Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Snap accounts even if the snap is disabled #21087

Merged
merged 4 commits into from
Sep 29, 2023
Merged

Remove Snap accounts even if the snap is disabled #21087

merged 4 commits into from
Sep 29, 2023

Conversation

danroc
Copy link
Contributor

@danroc danroc commented Sep 28, 2023
edited by owencraston
Loading

Description

Currently, when removing a snap, we send a listAccounts request to the snap to obtain the list of accounts it owns, then we proceed to remove them one by one. However, if the snap is disabled, we cannot retrieve this list and an error is thrown, blocking the snap removal.

This PR resolves this issue by retrieving the list of accounts from the SnapKeyring instead of calling the snap. By doing so, it also addresses another bug: the source of truth about the accounts managed by a snap should be the SnapKeyring rather than the snap itself. This is because the snap could potentially spoof addresses owned by other keyrings, leading to their inadvertent removal.

Fixes: https://github.com/MetaMask/accounts-planning/issues/55
Depends on: #20684

Manual testing steps

  1. Install Flask, and onboard a SRP or create a new one.

  2. Install the SSK.

  3. Create 2 accounts using the SSK.

  4. Go to "Settings" > "Snaps" > "MetaMask Simple Keyring Snap".

  5. Disabled the snap.

  6. Click on "Remove MetaMask SSK".

  7. Confirm by clicking on "Remove Snap".

  8. The snap should have been removed.

  9. Check the console of the extension, you should see the following logs:

    image

Screenshots/Recordings

Screen.Recording.2023-09-28.at.12.44.40.mov

Pre-merge author checklist

  • I’ve followed MetaMask Coding Standards.
  • I've clearly explained:
    • What problem this PR is solving.
    • How this problem was solved.
    • How reviewers can test my changes.
  • I’ve indicated what issue this PR is linked to: Fixes #???
  • I’ve documented any added code.
  • I’ve applied the right labels on the PR (see labeling guidelines).
  • I’ve properly set the pull request status:
    • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@danroc danroc added team-accounts DO-NOT-MERGE Pull requests that should not be merged type-bug labels Sep 28, 2023
@danroc danroc marked this pull request as ready for review September 28, 2023 10:47
@danroc danroc requested review from a team and kumavis as code owners September 28, 2023 10:47
@socket-security
Copy link

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@metamask/eth-snap-keyring 0.3.0...0.3.1 None +0/-0 94 kB metamaskbot

@metamaskbot
Copy link
Collaborator

Builds ready [684da5c]
Page Load Metrics (1071 ± 348 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint8412796115
domContentLoaded6911988126
load8218031071724348
domInteractive6911988126
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 159 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@codecov
Copy link

codecov bot commented Sep 29, 2023
edited
Loading

Codecov Report

Attention: 10 lines in your changes are missing coverage. Please review.

Comparison is base (8fcd83b) 68.43% compared to head (1754e47) 68.41%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #21087      +/-   ##
===========================================
- Coverage    68.43%   68.41%   -0.02%     
===========================================
  Files         1012     1012              
  Lines        40507    40508       +1     
  Branches     10826    10823       -3     
===========================================
- Hits         27718    27710       -8     
- Misses       12789    12798       +9
Files Coverage Δ
app/scripts/lib/snap-keyring/index.ts 100.00% <100.00%> (ø)
app/scripts/lib/snap-keyring/snap-keyring.ts 17.65% <40.00%> (-1.10%) ⬇️
app/scripts/metamask-controller.js 53.55% <25.00%> (-0.34%) ⬇️
ui/store/actions.ts 43.35% <0.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@danroc danroc force-pushed the feature/remove-account-snap branch 2 times, most recently from 5c325aa to 1417058 Compare September 29, 2023 17:05
gantunesr
gantunesr previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Member

@gantunesr gantunesr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't run the client but the code LGTM

app/scripts/metamask-controller.js Outdated Show resolved Hide resolved
@gantunesr gantunesr added the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Sep 29, 2023
@danroc danroc force-pushed the feature/remove-account-snap branch from 1417058 to 79b6e5c Compare September 29, 2023 17:28
owencraston
owencraston previously approved these changes Sep 29, 2023
View reviewed changes
Copy link
Contributor

@owencraston owencraston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks ✅
Ran through the steps and they all were 🤌
Screenshot 2023-09-29 at 10 32 13 AM

@danroc
fix: remove accounts snap even if disabled
f588bb6 
Currently, when removing a snap, we send a listAccounts request to the
snap to obtain the list of accounts it owns, then we proceed to remove
them one by one. However, if the snap is disabled, we cannot retrieve
this list and an error is thrown, blocking the snap removal.

This PR resolves this issue by retrieving the list of accounts from the
SnapKeyring instead of calling the snap. By doing so, it also addresses
another bug: the source of truth about the accounts managed by a snap
should be the SnapKeyring rather than the snap itself. This is because
the snap could potentially spoof addresses owned by other keyrings,
leading to their inadvertent removal.
@danroc
refactor: move getAccountsBySnapId() to snap-keyring.ts
6b307df
@danroc danroc dismissed stale reviews from owencraston and gantunesr via 6b307df September 29, 2023 18:11
@danroc danroc force-pushed the feature/remove-account-snap branch from 79b6e5c to 6b307df Compare September 29, 2023 18:11
owencraston
owencraston previously approved these changes Sep 29, 2023
View reviewed changes
Mrtenz
Mrtenz reviewed Sep 29, 2023
View reviewed changes
app/scripts/lib/snap-keyring/snap-keyring.ts Outdated
* @param snapId - Snap ID to get accounts for.
* @returns The addresses of the accounts.
*/
export const getAccountsBySnapId = async (controller: any, snapId: string) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be typed?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just pushed a commit to address this with better types.

@owencraston
Copy link
Contributor

I added better types to the getAccountsBySnapId method and confirmed it is still working as expected.
https://github.com/MetaMask/metamask-extension/assets/22918444/6dabb015-7873-4390-9504-7d09c2f33eff

@metamaskbot
Copy link
Collaborator

Builds ready [1754e47]
Page Load Metrics (872 ± 372 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint84123100126
domContentLoaded7012094157
load821884872775372
domInteractive7012094157
Bundle size diffs
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@gantunesr gantunesr removed DO-NOT-MERGE Pull requests that should not be merged needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) labels Sep 29, 2023
@owencraston owencraston merged commit 0988ef5 into develop Sep 29, 2023
10 of 11 checks passed
@owencraston owencraston deleted the feature/remove-account-snap branch September 29, 2023 20:21
@github-actions github-actions bot locked and limited conversation to collaborators Sep 29, 2023
@metamaskbot metamaskbot added the release-11.3.0 Issue or pull request that will be included in release 11.3.0 label Sep 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@owencraston owencraston owencraston left review comments

@gantunesr gantunesr gantunesr approved these changes

@Mrtenz Mrtenz Mrtenz approved these changes

@kumavis kumavis Awaiting requested review from kumavis

Assignees
No one assigned
Labels
release-11.3.0 Issue or pull request that will be included in release 11.3.0 team-accounts type-bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@danroc @metamaskbot @owencraston @Mrtenz @gantunesr