feat_: connector revoke permissions and accounts (#5646)

* feat(connector)_: add `wallet_revokePermissions` endpoint

* feat_: same behavior for `eth_accounts` and `eth_requestAccounts`
This commit is contained in:
Mikhail Rogachev 2024-08-06 21:28:55 +02:00 committed by GitHub
parent 20d6d4eb9a
commit d5a78e784a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 207 additions and 17 deletions

View File

@ -29,11 +29,13 @@ func NewAPI(s *Service) *API {
})
// Accounts query and dapp permissions
r.Register("eth_accounts", &commands.AccountsCommand{Db: s.db})
r.Register("eth_requestAccounts", &commands.RequestAccountsCommand{
// NOTE: Some dApps expect same behavior for both eth_accounts and eth_requestAccounts
accountsCommand := &commands.RequestAccountsCommand{
ClientHandler: c,
AccountsCommand: commands.AccountsCommand{Db: s.db},
})
}
r.Register("eth_accounts", accountsCommand)
r.Register("eth_requestAccounts", accountsCommand)
// Active chain per dapp management
r.Register("eth_chainId", &commands.ChainIDCommand{
@ -45,8 +47,11 @@ func NewAPI(s *Service) *API {
NetworkManager: s.nm,
})
// Request permissions
// Permissions
r.Register("wallet_requestPermissions", &commands.RequestPermissionsCommand{})
r.Register("wallet_revokePermissions", &commands.RevokePermissionsCommand{
Db: s.db,
})
return &API{
s: s,
@ -102,6 +107,10 @@ func (api *API) RecallDAppPermission(origin string) error {
return persistence.DeleteDApp(api.s.db, origin)
}
func (api *API) GetPermittedDAppsList() ([]persistence.DApp, error) {
return persistence.SelectAllDApps(api.s.db)
}
func (api *API) RequestAccountsAccepted(args commands.RequestAccountsAcceptedArgs) error {
return api.c.RequestAccountsAccepted(args)
}

View File

@ -38,11 +38,12 @@ func (c *RequestAccountsCommand) Execute(request RPCRequest) (interface{}, error
// FIXME: this may have a security issue in case some malicious software tries to fake the origin
if dApp == nil {
account, chainID, err := c.ClientHandler.RequestShareAccountForDApp(signal.ConnectorDApp{
connectorDApp := signal.ConnectorDApp{
URL: request.URL,
Name: request.Name,
IconURL: request.IconURL,
})
}
account, chainID, err := c.ClientHandler.RequestShareAccountForDApp(connectorDApp)
if err != nil {
return "", err
}
@ -59,6 +60,7 @@ func (c *RequestAccountsCommand) Execute(request RPCRequest) (interface{}, error
if err != nil {
return "", err
}
signal.SendConnectorDAppPermissionGranted(connectorDApp)
}
return FormatAccountAddressToResponse(dApp.SharedAccount), nil

View File

@ -65,6 +65,7 @@ func TestRequestAccountsAcceptedAndRequestAgain(t *testing.T) {
assert.NoError(t, err)
accountAddress := types.Address{0x03}
dAppPermissionGranted := false
signal.SetMobileSignalHandler(signal.MobileSignalHandler(func(s []byte) {
var evt EventType
@ -83,6 +84,8 @@ func TestRequestAccountsAcceptedAndRequestAgain(t *testing.T) {
ChainID: walletCommon.EthereumMainnet,
})
assert.NoError(t, err)
case signal.EventConnectorDAppPermissionGranted:
dAppPermissionGranted = true
}
}))
@ -104,6 +107,8 @@ func TestRequestAccountsAcceptedAndRequestAgain(t *testing.T) {
response, err = cmd.Execute(request)
assert.NoError(t, err)
assert.Equal(t, expectedResponse, response)
assert.True(t, dAppPermissionGranted)
}
func TestRequestAccountsRejected(t *testing.T) {

View File

@ -0,0 +1,41 @@
package commands
import (
"database/sql"
persistence "github.com/status-im/status-go/services/connector/database"
"github.com/status-im/status-go/signal"
)
type RevokePermissionsCommand struct {
Db *sql.DB
}
func (c *RevokePermissionsCommand) Execute(request RPCRequest) (interface{}, error) {
err := request.Validate()
if err != nil {
return "", err
}
dApp, err := persistence.SelectDAppByUrl(c.Db, request.URL)
if err != nil {
return "", err
}
if dApp == nil {
return "", ErrDAppIsNotPermittedByUser
}
err = persistence.DeleteDApp(c.Db, dApp.URL)
if err != nil {
return "", err
}
signal.SendConnectorDAppPermissionRevoked(signal.ConnectorDApp{
URL: request.URL,
Name: request.Name,
IconURL: request.IconURL,
})
return nil, nil
}

View File

@ -0,0 +1,75 @@
package commands
import (
"encoding/json"
"testing"
"github.com/stretchr/testify/assert"
"github.com/status-im/status-go/eth-node/types"
persistence "github.com/status-im/status-go/services/connector/database"
"github.com/status-im/status-go/signal"
)
func TestFailToRevokePermissionsWithMissingDAppFields(t *testing.T) {
cmd := &RequestPermissionsCommand{}
// Missing DApp fields
request, err := ConstructRPCRequest("wallet_revokePermissions", []interface{}{}, nil)
assert.NoError(t, err)
result, err := cmd.Execute(request)
assert.Equal(t, ErrRequestMissingDAppData, err)
assert.Empty(t, result)
}
func TestFailToRevokePermissionsForUnpermittedDApp(t *testing.T) {
db, close := SetupTestDB(t)
defer close()
cmd := &RevokePermissionsCommand{Db: db}
request, err := ConstructRPCRequest("wallet_revokePermissions", []interface{}{}, &testDAppData)
assert.NoError(t, err)
result, err := cmd.Execute(request)
assert.Equal(t, ErrDAppIsNotPermittedByUser, err)
assert.Empty(t, result)
}
func TestRevokePermissionsSucceeded(t *testing.T) {
db, close := SetupTestDB(t)
defer close()
cmd := &RevokePermissionsCommand{Db: db}
sharedAccount := types.BytesToAddress(types.FromHex("0x6d0aa2a774b74bb1d36f97700315adf962c69fcg"))
dAppPermissionRevoked := false
signal.SetMobileSignalHandler(signal.MobileSignalHandler(func(s []byte) {
var evt EventType
err := json.Unmarshal(s, &evt)
assert.NoError(t, err)
switch evt.Type {
case signal.EventConnectorDAppPermissionRevoked:
dAppPermissionRevoked = true
}
}))
err := PersistDAppData(db, testDAppData, sharedAccount, 0x123)
assert.NoError(t, err)
request, err := ConstructRPCRequest("wallet_revokePermissions", []interface{}{}, &testDAppData)
assert.NoError(t, err)
result, err := cmd.Execute(request)
assert.NoError(t, err)
assert.Empty(t, result)
dApp, err := persistence.SelectDAppByUrl(db, testDAppData.URL)
assert.NoError(t, err)
assert.Nil(t, dApp)
assert.True(t, dAppPermissionRevoked)
}

View File

@ -36,22 +36,22 @@ func TestRequestAccountsSwitchChainAndSendTransactionFlow(t *testing.T) {
api := NewAPI(service)
// Try to request accounts without permission
request := "{\"method\":\"eth_accounts\",\"params\":[],\"url\":\"http://testDAppURL123\",\"name\":\"testDAppName\",\"iconUrl\":\"http://testDAppIconUrl\"}"
response, err := api.CallRPC(request)
assert.Empty(t, response)
assert.Error(t, err)
assert.Equal(t, commands.ErrDAppIsNotPermittedByUser, err)
accountAddress := types.BytesToAddress(types.FromHex("0x6d0aa2a774b74bb1d36f97700315adf962c69fcg"))
expectedHash := types.BytesToHash(types.FromHex("0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"))
dAppPermissionRevoked := false
dAppPermissionGranted := false
signal.SetMobileSignalHandler(signal.MobileSignalHandler(func(s []byte) {
var evt commands.EventType
err := json.Unmarshal(s, &evt)
assert.NoError(t, err)
switch evt.Type {
case signal.EventConnectorDAppPermissionRevoked:
dAppPermissionRevoked = true
case signal.EventConnectorDAppPermissionGranted:
dAppPermissionGranted = true
case signal.EventConnectorSendRequestAccounts:
var ev signal.ConnectorSendRequestAccountsSignal
err := json.Unmarshal(evt.Event, &ev)
@ -77,10 +77,12 @@ func TestRequestAccountsSwitchChainAndSendTransactionFlow(t *testing.T) {
}))
// Request accounts, now for real
request = "{\"method\": \"eth_requestAccounts\", \"params\": [], \"url\": \"http://testDAppURL123\", \"name\": \"testDAppName\", \"iconUrl\": \"http://testDAppIconUrl\" }"
response, err = api.CallRPC(request)
request := "{\"method\": \"eth_requestAccounts\", \"params\": [], \"url\": \"http://testDAppURL123\", \"name\": \"testDAppName\", \"iconUrl\": \"http://testDAppIconUrl\" }"
response, err := api.CallRPC(request)
assert.NoError(t, err)
assert.Equal(t, commands.FormatAccountAddressToResponse(accountAddress), response)
assert.Equal(t, true, dAppPermissionGranted)
assert.Equal(t, false, dAppPermissionRevoked)
// Request to switch ethereum chain
expectedChainID, err := chainutils.GetHexChainID(walletCommon.ChainID(walletCommon.EthereumMainnet).String())
@ -107,6 +109,19 @@ func TestRequestAccountsSwitchChainAndSendTransactionFlow(t *testing.T) {
response, err = api.CallRPC(request)
assert.NoError(t, err)
assert.Equal(t, expectedHash.Hex(), response)
// Revoke permissions
request = "{\"method\": \"wallet_revokePermissions\", \"params\": [], \"url\": \"http://testDAppURL123\", \"name\": \"testDAppName\", \"iconUrl\": \"http://testDAppIconUrl\" }"
_, err = api.CallRPC(request)
assert.NoError(t, err)
// Check if the account was revoked
request = fmt.Sprintf("{\"method\": \"eth_sendTransaction\", \"params\":[{\"from\":\"%s\",\"to\":\"0x0200000000000000000000000000000000000000\",\"value\":\"0x12345\",\"data\":\"0x307830\"}], \"url\": \"http://testDAppURL123\", \"name\": \"testDAppName\", \"iconUrl\": \"http://testDAppIconUrl\" }", accountAddress.Hex())
response, err = api.CallRPC(request)
assert.Empty(t, response)
assert.Error(t, err)
assert.Equal(t, commands.ErrDAppIsNotPermittedByUser, err)
assert.Equal(t, true, dAppPermissionRevoked)
}
func TestForwardedRPCs(t *testing.T) {

View File

@ -8,6 +8,7 @@ import (
const upsertDAppQuery = "INSERT INTO connector_dapps (url, name, icon_url, shared_account, chain_id) VALUES (?, ?, ?, ?, ?) ON CONFLICT(url) DO UPDATE SET name = excluded.name, icon_url = excluded.icon_url, shared_account = excluded.shared_account, chain_id = excluded.chain_id"
const selectDAppByUrlQuery = "SELECT name, icon_url, shared_account, chain_id FROM connector_dapps WHERE url = ?"
const selectDAppsQuery = "SELECT url, name, icon_url, shared_account, chain_id FROM connector_dapps"
const deleteDAppQuery = "DELETE FROM connector_dapps WHERE url = ?"
type DApp struct {
@ -34,6 +35,25 @@ func SelectDAppByUrl(db *sql.DB, url string) (*DApp, error) {
return dApp, err
}
func SelectAllDApps(db *sql.DB) ([]DApp, error) {
rows, err := db.Query(selectDAppsQuery)
if err != nil {
return nil, err
}
defer rows.Close()
var dApps []DApp
for rows.Next() {
dApp := DApp{}
err = rows.Scan(&dApp.URL, &dApp.Name, &dApp.IconURL, &dApp.SharedAccount, &dApp.ChainID)
if err != nil {
return nil, err
}
dApps = append(dApps, dApp)
}
return dApps, nil
}
func DeleteDApp(db *sql.DB, url string) error {
_, err := db.Exec(deleteDAppQuery, url)
return err

View File

@ -80,3 +80,16 @@ func TestInsertAndRemoveDApp(t *testing.T) {
require.NoError(t, err)
require.Empty(t, dAppBack)
}
func TestSelectAllDApps(t *testing.T) {
db, close := setupTestDB(t)
defer close()
err := UpsertDApp(db, &testDApp)
require.NoError(t, err)
dApps, err := SelectAllDApps(db)
require.NoError(t, err)
require.Len(t, dApps, 1)
require.Equal(t, testDApp, dApps[0])
}

View File

@ -3,6 +3,8 @@ package signal
const (
EventConnectorSendRequestAccounts = "connector.sendRequestAccounts"
EventConnectorSendTransaction = "connector.sendTransaction"
EventConnectorDAppPermissionGranted = "connector.dAppPermissionGranted"
EventConnectorDAppPermissionRevoked = "connector.dAppPermissionRevoked"
)
type ConnectorDApp struct {
@ -40,3 +42,11 @@ func SendConnectorSendTransaction(dApp ConnectorDApp, chainID uint64, txArgs str
TxArgs: txArgs,
})
}
func SendConnectorDAppPermissionGranted(dApp ConnectorDApp) {
send(EventConnectorDAppPermissionGranted, dApp)
}
func SendConnectorDAppPermissionRevoked(dApp ConnectorDApp) {
send(EventConnectorDAppPermissionRevoked, dApp)
}