-
-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add
wallet_revokePermissions RPC method (#1889)
## Explanation Adds a `wallet_revokePermissions` RPC method that can be used to revoke permissions that a subject has been granted in the PermissionController. This initial version does not support revoking caveats and will revoke the entire requested permission key. ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? For example: * Fixes #12345 * Related to #67890 --> ## Changelog <!-- If you're making any consumer-facing changes, list those changes here as if you were updating a changelog, using the template below as a guide. (CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or FIXED. For security-related issues, follow the Security Advisory process.) Please take care to name the exact pieces of the API you've added or changed (e.g. types, interfaces, functions, or methods). If there are any breaking changes, make sure to offer a solution for consumers to follow once they upgrade to the changes. Finally, if you're only making changes to development scripts or tests, you may replace the template below with "None". --> ### `@metamask/permission-controller` - **Added**: Added `wallet_revokePermissions` RPC method ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've highlighted breaking changes using the "BREAKING" category above as appropriate --------- Co-authored-by: Shane <[email protected]> Co-authored-by: Alex Donesky <[email protected]>
- Loading branch information
3 people
authored
Nov 21, 2023
1 parent
fb98de9
commit 77a7e38
Showing
4 changed files
with
255 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
170 changes: 170 additions & 0 deletions
170
packages/permission-controller/src/rpc-methods/revokePermissions.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| import { JsonRpcEngine } from '@metamask/json-rpc-engine'; | ||
| import { rpcErrors } from '@metamask/rpc-errors'; | ||
|
|
||
| import { revokePermissionsHandler } from './revokePermissions'; | ||
|
|
||
| describe('revokePermissionsHandler', () => { | ||
| it('has the expected shape', () => { | ||
| expect(revokePermissionsHandler).toStrictEqual({ | ||
| methodNames: ['wallet_revokePermissions'], | ||
| implementation: expect.any(Function), | ||
| hookNames: { | ||
| revokePermissionsForOrigin: true, | ||
| }, | ||
| }); | ||
| }); | ||
| }); | ||
|
|
||
| describe('revokePermissions RPC method', () => { | ||
| it('revokes permissions using revokePermissionsForOrigin', async () => { | ||
| const { implementation } = revokePermissionsHandler; | ||
| const mockRevokePermissionsForOrigin = jest.fn(); | ||
|
|
||
| const engine = new JsonRpcEngine(); | ||
| engine.push((req, res, next, end) => | ||
| implementation(req as any, res as any, next, end, { | ||
| revokePermissionsForOrigin: mockRevokePermissionsForOrigin, | ||
| }), | ||
| ); | ||
|
|
||
| const response: any = await engine.handle({ | ||
| jsonrpc: '2.0', | ||
| id: 1, | ||
| method: 'wallet_revokePermissions', | ||
| params: [ | ||
| { | ||
| snap_dialog: {}, | ||
| }, | ||
| ], | ||
| }); | ||
|
|
||
| expect(response.result).toBeNull(); | ||
| expect(mockRevokePermissionsForOrigin).toHaveBeenCalledTimes(1); | ||
| expect(mockRevokePermissionsForOrigin).toHaveBeenCalledWith([ | ||
| 'snap_dialog', | ||
| ]); | ||
| }); | ||
|
|
||
| it('returns an error if the request params is a plain object', async () => { | ||
| const { implementation } = revokePermissionsHandler; | ||
| const mockRevokePermissionsForOrigin = jest.fn(); | ||
|
|
||
| const engine = new JsonRpcEngine(); | ||
| engine.push((req, res, next, end) => | ||
| implementation(req as any, res as any, next, end, { | ||
| revokePermissionsForOrigin: mockRevokePermissionsForOrigin, | ||
| }), | ||
| ); | ||
|
|
||
| const req = { | ||
| jsonrpc: '2.0', | ||
| id: 1, | ||
| method: 'wallet_revokePermissions', | ||
| params: {}, | ||
| }; | ||
|
|
||
| const expectedError = rpcErrors | ||
| .invalidParams({ | ||
| data: { request: { ...req } }, | ||
| }) | ||
| .serialize(); | ||
| delete expectedError.stack; | ||
|
|
||
| const response: any = await engine.handle(req as any); | ||
| delete response.error.stack; | ||
| expect(response.error).toStrictEqual(expectedError); | ||
| expect(mockRevokePermissionsForOrigin).not.toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('returns an error if the permissionKeys is a plain object', async () => { | ||
| const { implementation } = revokePermissionsHandler; | ||
| const mockRevokePermissionsForOrigin = jest.fn(); | ||
|
|
||
| const engine = new JsonRpcEngine(); | ||
| engine.push((req, res, next, end) => | ||
| implementation(req as any, res as any, next, end, { | ||
| revokePermissionsForOrigin: mockRevokePermissionsForOrigin, | ||
| }), | ||
| ); | ||
|
|
||
| const req = { | ||
| jsonrpc: '2.0', | ||
| id: 1, | ||
| method: 'wallet_revokePermissions', | ||
| params: [{}], | ||
| }; | ||
|
|
||
| const expectedError = rpcErrors | ||
| .invalidParams({ | ||
| data: { request: { ...req } }, | ||
| }) | ||
| .serialize(); | ||
| delete expectedError.stack; | ||
|
|
||
| const response: any = await engine.handle(req as any); | ||
| delete response.error.stack; | ||
| expect(response.error).toStrictEqual(expectedError); | ||
| expect(mockRevokePermissionsForOrigin).not.toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('returns an error if the params are not set', async () => { | ||
| const { implementation } = revokePermissionsHandler; | ||
| const mockRevokePermissionsForOrigin = jest.fn(); | ||
|
|
||
| const engine = new JsonRpcEngine(); | ||
| engine.push((req, res, next, end) => | ||
| implementation(req as any, res as any, next, end, { | ||
| revokePermissionsForOrigin: mockRevokePermissionsForOrigin, | ||
| }), | ||
| ); | ||
|
|
||
| const req = { | ||
| jsonrpc: '2.0', | ||
| id: 1, | ||
| method: 'wallet_revokePermissions', | ||
| }; | ||
|
|
||
| const expectedError = rpcErrors | ||
| .invalidParams({ | ||
| data: { request: { ...req } }, | ||
| }) | ||
| .serialize(); | ||
| delete expectedError.stack; | ||
|
|
||
| const response: any = await engine.handle(req as any); | ||
| delete response.error.stack; | ||
| expect(response.error).toStrictEqual(expectedError); | ||
| expect(mockRevokePermissionsForOrigin).not.toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it('returns an error if the request params is an empty array', async () => { | ||
| const { implementation } = revokePermissionsHandler; | ||
| const mockRevokePermissionsForOrigin = jest.fn(); | ||
|
|
||
| const engine = new JsonRpcEngine(); | ||
| engine.push((req, res, next, end) => | ||
| implementation(req as any, res as any, next, end, { | ||
| revokePermissionsForOrigin: mockRevokePermissionsForOrigin, | ||
| }), | ||
| ); | ||
|
|
||
| const req = { | ||
| jsonrpc: '2.0', | ||
| id: 1, | ||
| method: 'wallet_revokePermissions', | ||
| params: [], | ||
| }; | ||
|
|
||
| const expectedError = rpcErrors | ||
| .invalidParams({ | ||
| data: { request: { ...req } }, | ||
| }) | ||
| .serialize(); | ||
| delete expectedError.stack; | ||
|
|
||
| const response: any = await engine.handle(req as any); | ||
| delete response.error.stack; | ||
| expect(response.error).toStrictEqual(expectedError); | ||
| expect(mockRevokePermissionsForOrigin).not.toHaveBeenCalled(); | ||
| }); | ||
| }); |
79 changes: 79 additions & 0 deletions
79
packages/permission-controller/src/rpc-methods/revokePermissions.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| import type { JsonRpcEngineEndCallback } from '@metamask/json-rpc-engine'; | ||
| import { | ||
| isNonEmptyArray, | ||
| type Json, | ||
| type JsonRpcRequest, | ||
| type NonEmptyArray, | ||
| type PendingJsonRpcResponse, | ||
| } from '@metamask/utils'; | ||
|
|
||
| import { invalidParams } from '../errors'; | ||
| import type { PermissionConstraint } from '../Permission'; | ||
| import type { PermittedHandlerExport } from '../utils'; | ||
| import { MethodNames } from '../utils'; | ||
|
|
||
| export const revokePermissionsHandler: PermittedHandlerExport< | ||
| RevokePermissionsHooks, | ||
| RevokePermissionArgs, | ||
| null | ||
| > = { | ||
| methodNames: [MethodNames.revokePermissions], | ||
| implementation: revokePermissionsImplementation, | ||
| hookNames: { | ||
| revokePermissionsForOrigin: true, | ||
| }, | ||
| }; | ||
|
|
||
| type RevokePermissionArgs = Record< | ||
| PermissionConstraint['parentCapability'], | ||
| Json | ||
| >; | ||
|
|
||
| type RevokePermissions = ( | ||
| permissions: NonEmptyArray<PermissionConstraint['parentCapability']>, | ||
| ) => void; | ||
|
|
||
| export type RevokePermissionsHooks = { | ||
| revokePermissionsForOrigin: RevokePermissions; | ||
| }; | ||
|
|
||
| /** | ||
| * Revoke Permissions implementation to be used in JsonRpcEngine middleware. | ||
| * | ||
| * @param req - The JsonRpcEngine request | ||
| * @param res - The JsonRpcEngine result object | ||
| * @param _next - JsonRpcEngine next() callback - unused | ||
| * @param end - JsonRpcEngine end() callback | ||
| * @param options - Method hooks passed to the method implementation | ||
| * @param options.revokePermissionsForOrigin - A hook that revokes given permission keys for an origin | ||
| * @returns A promise that resolves to nothing | ||
| */ | ||
| async function revokePermissionsImplementation( | ||
| req: JsonRpcRequest<RevokePermissionArgs>, | ||
| res: PendingJsonRpcResponse<null>, | ||
| _next: unknown, | ||
| end: JsonRpcEngineEndCallback, | ||
| { revokePermissionsForOrigin }: RevokePermissionsHooks, | ||
| ): Promise<void> { | ||
| const { params } = req; | ||
|
|
||
| const param = params?.[0]; | ||
|
|
||
| if (!param) { | ||
| return end(invalidParams({ data: { request: req } })); | ||
| } | ||
|
|
||
| // For now, this API revokes the entire permission key | ||
| // even if caveats are specified. | ||
| const permissionKeys = Object.keys(param); | ||
|
|
||
| if (!isNonEmptyArray(permissionKeys)) { | ||
| return end(invalidParams({ data: { request: req } })); | ||
| } | ||
|
|
||
| revokePermissionsForOrigin(permissionKeys); | ||
|
|
||
| res.result = null; | ||
|
|
||
| return end(); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters