feat: update to properly handle request permissions on all platform

MetaMask · Apr 19, 2024 · 7d4115f · 7d4115f
1 parent 473978f
commit 7d4115f
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 114 deletions.
diff --git a/app/components/Views/AccountConnect/AccountConnect.tsx b/app/components/Views/AccountConnect/AccountConnect.tsx
@@ -110,7 +110,9 @@ const AccountConnect = (props: AccountConnectProps) => {
       : AvatarAccountType.JazzIcon,
   );
 
-  const { id: channelId, origin: metadataOrigin } = hostInfo.metadata as {
+  // on inappBrowser: hostname
+  // on sdk or walletconnect: channelId
+  const { origin: channelIdOrHostname } = hostInfo.metadata as {
     id: string;
     origin: string;
   };
@@ -121,7 +123,9 @@ const AccountConnect = (props: AccountConnectProps) => {
   const [hostname, setHostname] = useState<string>(origin);
 
   const urlWithProtocol = prefixUrlWithProtocol(hostname);
-  const sdkConnection = SDKConnect.getInstance().getConnection({ channelId });
+  const sdkConnection = SDKConnect.getInstance().getConnection({
+    channelId: channelIdOrHostname,
+  });
   // Last wallet connect session metadata
   const wc2Metadata = useSelector((state: RootState) => state.sdk.wc2Metadata);
 
@@ -177,22 +181,23 @@ const AccountConnect = (props: AccountConnectProps) => {
     // sdk channelId format: uuid
     // inappbrowser channelId format: app.uniswap.io
     DevLogger.log(
-      `AccountConnect::loadHostname channelId=${channelId} hostname=${hostname} origin=${origin}`,
+      `AccountConnect::loadHostname hostname=${hostname} origin=${origin} metadataOrigin=${channelIdOrHostname}`,
+      sdkConnection,
     );
     // check if channelId contains dot, it comes from in-app browser and we can use it.
-    if (channelId.indexOf('.') !== -1) {
+    if (channelIdOrHostname.indexOf('.') !== -1) {
       return origin;
     }
 
     if (sdkConnection) {
       const _hostname = (
-        sdkConnection?.originatorInfo?.url ?? metadataOrigin
+        sdkConnection?.originatorInfo?.url ?? channelIdOrHostname
       ).replace(AppConstants.MM_SDK.SDK_REMOTE_ORIGIN, '');
       return _hostname;
     }
 
-    return wc2Metadata?.url ?? channelId;
-  }, [channelId, hostname, metadataOrigin, sdkConnection, origin, wc2Metadata]);
+    return wc2Metadata?.url ?? channelIdOrHostname;
+  }, [hostname, channelIdOrHostname, sdkConnection, origin, wc2Metadata]);
 
   // Retrieve hostname info based on channelId
   useEffect(() => {
@@ -215,10 +220,10 @@ const AccountConnect = (props: AccountConnectProps) => {
   const cancelPermissionRequest = useCallback(
     (requestId) => {
       Engine.context.PermissionController.rejectPermissionsRequest(requestId);
-      if (channelId && accountsLength === 0) {
+      if (channelIdOrHostname && accountsLength === 0) {
         // Remove Potential SDK connection
         SDKConnect.getInstance().removeChannel({
-          channelId,
+          channelId: channelIdOrHostname,
           sendTerminate: true,
         });
       }
@@ -231,7 +236,7 @@ const AccountConnect = (props: AccountConnectProps) => {
     [
       Engine.context.PermissionController,
       accountsLength,
-      channelId,
+      channelIdOrHostname,
       trackEvent,
     ],
   );
@@ -291,7 +296,7 @@ const AccountConnect = (props: AccountConnectProps) => {
       ...hostInfo,
       metadata: {
         ...hostInfo.metadata,
-        origin: metadataOrigin,
+        origin: channelIdOrHostname,
       },
       approvedAccounts: selectedAccounts,
     };
@@ -354,7 +359,7 @@ const AccountConnect = (props: AccountConnectProps) => {
     Engine.context.PermissionController,
     toastRef,
     accountsLength,
-    metadataOrigin,
+    channelIdOrHostname,
     triggerDappViewedEvent,
     trackEvent,
   ]);

diff --git a/app/core/RPCMethods/RPCMethodMiddleware.ts b/app/core/RPCMethods/RPCMethodMiddleware.ts
@@ -120,25 +120,16 @@ export const checkActiveAccountAndChainId = async ({
       hostname,
       formattedAddress,
     });
-    const validHostname = hostname?.replace(
-      AppConstants.MM_SDK.SDK_REMOTE_ORIGIN,
-      '',
-    );
 
     const permissionsController = (
       Engine.context as { PermissionController: PermissionController<any, any> }
     ).PermissionController;
     DevLogger.log(
-      `checkActiveAccountAndChainId channelId=${channelId} isWalletConnect=${isWalletConnect} validHostname=${validHostname}`,
+      `checkActiveAccountAndChainId channelId=${channelId} isWalletConnect=${isWalletConnect} hostname=${hostname}`,
       permissionsController.state,
     );
 
-    let accounts: string[] = [];
-    if (isWalletConnect) {
-      accounts = await getPermittedAccounts(validHostname);
-    } else {
-      accounts = (await getPermittedAccounts(channelId ?? validHostname)) ?? [];
-    }
+    const accounts = (await getPermittedAccounts(channelId ?? hostname)) ?? [];
 
     const normalizedAccounts = accounts.map(safeToChecksumAddress);
 
@@ -294,22 +285,18 @@ export const getRpcMethodMiddleware = ({
   injectHomePageScripts,
   // For analytics
   analytics,
-}: RPCMethodsMiddleParameters) =>
+}: RPCMethodsMiddleParameters) => {
+  // Make sure to always have the correct origin
+  hostname = hostname.replace(AppConstants.MM_SDK.SDK_REMOTE_ORIGIN, '');
+  DevLogger.log(
+    `getRpcMethodMiddleware hostname=${hostname} channelId=${channelId}`,
+  );
   // all user facing RPC calls not implemented by the provider
-  createAsyncMiddleware(async (req: any, res: any, next: any) => {
+  return createAsyncMiddleware(async (req: any, res: any, next: any) => {
     // Used by eth_accounts and eth_coinbase RPCs.
     const getEthAccounts = async () => {
-      let accounts: string[] = [];
-      const validHostname = hostname.replace(
-        AppConstants.MM_SDK.SDK_REMOTE_ORIGIN,
-        '',
-      );
-      if (isMMSDK) {
-        accounts =
-          (await getPermittedAccounts(channelId ?? validHostname)) ?? [];
-      } else {
-        accounts = await getPermittedAccounts(validHostname);
-      }
+      const accounts: string[] =
+        (await getPermittedAccounts(channelId ?? hostname)) ?? [];
       res.result = accounts;
     };
 
@@ -388,7 +375,7 @@ export const getRpcMethodMiddleware = ({
               getPermissionsForOrigin:
                 Engine.context.PermissionController.getPermissions.bind(
                   Engine.context.PermissionController,
-                  hostname,
+                  channelId ?? hostname,
                 ),
             },
           );
@@ -398,14 +385,6 @@ export const getRpcMethodMiddleware = ({
         }),
       wallet_requestPermissions: async () =>
         new Promise<any>((resolve, reject) => {
-          let requestId: string | undefined;
-          if (isMMSDK) {
-            // Extract id from hostname
-            requestId = hostname.replace(
-              AppConstants.MM_SDK.SDK_REMOTE_ORIGIN,
-              '',
-            );
-          }
           requestPermissionsHandler
             .implementation(
               req,
@@ -421,9 +400,8 @@ export const getRpcMethodMiddleware = ({
                 requestPermissionsForOrigin:
                   Engine.context.PermissionController.requestPermissions.bind(
                     Engine.context.PermissionController,
-                    { origin: requestId ?? hostname },
+                    { origin: channelId ?? hostname },
                     req.params[0],
-                    { id: requestId },
                   ),
               },
             )
@@ -486,12 +464,8 @@ export const getRpcMethodMiddleware = ({
       },
       eth_requestAccounts: async () => {
         const { params } = req;
-        const validHostname = hostname.replace(
-          AppConstants.MM_SDK.SDK_REMOTE_ORIGIN,
-          '',
-        );
         const permittedAccounts = await getPermittedAccounts(
-          channelId ?? validHostname,
+          channelId ?? hostname,
         );
 
         if (!params?.force && permittedAccounts.length) {
@@ -500,7 +474,7 @@ export const getRpcMethodMiddleware = ({
           try {
             checkTabActive();
             await Engine.context.PermissionController.requestPermissions(
-              { origin: channelId ?? validHostname },
+              { origin: channelId ?? hostname },
               { eth_accounts: {} },
               {
                 preserveExistingPermissions: true,
@@ -526,16 +500,6 @@ export const getRpcMethodMiddleware = ({
       eth_sendTransaction: async () => {
         checkTabActive();
 
-        if (isMMSDK) {
-          // Append origin to the request so it can be parsed in UI TransactionHeader
-          DevLogger.log(
-            `SDK Transaction detected --- custom hostname -- ${hostname} --> ${
-              AppConstants.MM_SDK.SDK_REMOTE_ORIGIN + url.current
-            }`,
-          );
-          hostname = AppConstants.MM_SDK.SDK_REMOTE_ORIGIN + url.current;
-        }
-
         return RPCMethods.eth_sendTransaction({
           hostname,
           req,
@@ -643,6 +607,7 @@ export const getRpcMethodMiddleware = ({
           isWalletConnect,
         });
 
+        DevLogger.log(`personal_sign`, params, pageMeta, hostname);
         PPOMUtil.validateRequest(req);
 
         const rawSig = await SignatureController.newUnsignedPersonalMessage({
@@ -875,16 +840,7 @@ export const getRpcMethodMiddleware = ({
        */
       metamask_getProviderState: async () => {
         let accounts: string[] = [];
-        const validHostname = hostname.replace(
-          AppConstants.MM_SDK.SDK_REMOTE_ORIGIN,
-          '',
-        );
-        if (isMMSDK) {
-          accounts =
-            (await getPermittedAccounts(channelId ?? validHostname)) ?? [];
-        } else {
-          accounts = await getPermittedAccounts(validHostname);
-        }
+        accounts = (await getPermittedAccounts(channelId ?? hostname)) ?? [];
         res.result = {
           ...getProviderState(),
           accounts,
@@ -956,4 +912,5 @@ export const getRpcMethodMiddleware = ({
       throw e;
     }
   });
+};
 export default getRpcMethodMiddleware;
diff --git a/app/core/SDKConnect/AndroidSDK/AndroidService.ts b/app/core/SDKConnect/AndroidSDK/AndroidService.ts
@@ -256,7 +256,6 @@ export default class AndroidService extends EventEmitter2 {
     return permissionsController.requestPermissions(
       { origin: channelId },
       { eth_accounts: {} },
-      { id: channelId },
     );
   }
 

diff --git a/app/core/SDKConnect/ConnectionManagement/reconnect.ts b/app/core/SDKConnect/ConnectionManagement/reconnect.ts
@@ -93,7 +93,8 @@ async function reconnect({
 
     // issue can happen during dev because bundle takes too long to load via metro.
     // should not happen but keeping it for reference / debug purpose.
-    console.warn(`Already connecting --- Priotity to deeplink`);
+    console.warn(`BUNDLE WARNING: Already connecting --- Priotity to deeplink`);
+    // instance.removeChannel({ channelId, sendTerminate: true });
   }
   if (!instance.state.connections[channelId]) {
     interruptReason = 'no connection';

diff --git a/app/core/SDKConnect/SDKDeeplinkProtocol/DeeplinkProtocolService.ts b/app/core/SDKConnect/SDKDeeplinkProtocol/DeeplinkProtocolService.ts
@@ -277,7 +277,6 @@ export default class DeeplinkProtocolService {
     return permissionsController.requestPermissions(
       { origin: channelId },
       { eth_accounts: {} },
-      { id: channelId },
     );
   }
 

diff --git a/app/core/SDKConnect/handlers/checkPermissions.ts b/app/core/SDKConnect/handlers/checkPermissions.ts
@@ -51,7 +51,14 @@ export const checkPermissions = async ({
   );
 
   if (approved) {
-    connection.approvalPromise = undefined;
+    return true;
+  }
+
+  DevLogger.log(
+    `checkPermissions channelWasActiveRecently=${channelWasActiveRecently} OTPExpirationDuration=${OTPExpirationDuration}`,
+  );
+
+  if (channelWasActiveRecently) {
     return true;
   }
 
@@ -75,7 +82,6 @@ export const checkPermissions = async ({
         `checkPermissions approvalPromise exists completed -- allowed`,
         allowed,
       );
-      connection.approvalPromise = undefined;
       // Add delay for backgroundBridge to complete setup
       await wait(300);
       return allowed;
@@ -87,14 +93,27 @@ export const checkPermissions = async ({
     connection.revalidate({ channelId: connection.channelId });
   }
 
-  DevLogger.log(
-    `checkPermissions channelWasActiveRecently=${channelWasActiveRecently} OTPExpirationDuration=${OTPExpirationDuration}`,
-  );
-  if (channelWasActiveRecently) {
-    return true;
-  }
-
   try {
+    const accountPermission = permissionsController.getPermission(
+      connection.channelId,
+      'eth_accounts',
+    );
+    if (accountPermission) {
+      DevLogger.log(
+        `checkPermissions accountPermission exists but not active recently -- REVOKE + ASK AGAIN`,
+      );
+      try {
+        // Revoke and ask again
+        permissionsController.revokePermission(
+          connection.channelId,
+          'eth_accounts',
+        );
+      } catch (err) {
+        // Ignore error if permission is not found
+        console.warn(`checkPermissions revokePermission error`, err);
+      }
+    }
+
     connection.approvalPromise = permissionsController.requestPermissions(
       { origin: connection.channelId },
       { eth_accounts: {} },
@@ -106,10 +125,9 @@ export const checkPermissions = async ({
     await connection.approvalPromise;
     // Clear previous permissions if already approved.
     connection.revalidate({ channelId: connection.channelId });
-    connection.approvalPromise = undefined;
     return true;
   } catch (err) {
-    DevLogger.log(`checkPermissions error`, err);
+    console.warn(`checkPermissions error`, err);
     connection.approvalPromise = undefined;
     throw err;
   }