diff options
Diffstat (limited to 'app/scripts')
-rw-r--r-- | app/scripts/contentscript.js | 27 | ||||
-rw-r--r-- | app/scripts/controllers/provider-approval.js | 41 | ||||
-rw-r--r-- | app/scripts/inpage.js | 4 | ||||
-rw-r--r-- | app/scripts/metamask-controller.js | 4 |
4 files changed, 32 insertions, 44 deletions
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index b1c1e9a0d..29fa3f5c7 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -24,7 +24,7 @@ if (shouldInjectWeb3()) { injectScript(inpageBundle) setupStreams() listenForProviderRequest() - checkForcedInjection() + checkPrivacyMode() } /** @@ -125,9 +125,9 @@ function listenForProviderRequest () { origin: source.location.hostname, }) break - case 'ETHEREUM_PROVIDER_STATUS': + case 'ETHEREUM_QUERY_STATUS': extension.runtime.sendMessage({ - action: 'provider-status-request', + action: 'init-status-request', origin: source.location.hostname, }) break @@ -144,14 +144,7 @@ function listenForProviderRequest () { case 'reject-provider-request': injectScript(`window.dispatchEvent(new CustomEvent('ethereumprovider', { detail: { error: 'User rejected provider access' }}))`) break - case 'force-injection': - extension.storage.local.get(['forcedOrigins'], ({ forcedOrigins = [] }) => { - extension.storage.local.set({ forcedOrigins: [ ...forcedOrigins, window.location.hostname ] }, () => { - injectScript(`window.location.reload()`) - }) - }) - break - case 'provider-status': + case 'answer-status-request': injectScript(`window.dispatchEvent(new CustomEvent('ethereumproviderstatus', { detail: { isEnabled: ${isEnabled}}}))`) break } @@ -159,15 +152,11 @@ function listenForProviderRequest () { } /** - * Checks the current origin to see if it exists in the extension's locally-stored list - * off user-whitelisted dapp origins. If it is, this origin will be marked as approved, - * meaning the publicConfig stream will be enabled. This is only meant to ease the transition - * to 1102 and will be removed in the future. + * Checks if MetaMask is currently operating in "privacy mode", meaning + * dapps must call ethereum.enable in order to access user accounts */ -function checkForcedInjection () { - extension.storage.local.get(['forcedOrigins'], ({ forcedOrigins = [] }) => { - originApproved = forcedOrigins.indexOf(window.location.hostname) > -1 - }) +function checkPrivacyMode () { + extension.runtime.sendMessage({ action: 'init-privacy-request' }) } /** diff --git a/app/scripts/controllers/provider-approval.js b/app/scripts/controllers/provider-approval.js index 918fc8ad0..a44d2b3ab 100644 --- a/app/scripts/controllers/provider-approval.js +++ b/app/scripts/controllers/provider-approval.js @@ -1,5 +1,4 @@ const ObservableStore = require('obs-store') -const extension = require('extensionizer') /** * A controller that services user-approved requests for a full Ethereum provider API @@ -10,22 +9,25 @@ class ProviderApprovalController { * * @param {Object} [config] - Options to configure controller */ - constructor ({ closePopup, openPopup, platform, publicConfigStore } = {}) { + constructor ({ closePopup, openPopup, platform, preferencesController, publicConfigStore } = {}) { this.store = new ObservableStore() this.closePopup = closePopup this.openPopup = openPopup this.platform = platform this.publicConfigStore = publicConfigStore this.approvedOrigins = {} + this.preferencesController = preferencesController platform && platform.addMessageListener && platform.addMessageListener(({ action, origin }) => { if (!action) { return } switch (action) { case 'init-provider-request': this.handleProviderRequest(origin) break - case 'provider-status-request': + case 'init-status-request': this.handleProviderStatusRequest(origin) break + case 'init-privacy-request': + this.handlePrivacyStatusRequest() } }) } @@ -35,9 +37,9 @@ class ProviderApprovalController { * * @param {string} origin - Origin of the window requesting full provider access */ - async handleProviderRequest (origin) { + handleProviderRequest (origin) { this.store.updateState({ providerRequests: [{ origin }] }) - if (await this.isApproved(origin)) { + if (this.isApproved(origin)) { this.approveProviderRequest(origin) return } @@ -45,13 +47,21 @@ class ProviderApprovalController { } /** - * Called by a tab to detemrine if a full Ethereum provider API is exposed + * Called by a tab to determine if a full Ethereum provider API is exposed * * @param {string} origin - Origin of the window requesting provider status */ async handleProviderStatusRequest (origin) { - const isEnabled = await this.isApproved(origin) - this.platform && this.platform.sendMessage({ action: 'provider-status', isEnabled }, { active: true }) + const isEnabled = this.isApproved(origin) + this.platform && this.platform.sendMessage({ action: 'answer-status-request', isEnabled }, { active: true }) + } + + handlePrivacyStatusRequest () { + const privacyMode = this.preferencesController.getFeatureFlags().privacyMode + if (!privacyMode) { + this.platform && this.platform.sendMessage({ action: 'approve-provider-request' }, { active: true }) + this.publicConfigStore.emit('update', this.publicConfigStore.getState()) + } } /** @@ -87,7 +97,6 @@ class ProviderApprovalController { */ clearApprovedOrigins () { this.approvedOrigins = {} - extension.storage.local.set({ forcedOrigins: [] }) } /** @@ -97,18 +106,8 @@ class ProviderApprovalController { * @returns {boolean} - True if the origin has been approved */ isApproved (origin) { - return new Promise(resolve => { - extension.storage.local.get(['forcedOrigins'], ({ forcedOrigins = [] }) => { - resolve(this.approvedOrigins[origin] || forcedOrigins.indexOf(origin) > -1) - }) - }) - } - - /** - * Called when a user forces the exposure of a full Ethereum provider API - */ - forceInjection () { - this.platform.sendMessage({ action: 'force-injection' }, { active: true }) + const privacyMode = this.preferencesController.getFeatureFlags().privacyMode + return !privacyMode || this.approvedOrigins[origin] } } diff --git a/app/scripts/inpage.js b/app/scripts/inpage.js index c5f4ee4c9..c5cbcc120 100644 --- a/app/scripts/inpage.js +++ b/app/scripts/inpage.js @@ -56,10 +56,10 @@ inpageProvider.isEnabled = function () { if (typeof detail.error !== 'undefined') { reject(detail.error) } else { - resolve(detail.isEnabled) + resolve(!!detail.isEnabled) } }) - window.postMessage({ type: 'ETHEREUM_PROVIDER_STATUS' }, '*') + window.postMessage({ type: 'ETHEREUM_QUERY_STATUS' }, '*') }) } diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index d8f8a4602..2265838fb 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -224,6 +224,7 @@ module.exports = class MetamaskController extends EventEmitter { closePopup: opts.closePopup, openPopup: opts.openPopup, platform: opts.platform, + preferencesController: this.preferencesController, publicConfigStore: this.publicConfigStore, }) @@ -275,7 +276,7 @@ module.exports = class MetamaskController extends EventEmitter { getAccounts: async ({ origin }) => { // Expose no accounts if this origin has not been approved, preventing // account-requring RPC methods from completing successfully - const isApproved = await this.providerApprovalController.isApproved(origin) + const isApproved = this.providerApprovalController.isApproved(origin) if (origin !== 'MetaMask' && !isApproved) { return [] } const isUnlocked = this.keyringController.memStore.getState().isUnlocked const selectedAddress = this.preferencesController.getSelectedAddress() @@ -455,7 +456,6 @@ module.exports = class MetamaskController extends EventEmitter { approveProviderRequest: providerApprovalController.approveProviderRequest.bind(providerApprovalController), clearApprovedOrigins: providerApprovalController.clearApprovedOrigins.bind(providerApprovalController), rejectProviderRequest: providerApprovalController.rejectProviderRequest.bind(providerApprovalController), - forceInjection: providerApprovalController.forceInjection.bind(providerApprovalController), } } |