feat: re-authorize new accounts (#1521)

Nick-1979 · AMIRKHANEF · web-flow · commit f734a4a77f53 · 2024-09-08T00:06:30.000+03:30
* Add reauthorization on new added/imported account

* Change Reject Label to Ignore

* Fix reauthorization problem for old authDApps

* Add already selected accounts approvement on ignore to Fullscreen mode

---------

Co-authored-by: Amir Ekbatanifard &lt;amiref007@gmail.com&gt;
diff --git a/packages/extension-base/src/background/handlers/Extension.ts b/packages/extension-base/src/background/handlers/Extension.ts
@@ -7,7 +7,7 @@ import type { SignerPayloadJSON, SignerPayloadRaw } from '@polkadot/types/types'
 import type { SubjectInfo } from '@polkadot/ui-keyring/observable/types';
 import type { KeypairType } from '@polkadot/util-crypto/types';
 // added for plus to import RequestUpdateMeta
-import type { AccountJson, AllowedPath, AuthorizeRequest, AuthUrls, MessageTypes, MetadataRequest, RequestAccountBatchExport, RequestAccountChangePassword, RequestAccountCreateExternal, RequestAccountCreateHardware, RequestAccountCreateSuri, RequestAccountEdit, RequestAccountExport, RequestAccountForget, RequestAccountShow, RequestAccountTie, RequestAccountValidate, RequestAuthorizeApprove, RequestBatchRestore, RequestDeriveCreate, RequestDeriveValidate, RequestJsonRestore, RequestMetadataApprove, RequestMetadataReject, RequestSeedCreate, RequestSeedValidate, RequestSigningApprovePassword, RequestSigningApproveSignature, RequestSigningCancel, RequestSigningIsLocked, RequestTypes, RequestUpdateAuthorizedAccounts, RequestUpdateMeta, ResponseAccountExport, ResponseAccountsExport, ResponseAuthorizeList, ResponseDeriveValidate, ResponseJsonGetAccountInfo, ResponseSeedCreate, ResponseSeedValidate, ResponseSigningIsLocked, ResponseType, SigningRequest } from '../types';
+import type { AccountJson, AllowedPath, ApplyAddedTime, AuthorizeRequest, AuthUrls, MessageTypes, MetadataRequest, RequestAccountBatchExport, RequestAccountChangePassword, RequestAccountCreateExternal, RequestAccountCreateHardware, RequestAccountCreateSuri, RequestAccountEdit, RequestAccountExport, RequestAccountForget, RequestAccountShow, RequestAccountTie, RequestAccountValidate, RequestAuthorizeApprove, RequestBatchRestore, RequestDeriveCreate, RequestDeriveValidate, RequestJsonRestore, RequestMetadataApprove, RequestMetadataReject, RequestSeedCreate, RequestSeedValidate, RequestSigningApprovePassword, RequestSigningApproveSignature, RequestSigningCancel, RequestSigningIsLocked, RequestTypes, RequestUpdateAuthorizedAccounts, RequestUpdateMeta, ResponseAccountExport, ResponseAccountsExport, ResponseAuthorizeList, ResponseDeriveValidate, ResponseJsonGetAccountInfo, ResponseSeedCreate, ResponseSeedValidate, ResponseSigningIsLocked, ResponseType, SigningRequest } from '../types';
 import type State from './State';
 
 import { ALLOWED_PATH, PASSWORD_EXPIRY_MS, START_WITH_PATH } from '@polkadot/extension-base/defaults';
@@ -57,20 +57,34 @@ export default class Extension {
     this.#state = state;
   }
 
+  private applyAddedTime ({ pair }: ApplyAddedTime): void {
+    assert(pair, 'Unable to find pair');
+
+    const addedTime = Date.now();
+
+    keyring.saveAccountMeta(pair, { ...pair.meta, addedTime });
+  }
+
   private accountsCreateExternal ({ address, genesisHash, name }: RequestAccountCreateExternal): boolean {
-    keyring.addExternal(address, { genesisHash, name });
+    const { pair } = keyring.addExternal(address, { genesisHash, name });
+
+    this.applyAddedTime({ pair });
 
     return true;
   }
 
   private accountsCreateHardware ({ accountIndex, address, addressOffset, genesisHash, hardwareType, name }: RequestAccountCreateHardware): boolean {
-    keyring.addHardware(address, hardwareType, { accountIndex, addressOffset, genesisHash, name });
+    const { pair } = keyring.addHardware(address, hardwareType, { accountIndex, addressOffset, genesisHash, name });
+
+    this.applyAddedTime({ pair });
 
     return true;
   }
 
   private accountsCreateSuri ({ genesisHash, name, password, suri, type }: RequestAccountCreateSuri): boolean {
-    keyring.addUri(getSuri(suri, type), password, { genesisHash, name }, type);
+    const { pair } = keyring.addUri(getSuri(suri, type), password, { genesisHash, name }, type);
+
+    this.applyAddedTime({ pair });
 
     return true;
   }
@@ -302,7 +316,9 @@ export default class Extension {
 
   private jsonRestore ({ file, password }: RequestJsonRestore): void {
     try {
-      keyring.restoreAccount(file, password);
+      const pair = keyring.restoreAccount(file, password);
+
+      this.applyAddedTime({ pair });
     } catch (error) {
       throw new Error((error as Error).message);
     }
@@ -523,7 +539,9 @@ export default class Extension {
       suri
     });
 
-    keyring.addPair(childPair, password);
+    const { pair } = keyring.addPair(childPair, password);
+
+    this.applyAddedTime({ pair });
 
     return true;
   }
diff --git a/packages/extension-base/src/background/handlers/State.ts b/packages/extension-base/src/background/handlers/State.ts
@@ -43,6 +43,7 @@ export interface AuthUrlInfo {
   origin: string;
   url: string;
   authorizedAccounts: string[];
+  authorizedTime: number;
 }
 
 interface MetaRequest extends Resolver<boolean> {
@@ -257,9 +258,11 @@ export default class State {
       const { idStr, request: { origin }, url } = this.#authRequests[id];
 
       const strippedUrl = this.stripUrl(url);
+      const authorizedTime = authorizedAccounts.length > 0 ? Date.now() : 0;
 
       const authInfo: AuthUrlInfo = {
         authorizedAccounts,
+        authorizedTime,
         count: 0,
         id: idStr,
         origin,
@@ -377,6 +380,7 @@ export default class State {
 
   public async updateAuthorizedAccounts ({ authorizedAccounts, url }: UpdateAuthorizedAccounts): Promise<void> {
     this.#authUrls[url].authorizedAccounts = authorizedAccounts;
+    this.#authUrls[url].authorizedTime = Date.now(); // updates the authorizedTime when the authorizedAccounts list updates
     await this.saveCurrentAuthList();
   }
 
@@ -406,7 +410,7 @@ export default class State {
     this.updateIcon(shouldClose);
   }
 
-  public async authorizeUrl (url: string, request: RequestAuthorizeTab): Promise<AuthResponse> {
+  public async authorizeUrl (url: string, request: RequestAuthorizeTab, reauthorize?: boolean): Promise<AuthResponse> {
     const idStr = this.stripUrl(url);
 
     // Do not enqueue duplicate authorization requests.
@@ -415,7 +419,7 @@ export default class State {
 
     assert(!isDuplicate, `The source ${url} has a pending authorization request`);
 
-    if (this.#authUrls[idStr]) {
+    if (this.#authUrls[idStr] && !reauthorize) {
       // this url was seen in the past
       assert(this.#authUrls[idStr].authorizedAccounts, `The source ${url} is not allowed to interact with this extension`);
 
diff --git a/packages/extension-base/src/background/handlers/Tabs.ts b/packages/extension-base/src/background/handlers/Tabs.ts
@@ -35,11 +35,13 @@ function transformAccounts (accounts: SubjectInfo, anyType = false): InjectedAcc
     .filter(({ json: { meta: { isHidden } } }) => !isHidden)
     .filter(({ type }) => anyType ? true : canDerive(type))
     .sort((a, b) => (a.json.meta.whenCreated || 0) - (b.json.meta.whenCreated || 0))
-    .map(({ json: { address, meta: { genesisHash, name } }, type }): InjectedAccount => ({
+    .map(({ json: { address, meta: { addedTime, genesisHash, name, whenCreated } }, type }): InjectedAccount => ({
+      addedTime: addedTime as number | undefined,
       address,
       genesisHash,
       name,
-      type
+      type,
+      whenCreated
     }));
 }
 
@@ -52,8 +54,15 @@ export default class Tabs {
     this.#state = state;
   }
 
+  private needReAuthorize (url: string): boolean {
+    const transformedAccounts = transformAccounts(accountsObservable.subject.getValue(), true);
+    const auth = this.#state.authUrls[this.#state.stripUrl(url)];
+
+    return !auth?.authorizedTime || transformedAccounts.some(({ addedTime, whenCreated }) => (addedTime && addedTime > auth.authorizedTime) || (whenCreated && whenCreated > auth.authorizedTime));
+  }
+
   private authorize (url: string, request: RequestAuthorizeTab): Promise<AuthResponse> {
-    return this.#state.authorizeUrl(url, request);
+    return this.#state.authorizeUrl(url, request, this.needReAuthorize(url));
   }
 
   private filterForAuthorizedAccounts (accounts: InjectedAccount[], url: string): InjectedAccount[] {
@@ -70,8 +79,14 @@ export default class Tabs {
 
   private accountsListAuthorized (url: string, { anyType }: RequestAccountList): InjectedAccount[] {
     const transformedAccounts = transformAccounts(accountsObservable.subject.getValue(), anyType);
+    const authorizedAccounts = this.filterForAuthorizedAccounts(transformedAccounts, url);
+
+    if (this.needReAuthorize(url)) {
+      // since new authorization is underway hence we do not send may be previously authorized accounts to the dapp
+      return [];
+    }
 
-    return this.filterForAuthorizedAccounts(transformedAccounts, url);
+    return authorizedAccounts;
   }
 
   private accountsSubscribeAuthorized (url: string, id: string, port: chrome.runtime.Port): string {
diff --git a/packages/extension-base/src/background/types.ts b/packages/extension-base/src/background/types.ts
@@ -20,6 +20,7 @@ export interface AuthUrlInfo {
   origin: string;
   url: string;
   authorizedAccounts: string[];
+  authorizedTime: number;
 }
 
 type KeysWithDefinedValues<T> = {
@@ -56,6 +57,7 @@ export interface AccountJson extends KeyringPair$Meta {
   isQR?: boolean;
   profile?: string;
   stakingAccount?: string;
+  addedTime?: number; // for DApp authorization check
 }
 
 export type AccountWithChildren = AccountJson & {
@@ -438,3 +440,7 @@ export interface ResponseJsonGetAccountInfo {
 export interface ResponseAuthorizeList {
   list: AuthUrls;
 }
+
+export interface ApplyAddedTime {
+  pair: KeyringPair;
+}
diff --git a/packages/extension-inject/src/types.ts b/packages/extension-inject/src/types.ts
@@ -14,9 +14,11 @@ export type Unsubcall = () => void;
 
 export interface InjectedAccount {
   address: string;
+  addedTime?: number;
   genesisHash?: string | null;
   name?: string;
   type?: KeypairType;
+  whenCreated?: number;
 }
 
 export interface InjectedAccountWithMeta {
diff --git a/packages/extension-polkagate/src/messaging.ts b/packages/extension-polkagate/src/messaging.ts
@@ -206,8 +206,8 @@ export async function removeAuthorization (id: string): Promise<ResponseAuthoriz
   return sendMessage('pri(authorize.remove)', id);
 }
 
-export async function ignoreAuthRequest (url: string): Promise<void> {
-  return sendMessage('pri(authorize.ignore)', url);
+export async function ignoreAuthRequest (id: string): Promise<void> {
+  return sendMessage('pri(authorize.ignore)', id);
 }
 
 export async function subscribeMetadataRequests (cb: (accounts: MetadataRequest[]) => void): Promise<boolean> {
diff --git a/packages/extension-polkagate/src/popup/authorize/AuthFullScreenMode.tsx b/packages/extension-polkagate/src/popup/authorize/AuthFullScreenMode.tsx
@@ -7,14 +7,14 @@ import type { AuthorizeRequest } from '@polkadot/extension-base/background/types
 
 import { KeyboardDoubleArrowLeft as KeyboardDoubleArrowLeftIcon, KeyboardDoubleArrowRight as KeyboardDoubleArrowRightIcon } from '@mui/icons-material';
 import { Avatar, Grid, IconButton, Typography, useTheme } from '@mui/material';
-import React, { useCallback, useContext, useMemo, useState } from 'react';
+import React, { useCallback, useContext, useEffect, useMemo, useState } from 'react';
 
 import { FULLSCREEN_WIDTH } from '@polkadot/extension-polkagate/src/util/constants';
 
 import { AccountContext, AccountsTable, ActionContext, TwoButtons, VaadinIcon, Warning } from '../../components';
 import { FullScreenHeader } from '../../fullscreen/governance/FullScreenHeader';
 import { useFavIcon, useFullscreen, useTranslation } from '../../hooks';
-import { approveAuthRequest, ignoreAuthRequest } from '../../messaging';
+import { approveAuthRequest, getAuthList, ignoreAuthRequest } from '../../messaging';
 import { areArraysEqual, extractBaseUrl } from '../../util/utils';
 
 interface Props {
@@ -28,27 +28,52 @@ function AuthFullScreenMode ({ onNextAuth, onPreviousAuth, requestIndex, request
   useFullscreen();
   const { t } = useTranslation();
   const theme = useTheme();
-  const { accounts } = useContext(AccountContext);
+
   const onAction = useContext(ActionContext);
+  const { accounts } = useContext(AccountContext);
+
+  const url = requests[requestIndex].url;
+  const faviconUrl = useFavIcon(url);
 
   const [selectedAccounts, setSelectedAccounts] = useState<string[]>([]);
+  const [alreadySelectedAccounts, setAlreadySelectedAccounts] = useState<string[]>([]);
 
-  const faviconUrl = useFavIcon(requests[requestIndex].url);
 
   const allAccounts = useMemo(() => accounts.map(({ address }) => address), [accounts]);
   const areAllCheck = useMemo(() => areArraysEqual([allAccounts, selectedAccounts]), [allAccounts, selectedAccounts]);
 
+  useEffect(() => {
+    getAuthList()
+      .then(({ list: authList }) => {
+        const dappURL = extractBaseUrl(url);
+
+        const availableDapp = Object.values(authList).find(({ url }) => dappURL === extractBaseUrl(url));
+
+        if (availableDapp) {
+          const alreadySelectedAccounts = availableDapp.authorizedAccounts ?? [];
+
+          setSelectedAccounts(alreadySelectedAccounts);
+          setAlreadySelectedAccounts(alreadySelectedAccounts);
+        }
+      })
+      .catch(console.error);
+  }, [url]);
+
   const onApprove = useCallback((): void => {
     approveAuthRequest(selectedAccounts, requests[requestIndex].id)
       .then(() => onAction())
       .catch((error: Error) => console.error(error));
   }, [onAction, requestIndex, requests, selectedAccounts]);
 
-  const onReject = useCallback((): void => {
-    ignoreAuthRequest(requests[requestIndex].id)
-      .then(() => onAction())
+  const onIgnore = useCallback((): void => {
+    const id = requests[requestIndex].id;
+
+    (alreadySelectedAccounts.length
+      ? approveAuthRequest(alreadySelectedAccounts, id)
+      : ignoreAuthRequest(id)
+    ).then(() => onAction())
       .catch((error: Error) => console.error(error));
-  }, [onAction, requestIndex, requests]);
+  }, [alreadySelectedAccounts, onAction, requestIndex, requests]);
 
   return (
     <Grid bgcolor='backgroundFL.primary' container item justifyContent='center'>
@@ -93,7 +118,7 @@ function AuthFullScreenMode ({ onNextAuth, onPreviousAuth, requestIndex, request
               variant='circular'
             />
             <span style={{ fontSize: '15px', fontWeight: 400, overflowWrap: 'anywhere' }}>
-              {extractBaseUrl(requests[requestIndex].url)}
+              {extractBaseUrl(url)}
             </span>
           </Grid>
           <Grid container item sx={{ marginBottom: '15px', marginTop: '10px' }}>
@@ -121,9 +146,9 @@ function AuthFullScreenMode ({ onNextAuth, onPreviousAuth, requestIndex, request
                 disabled={selectedAccounts.length === 0}
                 mt='15px'
                 onPrimaryClick={onApprove}
-                onSecondaryClick={onReject}
+                onSecondaryClick={onIgnore}
                 primaryBtnText={t('Allow')}
-                secondaryBtnText={t('Reject')}
+                secondaryBtnText={t('Ignore')}
               />
             </Grid>
           </Grid>
diff --git a/packages/extension-polkagate/src/popup/authorize/Request.tsx b/packages/extension-polkagate/src/popup/authorize/Request.tsx
diff --git a/packages/extension-polkagate/src/popup/import/restoreJSONFullScreen/index.tsx b/packages/extension-polkagate/src/popup/import/restoreJSONFullScreen/index.tsx
diff --git a/packages/extension/public/locales/en/translation.json b/packages/extension/public/locales/en/translation.json

Original file line number	Diff line number	Diff line change
`@@ -206,8 +206,8 @@ export async function removeAuthorization (id: string): Promise<ResponseAuthoriz`
`206`	`206`	`return sendMessage('pri(authorize.remove)', id);`
`207`	`207`	`}`
`208`	`208`
`209`		`-export async function ignoreAuthRequest (url: string): Promise<void> {`
`210`		`- return sendMessage('pri(authorize.ignore)', url);`
	`209`	`+export async function ignoreAuthRequest (id: string): Promise<void> {`
	`210`	`+ return sendMessage('pri(authorize.ignore)', id);`
`211`	`211`	`}`
`212`	`212`
`213`	`213`	`export async function subscribeMetadataRequests (cb: (accounts: MetadataRequest[]) => void): Promise<boolean> {`