Merge branch 'master' into NewUI-flat-merge-with-master

2017-12-05 13:11:59 -03:30 · 2017-12-05 13:11:59 -03:30 · ec6c3c33bd
parent 2b1f2557c7
commit ec6c3c33bd
19 changed files with 226 additions and 71 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,12 @@

 ## Current Master

+## 3.12.1 2017-11-29
+
+- Fix bug where a user could be shown two different seed phrases.
+- Detect when multiple web3 extensions are active, and provide useful error.
+- Adds notice about seed phrase backup.
+
 ## 3.12.0 2017-10-25

 - Add support for alternative ENS TLDs (Ethereum Name Service Top-Level Domains).
--- a/6
+++ b/6
@ -1,7 +1,7 @@
 <!--
-FAQ:
-  BEFORE SUBMITTING, please make sure your question hasn't been answered in our FAQ: https://github.com/MetaMask/faq
-  Common questions such as "Where is my ether?" or "Where did my tokens go?" are answered in the FAQ.
+
+BEFORE SUBMITTING, please make sure your question hasn't been answered in our support center: https://support.metamask.io
+Common questions such as "Where is my ether?" or "Where did my tokens go?" are answered there.

 Bug Reports:

--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@ -1,10 +1,11 @@
 const urlUtil = require('url')
 const endOfStream = require('end-of-stream')
-const pipe = require('pump')
+const pump = require('pump')
 const log = require('loglevel')
 const extension = require('extensionizer')
 const LocalStorageStore = require('obs-store/lib/localStorage')
 const storeTransform = require('obs-store/lib/transform')
+const asStream = require('obs-store/lib/asStream')
 const ExtensionPlatform = require('./platforms/extension')
 const Migrator = require('./lib/migrator/')
 const migrations = require('./migrations/')
@ -72,10 +73,10 @@ function setupController (initState) {
  global.metamaskController = controller

  // setup state persistence
-  pipe(
-    controller.store,
+  pump(
+    asStream(controller.store),
    storeTransform(versionifyData),
-    diskStore
+    asStream(diskStore)
  )

  function versionifyData (state) {
--- a/app/scripts/controllers/network.js
+++ b/app/scripts/controllers/network.js
@ -53,7 +53,7 @@ module.exports = class NetworkController extends EventEmitter {
  lookupNetwork () {
    // Prevent firing when provider is not defined.
    if (!this.ethQuery || !this.ethQuery.sendAsync) {
-      return
+      return log.warn('NetworkController - lookupNetwork aborted due to missing ethQuery')
    }
    this.ethQuery.sendAsync({ method: 'net_version' }, (err, network) => {
      if (err) return this.setNetworkState('loading')
--- a/app/scripts/inpage.js
+++ b/app/scripts/inpage.js
@ -31,6 +31,13 @@ var inpageProvider = new MetamaskInpageProvider(metamaskStream)
 // setup web3
 //

+if (typeof window.web3 !== 'undefined') {
+  throw new Error(`MetaMask detected another web3.
+     MetaMask will not work reliably with another web3 extension.
+     This usually happens if you have two MetaMasks installed,
+     or MetaMask and another web3 extension. Please remove one
+     and try again.`)
+}
 var web3 = new Web3(inpageProvider)
 web3.setProvider = function () {
  log.debug('MetaMask - overrode web3.setProvider')
--- a/app/scripts/lib/inpage-provider.js
+++ b/app/scripts/lib/inpage-provider.js
@ -3,6 +3,7 @@ const RpcEngine = require('json-rpc-engine')
 const createIdRemapMiddleware = require('json-rpc-engine/src/idRemapMiddleware')
 const createStreamMiddleware = require('json-rpc-middleware-stream')
 const LocalStorageStore = require('obs-store')
+const asStream = require('obs-store/lib/asStream')
 const ObjectMultiplex = require('obj-multiplex')

 module.exports = MetamaskInpageProvider
@ -21,9 +22,10 @@ function MetamaskInpageProvider (connectionStream) {

  // subscribe to metamask public config (one-way)
  self.publicConfigStore = new LocalStorageStore({ storageKey: 'MetaMask-Config' })
+
  pump(
    mux.createStream('publicConfig'),
-    self.publicConfigStore,
+    asStream(self.publicConfigStore),
    (err) => logStreamDisconnectWarning('MetaMask PublicConfigStore', err)
  )

--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@ -3,6 +3,7 @@ const extend = require('xtend')
 const pump = require('pump')
 const Dnode = require('dnode')
 const ObservableStore = require('obs-store')
+const asStream = require('obs-store/lib/asStream')
 const AccountTracker = require('./lib/account-tracker')
 const EthQuery = require('eth-query')
 const RpcEngine = require('json-rpc-engine')
@ -31,6 +32,7 @@ const ConfigManager = require('./lib/config-manager')
 const nodeify = require('./lib/nodeify')
 const accountImporter = require('./account-import-strategies')
 const getBuyEthUrl = require('./lib/buy-eth-url')
+const Mutex = require('await-semaphore').Mutex
 const version = require('../manifest.json').version

 module.exports = class MetamaskController extends EventEmitter {
@ -38,10 +40,12 @@ module.exports = class MetamaskController extends EventEmitter {
  constructor (opts) {
    super()

+
    this.sendUpdate = debounce(this.privateSendUpdate.bind(this), 200)

    this.opts = opts
    const initState = opts.initState || {}
+    this.recordFirstTimeInfo(initState)

    // platform-specific api
    this.platform = opts.platform
@ -49,6 +53,9 @@ module.exports = class MetamaskController extends EventEmitter {
    // observable state store
    this.store = new ObservableStore(initState)

+    // lock to ensure only one vault created at once
+    this.createVaultMutex = new Mutex()
+
    // network store
    this.networkController = new NetworkController(initState.NetworkController)

@ -144,6 +151,8 @@ module.exports = class MetamaskController extends EventEmitter {
    // notices
    this.noticeController = new NoticeController({
      initState: initState.NoticeController,
+      version,
+      firstVersion: initState.firstTimeInfo.version,
    })
    this.noticeController.updateNoticesList()
    // to be uncommented when retrieving notices from a remote server.
@ -453,7 +462,7 @@ module.exports = class MetamaskController extends EventEmitter {

  setupPublicConfig (outStream) {
    pump(
-      this.publicConfigStore,
+      asStream(this.publicConfigStore),
      outStream,
      (err) => {
        if (err) log.error(err)
@ -469,15 +478,34 @@ module.exports = class MetamaskController extends EventEmitter {
  // Vault Management
  //

-  async createNewVaultAndKeychain (password, cb) {
-    const vault = await this.keyringController.createNewVaultAndKeychain(password)
-    this.selectFirstIdentity(vault)
+  async createNewVaultAndKeychain (password) {
+    const release = await this.createVaultMutex.acquire()
+    let vault
+
+    try {
+      const accounts = await this.keyringController.getAccounts()
+
+      if (accounts.length > 0) {
+        vault = await this.keyringController.fullUpdate()
+
+      } else {
+        vault = await this.keyringController.createNewVaultAndKeychain(password)
+        this.selectFirstIdentity(vault)
+      }
+      release()
+    } catch (err) {
+      release()
+      throw err
+    }
+
    return vault
  }

-  async createNewVaultAndRestore (password, seed, cb) {
+  async createNewVaultAndRestore (password, seed) {
+    const release = await this.createVaultMutex.acquire()
    const vault = await this.keyringController.createNewVaultAndRestore(password, seed)
    this.selectFirstIdentity(vault)
+    release()
    return vault
  }

@ -784,4 +812,13 @@ module.exports = class MetamaskController extends EventEmitter {
    }
  }

+  recordFirstTimeInfo (initState) {
+    if (!('firstTimeInfo' in initState)) {
+      initState.firstTimeInfo = {
+        version,
+        date: Date.now(),
+      }
+    }
+  }
+
 }
--- a/app/scripts/migrations/020.js
+++ b/app/scripts/migrations/020.js
@ -0,0 +1,41 @@
+const version = 20
+
+/*
+
+This migration ensures previous installations
+get a `firstTimeInfo` key on the metamask state,
+so that we can version notices in the future.
+
+*/
+
+const clone = require('clone')
+
+module.exports = {
+  version,
+
+  migrate: function (originalVersionedData) {
+    const versionedData = clone(originalVersionedData)
+    versionedData.meta.version = version
+    try {
+      const state = versionedData.data
+      const newState = transformState(state)
+      versionedData.data = newState
+    } catch (err) {
+      console.warn(`MetaMask Migration #${version}` + err.stack)
+    }
+    return Promise.resolve(versionedData)
+  },
+}
+
+function transformState (state) {
+  const newState = state
+  if ('metamask' in newState &&
+      !('firstTimeInfo' in newState.metamask)) {
+    newState.metamask.firstTimeInfo = {
+      version: '3.12.0',
+      date: Date.now(),
+    }
+  }
+  return newState
+}
+
--- a/app/scripts/migrations/index.js
+++ b/app/scripts/migrations/index.js
@ -30,4 +30,5 @@ module.exports = [
  require('./017'),
  require('./018'),
  require('./019'),
+  require('./020'),
 ]
--- a/app/scripts/notice-controller.js
+++ b/app/scripts/notice-controller.js
@ -1,13 +1,17 @@
 const EventEmitter = require('events').EventEmitter
+const semver = require('semver')
 const extend = require('xtend')
 const ObservableStore = require('obs-store')
 const hardCodedNotices = require('../../notices/notices.json')
+const uniqBy = require('lodash.uniqby')

 module.exports = class NoticeController extends EventEmitter {

  constructor (opts) {
    super()
    this.noticePoller = null
+    this.firstVersion = opts.firstVersion
+    this.version = opts.version
    const initState = extend({
      noticesList: [],
    }, opts.initState)
@ -30,9 +34,9 @@ module.exports = class NoticeController extends EventEmitter {
    return unreadNotices[unreadNotices.length - 1]
  }

-  setNoticesList (noticesList) {
+  async setNoticesList (noticesList) {
    this.store.updateState({ noticesList })
-    return Promise.resolve(true)
+    return true
  }

  markNoticeRead (noticeToMark, cb) {
@ -50,12 +54,14 @@ module.exports = class NoticeController extends EventEmitter {
    }
  }

-  updateNoticesList () {
-    return this._retrieveNoticeData().then((newNotices) => {
-      var oldNotices = this.getNoticesList()
-      var combinedNotices = this._mergeNotices(oldNotices, newNotices)
-      return Promise.resolve(this.setNoticesList(combinedNotices))
-    })
+  async updateNoticesList () {
+    const newNotices = await this._retrieveNoticeData()
+    const oldNotices = this.getNoticesList()
+    const combinedNotices = this._mergeNotices(oldNotices, newNotices)
+    const filteredNotices = this._filterNotices(combinedNotices)
+    const result = this.setNoticesList(filteredNotices)
+    this._updateMemstore()
+    return result
  }

  startPolling () {
@ -68,22 +74,30 @@ module.exports = class NoticeController extends EventEmitter {
  }

  _mergeNotices (oldNotices, newNotices) {
-    var noticeMap = this._mapNoticeIds(oldNotices)
-    newNotices.forEach((notice) => {
-      if (noticeMap.indexOf(notice.id) === -1) {
-        oldNotices.push(notice)
+    return uniqBy(oldNotices.concat(newNotices), 'id')
+  }
+
+  _filterNotices(notices) {
+    return notices.filter((newNotice) => {
+      if ('version' in newNotice) {
+        const satisfied = semver.satisfies(this.version, newNotice.version)
+        return satisfied
      }
+      if ('firstVersion' in newNotice) {
+        const satisfied = semver.satisfies(this.firstVersion, newNotice.firstVersion)
+        return satisfied
+      }
+      return true
    })
-    return oldNotices
  }

  _mapNoticeIds (notices) {
    return notices.map((notice) => notice.id)
  }

-  _retrieveNoticeData () {
+  async _retrieveNoticeData () {
    // Placeholder for the API.
-    return Promise.resolve(hardCodedNotices)
+    return hardCodedNotices
  }

  _updateMemstore () {
--- a/gulpfile.js
+++ b/gulpfile.js
@ -126,11 +126,17 @@ gulp.task('manifest:production', function() {
    './dist/firefox/manifest.json',
    './dist/chrome/manifest.json',
    './dist/edge/manifest.json',
+    './dist/opera/manifest.json',
  ],{base: './dist/'})
+
+  // Exclude chromereload script in production:
  .pipe(gulpif(!debug,jsoneditor(function(json) {
-    json.background.scripts = ["scripts/background.js"]
+    json.background.scripts = json.background.scripts.filter((script) => {
+      return !script.includes('chromereload')
+    })
    return json
  })))
+
  .pipe(gulp.dest('./dist/', { overwrite: true }))
 })

--- a/mascara/src/app/first-time/notice-screen.js
+++ b/mascara/src/app/first-time/notice-screen.js
@ -64,7 +64,7 @@ class NoticeScreen extends Component {
        <Identicon address={address} diameter={70} />
        <div className="tou__title">{title}</div>
        <Markdown
-          className="tou__body"
+          className="tou__body markdown"
          source={body}
          skipHtml
        />
--- a/notices/archive/notice_3.md
+++ b/notices/archive/notice_3.md
@ -0,0 +1,11 @@
+Please take a moment to [back up your seed phrase again](https://support.metamask.io/kb/article/28-abbu-always-be-backed-up-how-to-make-sure-your-12-word-metamask-seed-phrase-is-backed-up).
+
+MetaMask has become aware of a previous issue where a very small number of users were shown the wrong seed phrase to back up. The only way to protect yourself from this issue, is to back up your seed phrase again now.
+
+You can follow the guide at this link:
+
+[https://support.metamask.io/kb/article/28-abbu-always-be-backed-up-how-to-make-sure-your-12-word-metamask-seed-phrase-is-backed-up](https://support.metamask.io/kb/article/28-abbu-always-be-backed-up-how-to-make-sure-your-12-word-metamask-seed-phrase-is-backed-up)
+
+We have fixed the known issue, but will be issuing ongoing bug bounties to help prevent this kind of problem in the future.
+
+For more information on this issue, [see this blog post](https://medium.com/metamask/seed-phrase-issue-bounty-awarded-e1986e811021)
--- a/notices/notice-nonce.json
+++ b/notices/notice-nonce.json
@ -1 +1 @@
-3
+4
--- a/notices/notices.json
+++ b/notices/notices.json
--- a/package.json
+++ b/package.json
@ -118,6 +118,7 @@
    "lodash.debounce": "^4.0.8",
    "lodash.memoize": "^4.1.2",
    "lodash.shuffle": "^4.2.0",
+    "lodash.uniqby": "^4.7.0",
    "loglevel": "^1.4.1",
    "metamascara": "^1.3.1",
    "metamask-logo": "^2.1.2",
@ -126,7 +127,7 @@
    "multiplex": "^6.7.0",
    "number-to-bn": "^1.7.0",
    "obj-multiplex": "^1.0.0",
-    "obs-store": "^2.3.1",
+    "obs-store": "^3.0.0",
    "once": "^1.3.3",
    "ping-pong-stream": "^1.0.0",
    "pojo-migrator": "^2.1.0",
@ -142,7 +143,7 @@
    "react-addons-css-transition-group": "^15.6.0",
    "react-dom": "^15.6.2",
    "react-hyperscript": "^3.0.0",
-    "react-markdown": "^2.3.0",
+    "react-markdown": "^3.0.0",
    "react-redux": "^5.0.5",
    "react-select": "^1.0.0",
    "react-simple-file-input": "^2.0.0",
@ -160,6 +161,7 @@
    "sandwich-expando": "^1.1.3",
    "semaphore": "^1.0.5",
    "shallow-copy": "0.0.1",
+    "semver": "^5.4.1",
    "sw-stream": "^2.0.0",
    "textarea-caret": "^3.0.1",
    "through2": "^2.0.3",
--- a/test/integration/lib/mascara-first-time.js
+++ b/test/integration/lib/mascara-first-time.js
@ -6,23 +6,7 @@ async function runFirstTimeUsageTest (assert, done) {

  const app = $('#app-content')

-  // recurse notices
-  while (true) {
-    const button = app.find('button')
-    if (button.html() === 'Accept') {
-      // still notices to accept
-      const termsPage = app.find('.markdown')[0]
-      termsPage.scrollTop = termsPage.scrollHeight
-      await timeout()
-      console.log('Clearing notice')
-      button.click()
-      await timeout()
-    } else {
-      // exit loop
-      console.log('No more notices...')
-      break
-    }
-  }
+  await skipNotices(app)

  await timeout()

@ -51,28 +35,13 @@ async function runFirstTimeUsageTest (assert, done) {
  assert.equal(created.textContent, 'Your unique account image', 'unique image screen')

  // Agree button
-  const button = app.find('button')[0]
+  let button = app.find('button')[0]
  assert.ok(button, 'button present')
  button.click()

  await timeout(1000)

-  // Privacy Screen
-  const detail = app.find('.tou__title')[0]
-  assert.equal(detail.textContent, 'Privacy Notice', 'privacy notice screen')
-  app.find('button').click()
-
-  await timeout(1000)
-
-
-  // terms of service screen
-  const tou = app.find('.tou__title')[0]
-  assert.equal(tou.textContent, 'Terms of Use', 'terms of use screen')
-  app.find('.tou__body').scrollTop(100000)
-  await timeout(1000)
-
-  app.find('.first-time-flow__button').click()
-  await timeout(1000)
+  await skipNotices(app)

  // secret backup phrase
  const seedTitle = app.find('.backup-phrase__title')[0]
@ -156,4 +125,24 @@ function timeout (time) {
  return new Promise((resolve, reject) => {
    setTimeout(resolve, time || 1500)
  })
-}
+}
+
+async function skipNotices (app) {
+  while (true) {
+    const button = app.find('button')
+    if (button && button.html() === 'Accept') {
+      // still notices to accept
+      const termsPage = app.find('.markdown')[0]
+      if (!termsPage) {
+        break
+      }
+      termsPage.scrollTop = termsPage.scrollHeight
+      await timeout()
+      button.click()
+      await timeout()
+    } else {
+      console.log('No more notices...')
+      break
+    }
+  }
+}
--- a/test/unit/metamask-controller-test.js
+++ b/test/unit/metamask-controller-test.js
@ -11,6 +11,15 @@ describe('MetaMaskController', function () {
    unlockAccountMessage: noop,
    showUnapprovedTx: noop,
    platform: {},
+    encryptor: {
+      encrypt: function(password, object) {
+        this.object = object
+        return Promise.resolve()
+      },
+      decrypt: function () {
+        return Promise.resolve(this.object)
+      }
+    },
    // initial state
    initState: clone(firstTimeState),
  })
@ -27,6 +36,30 @@ describe('MetaMaskController', function () {

  describe('Metamask Controller', function () {
    assert(metamaskController)
+
+    beforeEach(function () {
+      sinon.spy(metamaskController.keyringController, 'createNewVaultAndKeychain')
+    })
+
+    afterEach(function () {
+      metamaskController.keyringController.createNewVaultAndKeychain.restore()
+    })
+
+    describe('#createNewVaultAndKeychain', function () {
+      it('can only create new vault on keyringController once', async function () {
+
+        const selectStub = sinon.stub(metamaskController, 'selectFirstIdentity')
+
+        const password = 'a-fake-password'
+
+        const first = await metamaskController.createNewVaultAndKeychain(password)
+        const second = await metamaskController.createNewVaultAndKeychain(password)
+
+        assert(metamaskController.keyringController.createNewVaultAndKeychain.calledOnce)
+
+        selectStub.reset()
+      })
+    })
  })
 })

--- a/ui/app/first-time/init-menu.js
+++ b/ui/app/first-time/init-menu.js
@ -8,6 +8,8 @@ const actions = require('../actions')
 const Tooltip = require('../components/tooltip')
 const getCaretCoordinates = require('textarea-caret')

+let isSubmitting = false
+
 module.exports = connect(mapStateToProps)(InitializeMenuScreen)

 inherits(InitializeMenuScreen, Component)
@ -164,7 +166,10 @@ InitializeMenuScreen.prototype.createNewVaultAndKeychain = function () {
    return
  }

-  this.props.dispatch(actions.createNewVaultAndKeychain(password))
+  if (!isSubmitting) {
+    isSubmitting = true
+    this.props.dispatch(actions.createNewVaultAndKeychain(password))
+  }
 }

 InitializeMenuScreen.prototype.inputChanged = function (event) {