This repository has been archived by the owner on Oct 7, 2024. It is now read-only.
fix: reject unsupported account methods #190
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 tasks
danroc
approved these changes
Dec 15, 2023
owencraston
changed the title
13 tasks
owencraston
added a commit
to MetaMask/metamask-extension
that referenced
this pull request
Dec 19, 2023
## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Includes the latest fixes in the eth-snap-keyring. This blocks non permitted methods from being called by an account snap. The changes in the eth-snap-keyring can be found [here](MetaMask/eth-snap-keyring#190). ## **Related issues** Fixes: MetaMask/accounts-planning#181 Fixes: MetaMask/accounts-planning#121 ## **Screenshots/Recordings** <img width="354" alt="Screenshot 2023-12-18 at 3 41 18 PM" src="https://github.com/MetaMask/metamask-extension/assets/22918444/9bdcdd6b-a283-4b9c-be23-359fe96a90e7"> <img width="586" alt="Screenshot 2023-12-18 at 3 40 36 PM" src="https://github.com/MetaMask/metamask-extension/assets/22918444/35841117-4451-4933-baf4-502cf5919764"> ## **Manual testing steps** 1. Go to the [SSK](https://metamask.github.io/snap-simple-keyring/latest/) and create an account 2. Updated the account using this JSON, replacing the address and ID fields with the new account information, and choose one or more of the methods to remove from the list ```json { "address": "you new account address", "id": "your new account ID", "options": {}, "methods": [ "personal_sign", "eth_sign", "eth_signTransaction", "eth_signTypedData_v1", "eth_signTypedData_v3", "eth_signTypedData_v4" ], "type": "eip155:eoa" } ``` 3. Navigate to the [E2E Test Dapp](https://metamask.github.io/test-dapp/) and connect the new account 4. Attempt to perform a method you just removed 5. You should see a message that "Method [removed method] is not supported for account [new snap account address]" ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md). - [x] I've clearly explained what problem this PR is solving and how it is solved. - [x] I've linked related issues - [x] I've included manual testing steps - [x] I've included screenshots/recordings if applicable - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. - [x] I’ve properly set the pull request status: - [x] In case it's not yet "ready for review", I've set it to "draft". - [ ] In case it's "ready for review", I've changed it from "draft" to "non-draft". ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: MetaMask Bot <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current state: When you update an account and remove a method, the removed method still functions
Solution: Check if an account supports the method when a request is submitted to the Keyring and if not, throw an error.
Manual Testing
{ "address": "you new account address", "id": "your new account ID", "options": {}, "methods": [ "personal_sign", "eth_sign", "eth_signTransaction", "eth_signTypedData_v1", "eth_signTypedData_v3", "eth_signTypedData_v4" ], "type": "eip155:eoa" }Jest
jest src/SnapKeyring.test.ts --testNamePattern="fails when the EthMethod is not supported"jest src/SnapKeyring.test.ts