getscatter / scatterdesktop Goto Github PK

It looks like removing a network caused account page errors.

Seems to be for networks without chain id. Maybe enforcing chain id mandatory should be done now.

sudo ./linux-scatter-8.9.0-x86_64.AppImage
[sudo] password for steve:
A JavaScript error occurred in the main process
Uncaught Exception:
Error: /tmp/.org.chromium.Chromium.pKAHT4: invalid ELF header
at process.module.(anonymous function) [as dlopen] (ELECTRON_ASAR.js:166:20)
at Object.Module._extensions..node (module.js:671:18)
at Object.module.(anonymous function) [as .node] (ELECTRON_ASAR.js:180:18)
at Module.load (module.js:561:32)
at tryModuleLoad (module.js:504:12)
at Function.Module._load (module.js:496:3)
at Module.require (module.js:586:17)
at require (internal/module.js:11:18)
at Object. (/tmp/.mount_linux-w9OM2H/resources/app.asar/node_modules/usb/usb.js:5:38)
at Object. (/tmp/.mount_linux-w9OM2H/resources/app.asar/node_modules/usb/usb.js:417:3)

I'm trying to test using a local HTTPS node with a self-signed certificate but Scatter Desktop currently doesn't allow this. You get errors like this when you try:

It would be nice if Scatter Desktop had an option to accept invalid certificates, perhaps automatically from any manually added networks?

Accepting invalid certificates can be done with Electron's certificate-error event. Here are the docs with an example: https://electronjs.org/docs/api/app#event-certificate-error

Enable copy-paste

Currently doesn't work for MacOS

https://pracucci.com/atom-electron-enable-copy-and-paste.html

For example can't press Enter to unlock Scatter after typing in password. I think there was another form i wanted to submit that i also tried completing with Enter instead of trying to press a button and it didn't let me.

Not sure if this might be a Mac only thing.

Problem

After logging into a website like https://scattellet.com or https://dexeos.io that app didn't end up being focussed but instead Scatter Desktop was showing me the Identity page.

Expected

I would expect a more seamless process where the app/website retains focus and I don't have to worry about the Scatter main window at all most of the time.

Replication steps

1. Visit e.g. https://dexeos.io
2. Click Sign in through scatter
3. Select scatter identity in scatter popup
4. Select eos account in same scatter popup
5. End up in Scatter instead of back at the dexeos.io

It is possible to assign active/owner permissions of an account to another account (not a key). It would be great if Scatter could support these kinds of account permissions.

Is this still dummy data for development or why do I have 23 apps connected already?

When I try to visit the Account settings of an accout for a local node network, it crashes and doesn't render anything in the account info tab.

This is the network setting:

EOS localhost
127.0.0.1
8888
http
chainId: cf057bbfb72640471fd910bcb67639c22df9f92470936cddc1ade0e2f2e7dc4f

These 3 errors are being shown:

vue.esm.js:1741 TypeError: Cannot read property 'id' of undefined
    at s.isEndorsedNetwork (Keypair.vue:226)
    at Keypair.vue?dc76:1
    at s.qe [as _l] (vue.esm.js:3705)
    at s.render (Keypair.vue?dc76:1)
    at s.t._render (vue.esm.js:4544)
    at s.r (vue.esm.js:2788)
    at Oe.get (vue.esm.js:3142)
    at Oe.run (vue.esm.js:3219)
    at Te (vue.esm.js:2981)
    at Array.<anonymous> (vue.esm.js:1837)
Kt @ vue.esm.js:1741
Ht @ vue.esm.js:1732
zt @ vue.esm.js:1721
t._render @ vue.esm.js:4546
r @ vue.esm.js:2788
Oe.get @ vue.esm.js:3142
Oe.run @ vue.esm.js:3219
Te @ vue.esm.js:2981
(anonymous) @ vue.esm.js:1837
Gt @ vue.esm.js:1758


vue.esm.js:1741 TypeError: Cannot read property 'id' of undefined
    at s.isEndorsedNetwork (Keypair.vue:226)
    at Keypair.vue?dc76:1
    at s.qe [as _l] (vue.esm.js:3705)
    at s.render (Keypair.vue?dc76:1)
    at s.t._render (vue.esm.js:4544)
    at s.r (vue.esm.js:2788)
    at Oe.get (vue.esm.js:3142)
    at Oe.run (vue.esm.js:3219)
    at Te (vue.esm.js:2981)
    at Array.<anonymous> (vue.esm.js:1837)
Kt @ vue.esm.js:1741
Ht @ vue.esm.js:1732
zt @ vue.esm.js:1721
t._render @ vue.esm.js:4546
r @ vue.esm.js:2788
Oe.get @ vue.esm.js:3142
Oe.run @ vue.esm.js:3219
Te @ vue.esm.js:2981
(anonymous) @ vue.esm.js:1837
Gt @ vue.esm.js:1758
Async Call
$t @ vue.esm.js:1806
te @ vue.esm.js:1850
(anonymous) @ vue.esm.js:3068
Oe.update @ vue.esm.js:3209
ft.notify @ vue.esm.js:697
(anonymous) @ vue.esm.js:844
(anonymous) @ Keypair.vue:216
_ @ runtime.js:62
(anonymous) @ runtime.js:296
t.(anonymous function) @ runtime.js:114
n @ asyncToGenerator.js:17
(anonymous) @ asyncToGenerator.js:28
Promise resolved (async)
n @ asyncToGenerator.js:27
(anonymous) @ asyncToGenerator.js:35
e @ _export.js:36
(anonymous) @ asyncToGenerator.js:14
(anonymous) @ Keypair.vue:213
mounted @ Keypair.vue:213
Ae @ vue.esm.js:2921
insert @ vue.esm.js:4158
e @ vue.esm.js:2023
x @ vue.esm.js:5960
t.nodeOps @ vue.esm.js:6179
t._update @ vue.esm.js:2670
r @ vue.esm.js:2788
Oe.get @ vue.esm.js:3142
Oe.run @ vue.esm.js:3219
Te @ vue.esm.js:2981
(anonymous) @ vue.esm.js:1837
Gt @ vue.esm.js:1758


eos.js:120 Uncaught (in promise) TypeError: Cannot read property 'fullhost' of undefined
    at a.<anonymous> (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/app.b04a080cb563f1ad3912.js:1:452385)
    at _ (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:43:73716)
    at Generator._invoke (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:43:73504)
    at Generator.t.(anonymous function) [as next] (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:43:73895)
    at n (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:68:182858)
    at file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:68:182999
    at new Promise (<anonymous>)
    at new e (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:86:67061)
    at a.<anonymous> (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/vendor.d04dfa4af3759d05a956.js:68:182793)
    at a.b.value (file:///<censored>/Scatter%20Desktop/resources/app.asar/dist/static/js/app.b04a080cb563f1ad3912.js:1:452616)

Hello!

Scatter Desktop 8.7.0
Scatter-js 2.5.1
My OS is MAC OS X High Sierra 10.13

Yesterday my Scatter Desktop and scatter-js worked fine but today I receive null identities.
I run Scatter Desktop. So basically, my websocket connects fine but ScatterDesktop doesn't pop any window in which I can choose my identity. It sends over a null identity and the getIdentity promise get resolved.

I don't know if the issue is at the Scatter Desktop level or scatter-js, on which side of the websockets there is an issue.

Since Scatter Classic have this API , so it is good to support it at Desktop edition.

It would be great if you could sign with one identity for other authorizations.
This is typically for multisig.

Say you have a transfer for bankcorp
bankcorp@active [threshold 1] = {user1@active [weight 1], user2@active [weight 1]}

The authorization for the transfer must be bankcorp@active, but it must be signed by user1@active.

Under current scatter you will get a "repull identity error"

Looks like this was left out inside of the Signature Requests. Will fix for next release.

Might be a nice to have little extra spit of polish when updating right hand panels with new entries (e.g. key pairs, networks):

Might be a nice to see inside of the app which version one currently is using.

Getting more important now that users have to manually update their Scatter.

$ sudo npm i

Unhandled rejection Error: Command failed: /usr/bin/git clone --depth=1 -q -b master https://github.com/ethereumjs/ethereumjs-abi.git /home/surya/.npm/_cacache/tmp/git-clone-e031a8d1
/home/surya/.npm/_cacache/tmp/git-clone-e031a8d1/.git: Permission denied

at ChildProcess.exithandler (child_process.js:288:12)
at ChildProcess.emit (events.js:182:13)
at maybeClose (internal/child_process.js:962:16)
at Socket.stream.socket.on (internal/child_process.js:381:11)
at Socket.emit (events.js:182:13)
at Pipe._handle.close (net.js:599:12)

can anybody tell us what we have to do ?

Looks like the whitelist that is now segregated into individual actions isn't clearing permissions when all actions are whitelisted causing the user to still have to accept/deny prompts.

It would work much better because now it returns error if some field is missing. It would be nicer to make a request and get all available fields and null if missing.

⚠️User @fergie223 on Telegram is getting this error in the console when trying to convert an ETH private key to an EOS keypair:

Expecting 32 bytes, instead got 0

popup.js:40 Error: Expecting 32 bytes, instead got 0

    at Function.m.fromBuffer (popup.js:34)
    at Function.m.fromHex (popup.js:34)
    at t.a.from_eth (popup.js:40)
    at o.blockchainChanged (popup.js:57)
    at o.t (popup.js:40)
    at o.sn.$emit (popup.js:40)
    at o.select (popup.js:57)
    at click (popup.js:62)
    at t (popup.js:40)
    at HTMLElement.Rr.t._withTask.a._withTask (popup.js:40)

He says when selecting ETH and pasting the private key the expected ETH public key shows up. But when then selecting EOS at the top, nothing happens. Only this error in the Scatter js console.

Apparently happens with both Scatter Classic and Desktop.

Sent him to try https://github.com/eoscafe/eoskeyio as the key generator and will update if I hear back.

Updated: Said invalid private key in eoskeyio. Looks like he tried to use this process from Ledger to get his private key from the hardware wallet. And I assume some setting wasn't correct. Still discussing further with him.

Also probably causing the Delete button in the Keypairs section to not be visible by default:

Build log after cloning from github: https://gist.github.com/Soleone/62029cadf63161bad79be26f5e2d1555

🤔 doesn't seem like Fetch Chain ID is working.

Also, I can't Copy-Paste on MacOSX.

Copying letter by letter the chain ID is painful 🤣

• http://api.eosn.io
• https://api.eosn.io

In general I would like to see the following information quickly glanceable as a priority:

1. Which eos account am i currently using
2. Which account(s) am I sending a transaction to
3. Which action am I calling
4. Parameters of that action

Other:

A badge for (endorsed) mainnets could be nice to quickly differentiate between test and live mode.

The buttons are close to this header:

Welcome to Scatter. Let's get started setting up your Scatter.

So it wasn't immediately obvious to me that Accept/Deny refers to the TOS below and not that header. Initially I thought I was able to skip onboarding here when clicking Deny.

Please add support for TELOS blockchain. Currently, TELOS Testnet is not supported.
http://testnet.telosfoundation.io
When adding keys only EOS and Ethereum are available choices.

Scatter Identity public key that was autogenerated and shows up by default right away could make new users think this is their EOS account key (e.g. "owner" or "active"). Maybe consider making it less prominent in some way or hide behind a click.

Will be implemented for next release.

My first time using the hardware wallet when it was time to sign the transaction I didn't realize I had to look at the hardware wallet. The Scatter side seemed frozen and I wasn't sure what to do.

Would be nice to show some sort of loading animation and message similar to what Ledger does like "Look at your hardware wallet and confirm the transaction details there."

Blends in too well with the panel and gets lost for the user. Separate and change place holder to "enter a name"

Because the page is scrolled down all the way a user can't see the result of the new key pair that is showing up above the fold.

The Identity textfields in the Help section initially confused me a bit. I already created an Identity and wasn't sure if this was supposed to show the details of that or create a new identity. Then I scrolled down to look for a Save button and didn't find one.

Only a bit later did I finally notice the checkmark in the top right. If the pattern is used consistently throughout the app from the beginning it might be easier to get used to, if used only sometimes then some users like me might not get it right away.

In the socketserver it's binding to localhost which can be changed on a user's computer or removed using the hosts file and causes issues with opening the socket. Enforce to 127.0.0.1 manually instead of letting the computer create the loopback internally.

This is a continuation of the issue: GetScatter/ScatterWebExtension#39

There is two distinct use cases that are important.

• Single account encryption using private key.
• Two accounts data encryption exchange (Alice sends private data to Bob).

For the first case you can sign some TEXT with account private key and then use it on symmetrical encryption algorithms like AES-256. Or you can generate a sharedSecret between the account private key / public key.
In both cases a nonce is recommended to be used for generating the resulting symmetrical key to add entropy. Think of it as disposable keys per message.

For the second case the only option so far is to generate a sharedSecret between Alice private key / Bob public key. (indirect asymmetrical encryption). This also requires the nonce entropy.

My solution Proposal

In order to avoid using encryption inside scatter I propose to only calculate the disposable symmetrical key inside scatter and let the dapp developers use the symmetrical algorithms they choose. AES-XXX or any other.

Requirements to implementation
Note that so far the sharedSecret implemented in eosjs is based on secp256k1 curve that happens to be the default one used to create account keys in crypto. It returns 64 bytes from a sha512 hash.

The encryption key for AES-256 is 32 bytes + 16 bytes for a IV(initialization vector).

Is there a need to generate bigger encryption keys? If so a hashing algorithm that returns more bytes is needed.

check here: https://github.com/EOSIO/eosjs-ecc/blob/master/src/key_private.js#L81

In order to eosjs-ecc play nice with this implementation the crypt function would need receive as parameter the encryption key.

check here: https://github.com/EOSIO/eosjs-ecc/blob/master/src/aes.js#L56

Example:

scatter.getEncryptionKey(fromPubKey, toPubKey, nonce)
NOTE: the fromPubKey to obtain the privateKey inside scatter domain.

Returns the encryptionKey.

Advantages:

• avoids scatter from encrypt/decrypt Data.
• with nonce scatter can require user permission for each getEncryptionKey per message. Also avoids giving the shared secret to a rogue dapp.

Disadvantages:

• none so far? Please comment

Initially I only noticed that in my mac release (8.0.0) I wasn't able to press CMD + A to select all text. But another user reported that they weren't able to press CMD + V to paste the password or private key and I realized that this didn't work for me neither.

Interestingly enough I can only replicate this problem in the release version after running npm run release-mac.

When running the local development version with npm start && electron . it works fine as expected actually.

A Scatter without any accounts (or even with some) could be requested to generate a keypair on behalf of the (potentially new to EOS) user who might not have an account already. The app calling the API might get the pub key returned and be able to use that for new account creation, using the app account's EOS to fund the new account.

It looks like the scatter.json which holds the encrypted information inside of Scatter Desktop is not getting removed when uninstalling.

Upon launching Scatter Desktop for Mac, the app displays with the developer console open. It also indicates two font files are not found.

I'm seeing these errors in the console whenever I switch to the 'Accounts' tab or click 'Fetch Accounts':

https://github.com/GetScatter/ScatterDesktop/blob/master/src/services/ApiService.js#L79

We'd like to have the ability to import & export keypairs from Scatter! @nsjames I'm moving the conversation over here, to keep track of the entire feature status, while making changes to the codebase easier to consume.

I've broken it down into 3 steps, that make sense, from my perspective. First being a simple code refactor, that preps for the feature, and shouldn't require much additional work. The second change being the ability to import keypairs, since it involves less security than exporting, and is more important for us. We want to provide our users with a file they can import into Scatter, and voila!

Suggested Roadmap:

• Refactor the BackupService
• Add the ability to import encrypted keypair files
• Add the ability to export encrypted keypair files
  ** Should require the user to enter their password, before exporting

Continued from the conversation started from this initial PR: #31

Hello, would it be possible to add the Release Hashes (SHA256) of the app releases. Thank you!

Seems like there is an issue when building for linux because of the build/icon.icns now. Removing the icon file to build succeeds as a temporary workaround.

Both of these API routes are meant to improve onboarding user-experience into the blockchain.

Get Public Key - getPublicKey()

When an app requests this route the user is prompted to either return a key public key from their keychain, or generate a new one. The selected/generated key is then returned to the app so that the app can either create an account on top of it or continue onwards to linking it to an account on a network with the user's Scatter.

Link Account - linkAccount(publicKey, account, network)

When an app requests this route the user is prompted to accept linking this account to the key in their Scatter. If the network does not exist, it will be created as well as long as it does not conflict with existing networks.

Steps to reproduce...

• clone the repo
• run npm i to install the dependencies
• run npm test to start the test suite

Output from the console...

> [email protected] unit /Users/tyler/Aikon/ScatterDesktop
> cross-env BABEL_ENV=test karma start test/unit/karma.conf.js --single-run

Hash: 70bfe77bcce55044685b
Version: webpack 3.12.0
Time: 14737ms
   Asset     Size  Chunks                    Chunk Names
index.js  16.6 MB       0  [emitted]  [big]  index.js
  [18] (webpack)/buildin/global.js 509 bytes {0} [built]
  [21] ./src/vue/Routing.js 17 kB {0} [built]
  [23] ./src/models/Identity.js 124 kB {0} [built]
  [24] ./src/models/Network.js 35.5 kB {0} [built]
  [28] ./src/store/store.js 35.7 kB {0} [built]
  [37] ./src/util/IdGenerator.js 10.9 kB {0} [built]
  [39] ./src/models/Keypair.js 26.9 kB {0} [built]
  [44] ./src/models/Account.js 19.8 kB {0} [built]
 [121] ./node_modules/vue/dist/vue.esm.js 292 kB {0} [built]
 [200] ./src/views/Transfers.vue 2.03 kB {0} [built]
 [428] ./test/unit/index.js 657 bytes {0} [built]
 [429] ./test/unit/specs \.spec$ 182 bytes {0} [built]
 [431] ./src ^\.\/(?!main(\.js)?$) 7.52 kB {0} [built]
 [970] ./src/localization/readme.md 255 bytes {0} [optional] [built] [failed] [1 error]
 [986] ./src/styles.scss 1.13 kB {0} [optional] [built]
    + 996 hidden modules

WARNING in ./src/localization/readme.md
Module parse failed: Unexpected character '#' (1:0)
You may need an appropriate loader to handle this file type.
| # Help add languages.
| 
| The first contributor of every new language gets their name in the main `readme.md` file.
 @ ./src ^\.\/(?!main(\.js)?$)
 @ ./test/unit/index.js

ERROR in ./node_modules/babel-loader/lib!./node_modules/vue-loader/lib/selector.js?type=script&index=0!./src/views/LinkedApps.vue
Module not found: Error: Can't resolve '../models/AppLink' in '/Users/tyler/Aikon/ScatterDesktop/src/views'
 @ ./node_modules/babel-loader/lib!./node_modules/vue-loader/lib/selector.js?type=script&index=0!./src/views/LinkedApps.vue 131:15-43
 @ ./src/views/LinkedApps.vue
 @ ./src ^\.\/(?!main(\.js)?$)
 @ ./test/unit/index.js

ERROR in ./test/unit/specs/HelloWorld.spec.js
Module not found: Error: Can't resolve '@/components/HelloWorld' in '/Users/tyler/Aikon/ScatterDesktop/test/unit/specs'
 @ ./test/unit/specs/HelloWorld.spec.js 7:18-52
 @ ./test/unit/specs \.spec$
 @ ./test/unit/index.js
17 08 2018 14:48:37.848:INFO [karma]: Karma v1.7.1 server started at http://0.0.0.0:9876/
17 08 2018 14:48:37.849:INFO [launcher]: Launching browser PhantomJS with unlimited concurrency
17 08 2018 14:48:37.854:INFO [launcher]: Starting browser PhantomJS
17 08 2018 14:48:38.689:INFO [PhantomJS 2.1.1 (Mac OS X 0.0.0)]: Connected on socket q-dy3cI4mEjOGKpKAAAA with id 3560743
PhantomJS 2.1.1 (Mac OS X 0.0.0) ERROR
  SyntaxError: Unexpected token 'const'
  at webpack:///node_modules/aes-oop/dist/AES.js:2:0 <- index.js:48327

PhantomJS 2.1.1 (Mac OS X 0.0.0): Executed 0 of 0 ERROR (0.579 secs / 0 secs)


PhantomJS 2.1.1 (Mac OS X 0.0.0): Executed 0 of 0 ERROR (0 secs / 0 secs)


=============================== Coverage summary ===============================
Statements   : 100% ( 0/0 )
Branches     : 100% ( 0/0 )
Functions    : 100% ( 0/0 )
Lines        : 100% ( 0/0 )
================================================================================
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] unit: `cross-env BABEL_ENV=test karma start test/unit/karma.conf.js --single-run`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] unit script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/tyler/.npm/_logs/2018-08-17T21_48_39_365Z-debug.log

The windows/ubuntu/macos install files should not be stored in the git repository, when creating official releases, add the binaries to the GitHub release section.

Can you remove https://github.com/GetScatter/ScatterDesktop/tree/master/release

It takes FOREVER to download the Git repo.

On a Mac the tray is at the top, not the bottom like on windows. So the button icon to minimize could be confusing:

Maybe another more os-agnostic icon can be used to represent the minimize to tray action, e.g.: