fix: update manifest permissions, fix approve tx auth (#557)

anoma · Jan 9, 2024 · d373c9f · d373c9f · github-actions · Jan 9, 2024
1 parent 2bf3a75
commit d373c9f
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 57 deletions.
diff --git a/apps/extension/src/Approvals/ApproveTx/ConfirmTx.tsx b/apps/extension/src/Approvals/ApproveTx/ConfirmTx.tsx
@@ -6,20 +6,18 @@ import { SupportedTx, TxType, TxTypeLabel } from "@namada/shared";
 import { shortenAddress } from "@namada/utils";
 import { ApprovalDetails, Status } from "Approvals/Approvals";
 import { SubmitApprovedTxMsg } from "background/approvals";
+import { UnlockVaultMsg } from "background/vault";
 import { useRequester } from "hooks/useRequester";
 import { FetchAndStoreMaspParamsMsg, HasMaspParamsMsg } from "provider";
 import { Ports } from "router";
 import { closeCurrentTab } from "utils";
 
-const { NAMADA_INTERFACE_NAMADA_FAUCET_ADDRESS: faucetAddress } = process.env;
-
 type Props = {
   details?: ApprovalDetails;
 };
 
 export const ConfirmTx: React.FC<Props> = ({ details }) => {
-  const { source, msgId, txType, target } = details || {};
-  const signerAddress = source === faucetAddress && target ? target : source;
+  const { source, msgId, txType } = details || {};
 
   const navigate = useNavigate();
   const requester = useRequester();
@@ -39,6 +37,15 @@ export const ConfirmTx: React.FC<Props> = ({ details }) => {
         throw new Error("msgId was not provided!");
       }
 
+      const isAuthenticated = await requester.sendMessage(
+        Ports.Background,
+        new UnlockVaultMsg(password)
+      );
+
+      if (!isAuthenticated) {
+        throw new Error("Invalid password!");
+      }
+
       const hasMaspParams = await requester.sendMessage(
         Ports.Background,
         new HasMaspParamsMsg()
@@ -57,10 +64,14 @@ export const ConfirmTx: React.FC<Props> = ({ details }) => {
         }
       }
 
-      requester.sendMessage(
-        Ports.Background,
-        new SubmitApprovedTxMsg(txType as SupportedTx, msgId, password)
-      );
+      requester
+        .sendMessage(
+          Ports.Background,
+          new SubmitApprovedTxMsg(txType as SupportedTx, msgId)
+        )
+        .catch((e) => {
+          throw new Error(e);
+        });
       setStatus(Status.Completed);
     } catch (e) {
       console.info(e);
@@ -85,11 +96,11 @@ export const ConfirmTx: React.FC<Props> = ({ details }) => {
           Try again
         </Alert>
       )}
-      {status !== (Status.Pending || Status.Completed) && signerAddress && (
+      {status !== (Status.Pending || Status.Completed) && source && (
         <>
           <Alert type="warning">
             Decrypt keys for{" "}
-            <strong className="text-xs">{shortenAddress(signerAddress)}</strong>
+            <strong className="text-xs">{shortenAddress(source)}</strong>
           </Alert>
           <Input
             variant="Password"

diff --git a/apps/extension/src/background/approvals/handler.ts b/apps/extension/src/background/approvals/handler.ts
@@ -1,12 +1,12 @@
-import { Handler, Env, Message, InternalHandler } from "router";
-import { ApprovalsService } from "./service";
-import { ApproveTxMsg, ApproveConnectInterfaceMsg } from "provider";
+import { ApproveConnectInterfaceMsg, ApproveTxMsg } from "provider";
+import { Env, Handler, InternalHandler, Message } from "router";
 import {
-  RejectTxMsg,
   ConnectInterfaceResponseMsg,
+  RejectTxMsg,
   RevokeConnectionMsg,
   SubmitApprovedTxMsg,
 } from "./messages";
+import { ApprovalsService } from "./service";
 
 export const getHandler: (service: ApprovalsService) => Handler = (service) => {
   return (env: Env, msg: Message<unknown>) => {
@@ -60,8 +60,8 @@ const handleRejectTxMsg: (
 const handleSubmitApprovedTxMsg: (
   service: ApprovalsService
 ) => InternalHandler<SubmitApprovedTxMsg> = (service) => {
-  return async (_, { msgId, password }) => {
-    return await service.submitTx(msgId, password);
+  return async (_, { msgId }) => {
+    return await service.submitTx(msgId);
   };
 };
 

diff --git a/apps/extension/src/background/approvals/messages.ts b/apps/extension/src/background/approvals/messages.ts
@@ -1,6 +1,6 @@
+import { SupportedTx } from "@namada/shared";
 import { Message } from "router";
 import { ROUTE } from "./constants";
-import { SupportedTx } from "@namada/shared";
 
 import { validateProps } from "utils";
 
@@ -43,14 +43,13 @@ export class SubmitApprovedTxMsg extends Message<void> {
 
   constructor(
     public readonly txType: SupportedTx,
-    public readonly msgId: string,
-    public readonly password: string
+    public readonly msgId: string
   ) {
     super();
   }
 
   validate(): void {
-    validateProps(this, ["txType", "msgId", "password"]);
+    validateProps(this, ["txType", "msgId"]);
   }
 
   route(): string {

diff --git a/apps/extension/src/background/approvals/service.ts b/apps/extension/src/background/approvals/service.ts
@@ -1,9 +1,11 @@
-import browser, { Windows } from "webextension-polyfill";
 import { fromBase64 } from "@cosmjs/encoding";
-import { v4 as uuid } from "uuid";
-import BigNumber from "bignumber.js";
 import { deserialize } from "@dao-xyz/borsh";
+import BigNumber from "bignumber.js";
+import { v4 as uuid } from "uuid";
+import browser, { Windows } from "webextension-polyfill";
 
+import { SupportedTx, TxType } from "@namada/shared";
+import { KVStore } from "@namada/storage";
 import {
   AccountType,
   EthBridgeTransferMsgValue,
@@ -15,20 +17,18 @@ import {
   TransferMsgValue,
   TxMsgValue,
 } from "@namada/types";
-import { TxType, SupportedTx } from "@namada/shared";
-import { KVStore } from "@namada/storage";
 
+import { assertNever, paramsToUrl } from "@namada/utils";
 import { KeyRingService, TabStore } from "background/keyring";
 import { LedgerService } from "background/ledger";
-import { paramsToUrl, assertNever } from "@namada/utils";
 
+import { VaultService } from "background/vault";
 import { ApprovedOriginsStore, TxStore } from "./types";
 import {
+  APPROVED_ORIGINS_KEY,
   addApprovedOrigin,
   removeApprovedOrigin,
-  APPROVED_ORIGINS_KEY,
 } from "./utils";
-import { VaultService } from "background/vault";
 
 type GetParams = (
   specificMsg: Uint8Array,
@@ -51,7 +51,7 @@ export class ApprovalsService {
     protected readonly keyRingService: KeyRingService,
     protected readonly ledgerService: LedgerService,
     protected readonly vaultService: VaultService
-  ) {}
+  ) { }
 
   async approveTx(
     txType: SupportedTx,
@@ -72,18 +72,18 @@ export class ApprovalsService {
       txType === TxType.Bond
         ? ApprovalsService.getParamsBond
         : txType === TxType.Unbond
-        ? ApprovalsService.getParamsUnbond
-        : txType === TxType.Withdraw
-        ? ApprovalsService.getParamsWithdraw
-        : txType === TxType.Transfer
-        ? ApprovalsService.getParamsTransfer
-        : txType === TxType.IBCTransfer
-        ? ApprovalsService.getParamsIbcTransfer
-        : txType === TxType.EthBridgeTransfer
-        ? ApprovalsService.getParamsEthBridgeTransfer
-        : txType === TxType.VoteProposal
-        ? ApprovalsService.getParamsVoteProposal
-        : assertNever(txType);
+          ? ApprovalsService.getParamsUnbond
+          : txType === TxType.Withdraw
+            ? ApprovalsService.getParamsWithdraw
+            : txType === TxType.Transfer
+              ? ApprovalsService.getParamsTransfer
+              : txType === TxType.IBCTransfer
+                ? ApprovalsService.getParamsIbcTransfer
+                : txType === TxType.EthBridgeTransfer
+                  ? ApprovalsService.getParamsEthBridgeTransfer
+                  : txType === TxType.VoteProposal
+                    ? ApprovalsService.getParamsVoteProposal
+                    : assertNever(txType);
 
     const baseUrl = `${browser.runtime.getURL(
       "approvals.html"
@@ -235,9 +235,7 @@ export class ApprovalsService {
   }
 
   // Authenticate keyring and submit approved transaction from storage
-  async submitTx(msgId: string, password: string): Promise<void> {
-    await this.vaultService.unlock(password);
-
+  async submitTx(msgId: string): Promise<void> {
     // Fetch pending transfer tx
     const tx = await this.txStore.get(msgId);
 
@@ -251,18 +249,18 @@ export class ApprovalsService {
       txType === TxType.Bond
         ? this.keyRingService.submitBond
         : txType === TxType.Unbond
-        ? this.keyRingService.submitUnbond
-        : txType === TxType.Transfer
-        ? this.keyRingService.submitTransfer
-        : txType === TxType.IBCTransfer
-        ? this.keyRingService.submitIbcTransfer
-        : txType === TxType.EthBridgeTransfer
-        ? this.keyRingService.submitEthBridgeTransfer
-        : txType === TxType.Withdraw
-        ? this.keyRingService.submitWithdraw
-        : txType === TxType.VoteProposal
-        ? this.keyRingService.submitVoteProposal
-        : assertNever(txType);
+          ? this.keyRingService.submitUnbond
+          : txType === TxType.Transfer
+            ? this.keyRingService.submitTransfer
+            : txType === TxType.IBCTransfer
+              ? this.keyRingService.submitIbcTransfer
+              : txType === TxType.EthBridgeTransfer
+                ? this.keyRingService.submitEthBridgeTransfer
+                : txType === TxType.Withdraw
+                  ? this.keyRingService.submitWithdraw
+                  : txType === TxType.VoteProposal
+                    ? this.keyRingService.submitVoteProposal
+                    : assertNever(txType);
 
     await submitFn.call(this.keyRingService, specificMsg, txMsg, msgId);
 

diff --git a/apps/extension/src/manifest/v3/_base.json b/apps/extension/src/manifest/v3/_base.json
@@ -13,7 +13,7 @@
   "action": {
     "default_popup": "popup.html"
   },
-  "permissions": ["storage", "notifications", "identity", "offscreen"],
+  "permissions": ["storage", "offscreen"],
   "content_security_policy": {
     "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"
   },