Merge branch 'develop' into move-unit-tests-to-github-actions

.yarn/patches/@metamask-eth-ledger-bridge-keyring-npm-2.0.1-7a5d815b2d.patch

@@ -0,0 +1,18 @@
+diff --git a/dist/ledger-keyring.js b/dist/ledger-keyring.js
+index 2386b2e7fe36d1e65ef74f0a19d3b41450dcfa48..f999a0ab465cce7a450a5812f1d7aa6e39b74aed 100644
+--- a/dist/ledger-keyring.js
++++ b/dist/ledger-keyring.js
+@@ -150,7 +150,12 @@ class LedgerKeyring extends events_1.EventEmitter {
+             });
+         }
+         catch (error) {
+-            throw error instanceof Error ? error : new Error('Unknown error');
++
++            /**
++             * For Fixing issue 22837, when ledger is locked and didnt open the ethereum app in ledger,
++             * The extension will always show `unknown error`, below change will transform the error to something meaningful.
++             */
++            throw error instanceof Error ? error : new Error('Unlock your Ledger device and open the ETH app');
+         }
+         if (updateHdk && payload.chainCode) {
+             this.hdk.publicKey = buffer_1.Buffer.from(payload.publicKey, 'hex');

app/scripts/lib/accounts/BalancesController.test.ts

@@ -21,6 +21,7 @@ const mockBtcAccount = createMockInternalAccount({
   name: 'Btc Account',
   // @ts-expect-error - account type may be btc or eth, mock file is not typed
   type: BtcAccountType.P2wpkh,
+  // @ts-expect-error - snap options is not typed and defaults to undefined
   snapOptions: {
     id: 'mock-btc-snap',
     name: 'mock-btc-snap',

app/scripts/lib/ppom/ppom-middleware.test.ts

@@ -3,6 +3,8 @@ import {
   JsonRpcRequestStruct,
   JsonRpcResponseStruct,
 } from '@metamask/utils';
+import * as ControllerUtils from '@metamask/controller-utils';
+
 import { CHAIN_IDS } from '../../../../shared/constants/network';
 
 import {
@@ -48,8 +50,7 @@ const createMiddleware = (
   const preferenceController = {
     store: {
       getState: () => ({
-        securityAlertsEnabled:
-          securityAlertsEnabled === undefined ?? securityAlertsEnabled,
+        securityAlertsEnabled: securityAlertsEnabled ?? true,
       }),
     },
   };
@@ -205,6 +206,51 @@ describe('PPOMMiddleware', () => {
     expect(validateRequestWithPPOM).not.toHaveBeenCalled();
   });
 
+  it('does not do validation for SIWE signature', async () => {
+    const middlewareFunction = createMiddleware({
+      securityAlertsEnabled: true,
+    });
+
+    const req = {
+      method: 'personal_sign',
+      params: [
+        '0x6d6574616d61736b2e6769746875622e696f2077616e747320796f7520746f207369676e20696e207769746820796f757220457468657265756d206163636f756e743a0a3078393335653733656462396666353265323362616337663765303433613165636430366430353437370a0a492061636365707420746865204d6574614d61736b205465726d73206f6620536572766963653a2068747470733a2f2f636f6d6d756e6974792e6d6574616d61736b2e696f2f746f730a0a5552493a2068747470733a2f2f6d6574616d61736b2e6769746875622e696f0a56657273696f6e3a20310a436861696e2049443a20310a4e6f6e63653a2033323839313735370a4973737565642041743a20323032312d30392d33305431363a32353a32342e3030305a',
+        '0x935e73edb9ff52e23bac7f7e043a1ecd06d05477',
+        'Example password',
+      ],
+      jsonrpc: '2.0',
+      id: 2974202441,
+      origin: 'https://metamask.github.io',
+      networkClientId: 'mainnet',
+      tabId: 1048745900,
+      securityAlertResponse: undefined,
+    };
+    jest.spyOn(ControllerUtils, 'detectSIWE').mockReturnValue({
+      isSIWEMessage: true,
+      parsedMessage: {
+        address: '0x935e73edb9ff52e23bac7f7e049a1ecd06d05477',
+        chainId: 1,
+        domain: 'metamask.github.io',
+        expirationTime: null,
+        issuedAt: '2021-09-30T16:25:24.000Z',
+        nonce: '32891757',
+        notBefore: '2022-03-17T12:45:13.610Z',
+        requestId: 'some_id',
+        scheme: null,
+        statement:
+          'I accept the MetaMask Terms of Service: https://community.metamask.io/tos',
+        uri: 'https://metamask.github.io',
+        version: '1',
+        resources: null,
+      },
+    });
+
+    await middlewareFunction(req, undefined, () => undefined);
+
+    expect(req.securityAlertResponse).toBeUndefined();
+    expect(validateRequestWithPPOM).not.toHaveBeenCalled();
+  });
+
   it('calls next method', async () => {
     const middlewareFunction = createMiddleware();
     const nextMock = jest.fn();

app/scripts/lib/ppom/ppom-middleware.ts

@@ -6,6 +6,7 @@ import {
   JsonRpcRequest,
   JsonRpcResponse,
 } from '@metamask/utils';
+import { detectSIWE } from '@metamask/controller-utils';
 
 import { SIGNING_METHODS } from '../../../../shared/constants/transaction';
 import { PreferencesController } from '../../controllers/preferences';
@@ -76,6 +77,11 @@ export function createPPOMMiddleware<
         return;
       }
 
+      const { isSIWEMessage } = detectSIWE({ data: req?.params?.[0] });
+      if (isSIWEMessage) {
+        return;
+      }
+
       const securityAlertId = generateSecurityAlertId();
 
       validateRequestWithPPOM({

app/scripts/lib/snap-keyring/keyring-snaps-permissions.test.ts

@@ -25,6 +25,37 @@ describe('keyringSnapPermissionsBuilder', () => {
     subjectType: SubjectType.Website,
   });
 
+  describe('Portfolio origin', () => {
+    it('returns the methods Portfolio can call', () => {
+      const permissions = keyringSnapPermissionsBuilder(
+        mockController,
+        'https://portfolio.metamask.io',
+      );
+      expect(permissions()).toStrictEqual([
+        KeyringRpcMethod.ListAccounts,
+        KeyringRpcMethod.GetAccount,
+        KeyringRpcMethod.GetAccountBalances,
+        KeyringRpcMethod.SubmitRequest,
+      ]);
+    });
+
+    it('cannot create an account', () => {
+      const permissions = keyringSnapPermissionsBuilder(
+        mockController,
+        'https://portfolio.metamask.io',
+      );
+      expect(permissions()).not.toContain(KeyringRpcMethod.CreateAccount);
+    });
+
+    it('can submit a request', () => {
+      const permissions = keyringSnapPermissionsBuilder(
+        mockController,
+        'https://portfolio.metamask.io',
+      );
+      expect(permissions()).toContain(KeyringRpcMethod.SubmitRequest);
+    });
+  });
+
   it('returns the methods metamask can call', () => {
     const permissions = keyringSnapPermissionsBuilder(
       mockController,

app/scripts/lib/snap-keyring/keyring-snaps-permissions.ts

@@ -4,6 +4,11 @@ import {
 } from '@metamask/permission-controller';
 import { KeyringRpcMethod } from '@metamask/keyring-api';
 
+/**
+ * The origin of the Portfolio dapp.
+ */
+const PORTFOLIO_ORIGIN = 'https://portfolio.metamask.io';
+
 /**
  * List of keyring methods MetaMask can call.
  */
@@ -36,6 +41,16 @@ const WEBSITE_ALLOWED_METHODS: string[] = [
   KeyringRpcMethod.SubmitRequest,
 ];
 
+/**
+ * List of keyring methods that Portfolio can call.
+ */
+const PORTFOLIO_ALLOWED_METHODS: string[] = [
+  KeyringRpcMethod.ListAccounts,
+  KeyringRpcMethod.GetAccount,
+  KeyringRpcMethod.GetAccountBalances,
+  KeyringRpcMethod.SubmitRequest,
+];
+
 /**
  * List of allowed protocols. On Flask, HTTP is also allowed for testing.
  */
@@ -79,6 +94,10 @@ export function keyringSnapPermissionsBuilder(
       return METAMASK_ALLOWED_METHODS;
     }
 
+    if (origin === PORTFOLIO_ORIGIN) {
+      return PORTFOLIO_ALLOWED_METHODS;
+    }
+
     const originMetadata = controller.getSubjectMetadata(origin);
     if (originMetadata?.subjectType === SubjectType.Website) {
       return isProtocolAllowed(origin) ? WEBSITE_ALLOWED_METHODS : [];