From 1d65687ce48bc7f35ee0167c94813f8b3cb3a6ee Mon Sep 17 00:00:00 2001
From: Thomas <thomas.b.huang@gmail.com>
Date: Wed, 24 Oct 2018 20:03:55 -0700
Subject: Validate signTypedData in eth-json-rpc-middleware

---
 .../network/createMetamaskMiddleware.js            |  2 +
 app/scripts/metamask-controller.js                 | 58 +++++++++++-----------
 2 files changed, 32 insertions(+), 28 deletions(-)

(limited to 'app/scripts')

diff --git a/app/scripts/controllers/network/createMetamaskMiddleware.js b/app/scripts/controllers/network/createMetamaskMiddleware.js
index 9e6a45888..319c5bf3e 100644
--- a/app/scripts/controllers/network/createMetamaskMiddleware.js
+++ b/app/scripts/controllers/network/createMetamaskMiddleware.js
@@ -11,6 +11,7 @@ function createMetamaskMiddleware ({
   processTransaction,
   processEthSignMessage,
   processTypedMessage,
+  processTypedMessageV3,
   processPersonalMessage,
   getPendingNonce,
 }) {
@@ -25,6 +26,7 @@ function createMetamaskMiddleware ({
       processTransaction,
       processEthSignMessage,
       processTypedMessage,
+      processTypedMessageV3,
       processPersonalMessage,
     }),
     createPendingNonceMiddleware({ getPendingNonce }),
diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js
index 7913662d4..1e02d8488 100644
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@@ -138,12 +138,12 @@ module.exports = class MetamaskController extends EventEmitter {
         this.accountTracker.stop()
       }
     })
-     
+
     // ensure accountTracker updates balances after network change
     this.networkController.on('networkDidChange', () => {
       this.accountTracker._updateAccounts()
     })
-      
+
     // key mgmt
     const additionalKeyrings = [TrezorKeyring, LedgerBridgeKeyring]
     this.keyringController = new KeyringController({
@@ -275,6 +275,8 @@ module.exports = class MetamaskController extends EventEmitter {
       processTransaction: this.newUnapprovedTransaction.bind(this),
       // msg signing
       processEthSignMessage: this.newUnsignedMessage.bind(this),
+      processTypedMessage: this.newUnsignedTypedMessage.bind(this),
+      processTypedMessageV3: this.newUnsignedTypedMessage.bind(this),
       processPersonalMessage: this.newUnsignedPersonalMessage.bind(this),
       getPendingNonce: this.getPendingNonce.bind(this),
     }
@@ -978,8 +980,8 @@ module.exports = class MetamaskController extends EventEmitter {
    * @param {Object} msgParams - The params passed to eth_signTypedData.
    * @param {Function} cb - The callback function, called with the signature.
    */
-  newUnsignedTypedMessage (msgParams, req) {
-    const promise = this.typedMessageManager.addUnapprovedMessageAsync(msgParams, req)
+  newUnsignedTypedMessage (msgParams, req, version) {
+    const promise = this.typedMessageManager.addUnapprovedMessageAsync(msgParams, req, version)
     this.sendUpdate()
     this.opts.showUnconfirmedMessage()
     return promise
@@ -1274,9 +1276,9 @@ module.exports = class MetamaskController extends EventEmitter {
     // watch asset
     engine.push(this.preferencesController.requestWatchAsset.bind(this.preferencesController))
     // sign typed data middleware
-    engine.push(this.createTypedDataMiddleware('eth_signTypedData', 'V1').bind(this))
-    engine.push(this.createTypedDataMiddleware('eth_signTypedData_v1', 'V1').bind(this))
-    engine.push(this.createTypedDataMiddleware('eth_signTypedData_v3', 'V3', true).bind(this))
+    // engine.push(this.createTypedDataMiddleware('eth_signTypedData', 'V1').bind(this))
+    // engine.push(this.createTypedDataMiddleware('eth_signTypedData_v1', 'V1').bind(this))
+    // engine.push(this.createTypedDataMiddleware('eth_signTypedData_v3', 'V3', true).bind(this))
     // forward to metamask primary provider
     engine.push(createProviderMiddleware({ provider }))
 
@@ -1542,27 +1544,27 @@ module.exports = class MetamaskController extends EventEmitter {
   * @param {Function} - next
   * @param {Function} - end
   */
-  createTypedDataMiddleware (methodName, version, reverse) {
-    return async (req, res, next, end) => {
-      const { method, params } = req
-      if (method === methodName) {
-        const promise = this.typedMessageManager.addUnapprovedMessageAsync({
-          data: reverse ? params[1] : params[0],
-          from: reverse ? params[0] : params[1],
-        }, req, version)
-        this.sendUpdate()
-        this.opts.showUnconfirmedMessage()
-        try {
-          res.result = await promise
-          end()
-        } catch (error) {
-          end(error)
-        }
-      } else {
-        next()
-      }
-    }
-  }
+  // createTypedDataMiddleware (methodName, version, reverse) {
+  //   return async (req, res, next, end) => {
+  //     const { method, params } = req
+  //     if (method === methodName) {
+  //       const promise = this.typedMessageManager.addUnapprovedMessageAsync({
+  //         data: reverse ? params[1] : params[0],
+  //         from: reverse ? params[0] : params[1],
+  //       }, req, version)
+  //       this.sendUpdate()
+  //       this.opts.showUnconfirmedMessage()
+  //       try {
+  //         res.result = await promise
+  //         end()
+  //       } catch (error) {
+  //         end(error)
+  //       }
+  //     } else {
+  //       next()
+  //     }
+  //   }
+  // }
 
   /**
    * Adds a domain to the {@link BlacklistController} whitelist
-- 
cgit v1.2.3