ? + // "value": requestData.txParams.value, + // "data": requestData.txParams.data, + // } + // } + // ] - // let dataToValidate = []; + // const queryString = new URLSearchParams(dataToValidate[0]).toString(); + // console.log('queryString: ', queryString); - // if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { - // dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": requestData.msgParams.data, - // } - // ] - // } else if (methodName === MESSAGE_TYPE.ETH_SIGN || methodName === MESSAGE_TYPE.PERSONAL_SIGN) { - // dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // "signer_address": requestData.msgParams.from, - // "msg_to_sign": requestData.msgParams.data, - // } - // } - // ] - // } + const response = await fetch('http://localhost:3000/security/2', { + // const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { + method: 'GET', + headers: { + Accept: 'application/json', + 'Content-Type': 'application/json', + 'X-API-Key': 'NKYIN6cXkFaNnVIfzNx7s1z0p3b0B4SB6k29qA7n', + }, + }); - // dataToValidate = [ - // { - // "host_name": requestData.origin, - // "rpc_method_name": methodName, - // "chain_id": requestData.chainId, - // "data": { - // "from_address": requestData.txParams.from, - // "to_address": requestData.txParams.to, - // "gas": requestData.defaultGasEstimates.gas, - // "gasPrice": requestData.defaultGasEstimates.gasPrice, // ? - // "value": requestData.txParams.value, - // "data": requestData.txParams.data, - // } - // } - // ] - - - // const queryString = new URLSearchParams(dataToValidate[0]).toString(); - // console.log('queryString: ', queryString); - - const response = await fetch('http://localhost:3000/security/2', { - // const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { - method: 'GET', - headers: { - 'Accept': 'application/json', - 'Content-Type': 'application/json', - 'X-API-Key': 'NKYIN6cXkFaNnVIfzNx7s1z0p3b0B4SB6k29qA7n', - }, - }); - - return await response.json(); + return await response.json(); } diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index 10c509bb8e66..6dfdf13767f9 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -152,7 +152,10 @@ export default class TypedMessageManager extends EventEmitter { type: MESSAGE_TYPE.ETH_SIGN_TYPED_DATA, }; - const flagAsDangerous = await this.securityProviderRequest(msgData, msgData.type); + const flagAsDangerous = await this.securityProviderRequest( + msgData, + msgData.type, + ); msgData.flagAsDangerous = flagAsDangerous; diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index b7e71fa1fb93..94238e9ba4e8 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4536,16 +4536,21 @@ export default class MetamaskController extends EventEmitter { }; async securityProviderRequest(requestData, methodName) { - const isTransactionSecurityCheckEnabled = this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection + // const isTransactionSecurityCheckEnabled = + // this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection const chainId = this.networkController.getCurrentChainId(); // if (isTransactionSecurityCheckEnabled) { - const response = await securityProviderCheck(requestData, methodName, chainId); + const response = await securityProviderCheck( + requestData, + methodName, + chainId, + ); console.log('response: ', response); return await response; - // } + // } - // return null; + // return null; } } diff --git a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js index a3b88f9d27fc..26c403fe63d1 100644 --- a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js +++ b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js @@ -161,7 +161,7 @@ export default class ConfirmPageContainerContent extends Component { transactionType, isBuyableChain, } = this.props; - console.log("HERE"); + console.log('HERE'); console.log('currentTransaction: ', currentTransaction); const { t } = this.context; From 16d5b617a76cbb28300ac32ba583ce283973697c Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 10 Nov 2022 14:52:56 +0100 Subject: [PATCH 05/18] Enabled fetchind data from the OpenSea server --- app/scripts/lib/security-provider-helpers.js | 144 +++++++------------ app/scripts/metamask-controller.js | 6 +- 2 files changed, 56 insertions(+), 94 deletions(-) diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index 8b5d9618e0d9..c674b717596d 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -1,105 +1,65 @@ -// import fetch from 'node-fetch'; -// import { MESSAGE_TYPE } from '../../../shared/constants/app'; +import getFetchWithTimeout from '../../../shared/modules/fetch-with-timeout'; +import { MESSAGE_TYPE } from '../../../shared/constants/app'; + +const fetchWithTimeout = getFetchWithTimeout(); export async function securityProviderCheck(requestData, methodName, chainId) { console.log('requestData: ', requestData); console.log('methodName: ', methodName); console.log('chainId: ', chainId); - // transaction - // const dataToValidate = [ - // { - // "host_name": requestData.origin, - // "rpc_method_name": methodName, - // "chain_id": requestData.chainId, - // "data": { - // "from_address": requestData.txParams.from, - // "to_address": requestData.txParams.to, - // "gas": requestData.defaultGasEstimates.gas, - // "gasPrice": requestData.defaultGasEstimates.gasPrice, - // "value": requestData.txParams.value, - // "data": requestData.txParams.data, - // } - // } - // ] - - // eth_sign, personal_sign - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // "signer_address": requestData.msgParams.from, - // "msg_to_sign": requestData.msgParams.data, - // } - // } - // ] - - // eth_signTypedData - // const dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // requestData.msgParams.data - // } - // } - // ] - - // let dataToValidate = []; - // if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { - // dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": requestData.msgParams.data, - // } - // ] - // } else if (methodName === MESSAGE_TYPE.ETH_SIGN || methodName === MESSAGE_TYPE.PERSONAL_SIGN) { - // dataToValidate = [ - // { - // "host_name": requestData.msgParams.origin, - // "rpc_method_name": methodName, - // "chain_id": chainId, - // "data": { - // "signer_address": requestData.msgParams.from, - // "msg_to_sign": requestData.msgParams.data, - // } - // } - // ] - // } + let dataToValidate; - // dataToValidate = [ - // { - // "host_name": requestData.origin, - // "rpc_method_name": methodName, - // "chain_id": requestData.chainId, - // "data": { - // "from_address": requestData.txParams.from, - // "to_address": requestData.txParams.to, - // "gas": requestData.defaultGasEstimates.gas, - // "gasPrice": requestData.defaultGasEstimates.gasPrice, // ? - // "value": requestData.txParams.value, - // "data": requestData.txParams.data, - // } - // } - // ] + if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { + dataToValidate = { + host_name: requestData.msgParams.origin, + rpc_method_name: methodName, + chain_id: chainId, + data: requestData.msgParams.data, + }; + } else if ( + methodName === MESSAGE_TYPE.ETH_SIGN || + methodName === MESSAGE_TYPE.PERSONAL_SIGN + ) { + dataToValidate = { + host_name: requestData.msgParams.origin, + rpc_method_name: methodName, + chain_id: chainId, + data: { + signer_address: requestData.msgParams.from, + msg_to_sign: requestData.msgParams.data, + }, + }; + } else { + dataToValidate = { + host_name: requestData.origin, + rpc_method_name: methodName, + chain_id: chainId, + data: { + from_address: requestData.txParams.from, + to_address: requestData.txParams.to, + gas: requestData.txParams.gas, + gasPrice: requestData.txParams.gasPrice, + value: requestData.txParams.value, + data: requestData.txParams.data, + }, + }; + } - // const queryString = new URLSearchParams(dataToValidate[0]).toString(); - // console.log('queryString: ', queryString); + console.log('dataToValidate: ', dataToValidate); - const response = await fetch('http://localhost:3000/security/2', { - // const response = await fetch('https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { - method: 'GET', - headers: { - Accept: 'application/json', - 'Content-Type': 'application/json', - 'X-API-Key': 'NKYIN6cXkFaNnVIfzNx7s1z0p3b0B4SB6k29qA7n', + const response = await fetchWithTimeout( + 'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', + { + method: 'POST', + headers: { + Accept: 'application/json', + 'Content-Type': 'application/json', + 'X-API-KEY': 'NKYIN6cXkFaNnVIfzNx7s1z0p3b0B4SB6k29qA7n', + }, + body: JSON.stringify(dataToValidate), }, - }); + ); return await response.json(); } diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 94238e9ba4e8..032ed6631b77 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4537,8 +4537,10 @@ export default class MetamaskController extends EventEmitter { async securityProviderRequest(requestData, methodName) { // const isTransactionSecurityCheckEnabled = - // this.preferencesController.store.getState().useTokenDetection; // transactionSecurityCheckEnabled when ready instead of useTokenDetection - const chainId = this.networkController.getCurrentChainId(); + // this.preferencesController.store.getState().transactionSecurityCheckEnabled; + const chainId = Number( + hexToDecimal(this.networkController.getCurrentChainId()), + ); // if (isTransactionSecurityCheckEnabled) { const response = await securityProviderCheck( From d9b59d2716215791e7c829157b87e22129373804 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 10 Nov 2022 15:51:10 +0100 Subject: [PATCH 06/18] Code refactor --- app/scripts/lib/personal-message-manager.js | 1 + app/scripts/lib/security-provider-helpers.js | 5 ----- app/scripts/lib/typed-message-manager.js | 1 + app/scripts/lib/typed-message-manager.test.js | 1 + app/scripts/metamask-controller.js | 6 +++--- db.json | 19 ------------------- package.json | 1 - 7 files changed, 6 insertions(+), 28 deletions(-) delete mode 100644 db.json diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 65dfb859340f..a198e93c33aa 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -147,6 +147,7 @@ export default class PersonalMessageManager extends EventEmitter { msgParams.origin = req.origin; } msgParams.data = this.normalizeMsgData(msgParams.data); + // check for SIWE message const siwe = detectSIWE(msgParams); msgParams.siwe = siwe; diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index c674b717596d..4ddb08edcc98 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -5,9 +5,6 @@ const fetchWithTimeout = getFetchWithTimeout(); export async function securityProviderCheck(requestData, methodName, chainId) { console.log('requestData: ', requestData); - console.log('methodName: ', methodName); - console.log('chainId: ', chainId); - let dataToValidate; if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { @@ -46,8 +43,6 @@ export async function securityProviderCheck(requestData, methodName, chainId) { }; } - console.log('dataToValidate: ', dataToValidate); - const response = await fetchWithTimeout( 'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index 6dfdf13767f9..c80fd6eb3bef 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -141,6 +141,7 @@ export default class TypedMessageManager extends EventEmitter { log.debug( `TypedMessageManager addUnapprovedMessage: ${JSON.stringify(msgParams)}`, ); + // create txData obj with parameters and meta data const time = new Date().getTime(); const msgId = createId(); diff --git a/app/scripts/lib/typed-message-manager.test.js b/app/scripts/lib/typed-message-manager.test.js index 1098f7f796b0..3a4a23b4ee20 100644 --- a/app/scripts/lib/typed-message-manager.test.js +++ b/app/scripts/lib/typed-message-manager.test.js @@ -17,6 +17,7 @@ describe('Typed Message Manager', () => { typedMessageManager = new TypedMessageManager({ getCurrentChainId: sinon.fake.returns('0x1'), metricsEvent: sinon.fake(), + securityProviderRequest: sinon.fake(), }); msgParamsV1 = { diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 032ed6631b77..6d5b5bc03026 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4543,14 +4543,14 @@ export default class MetamaskController extends EventEmitter { ); // if (isTransactionSecurityCheckEnabled) { - const response = await securityProviderCheck( + const { flagAsDangerous } = await securityProviderCheck( requestData, methodName, chainId, ); - console.log('response: ', response); + console.log('flagAsDangerous: ', flagAsDangerous); - return await response; + return await flagAsDangerous; // } // return null; diff --git a/db.json b/db.json deleted file mode 100644 index 370148bb15e2..000000000000 --- a/db.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "security": [ - { - "id": 1, - "flagAsDangerous": 0, - "reason": "abc" - }, - { - "id": 2, - "flagAsDangerous": 1, - "reason": "abc" - }, - { - "id": 3, - "flagAsDangerous": 2, - "reason": "abc" - } - ] -} diff --git a/package.json b/package.json index 405fb44b40c9..300c0c0d750c 100644 --- a/package.json +++ b/package.json @@ -284,7 +284,6 @@ "jest-junit": "^14.0.1", "json-rpc-engine": "^6.1.0", "json-rpc-middleware-stream": "^2.1.1", - "json-server": "^0.17.0", "jsonschema": "^1.2.4", "labeled-stream-splicer": "^2.0.2", "localforage": "^1.9.0", From a72a48e47646411c18923bce0048da6db169a742 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 10 Nov 2022 17:07:50 +0100 Subject: [PATCH 07/18] Lint fixed --- app/scripts/metamask-controller.js | 2 +- .../confirm-page-container-content.component.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 6d5b5bc03026..4e14f8174927 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4534,7 +4534,7 @@ export default class MetamaskController extends EventEmitter { } } }; - + async securityProviderRequest(requestData, methodName) { // const isTransactionSecurityCheckEnabled = // this.preferencesController.store.getState().transactionSecurityCheckEnabled; diff --git a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js index 26c403fe63d1..2918286b1c66 100644 --- a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js +++ b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js @@ -162,7 +162,7 @@ export default class ConfirmPageContainerContent extends Component { isBuyableChain, } = this.props; console.log('HERE'); - console.log('currentTransaction: ', currentTransaction); + // console.log('currentTransaction: ', currentTransaction); const { t } = this.context; const showInsuffienctFundsError = From 671713bb2bbbae9980e4904b6768bb3bc1991ce3 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Tue, 15 Nov 2022 11:37:29 +0100 Subject: [PATCH 08/18] Fixed a unit test --- app/scripts/controllers/transactions/index.js | 4 ++-- app/scripts/controllers/transactions/index.test.js | 1 + app/scripts/lib/typed-message-manager.test.js | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 4ed3399c8df9..f5d19e748af7 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -769,19 +769,19 @@ export default class TransactionController extends EventEmitter { * * @param txParams * @param origin - * @param method * @param transactionType * @param sendFlowHistory * @param actionId + * @param method * @returns {txMeta} */ async addUnapprovedTransaction( txParams, origin, - method, transactionType, sendFlowHistory = [], actionId, + method, ) { if ( transactionType !== undefined && diff --git a/app/scripts/controllers/transactions/index.test.js b/app/scripts/controllers/transactions/index.test.js index db0c6a496d2c..5871860e4921 100644 --- a/app/scripts/controllers/transactions/index.test.js +++ b/app/scripts/controllers/transactions/index.test.js @@ -96,6 +96,7 @@ describe('Transaction Controller', function () { getEIP1559GasFeeEstimates: () => undefined, getAccountType: () => 'MetaMask', getDeviceModel: () => 'N/A', + securityProviderRequest: () => undefined, }); txController.nonceTracker.getNonceLock = () => Promise.resolve({ nextNonce: 0, releaseLock: noop }); diff --git a/app/scripts/lib/typed-message-manager.test.js b/app/scripts/lib/typed-message-manager.test.js index 3a4a23b4ee20..22d5ac0197c4 100644 --- a/app/scripts/lib/typed-message-manager.test.js +++ b/app/scripts/lib/typed-message-manager.test.js @@ -81,8 +81,8 @@ describe('Typed Message Manager', () => { numberMsgId = parseInt(msgId, 10); }); - it('supports version 1 of signedTypedData', () => { - typedMessageManager.addUnapprovedMessage(msgParamsV1, null, 'V1'); + it('supports version 1 of signedTypedData', async () => { + await typedMessageManager.addUnapprovedMessage(msgParamsV1, null, 'V1'); expect(messages[messages.length - 1].msgParams.data).toStrictEqual( msgParamsV1.data, ); From b836cea1428b84c3b61d76a36ffaf4117d929b82 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 17 Nov 2022 13:23:05 +0100 Subject: [PATCH 09/18] Fixed tests --- app/scripts/controllers/transactions/index.js | 13 +++++++---- .../controllers/transactions/index.test.js | 20 ++++++++++------- app/scripts/lib/message-manager.js | 2 ++ .../metamask-controller.actions.test.js | 1 + app/scripts/metamask-controller.test.js | 22 +++++++++++++++++++ ui/ducks/send/send.js | 1 + ui/ducks/send/send.test.js | 6 ++--- ui/ducks/swaps/swaps.js | 2 ++ ui/store/actions.js | 9 +++++--- 9 files changed, 58 insertions(+), 18 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index f5d19e748af7..3d5550e4093d 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -767,21 +767,21 @@ export default class TransactionController extends EventEmitter { * actionId is fix used for making this action idempotent to deal with scenario when * action is invoked multiple times with same parameters in MV3 due to service worker re-activation. * + * @param method * @param txParams * @param origin * @param transactionType * @param sendFlowHistory * @param actionId - * @param method * @returns {txMeta} */ async addUnapprovedTransaction( + method, txParams, origin, transactionType, sendFlowHistory = [], actionId, - method, ) { if ( transactionType !== undefined && @@ -859,9 +859,14 @@ export default class TransactionController extends EventEmitter { ? addHexPrefix(txMeta.txParams.value) : '0x0'; - const flagAsDangerous = await this.securityProviderRequest(txMeta, method); + if (method) { + const flagAsDangerous = await this.securityProviderRequest( + txMeta, + method, + ); - txMeta.flagAsDangerous = flagAsDangerous; + txMeta.flagAsDangerous = flagAsDangerous; + } this.addTransaction(txMeta); this.emit('newUnapprovedTx', txMeta); diff --git a/app/scripts/controllers/transactions/index.test.js b/app/scripts/controllers/transactions/index.test.js index 5871860e4921..4b2e708a0401 100644 --- a/app/scripts/controllers/transactions/index.test.js +++ b/app/scripts/controllers/transactions/index.test.js @@ -363,7 +363,7 @@ describe('Transaction Controller', function () { }); it('should add an unapproved transaction and return a valid txMeta', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); @@ -387,6 +387,7 @@ describe('Transaction Controller', function () { it('should add only 1 unapproved transaction when called twice with same actionId', async function () { await txController.addUnapprovedTransaction( + undefined, { from: selectedAddress, to: recipientAddress, @@ -399,6 +400,7 @@ describe('Transaction Controller', function () { const transactionCount1 = txController.txStateManager.getTransactions().length; await txController.addUnapprovedTransaction( + undefined, { from: selectedAddress, to: recipientAddress, @@ -415,6 +417,7 @@ describe('Transaction Controller', function () { it('should add multiple transactions when called with different actionId', async function () { await txController.addUnapprovedTransaction( + undefined, { from: selectedAddress, to: recipientAddress, @@ -427,6 +430,7 @@ describe('Transaction Controller', function () { const transactionCount1 = txController.txStateManager.getTransactions().length; await txController.addUnapprovedTransaction( + undefined, { from: selectedAddress, to: recipientAddress, @@ -448,7 +452,7 @@ describe('Transaction Controller', function () { done(); }); txController - .addUnapprovedTransaction({ + .addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }) @@ -467,7 +471,7 @@ describe('Transaction Controller', function () { networkStore.putState('loading'); await assert.rejects( () => - txController.addUnapprovedTransaction({ + txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2', }), @@ -511,7 +515,7 @@ describe('Transaction Controller', function () { }); it('should add an cancel transaction and return a valid txMeta', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); @@ -529,7 +533,7 @@ describe('Transaction Controller', function () { }); it('should add only 1 cancel transaction when called twice with same actionId', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); @@ -552,7 +556,7 @@ describe('Transaction Controller', function () { }); it('should add multiple transactions when called with different actionId', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); @@ -1280,7 +1284,7 @@ describe('Transaction Controller', function () { }); it('should add only 1 speedup transaction when called twice with same actionId', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); @@ -1303,7 +1307,7 @@ describe('Transaction Controller', function () { }); it('should add multiple transactions when called with different actionId', async function () { - const txMeta = await txController.addUnapprovedTransaction({ + const txMeta = await txController.addUnapprovedTransaction(undefined, { from: selectedAddress, to: recipientAddress, }); diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index f16e3e95e7d1..b31237591f72 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -136,6 +136,8 @@ export default class MessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.ETH_SIGN, }; + console.log('msgData: ', msgData); + console.log('msgData.type: ', msgData.type); const flagAsDangerous = await this.securityProviderRequest( msgData, diff --git a/app/scripts/metamask-controller.actions.test.js b/app/scripts/metamask-controller.actions.test.js index 11c5a3775dbb..64d409ed7611 100644 --- a/app/scripts/metamask-controller.actions.test.js +++ b/app/scripts/metamask-controller.actions.test.js @@ -244,6 +244,7 @@ describe('MetaMaskController', function () { await metamaskController.createNewVaultAndKeychain('test@123'); const accounts = await metamaskController.keyringController.getAccounts(); const txMeta = await metamaskController.getApi().addUnapprovedTransaction( + undefined, { from: accounts[0], to: recipientAddress, diff --git a/app/scripts/metamask-controller.test.js b/app/scripts/metamask-controller.test.js index bfdd69c6ba5a..7bc9c57e9e90 100644 --- a/app/scripts/metamask-controller.test.js +++ b/app/scripts/metamask-controller.test.js @@ -829,8 +829,15 @@ describe('MetaMaskController', function () { const address = '0xc42edfcc21ed14dda456aa0756c153f7985d8813'; const data = '0x0000000000000000000000000000000000000043727970746f6b697474696573'; + const origin = 'https://metamask.github.io'; beforeEach(async function () { + nock( + 'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', + ) + .post('/') + .reply(502, '{"message":"Forbidden"}'); + sandbox.stub(metamaskController, 'getBalance'); metamaskController.getBalance.callsFake(() => { return Promise.resolve('0x0'); @@ -846,6 +853,21 @@ describe('MetaMaskController', function () { data, }; + await metamaskController.securityProviderRequest( + { + id: 1529337209261235, + msgParams: { + data, + from: address, + origin, + }, + time: 1668608342005, + status: 'rejected', + type: 'eth_sign', + }, + 'eth_sign', + ); + const promise = metamaskController.newUnsignedMessage(msgParams); // handle the promise so it doesn't throw an unhandledRejection promise.then(noop).catch(noop); diff --git a/ui/ducks/send/send.js b/ui/ducks/send/send.js index 4222ade30904..224cc1aa1217 100644 --- a/ui/ducks/send/send.js +++ b/ui/ducks/send/send.js @@ -2305,6 +2305,7 @@ export function signTransaction() { dispatch( addUnapprovedTransactionAndRouteToConfirmationPage( + undefined, txParams, transactionType, draftTransaction.history, diff --git a/ui/ducks/send/send.test.js b/ui/ducks/send/send.test.js index 285a593aa790..24d1828ebeff 100644 --- a/ui/ducks/send/send.test.js +++ b/ui/ducks/send/send.test.js @@ -93,7 +93,7 @@ jest.mock('lodash', () => ({ setBackgroundConnection({ addPollingTokenToAppState: jest.fn(), - addUnapprovedTransaction: jest.fn((_v, _w, _x, _y, _z, cb) => { + addUnapprovedTransaction: jest.fn((_u, _v, _w, _x, _y, _z, cb) => { cb(null); }), updateTransactionSendFlowHistory: jest.fn((_x, _y, _z, cb) => cb(null)), @@ -2316,13 +2316,13 @@ describe('Send Slice', () => { expect( addUnapprovedTransactionAndRouteToConfirmationPageStub.mock - .calls[0][0].data, + .calls[0][1].data, ).toStrictEqual( '0xa9059cbb0000000000000000000000004f90e18605fd46f9f9fab0e225d88e1acf5f53240000000000000000000000000000000000000000000000000000000000000001', ); expect( addUnapprovedTransactionAndRouteToConfirmationPageStub.mock - .calls[0][0].to, + .calls[0][1].to, ).toStrictEqual('0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2'); }); }); diff --git a/ui/ducks/swaps/swaps.js b/ui/ducks/swaps/swaps.js index 9af2ee183493..b6a0485b566f 100644 --- a/ui/ducks/swaps/swaps.js +++ b/ui/ducks/swaps/swaps.js @@ -1202,6 +1202,7 @@ export const signAndSendTransactions = ( delete approveTxParams.gasPrice; } const approveTxMeta = await addUnapprovedTransaction( + undefined, { ...approveTxParams, amount: '0x0' }, TRANSACTION_TYPES.SWAP_APPROVAL, ); @@ -1222,6 +1223,7 @@ export const signAndSendTransactions = ( } const tradeTxMeta = await addUnapprovedTransaction( + undefined, usedTradeTxParams, TRANSACTION_TYPES.SWAP, ); diff --git a/ui/store/actions.js b/ui/store/actions.js index 988707862489..64ef4a9c4ec2 100644 --- a/ui/store/actions.js +++ b/ui/store/actions.js @@ -880,6 +880,7 @@ export function updateTransaction(txData, dontShowLoadingIndicator) { * confirmation page. Returns the newly created txMeta in case additional logic * should be applied to the transaction after creation. * + * @param method * @param {import('../../shared/constants/transaction').TxParams} txParams - * The transaction parameters * @param {import( @@ -890,6 +891,7 @@ export function updateTransaction(txData, dontShowLoadingIndicator) { * @returns {import('../../shared/constants/transaction').TransactionMeta} */ export function addUnapprovedTransactionAndRouteToConfirmationPage( + method, txParams, type, sendFlowHistory, @@ -900,7 +902,7 @@ export function addUnapprovedTransactionAndRouteToConfirmationPage( log.debug('background.addUnapprovedTransaction'); const txMeta = await submitRequestToBackground( 'addUnapprovedTransaction', - [txParams, ORIGIN_METAMASK, type, sendFlowHistory, actionId], + [method, txParams, ORIGIN_METAMASK, type, sendFlowHistory, actionId], actionId, ); dispatch(showConfTxPage()); @@ -919,6 +921,7 @@ export function addUnapprovedTransactionAndRouteToConfirmationPage( * This method does not show errors or route to a confirmation page and is * used primarily for swaps functionality. * + * @param method * @param {import('../../shared/constants/transaction').TxParams} txParams - * The transaction parameters * @param {import( @@ -926,12 +929,12 @@ export function addUnapprovedTransactionAndRouteToConfirmationPage( * ).TransactionTypeString} type - The type of the transaction being added. * @returns {import('../../shared/constants/transaction').TransactionMeta} */ -export async function addUnapprovedTransaction(txParams, type) { +export async function addUnapprovedTransaction(method, txParams, type) { log.debug('background.addUnapprovedTransaction'); const actionId = generateActionId(); const txMeta = await submitRequestToBackground( 'addUnapprovedTransaction', - [txParams, ORIGIN_METAMASK, type, undefined, actionId], + [method, txParams, ORIGIN_METAMASK, type, undefined, actionId], actionId, ); return txMeta; From ac94c2638800dc41905337445faf0728f66ab4f1 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 17 Nov 2022 16:10:25 +0100 Subject: [PATCH 10/18] Fixed tests --- app/scripts/lib/message-manager.js | 5 +---- app/scripts/lib/personal-message-manager.js | 5 ++--- app/scripts/lib/security-provider-helpers.js | 10 ++++++++- app/scripts/metamask-controller.js | 4 ++++ app/scripts/metamask-controller.test.js | 22 -------------------- 5 files changed, 16 insertions(+), 30 deletions(-) diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index b31237591f72..e6d8a6779b95 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -136,8 +136,7 @@ export default class MessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.ETH_SIGN, }; - console.log('msgData: ', msgData); - console.log('msgData.type: ', msgData.type); + this.addMsg(msgData); const flagAsDangerous = await this.securityProviderRequest( msgData, @@ -146,8 +145,6 @@ export default class MessageManager extends EventEmitter { msgData.flagAsDangerous = flagAsDangerous; - this.addMsg(msgData); - // signal update this.emit('update'); return msgId; diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index a198e93c33aa..76df6a959ad9 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -163,15 +163,14 @@ export default class PersonalMessageManager extends EventEmitter { type: MESSAGE_TYPE.PERSONAL_SIGN, }; + this.addMsg(msgData); + const flagAsDangerous = await this.securityProviderRequest( msgData, msgData.type, ); msgData.flagAsDangerous = flagAsDangerous; - - this.addMsg(msgData); - // signal update this.emit('update'); return msgId; diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index 4ddb08edcc98..1149fa854df1 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -3,7 +3,12 @@ import { MESSAGE_TYPE } from '../../../shared/constants/app'; const fetchWithTimeout = getFetchWithTimeout(); -export async function securityProviderCheck(requestData, methodName, chainId) { +export async function securityProviderCheck( + requestData, + methodName, + chainId, + currentLocale, +) { console.log('requestData: ', requestData); let dataToValidate; @@ -13,6 +18,7 @@ export async function securityProviderCheck(requestData, methodName, chainId) { rpc_method_name: methodName, chain_id: chainId, data: requestData.msgParams.data, + currentLocale, }; } else if ( methodName === MESSAGE_TYPE.ETH_SIGN || @@ -26,6 +32,7 @@ export async function securityProviderCheck(requestData, methodName, chainId) { signer_address: requestData.msgParams.from, msg_to_sign: requestData.msgParams.data, }, + currentLocale, }; } else { dataToValidate = { @@ -40,6 +47,7 @@ export async function securityProviderCheck(requestData, methodName, chainId) { value: requestData.txParams.value, data: requestData.txParams.data, }, + currentLocale, }; } diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 4e14f8174927..6adb0028a70a 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4538,6 +4538,9 @@ export default class MetamaskController extends EventEmitter { async securityProviderRequest(requestData, methodName) { // const isTransactionSecurityCheckEnabled = // this.preferencesController.store.getState().transactionSecurityCheckEnabled; + + const { currentLocale } = this.preferencesController.store.getState(); + const chainId = Number( hexToDecimal(this.networkController.getCurrentChainId()), ); @@ -4547,6 +4550,7 @@ export default class MetamaskController extends EventEmitter { requestData, methodName, chainId, + currentLocale, ); console.log('flagAsDangerous: ', flagAsDangerous); diff --git a/app/scripts/metamask-controller.test.js b/app/scripts/metamask-controller.test.js index 7bc9c57e9e90..bfdd69c6ba5a 100644 --- a/app/scripts/metamask-controller.test.js +++ b/app/scripts/metamask-controller.test.js @@ -829,15 +829,8 @@ describe('MetaMaskController', function () { const address = '0xc42edfcc21ed14dda456aa0756c153f7985d8813'; const data = '0x0000000000000000000000000000000000000043727970746f6b697474696573'; - const origin = 'https://metamask.github.io'; beforeEach(async function () { - nock( - 'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', - ) - .post('/') - .reply(502, '{"message":"Forbidden"}'); - sandbox.stub(metamaskController, 'getBalance'); metamaskController.getBalance.callsFake(() => { return Promise.resolve('0x0'); @@ -853,21 +846,6 @@ describe('MetaMaskController', function () { data, }; - await metamaskController.securityProviderRequest( - { - id: 1529337209261235, - msgParams: { - data, - from: address, - origin, - }, - time: 1668608342005, - status: 'rejected', - type: 'eth_sign', - }, - 'eth_sign', - ); - const promise = metamaskController.newUnsignedMessage(msgParams); // handle the promise so it doesn't throw an unhandledRejection promise.then(noop).catch(noop); From 0d27e093132324e62f39e6fff133a7553dd713ab Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Fri, 18 Nov 2022 10:28:19 +0100 Subject: [PATCH 11/18] Mocha fixed --- app/scripts/lib/security-provider-helpers.js | 5 +-- app/scripts/metamask-controller.js | 33 +++++++++++--------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index 1149fa854df1..47feee8b1446 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -1,8 +1,5 @@ -import getFetchWithTimeout from '../../../shared/modules/fetch-with-timeout'; import { MESSAGE_TYPE } from '../../../shared/constants/app'; -const fetchWithTimeout = getFetchWithTimeout(); - export async function securityProviderCheck( requestData, methodName, @@ -51,7 +48,7 @@ export async function securityProviderCheck( }; } - const response = await fetchWithTimeout( + const response = await fetch( 'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate', { method: 'POST', diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 6adb0028a70a..b730396ef37b 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4536,27 +4536,30 @@ export default class MetamaskController extends EventEmitter { }; async securityProviderRequest(requestData, methodName) { - // const isTransactionSecurityCheckEnabled = - // this.preferencesController.store.getState().transactionSecurityCheckEnabled; - - const { currentLocale } = this.preferencesController.store.getState(); + const { currentLocale, transactionSecurityCheckEnabled } = + this.preferencesController.store.getState(); const chainId = Number( hexToDecimal(this.networkController.getCurrentChainId()), ); - // if (isTransactionSecurityCheckEnabled) { - const { flagAsDangerous } = await securityProviderCheck( - requestData, - methodName, - chainId, - currentLocale, - ); - console.log('flagAsDangerous: ', flagAsDangerous); + if (transactionSecurityCheckEnabled) { + try { + const { flagAsDangerous } = await securityProviderCheck( + requestData, + methodName, + chainId, + currentLocale, + ); + console.log('flagAsDangerous: ', flagAsDangerous); - return await flagAsDangerous; - // } + return await flagAsDangerous; + } catch (err) { + log.error(err.message); + throw err; + } + } - // return null; + return null; } } From 1eefe0f2384abd9db3a442310b55141326ed28b3 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Fri, 18 Nov 2022 13:15:25 +0100 Subject: [PATCH 12/18] Refactored code and deleted comments --- app/scripts/lib/personal-message-manager.js | 2 +- app/scripts/lib/security-provider-helpers.js | 1 - app/scripts/lib/typed-message-manager.js | 3 +-- app/scripts/metamask-controller.js | 2 -- .../confirm-page-container-content.component.js | 2 -- 5 files changed, 2 insertions(+), 8 deletions(-) diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 76df6a959ad9..66919bc29c9e 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -162,7 +162,6 @@ export default class PersonalMessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.PERSONAL_SIGN, }; - this.addMsg(msgData); const flagAsDangerous = await this.securityProviderRequest( @@ -171,6 +170,7 @@ export default class PersonalMessageManager extends EventEmitter { ); msgData.flagAsDangerous = flagAsDangerous; + // signal update this.emit('update'); return msgId; diff --git a/app/scripts/lib/security-provider-helpers.js b/app/scripts/lib/security-provider-helpers.js index 47feee8b1446..d3fa3c6af05d 100644 --- a/app/scripts/lib/security-provider-helpers.js +++ b/app/scripts/lib/security-provider-helpers.js @@ -6,7 +6,6 @@ export async function securityProviderCheck( chainId, currentLocale, ) { - console.log('requestData: ', requestData); let dataToValidate; if (methodName === MESSAGE_TYPE.ETH_SIGN_TYPED_DATA) { diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index c80fd6eb3bef..10e7ff2b2147 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -152,6 +152,7 @@ export default class TypedMessageManager extends EventEmitter { status: 'unapproved', type: MESSAGE_TYPE.ETH_SIGN_TYPED_DATA, }; + this.addMsg(msgData); const flagAsDangerous = await this.securityProviderRequest( msgData, @@ -160,8 +161,6 @@ export default class TypedMessageManager extends EventEmitter { msgData.flagAsDangerous = flagAsDangerous; - this.addMsg(msgData); - // signal update this.emit('update'); return msgId; diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index b730396ef37b..1350c7557df9 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4551,8 +4551,6 @@ export default class MetamaskController extends EventEmitter { chainId, currentLocale, ); - console.log('flagAsDangerous: ', flagAsDangerous); - return await flagAsDangerous; } catch (err) { log.error(err.message); diff --git a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js index 2918286b1c66..fc21a2cb8cce 100644 --- a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js +++ b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js @@ -161,8 +161,6 @@ export default class ConfirmPageContainerContent extends Component { transactionType, isBuyableChain, } = this.props; - console.log('HERE'); - // console.log('currentTransaction: ', currentTransaction); const { t } = this.context; const showInsuffienctFundsError = From b261083e6247e4f0bcb6b081e18c0f6bfa3ed627 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Fri, 18 Nov 2022 13:19:33 +0100 Subject: [PATCH 13/18] Lint fixed --- .../confirm-page-container-content.component.js | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js index fc21a2cb8cce..d7fc17bf1249 100644 --- a/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js +++ b/ui/components/app/confirm-page-container/confirm-page-container-content/confirm-page-container-content.component.js @@ -161,6 +161,7 @@ export default class ConfirmPageContainerContent extends Component { transactionType, isBuyableChain, } = this.props; + const { t } = this.context; const showInsuffienctFundsError = From fd3efdc09a06bba70fcd1858d8cfa9057c04ec90 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Mon, 21 Nov 2022 10:15:30 +0100 Subject: [PATCH 14/18] Fixed e2e test --- app/scripts/lib/message-manager.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index e6d8a6779b95..3916d586249e 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -82,7 +82,7 @@ export default class MessageManager extends EventEmitter { * @returns {promise} after signature has been */ async addUnapprovedMessageAsync(msgParams, req) { - const msgId = this.addUnapprovedMessage(msgParams, req); + const msgId = await this.addUnapprovedMessage(msgParams, req); return await new Promise((resolve, reject) => { // await finished this.once(`${msgId}:finished`, (data) => { From 26805571301f0bfbc3b484618c3b25e474f642e3 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Mon, 21 Nov 2022 10:58:19 +0100 Subject: [PATCH 15/18] Fixed e2e test --- app/scripts/lib/personal-message-manager.js | 6 ++++-- app/scripts/lib/typed-message-manager.js | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 66919bc29c9e..221ca211e6ab 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -90,7 +90,9 @@ export default class PersonalMessageManager extends EventEmitter { * @param {object} [req] - The original request object possibly containing the origin * @returns {promise} When the message has been signed or rejected */ - addUnapprovedMessageAsync(msgParams, req) { + async addUnapprovedMessageAsync(msgParams, req) { + const msgId = await this.addUnapprovedMessage(msgParams, req); + return new Promise((resolve, reject) => { if (!msgParams.from) { reject( @@ -98,7 +100,7 @@ export default class PersonalMessageManager extends EventEmitter { ); return; } - const msgId = this.addUnapprovedMessage(msgParams, req); + this.once(`${msgId}:finished`, (data) => { switch (data.status) { case 'signed': diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index 10e7ff2b2147..bedaefa5b3d7 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -91,9 +91,10 @@ export default class TypedMessageManager extends EventEmitter { * @param version * @returns {promise} When the message has been signed or rejected */ - addUnapprovedMessageAsync(msgParams, req, version) { + async addUnapprovedMessageAsync(msgParams, req, version) { + const msgId = await this.addUnapprovedMessage(msgParams, req, version); + return new Promise((resolve, reject) => { - const msgId = this.addUnapprovedMessage(msgParams, req, version); this.once(`${msgId}:finished`, (data) => { switch (data.status) { case 'signed': From 007ea5ecf1575c52f81694ba98de0437c3657359 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Thu, 8 Dec 2022 13:36:19 +0100 Subject: [PATCH 16/18] Fetch msgId within the check method --- app/scripts/lib/personal-message-manager.js | 55 ++++++++++----------- app/scripts/lib/typed-message-manager.js | 50 +++++++++---------- 2 files changed, 52 insertions(+), 53 deletions(-) diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 221ca211e6ab..24bd8c7c3e0c 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -90,9 +90,7 @@ export default class PersonalMessageManager extends EventEmitter { * @param {object} [req] - The original request object possibly containing the origin * @returns {promise} When the message has been signed or rejected */ - async addUnapprovedMessageAsync(msgParams, req) { - const msgId = await this.addUnapprovedMessage(msgParams, req); - + addUnapprovedMessageAsync(msgParams, req) { return new Promise((resolve, reject) => { if (!msgParams.from) { reject( @@ -100,31 +98,32 @@ export default class PersonalMessageManager extends EventEmitter { ); return; } - - this.once(`${msgId}:finished`, (data) => { - switch (data.status) { - case 'signed': - resolve(data.rawSig); - return; - case 'rejected': - reject( - ethErrors.provider.userRejectedRequest( - 'MetaMask Message Signature: User denied message signature.', - ), - ); - return; - case 'errored': - reject(new Error(`MetaMask Message Signature: ${data.error}`)); - return; - default: - reject( - new Error( - `MetaMask Message Signature: Unknown problem: ${JSON.stringify( - msgParams, - )}`, - ), - ); - } + this.addUnapprovedMessage(msgParams, req).then((msgId) => { + this.once(`${msgId}:finished`, (data) => { + switch (data.status) { + case 'signed': + resolve(data.rawSig); + return; + case 'rejected': + reject( + ethErrors.provider.userRejectedRequest( + 'MetaMask Message Signature: User denied message signature.', + ), + ); + return; + case 'errored': + reject(new Error(`MetaMask Message Signature: ${data.error}`)); + return; + default: + reject( + new Error( + `MetaMask Message Signature: Unknown problem: ${JSON.stringify( + msgParams, + )}`, + ), + ); + } + }); }); }); } diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index bedaefa5b3d7..b9526d0f3386 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -92,32 +92,32 @@ export default class TypedMessageManager extends EventEmitter { * @returns {promise} When the message has been signed or rejected */ async addUnapprovedMessageAsync(msgParams, req, version) { - const msgId = await this.addUnapprovedMessage(msgParams, req, version); - return new Promise((resolve, reject) => { - this.once(`${msgId}:finished`, (data) => { - switch (data.status) { - case 'signed': - return resolve(data.rawSig); - case 'rejected': - return reject( - ethErrors.provider.userRejectedRequest( - 'MetaMask Message Signature: User denied message signature.', - ), - ); - case 'errored': - return reject( - new Error(`MetaMask Message Signature: ${data.error}`), - ); - default: - return reject( - new Error( - `MetaMask Message Signature: Unknown problem: ${JSON.stringify( - msgParams, - )}`, - ), - ); - } + this.addUnapprovedMessage(msgParams, req, version).then((msgId) => { + this.once(`${msgId}:finished`, (data) => { + switch (data.status) { + case 'signed': + return resolve(data.rawSig); + case 'rejected': + return reject( + ethErrors.provider.userRejectedRequest( + 'MetaMask Message Signature: User denied message signature.', + ), + ); + case 'errored': + return reject( + new Error(`MetaMask Message Signature: ${data.error}`), + ); + default: + return reject( + new Error( + `MetaMask Message Signature: Unknown problem: ${JSON.stringify( + msgParams, + )}`, + ), + ); + } + }); }); }); } From 31fe72d5c3cd9b18a41542eed419f2e97cc967b3 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Mon, 12 Dec 2022 12:24:10 +0100 Subject: [PATCH 17/18] Applied reqested changes --- app/scripts/controllers/transactions/index.js | 8 +++--- .../controllers/transactions/index.test.js | 26 +++++++++++++++++++ app/scripts/metamask-controller.js | 2 +- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 3d5550e4093d..69ac8cb72804 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -767,7 +767,7 @@ export default class TransactionController extends EventEmitter { * actionId is fix used for making this action idempotent to deal with scenario when * action is invoked multiple times with same parameters in MV3 due to service worker re-activation. * - * @param method + * @param txMethodType * @param txParams * @param origin * @param transactionType @@ -776,7 +776,7 @@ export default class TransactionController extends EventEmitter { * @returns {txMeta} */ async addUnapprovedTransaction( - method, + txMethodType, txParams, origin, transactionType, @@ -859,10 +859,10 @@ export default class TransactionController extends EventEmitter { ? addHexPrefix(txMeta.txParams.value) : '0x0'; - if (method) { + if (txMethodType && this.securityProviderRequest) { const flagAsDangerous = await this.securityProviderRequest( txMeta, - method, + txMethodType, ); txMeta.flagAsDangerous = flagAsDangerous; diff --git a/app/scripts/controllers/transactions/index.test.js b/app/scripts/controllers/transactions/index.test.js index 4b2e708a0401..0106f14ed5d6 100644 --- a/app/scripts/controllers/transactions/index.test.js +++ b/app/scripts/controllers/transactions/index.test.js @@ -1328,6 +1328,32 @@ describe('Transaction Controller', function () { txController.txStateManager.getTransactions().length; assert.equal(transactionCount1 + 1, transactionCount2); }); + + it('should add multiple transactions when called with different actionId and txMethodType defined', async function () { + const txMeta = await txController.addUnapprovedTransaction( + 'eth_sendTransaction', + { + from: selectedAddress, + to: recipientAddress, + }, + ); + await txController.approveTransaction(txMeta.id); + await txController.createSpeedUpTransaction( + txMeta.id, + {}, + { actionId: 12345 }, + ); + const transactionCount1 = + txController.txStateManager.getTransactions().length; + await txController.createSpeedUpTransaction( + txMeta.id, + {}, + { actionId: 11111 }, + ); + const transactionCount2 = + txController.txStateManager.getTransactions().length; + assert.equal(transactionCount1 + 1, transactionCount2); + }); }); describe('#signTransaction', function () { diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 1350c7557df9..351b39db1ada 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4551,7 +4551,7 @@ export default class MetamaskController extends EventEmitter { chainId, currentLocale, ); - return await flagAsDangerous; + return flagAsDangerous; } catch (err) { log.error(err.message); throw err; From 1ba601261a33b184d2b1a429fbbef48992432d47 Mon Sep 17 00:00:00 2001 From: Filip Sekulic Date: Mon, 19 Dec 2022 15:15:25 +0100 Subject: [PATCH 18/18] Added a test case and refactored a piece of code --- app/scripts/controllers/transactions/index.js | 4 ++-- .../controllers/transactions/index.test.js | 15 +++++++++++++++ app/scripts/lib/message-manager.js | 4 ++-- app/scripts/lib/personal-message-manager.js | 4 ++-- app/scripts/lib/typed-message-manager.js | 4 ++-- app/scripts/metamask-controller.js | 5 +++-- 6 files changed, 26 insertions(+), 10 deletions(-) diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 69ac8cb72804..c07c3ecf48c5 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -860,12 +860,12 @@ export default class TransactionController extends EventEmitter { : '0x0'; if (txMethodType && this.securityProviderRequest) { - const flagAsDangerous = await this.securityProviderRequest( + const securityProviderResponse = await this.securityProviderRequest( txMeta, txMethodType, ); - txMeta.flagAsDangerous = flagAsDangerous; + txMeta.securityProviderResponse = securityProviderResponse; } this.addTransaction(txMeta); diff --git a/app/scripts/controllers/transactions/index.test.js b/app/scripts/controllers/transactions/index.test.js index 0106f14ed5d6..0e921845e5c1 100644 --- a/app/scripts/controllers/transactions/index.test.js +++ b/app/scripts/controllers/transactions/index.test.js @@ -1354,6 +1354,21 @@ describe('Transaction Controller', function () { txController.txStateManager.getTransactions().length; assert.equal(transactionCount1 + 1, transactionCount2); }); + + it('should call securityProviderRequest and have flagAsDangerous inside txMeta', async function () { + const txMeta = await txController.addUnapprovedTransaction( + 'eth_sendTransaction', + { + from: selectedAddress, + to: recipientAddress, + }, + ); + + assert.ok( + 'securityProviderResponse' in txMeta, + 'should have a securityProviderResponse', + ); + }); }); describe('#signTransaction', function () { diff --git a/app/scripts/lib/message-manager.js b/app/scripts/lib/message-manager.js index 3916d586249e..ae1f0088b0bc 100644 --- a/app/scripts/lib/message-manager.js +++ b/app/scripts/lib/message-manager.js @@ -138,12 +138,12 @@ export default class MessageManager extends EventEmitter { }; this.addMsg(msgData); - const flagAsDangerous = await this.securityProviderRequest( + const securityProviderResponse = await this.securityProviderRequest( msgData, msgData.type, ); - msgData.flagAsDangerous = flagAsDangerous; + msgData.securityProviderResponse = securityProviderResponse; // signal update this.emit('update'); diff --git a/app/scripts/lib/personal-message-manager.js b/app/scripts/lib/personal-message-manager.js index 24bd8c7c3e0c..242dabb02230 100644 --- a/app/scripts/lib/personal-message-manager.js +++ b/app/scripts/lib/personal-message-manager.js @@ -165,12 +165,12 @@ export default class PersonalMessageManager extends EventEmitter { }; this.addMsg(msgData); - const flagAsDangerous = await this.securityProviderRequest( + const securityProviderResponse = await this.securityProviderRequest( msgData, msgData.type, ); - msgData.flagAsDangerous = flagAsDangerous; + msgData.securityProviderResponse = securityProviderResponse; // signal update this.emit('update'); diff --git a/app/scripts/lib/typed-message-manager.js b/app/scripts/lib/typed-message-manager.js index b9526d0f3386..75a5d7c80458 100644 --- a/app/scripts/lib/typed-message-manager.js +++ b/app/scripts/lib/typed-message-manager.js @@ -155,12 +155,12 @@ export default class TypedMessageManager extends EventEmitter { }; this.addMsg(msgData); - const flagAsDangerous = await this.securityProviderRequest( + const securityProviderResponse = await this.securityProviderRequest( msgData, msgData.type, ); - msgData.flagAsDangerous = flagAsDangerous; + msgData.securityProviderResponse = securityProviderResponse; // signal update this.emit('update'); diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 351b39db1ada..4f613449dce7 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -4545,13 +4545,14 @@ export default class MetamaskController extends EventEmitter { if (transactionSecurityCheckEnabled) { try { - const { flagAsDangerous } = await securityProviderCheck( + const securityProviderResponse = await securityProviderCheck( requestData, methodName, chainId, currentLocale, ); - return flagAsDangerous; + + return securityProviderResponse; } catch (err) { log.error(err.message); throw err;