feat: decode permissions in SignatureController (#6619)

## Summary

Add execution-permission decoding to `SignatureController` for
`eth_signTypedData_v4` delegation requests. If a delegation request is
unable to be decoded into a coherent Execution Permission, reject
external (not from `origin: metamask`) attempts to sign delegations for
internal accounts. Adds decoded permission in signature request state
for rendering downstream.

## Why
Readable Permissions requires the ability to sign delegations, only when
the delegation can be decoded to a permission that is then shown to the
user.

[The architecture is described in this
document](https://www.notion.so/metamask-consensys/SignTypedData-with-Metadata-Specification-22bf86d67d688023be67e2ee06e3a56a).
Decoding has been added to `GatorPermissionsController` in #6556

Note: the request origin is always `@metamask/gator-permission-snap`
(any other origin is rejected). Because of this, `metadata` is added to
the 712 payload, defining the `justification` and `origin` which is the
_original_ origin of the request (the dapp).

Author: jeffsmale90

eslint-warning-thresholds.json

@@ -349,21 +349,10 @@
     "jest/no-conditional-in-test": 1
   },
   "packages/signature-controller/src/SignatureController.ts": {
-    "@typescript-eslint/no-unsafe-enum-comparison": 4
-  },
-  "packages/signature-controller/src/utils/decoding-api.test.ts": {
-    "import-x/order": 1,
-    "jsdoc/tag-lines": 1
-  },
-  "packages/signature-controller/src/utils/decoding-api.ts": {
-    "import-x/order": 1
-  },
-  "packages/signature-controller/src/utils/normalize.test.ts": {
-    "import-x/order": 1
+    "@typescript-eslint/no-unsafe-enum-comparison": 3
   },
   "packages/signature-controller/src/utils/normalize.ts": {
-    "@typescript-eslint/no-unused-vars": 1,
-    "jsdoc/tag-lines": 2
+    "@typescript-eslint/no-unused-vars": 1
   },
   "packages/signature-controller/src/utils/validation.ts": {
     "@typescript-eslint/no-base-to-string": 1,

packages/signature-controller/CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Add two new controller state metadata properties: `includeInStateLogs` and `usedInUi` ([#6473](https://github.com/MetaMask/core/pull/6473))
+- Decode delegation permissions using `@metamask/gator-permissions-controller` when calling `newUnsignedTypedMessage` ([#6619](https://github.com/MetaMask/core/pull/6619))
 
 ### Changed
 

packages/signature-controller/package.json

@@ -59,6 +59,7 @@
     "@metamask/accounts-controller": "^33.1.0",
     "@metamask/approval-controller": "^7.1.3",
     "@metamask/auto-changelog": "^3.4.4",
+    "@metamask/gator-permissions-controller": "^0.2.0",
     "@metamask/keyring-controller": "^23.1.0",
     "@metamask/logging-controller": "^6.0.4",
     "@metamask/network-controller": "^24.2.0",
@@ -73,6 +74,7 @@
   "peerDependencies": {
     "@metamask/accounts-controller": "^33.0.0",
     "@metamask/approval-controller": "^7.0.0",
+    "@metamask/gator-permissions-controller": "^0.2.0",
     "@metamask/keyring-controller": "^23.0.0",
     "@metamask/logging-controller": "^6.0.0",
     "@metamask/network-controller": "^24.0.0"

packages/signature-controller/src/SignatureController.test.ts

@@ -89,6 +89,27 @@ const PERMIT_REQUEST_MOCK = {
   traceContext: null,
 };
 
+const DELEGATION_PARAMS_MOCK = {
+  data: '{"types":{"EIP712Domain":[{"name":"chainId","type":"uint256"}],"Delegation":[{"name":"delegate","type":"address"},{"name":"delegator","type":"address"},{"name":"authority","type":"bytes"},{"name":"caveats","type":"bytes"}]},"primaryType":"Delegation","domain":{"chainId":1},"message":{"delegate":"0x5B38Da6a701c568545dCfcB03FcB875f56beddC4","delegator":"0x975e73efb9ff52e23bac7f7e043a1ecd06d05477","authority":"0x1234abcd","caveats":[]},"metadata":{"origin":"https://metamask.github.io","justification":"Testing delegation"}}',
+  from: '0x975e73efb9ff52e23bac7f7e043a1ecd06d05477',
+  version: 'V4',
+  signatureMethod: 'eth_signTypedData_v4',
+};
+
+const DELEGATION_REQUEST_MOCK = {
+  method: 'eth_signTypedData_v4',
+  params: [
+    '0x975e73efb9ff52e23bac7f7e043a1ecd06d05477',
+    DELEGATION_PARAMS_MOCK.data,
+  ],
+  jsonrpc: '2.0',
+  id: 1680528591,
+  origin: 'npm:@metamask/gator-permissions-snap',
+  networkClientId: 'mainnet',
+  tabId: 1048807182,
+  traceContext: null,
+};
+
 /**
  * Create a mock messenger instance.
  *
@@ -101,6 +122,7 @@ function createMessengerMock() {
   const keyringControllerSignTypedMessageMock = jest.fn();
   const loggingControllerAddMock = jest.fn();
   const networkControllerGetNetworkClientByIdMock = jest.fn();
+  const decodePermissionFromPermissionContextForOriginMock = jest.fn();
 
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const callMock = (method: string, ...args: any[]) => {
@@ -117,6 +139,8 @@ function createMessengerMock() {
         return loggingControllerAddMock(...args);
       case 'NetworkController:getNetworkClientById':
         return networkControllerGetNetworkClientByIdMock(...args);
+      case 'GatorPermissionsController:decodePermissionFromPermissionContextForOrigin':
+        return decodePermissionFromPermissionContextForOriginMock(...args);
       default:
         throw new Error(`Messenger method not recognised: ${method}`);
     }
@@ -144,12 +168,17 @@ function createMessengerMock() {
     },
   });
 
+  decodePermissionFromPermissionContextForOriginMock.mockReturnValue({
+    kind: 'decoded-permission',
+  });
+
   return {
     accountsControllerGetStateMock,
     approvalControllerAddRequestMock,
     keyringControllerSignPersonalMessageMock,
     keyringControllerSignTypedMessageMock,
     loggingControllerAddMock,
+    decodePermissionFromPermissionContextForOriginMock,
     messenger,
   };
 }
@@ -933,6 +962,201 @@ describe('SignatureController', () => {
       ).toBe(SignTypedDataVersion.V3);
     });
 
+    describe('delegations', () => {
+      it('invokes decodePermissionFromRequest to get execution permission', async () => {
+        const {
+          controller,
+          decodePermissionFromPermissionContextForOriginMock,
+        } = createController();
+
+        await controller.newUnsignedTypedMessage(
+          DELEGATION_PARAMS_MOCK,
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        expect(
+          decodePermissionFromPermissionContextForOriginMock,
+        ).toHaveBeenCalledWith({
+          origin: 'npm:@metamask/gator-permissions-snap',
+          chainId: 1,
+          delegation: {
+            delegate: '0x5B38Da6a701c568545dCfcB03FcB875f56beddC4',
+            delegator: '0x975e73efb9ff52e23bac7f7e043a1ecd06d05477',
+            authority: '0x1234abcd',
+            caveats: [],
+          },
+          metadata: {
+            origin: 'https://metamask.github.io',
+            justification: 'Testing delegation',
+          },
+        });
+      });
+
+      it('does not invoke decodePermissionFromRequest if version is not V4', async () => {
+        const {
+          controller,
+          decodePermissionFromPermissionContextForOriginMock,
+        } = createController();
+
+        await controller.newUnsignedTypedMessage(
+          DELEGATION_PARAMS_MOCK,
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V3,
+          { parseJsonData: false },
+        );
+
+        expect(
+          decodePermissionFromPermissionContextForOriginMock,
+        ).not.toHaveBeenCalled();
+      });
+
+      it('sets decodedPermission on the message state', async () => {
+        const { controller } = createController();
+
+        await controller.newUnsignedTypedMessage(
+          DELEGATION_PARAMS_MOCK,
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        const { decodedPermission } =
+          controller.state.signatureRequests[ID_MOCK];
+
+        expect(decodedPermission).toStrictEqual({
+          kind: 'decoded-permission',
+        });
+      });
+
+      it('does not invoke decodePermissionFromRequest if data is not a delegation request', async () => {
+        const {
+          controller,
+          decodePermissionFromPermissionContextForOriginMock,
+        } = createController();
+
+        await controller.newUnsignedTypedMessage(
+          {
+            ...DELEGATION_PARAMS_MOCK,
+            data: '{primaryType:"not-a-delegation"}',
+          },
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        expect(
+          decodePermissionFromPermissionContextForOriginMock,
+        ).not.toHaveBeenCalled();
+      });
+
+      it('does not set decodedPermission if data is not a delegation request', async () => {
+        const { controller } = createController();
+
+        await controller.newUnsignedTypedMessage(
+          {
+            ...DELEGATION_PARAMS_MOCK,
+            data: '{primaryType:"not-a-delegation"}',
+          },
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        const { decodedPermission } =
+          controller.state.signatureRequests[ID_MOCK];
+
+        expect(decodedPermission).toBeUndefined();
+      });
+
+      it('does not set decodedPermission if decoding throws an error', async () => {
+        const {
+          controller,
+          decodePermissionFromPermissionContextForOriginMock,
+        } = createController();
+
+        decodePermissionFromPermissionContextForOriginMock.mockImplementation(
+          () => {
+            throw new Error('An error occurred');
+          },
+        );
+
+        await controller.newUnsignedTypedMessage(
+          DELEGATION_PARAMS_MOCK,
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        const { decodedPermission } =
+          controller.state.signatureRequests[ID_MOCK];
+
+        expect(decodedPermission).toBeUndefined();
+      });
+
+      it('does not set decodedPermission if decoding returns undefined', async () => {
+        const {
+          controller,
+          decodePermissionFromPermissionContextForOriginMock,
+        } = createController();
+
+        decodePermissionFromPermissionContextForOriginMock.mockReturnValue(
+          undefined,
+        );
+
+        await controller.newUnsignedTypedMessage(
+          DELEGATION_PARAMS_MOCK,
+          DELEGATION_REQUEST_MOCK,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        const { decodedPermission } =
+          controller.state.signatureRequests[ID_MOCK];
+
+        expect(decodedPermission).toBeUndefined();
+      });
+
+      it('does not set decodedPermission if metadata is invalid', async () => {
+        const { controller } = createController();
+
+        const delegationParamsMock = {
+          ...DELEGATION_PARAMS_MOCK,
+          data: {
+            ...JSON.parse(DELEGATION_PARAMS_MOCK.data),
+            metadata: {},
+          },
+        };
+
+        const delegationRequestMock = {
+          method: 'eth_signTypedData_v4',
+          params: [
+            '0x975e73efb9ff52e23bac7f7e043a1ecd06d05477',
+            delegationParamsMock.data,
+          ],
+          jsonrpc: '2.0',
+          id: 1680528591,
+          origin: 'npm:@metamask/gator-permissions-snap',
+          networkClientId: 'mainnet',
+          tabId: 1048807182,
+          traceContext: null,
+        };
+
+        await controller.newUnsignedTypedMessage(
+          delegationParamsMock,
+          delegationRequestMock,
+          SignTypedDataVersion.V4,
+          { parseJsonData: false },
+        );
+
+        const { decodedPermission } =
+          controller.state.signatureRequests[ID_MOCK];
+
+        expect(decodedPermission).toBeUndefined();
+      });
+    });
+
     describe('decodeSignature', () => {
       it('invoke decodeSignature to get decoding data', async () => {
         const MOCK_STATE_CHANGES = {