Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I5849 incremental account security #6874

Merged
merged 12 commits into from
Aug 2, 2019
Merged

Conversation

danjm
Copy link
Contributor

@danjm danjm commented Jul 18, 2019

Resolves #5849

This PR adds the following functionality:

  • user can choose to skip the seed phrase challenge during onboarding
  • if user skips seed phrase challenge, and later has a balance > 0, user is shown a reminder to back up their seed phrase
  • the reminder includes a button that takes them to the seed phrase backup page, after successfully completing the backup challenge, the reminder is no longer shown

Full demo visible here: https://streamable.com/5klzz

@danjm danjm requested review from Gudahtt and whymarrh as code owners July 18, 2019 09:40
@metamaskbot
Copy link
Collaborator

Builds ready [b3a499e]: chrome, firefox, edge, opera

@danjm danjm requested a review from cjeria July 23, 2019 18:01
@danjm danjm force-pushed the i5849-incremental-account-security branch from b3a499e to e6bcbc9 Compare July 23, 2019 18:13
@metamaskbot
Copy link
Collaborator

Builds ready [e6bcbc9]: chrome, firefox, edge, opera


if (!seedPhrase) {
history.push(DEFAULT_ROUTE)
console.log('!!!444!!!')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

!!!444!!!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple more a few lines above as well

hideSeedPhraseBackupAfterOnboarding,
HIDE_SEED_PHRASE_BACKUP_AFTER_ONBOARDING: 'HIDE_SEED_PHRASE_BACKUP_AFTER_ONBOARDING',

verifySeedPhrase,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably better to move this function somewhere else, since it's not really an action. It feels wrong to export it from here.

Then again, it'd be a lot of work to move it without creating an additional background connection. We'd probably want to create a module for all of the background interactions. Maybe that can be a future change.

Copy link
Contributor

@whymarrh whymarrh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments scattered throughout, generally LGTM.

Comments specifically on the tests:

We might be able to reference files directly from the node_modules/ directory directly instead of adding them to the test/ directory. That is,

Current Path node_modules
test/e2e/send-eth-with-private-key-test/buffer.js node_modules/buffer/index.js
test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js node_modules/ethereumjs-tx/es5/index.js

I think that should work fine? We could also symlink them?

app/scripts/controllers/onboarding.js Show resolved Hide resolved
*/

/**
* Background controller responsible for maintaining
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Background controller responsible for maintaining
* Controller responsible for maintaining

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the "Background" distinction here might not be needed

@@ -0,0 +1,17 @@
<html>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<html>
<html lang="en">

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also we should make sure we have a doctype: <!doctype html> as the line above this one

@@ -0,0 +1,28 @@
/* eslint-disable */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we be more specific about what we're disabling? If all we need it to add globals, we can do that too:[1]

Suggested change
/* eslint-disable */
/* global ethereumjs, Web3 */

@@ -0,0 +1,2 @@
/* eslint-disable */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this file?

@@ -0,0 +1,14 @@

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: extra newline

@@ -0,0 +1,24 @@

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: extra newline

@Gudahtt
Copy link
Member

Gudahtt commented Jul 30, 2019

I think that should work fine? We could also symlink them?

Using the node_modules path directly works just fine, as long as they're both top-level dependencies (e.g. not transitive dependencies).

@cjeria
Copy link
Contributor

cjeria commented Jul 30, 2019

"Remind me later" option

What's the logic behind the "remind me later" option introduced in this implementation?

How much time passes until MM asks me again?

Not against doing this, but in our discussions, I believe we decided that we were not going to give the option to dismiss this message at all to encourage better security behavior cc @bdresser @omnat

Component scaling for full-screen

Regarding scaling this component for full-screen mode, let's right align the buttons, reduce their width to ~130px. Specs in [figma] also see gif for example of how this could scale.(https://www.figma.com/file/coqVvQFBBWGtcechEkloSE/Incremental-Account-Security-Desktop?node-id=2%3A289)

In full-screen mode, let's float the notification bottom and right to the page (z-index above all other elements on the page).

Button states

Created a pen where you can pull state colors from https://codepen.io/cjeria/pen/mNmEYj

Behavior

As far as behavior goes, it works great!

Additional question:
In the original issue, we discussed the flow that begins when a new user visits a dapp they don;'t have mm installed. It's not implemented in this branch yet since i tested it and it doesn't work. I assume this comes next?
This is the flow and link to the figma file
image

@cjeria cjeria mentioned this pull request Jul 30, 2019
3 tasks
@metamaskbot
Copy link
Collaborator

Builds ready [dc36e54]: chrome, firefox, edge, opera

@danjm danjm force-pushed the i5849-incremental-account-security branch from 5c06b18 to c7dad0d Compare August 1, 2019 10:58
@metamaskbot
Copy link
Collaborator

Builds ready [c7dad0d]: chrome, firefox, edge, opera

@danjm danjm force-pushed the i5849-incremental-account-security branch from c7dad0d to f3a2d45 Compare August 1, 2019 16:16
@metamaskbot
Copy link
Collaborator

Builds ready [33683bb]: chrome, firefox, edge, opera

Copy link
Contributor

@whymarrh whymarrh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small comments

.gitattributes Outdated
@@ -4,3 +4,6 @@ CHANGELOG.md merge=union
# we're using the dependencies we expect to be using
package-lock.json linguist-generated=false
yarn.lock linguist-generated=false

/home/danjm/kyokan/metamask-extension/test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-vendored
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/home/danjm/kyokan/metamask-extension/test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-vendored
test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-vendored linguist-generated

.gitattributes Outdated
@@ -4,3 +4,6 @@ CHANGELOG.md merge=union
# we're using the dependencies we expect to be using
package-lock.json linguist-generated=false
yarn.lock linguist-generated=false

/home/danjm/kyokan/metamask-extension/test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-vendored
/home/danjm/kyokan/metamask-extension/test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-generated=true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/home/danjm/kyokan/metamask-extension/test/e2e/send-eth-with-private-key-test/ethereumjs-tx.js linguist-generated=true

Copy link
Contributor

@whymarrh whymarrh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's Get This Merged™

@metamaskbot
Copy link
Collaborator

Builds ready [ccd0bc5]: chrome, firefox, edge, opera

@danjm danjm merged commit 3eff478 into develop Aug 2, 2019
@whymarrh whymarrh deleted the i5849-incremental-account-security branch August 2, 2019 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Incremental Account Security
5 participants