@metamask/snaps-controllers 16.0.0 → 16.1.0

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [16.1.0]
+
+### Added
+
+- Add NPM proxy support ([#3695](https://github.com/MetaMask/snaps/pull/3695))
+
+### Changed
+
+- Bump `@metamask/permission-controller` from `12.0.0` to `12.1.0` ([#3714](https://github.com/MetaMask/snaps/pull/3714))
+- Bump `@metamask/phishing-controller` from `13.1.0` to `15.0.0` ([#3707](https://github.com/MetaMask/snaps/pull/3707))
+
+### Removed
+
+- Remove logic for granting CAIP-25 permissions ([#3723](https://github.com/MetaMask/snaps/pull/3723))
+
+### Fixed
+
+- Prevent initial connections from being revoked as unused on update ([#3729](https://github.com/MetaMask/snaps/pull/3729))
+- Keep dynamic permissions on update ([#3726](https://github.com/MetaMask/snaps/pull/3726))
+
 ## [16.0.0]
 
 ### Changed
@@ -934,7 +954,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@16.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@16.1.0...HEAD
+[16.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@16.0.0...@metamask/snaps-controllers@16.1.0
 [16.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@15.0.2...@metamask/snaps-controllers@16.0.0
 [15.0.2]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@15.0.1...@metamask/snaps-controllers@15.0.2
 [15.0.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@15.0.0...@metamask/snaps-controllers@15.0.1

package/dist/snaps/SnapController.cjs

@@ -83,7 +83,7 @@ class SnapController extends base_controller_1.BaseController {
     #preinstalledSnaps;
     #trackEvent;
     #trackSnapExport;
-    constructor({ closeAllConnections, messenger, state, dynamicPermissions = ['eth_accounts'], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = (0, utils_1.inMilliseconds)(5, utils_1.Duration.Second), maxIdleTime = (0, utils_1.inMilliseconds)(30, utils_1.Duration.Second), maxRequestTime = (0, utils_1.inMilliseconds)(60, utils_1.Duration.Second), fetchFunction = globalThis.fetch.bind(undefined), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = location_1.detectSnapLocation, preinstalledSnaps = null, encryptor, getMnemonicSeed, getFeatureFlags = () => ({}), clientCryptography, trackEvent, }) {
+    constructor({ closeAllConnections, messenger, state, dynamicPermissions = ['endowment:caip25', 'wallet_snap'], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = (0, utils_1.inMilliseconds)(5, utils_1.Duration.Second), maxIdleTime = (0, utils_1.inMilliseconds)(30, utils_1.Duration.Second), maxRequestTime = (0, utils_1.inMilliseconds)(60, utils_1.Duration.Second), fetchFunction = globalThis.fetch.bind(undefined), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = location_1.detectSnapLocation, preinstalledSnaps = null, encryptor, getMnemonicSeed, getFeatureFlags = () => ({}), clientCryptography, trackEvent, }) {
         super({
             messenger,
             metadata: {
@@ -412,6 +412,7 @@ class SnapController extends base_controller_1.BaseController {
                     versionRange: resolvedVersion,
                     fetch: this.#fetchFunction,
                     allowLocal: false,
+                    useNpmProxy: true,
                 });
                 await this.#updateSnap({
                     origin: approval_controller_1.ORIGIN_METAMASK,
@@ -2303,12 +2304,41 @@ class SnapController extends base_controller_1.BaseController {
             getStateMutex: new async_mutex_1.Mutex(),
         });
     }
+    /**
+     * Get the desired permissions including dynamic permissions. That is, if a
+     * dynamic permission was previously granted and at least one of its
+     * dependencies is still desired, it will be included in the desired
+     * permissions.
+     *
+     * @param oldPermissions - The old permissions.
+     * @param desiredPermissions - The desired permissions.
+     * @returns The desired permissions including dynamic permissions.
+     */
+    #getDesiredPermissions(oldPermissions, desiredPermissions) {
+        return Object.keys(oldPermissions).reduce((accumulator, permissionName) => {
+            if (this.#dynamicPermissions.includes(permissionName)) {
+                const hasDependencies = (0, utils_1.hasProperty)(constants_1.DYNAMIC_PERMISSION_DEPENDENCIES, permissionName);
+                const hasDependency = constants_1.DYNAMIC_PERMISSION_DEPENDENCIES[permissionName]?.some((dependency) => (0, utils_1.hasProperty)(desiredPermissions, dependency));
+                // If the permission doesn't have dependencies, or if at least one of
+                // its dependencies is desired, include it in the desired permissions.
+                // NOTE: This effectively means that any permissions granted in the manifest
+                // that are considered dynamic, will not be automatically revoked
+                // when the permission is removed from the manifest.
+                // TODO: Deal with this technical debt.
+                if (!hasDependencies || hasDependency) {
+                    accumulator[permissionName] = oldPermissions[permissionName];
+                }
+            }
+            return accumulator;
+        }, desiredPermissions);
+    }
     #calculatePermissionsChange(snapId, desiredPermissionsSet) {
         const oldPermissions = this.messenger.call('PermissionController:getPermissions', snapId) ?? {};
-        const newPermissions = (0, utils_2.permissionsDiff)(desiredPermissionsSet, oldPermissions);
-        // TODO(ritave): The assumption that these are unused only holds so long as we do not
-        //               permit dynamic permission requests.
-        const unusedPermissions = (0, utils_2.permissionsDiff)(oldPermissions, desiredPermissionsSet);
+        const desiredPermissionsSetWithDynamic = this.#getDesiredPermissions(oldPermissions, desiredPermissionsSet);
+        const newPermissions = (0, utils_2.permissionsDiff)(desiredPermissionsSetWithDynamic, oldPermissions);
+        // TODO: The assumption that these are unused only holds so long as we do
+        //  not permit dynamic permission requests.
+        const unusedPermissions = (0, utils_2.permissionsDiff)(oldPermissions, desiredPermissionsSetWithDynamic);
         // It's a Set Intersection of oldPermissions and desiredPermissionsSet
         // oldPermissions ∖ (oldPermissions ∖ desiredPermissionsSet) ⟺ oldPermissions ∩ desiredPermissionsSet
         const approvedPermissions = (0, utils_2.permissionsDiff)(oldPermissions, unusedPermissions);
@@ -2335,46 +2365,6 @@ class SnapController extends base_controller_1.BaseController {
         const approvedConnections = (0, utils_2.setDiff)(filteredOldConnections, unusedConnections);
         return { newConnections, unusedConnections, approvedConnections };
     }
-    /**
-     * Get the permissions to grant to a Snap following an install, update or
-     * rollback.
-     *
-     * @param snapId - The snap ID.
-     * @param newPermissions - The new permissions to be granted.
-     * @returns The permissions to grant to the Snap.
-     */
-    #getPermissionsToGrant(snapId, newPermissions) {
-        if (Object.keys(newPermissions).includes(snaps_rpc_methods_1.SnapEndowments.EthereumProvider)) {
-            // This will return the globally selected network if the Snap doesn't have
-            // one set.
-            const networkClientId = this.messenger.call('SelectedNetworkController:getNetworkClientIdForDomain', snapId);
-            const { configuration } = this.messenger.call('NetworkController:getNetworkClientById', networkClientId);
-            const chainId = (0, utils_1.hexToNumber)(configuration.chainId);
-            // This needs to be assigned to have proper type inference.
-            const modifiedPermissions = {
-                ...newPermissions,
-                'endowment:caip25': {
-                    caveats: [
-                        {
-                            type: 'authorizedScopes',
-                            value: {
-                                requiredScopes: {},
-                                optionalScopes: {
-                                    [`eip155:${chainId}`]: {
-                                        accounts: [],
-                                    },
-                                },
-                                sessionProperties: {},
-                                isMultichainOrigin: false,
-                            },
-                        },
-                    ],
-                },
-            };
-            return modifiedPermissions;
-        }
-        return newPermissions;
-    }
     /**
      * Update the permissions for a snap following an install, update or rollback.
      *
@@ -2394,9 +2384,8 @@ class SnapController extends base_controller_1.BaseController {
             });
         }
         if ((0, utils_1.isNonEmptyArray)(Object.keys(newPermissions))) {
-            const approvedPermissions = this.#getPermissionsToGrant(snapId, newPermissions);
             this.messenger.call('PermissionController:grantPermissions', {
-                approvedPermissions,
+                approvedPermissions: newPermissions,
                 subject: { origin: snapId },
                 requestData,
             });