[WIP] Added support for EIP-1102

[usmanmuhd]

Fixes #1964

[usmanmuhd]

@owocki Can we get to know from the metamask team,

1. If there is a way to know without actually authorizing if the present website has been authorized?

[codecov]

Codecov Report

Merging #2548 into master will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           master   #2548      +/-   ##
=========================================
- Coverage   28.65%   28.6%   -0.05%     
=========================================
  Files         163     163              
  Lines       13097   13097              
  Branches     1753    1753              
=========================================
- Hits         3753    3747       -6     
- Misses       9244    9250       +6     
  Partials      100     100

Impacted Files	Coverage Δ
app/dashboard/embed.py	28.16% <0%> (-3.45%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6f1651c...def45fa. Read the comment docs.

[thelostone-mc]

Not sure if it makes more sense

• to keep a disabled / keep a enabled list / let the check on every page
  aka add it to footer_scripts.js something like this :

window.addEventListener('load', async () => {
  if(window.ethereum) {
    window.web3 = new Web3(ethereum);
    try {
      await ethereum.enable();
    } catch (errow) {
      console.log("alert: user disabled transaction");
    }
  } else if (window.web3) {
    window.web3 = new Web3(web3.currentProvider);
  } else {
    console.log("alert: use dapp browser")
  }
});

cc @owocki

@usmanmuhd

If there is a way to know without actually authorizing if the present website has been authorized?

I think the code above would take care ethereum.enable does that check internally

[usmanmuhd]

@thelostone-mc ethereum.enable takes a bit of time to return after approval. Some times in the bounty page it does not recognise a user as the owner. Thus I added it to header.
I wanted to know if there is way without authorising because currently it makes the user almost unable to use gitcoin without pressing the enable option. That way I can make a user continue using gitcoin without bugging him to accept the authorisation.

[mbeacom]

Relevant: https://github.com/portis-project/cryptoauth
I spoke with the guys from Portis the other day and they discussed the above repo a bit. Seems to make sense 🤔

@thelostone-mc @SaptakS @owocki What does everything think of this repo?

[owocki]

If there is a way to know without actually authorizing if the present website has been authorized?

i donno, you could ask around or log an issue on their github issue board

[owocki]

If there is a way to know without actually authorizing if the present website has been authorized?

i could probably manage/create a list in localstorage

[owocki]

from the metamask blog post about preparing your dapp for EIP 1102

Previously, dapps would access the MetaMask provider by using window.web3.currentProvider. While this will still work, the new, standard way to access the Ethereum provider in a Web browser is to use window.ethereum.

I dont see any updates for this in this repo...

[usmanmuhd]

Oh, I completely missed this. Will make the updates.

[usmanmuhd]

@owocki where is web3.currentProvider used and for what purpose?

[owocki]

Searching 18920 files for "currentProvider"

/Users/kevinowocki/Sites/gitcoin/web/app/assets/ens/index.js:
    4    var method = 'personal_sign';
    5  
    6:   web3.currentProvider.sendAsync({
    7      method,
    8      params,

/Users/kevinowocki/Sites/gitcoin/web/app/assets/onepager/js/web3alert.js:
   25  };
   26  var metaMaskWarning = function() {
   27:   if (typeof web3 == 'undefined' || !web3.currentProvider || !web3.currentProvider.isMetaMask) {
   28      if (typeof document.suppressweb3alert != 'undefined') {
   29        _alert({ message: gettext('You must install <a href=https://metamask.io/>Metamask</a> to use this tool.') }, 'info');

/Users/kevinowocki/Sites/gitcoin/web/app/assets/v2/js/truncate-hash.js:
   70  new metamaskAddress();
   71  
   72: web3.currentProvider.publicConfigStore.on('update', function(e) {
   73    new metamaskAddress();
   74  });

/Users/kevinowocki/Sites/gitcoin/web/app/assets/v2/js/pages/kudos_send.js:
  561  }
  562  
  563: // web3.currentProvider.publicConfigStore.on('update', function(e) {
  564  var error;
  565  
  ...
  572    var network = e ? e.networkVersion : web3.version.network;
  573  
  574:   console.log(web3.currentProvider);
  575    if (network === '4' || network === '1') {
  576      console.log(network);

/Users/kevinowocki/Sites/gitcoin/web/app/assets/v2/js/pages/wallet_estimate.js:
    1  window.addEventListener('load', function() {
    2:   if (web3.currentProvider.isTrust) {
    3      $('#trust_label').show();
    4    } else {

You can find the answer by grepping the codebase. I dont know more about the 'why' than you do.

[usmanmuhd]

@owocki From my discussions with @PumpkingWok, It is most probably updated only in the below case:

if (window.ethereum) {
    window.web3 = new Web3(window.ethereum) // updated case
    try {
      await window.ethereum.enable()
    } catch (error) {
      console.error(error)
      console.error(`Refresh the page to approve/reject again`)
      window.web3 = null
    }
  } else if(window.web3) { // for legacy dapp browsers
    window.web3 = new Web3(window.web3.currentProvider)
  }

This is also the only example given in the blog post as well.

[usmanmuhd]

If there is a way to know without actually authorizing if the present website has been authorized?

i could probably manage/create a list in localstorage

Ah I was thinking of doing the same.
But then it might lead to cases where the local storage says that gitcoin has been authenticated but the user clears the privacy data. It will anyway lead to only 1 time nagging.

[owocki]

But then it might lead to cases where the local storage says that gitcoin has been authenticated but the user clears the privacy data. It will anyway lead to only 1 time nagging.

yes i agree. we'll have to figure out a way to manage that... or move it into a v2 ticket

[usmanmuhd]

Metamask has provided a way to check if a user has approved in metamask. It had a bug in the older build. Updating to latest build seems to solve it. I will get this done by tomorrow.

[pinkiebell]

Can we put this into the existing web3 listener?
Also, right now we don't have to source our own web3.js because metamask still injects it.
In the future we want to do something like var web3 = web3 || new Web3() in shared.js and setting the metmask provider if available.

For now we can do simply:

diff --git a/app/assets/v2/js/shared.js b/app/assets/v2/js/shared.js
index ad6bb8295..9a011e906 100644
--- a/app/assets/v2/js/shared.js
+++ b/app/assets/v2/js/shared.js
@@ -830,6 +830,18 @@ var listen_for_web3_changes = function() {
   } else if (typeof web3 == 'undefined' || typeof web3.eth == 'undefined' || typeof web3.eth.coinbase == 'undefined' || !web3.eth.coinbase) {
     currentNetwork('locked');
     trigger_form_hooks();
+
+    if (window.ethereum) {
+      window.ethereum.enable().then(
+        function() {
+          //approved
+        }
+      ).catch(
+        function() {
+          //rejected
+        }
+      );
+    }
   } else {
     web3.eth.getBalance(web3.eth.coinbase, function(errors, result) {
       if (typeof result != 'undefined') {

[usmanmuhd]

@pinkiebell I am not entirely sure that we should do it that way.
The current method will make it better for the next update to web3js 1.0

[usmanmuhd]

I think this is good to test now.
cc: @thelostone-mc

[thelostone-mc]

@usmanmuhd DM-ed you a few changes ! Could you get that done too ?
Apart from that this looks good from my side

[owocki]

QA notes:

1. i should not have to refresh the page after i give metamask perms -- the curernt site notices you've unlocked and shows the right elements without a refresh
2. faucet page doesnt prompt me to connect to metamask, still asks to unlock
3. same with tip page / kudos page, contribute page and /explorer, and i presume, all the other pages that check for metamask

[usmanmuhd]

@thelostone-mc How do I handle the metamask connection request on kudos, tips and ens?
I was planning on showing an alert with a button.

[usmanmuhd]

@owocki @thelostone-mc I guess this is good to go (except for web3.currentProvider)!

[owocki]

How do I handle the metamask connection request on kudos, tips and ens?

you can just use the same styles as exists on bounties, no?

i think we need to handle this before shipping

[owocki]

testing now

[usmanmuhd]

@owocki I handled it using _alert. If that is not proper I will change it.

[owocki]

this is awesome! just tested and it seems really good.. merging now, will deploy monday

[usmanmuhd]

Thanks, waiting to use it!

[thelostone-mc]

Thanks man for updating the faucet banners ^_^