status-im
/
status-desktop
mirror of https://github.com/status-im/status-desktop.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(dapps) don't show Wallet Connect state from other profiles 

Ignore session requests events that include accounts in other profiles

Updates: #15707
This commit is contained in:
Stefan 2024-07-23 13:49:34 +03:00 committed by Stefan Dunca
parent dc43a40a76
commit 35b7f0583d
2 changed files with 73 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
storybook/qmlTests/tests/tst_DAppsWorkflow.qml
View File

@ -280,6 +280,25 @@ Item {
compare(sdk.getActiveSessionsCallbacks.length, 1, "expected DAppsRequestHandler call sdk.getActiveSessions") compare(sdk.getActiveSessionsCallbacks.length, 1, "expected DAppsRequestHandler call sdk.getActiveSessions")
} }
// Tests that the request is ignored if not in the current profile (don't have the PK for the address)
function test_onSessionRequestEventMissingAddress() {
let sdk = handler.sdk
let testAddressUpper = "0xY"
let chainId = 2
let method = "personal_sign"
let message = "hello world"
let params = [`"${Helpers.strToHex(message)}"`, `"${testAddressUpper}"`]
let topic = "b536a"
let session = JSON.parse(Testing.formatSessionRequest(chainId, method, params, topic))
// Expect to have calls to getActiveSessions from service initialization
let prevRequests = sdk.getActiveSessionsCallbacks.length
sdk.sessionRequestEvent(session)
compare(sdk.getActiveSessionsCallbacks.length, 0, "expected DAppsRequestHandler don't call sdk.getActiveSessions")
compare(sdk.rejectSessionRequestCalls.length, 0, "expected no call to service.rejectSessionRequest")
}
function test_balanceCheck_data() { function test_balanceCheck_data() {
return [{ return [{
tag: "have_enough_funds", tag: "have_enough_funds",

74
ui/app/AppLayouts/Wallet/services/dapps/DAppsRequestHandler.qml
View File

@ -44,13 +44,20 @@ SQUtils.QObject {
target: sdk target: sdk
function onSessionRequestEvent(event) { function onSessionRequestEvent(event) {
let obj = d.resolveAsync(event) const res = d.resolveAsync(event)
if (obj === null) { if (res.code == d.resolveAsyncResult.error) {
let error = true let error = true
sdk.rejectSessionRequest(event.topic, event.id, error) sdk.rejectSessionRequest(event.topic, event.id, error)
return return
} }
requests.enqueue(obj) if (res.code == d.resolveAsyncResult.ignored) {
return
}
if (!res.obj) {
console.error("Unexpected res.obj value!")
return
}
requests.enqueue(res.obj)
} }
function onSessionRequestUserAnswerResult(topic, id, accept, error) { function onSessionRequestUserAnswerResult(topic, id, accept, error) {
@ -114,23 +121,39 @@ SQUtils.QObject {
SQUtils.QObject { SQUtils.QObject {
id: d id: d
readonly property QtObject resolveAsyncResult: QtObject {
readonly property int error: 0
readonly property int ok: 1
readonly property int ignored: 2
}
// returns {
// obj: obj or nil
// code: resolveAsyncResult codes
// }
function resolveAsync(event) { function resolveAsync(event) {
let method = event.params.request.method const method = event.params.request.method
let account = lookupAccountFromEvent(event, method) const res = lookupAccountFromEvent(event, method)
if(!account) { if(!res.success) {
console.error("Error finding account for event", JSON.stringify(event)) console.info("Error finding account for event", JSON.stringify(event))
return null return { obj: null, code: resolveAsyncResult.error }
} }
if (!res.account) {
console.info("Ignoring request for an account not in the current profile.")
return { obj: null, code: resolveAsyncResult.ignored }
}
const account = res.account
let network = lookupNetworkFromEvent(event, method) let network = lookupNetworkFromEvent(event, method)
if(!network) { if(!network) {
console.error("Error finding network for event", JSON.stringify(event)) console.error("Error finding network for event", JSON.stringify(event))
return null return { obj: null, code: resolveAsyncResult.error }
} }
let data = extractMethodData(event, method) let data = extractMethodData(event, method)
if(!data) { if(!data) {
console.error("Error in event data lookup", JSON.stringify(event)) console.error("Error in event data lookup", JSON.stringify(event))
return null return { obj: null, code: resolveAsyncResult.error }
} }
const interpreted = d.prepareData(method, data) const interpreted = d.prepareData(method, data)
@ -151,13 +174,13 @@ SQUtils.QObject {
}) })
if (obj === null) { if (obj === null) {
console.error("Error creating SessionRequestResolved for event") console.error("Error creating SessionRequestResolved for event")
return null return { obj: null, code: resolveAsyncResult.error }
} }
// Check later to have a valid request object // Check later to have a valid request object
if (!SessionRequest.getSupportedMethods().includes(method)) { if (!SessionRequest.getSupportedMethods().includes(method)) {
console.error("Unsupported method", method) console.error("Unsupported method", method)
return null return { obj: null, code: resolveAsyncResult.error }
} }
d.lookupSession(obj.topic, function(session) { d.lookupSession(obj.topic, function(session) {
@ -190,38 +213,49 @@ SQUtils.QObject {
fundsStatus.haveEnoughForFees, st.symbol, st.feesInfo) fundsStatus.haveEnoughForFees, st.symbol, st.feesInfo)
}) })
return obj return {
obj: obj,
code: resolveAsyncResult.ok
}
} }
/// Returns null if the account is not found /// returns {
/// account
/// success
/// }
/// if account is null and success is true it means that the account was not found
function lookupAccountFromEvent(event, method) { function lookupAccountFromEvent(event, method) {
let address = "" let address = ""
if (method === SessionRequest.methods.personalSign.name) { if (method === SessionRequest.methods.personalSign.name) {
if (event.params.request.params.length < 2) { if (event.params.request.params.length < 2) {
return null return { account: null, success: false }
} }
address = event.params.request.params[1] address = event.params.request.params[1]
} else if (method === SessionRequest.methods.sign.name) { } else if (method === SessionRequest.methods.sign.name) {
if (event.params.request.params.length === 1) { if (event.params.request.params.length === 1) {
return null return { account: null, success: false }
} }
address = event.params.request.params[0] address = event.params.request.params[0]
} else if(method === SessionRequest.methods.signTypedData_v4.name || } else if(method === SessionRequest.methods.signTypedData_v4.name ||
method === SessionRequest.methods.signTypedData.name) method === SessionRequest.methods.signTypedData.name)
{ {
if (event.params.request.params.length < 2) { if (event.params.request.params.length < 2) {
return null return { account: null, success: false }
} }
address = event.params.request.params[0] address = event.params.request.params[0]
} else if (d.isTransactionMethod(method)) { } else if (d.isTransactionMethod(method)) {
if (event.params.request.params.length == 0) { if (event.params.request.params.length == 0) {
return null return { account: null, success: false }
} }
address = event.params.request.params[0].from address = event.params.request.params[0].from
} else {
console.error("Unsupported method to lookup account: ", method)
return { account: null, success: false }
} }
return SQUtils.ModelUtils.getFirstModelEntryIf(root.accountsModel, (account) => { const account = SQUtils.ModelUtils.getFirstModelEntryIf(root.accountsModel, (account) => {
return account.address.toLowerCase() === address.toLowerCase(); return account.address.toLowerCase() === address.toLowerCase();
}) })
return { account, success: true }
} }
/// Returns null if the network is not found /// Returns null if the network is not found
@ -558,7 +592,7 @@ SQUtils.QObject {
break break
default: default:
console.error("Unhandled method", method) console.error("Unhandled method", method)
break break;
} }
let value = SQUtils.AmountsArithmetic.fromNumber(0) let value = SQUtils.AmountsArithmetic.fromNumber(0)