mattyice / steem-keychain Goto Github PK

See screenshot:

Lock should be customizable from the Settings.
Users will have 3 choices:

• Manual Lock (also lock when browser or computer is off)
• Lock when the computer is locked
• Lock after xx minutes idle (in this case, user needs to specify the time)

The error message does not disappear until there is a change in UI and it sometimes overlapses with buttons.
It should disappear after a given period of time.

I added an account using the master password and saved all of the keys. Then I added a second account with only the posting key, but when i clicked on that account and expanded the "keys" section it showed all three keys saved from the first account.

From @asgarth (SteemPeak developer):

when I have the check on keychain to avoid confirming each operation everything works as expected
but when I uncheck the box and keychain ask me to confirm both operations this is what I do:

1 - broadcasting the first one
2- the user confirm
3- callback get called
4- broadcast the second operation
5- the user confirm
6- I never get the second callback

I think there is something weird while I broadcast a second operation inside the callback of the first one

Hi,

I am trying to integrate Steem Keychain with a web app. I am not so much into crypto, so would it be possible to elaborate in the README how the user is supposed to generate a "message encrypted by a Steem account private key" to be passed to the extension to verify the key? I would actually love to know myself to test the integration :-)

Thanks!

I'm not 100% sure how to reproduce this, but it happens to me pretty frequently. You can try it on the Steem Monsters test site I set up at https://sm.mrosen.com. When you log in it will send a "decode" request to the extension. From then on if you reload the page it saves your username and will send a "decode" request automatically.

I have found that if I leave the browser open, and then either load or reload that page after a while, the issue in the attached screenshot happens. I don't see any errors in the extension console...it might be a timing issue or something.

Super excited about Steem Keychain and the increased security it will bring to the common Steem workflow! The introductory post mentions:

The code for the extension is all open source and available on Github here

However, I didn't see a LICENSE file in the repo / anything mentioned in the README. This is not ideal as described here. Open source licenses, in addition to granting users the ability to modify and distribute the software, also have disclaimers such that should a user of the software have an issue the developers are not personally responsible.

There are many OSI-approved licenses. Happy to answer any questions about their specific implications to the best of my ability (IANAL). Personally, I go with permissive licenses for my work such as MIT or BSD 3-Clause, but depending on your priorities copyleft licenses may be of interest.

I would like to change how websites request custom_json transactions to be like the following:

var request={type:"custom",
              username:$("#custom_username").val(),
              id: $("#custom_id").val(), // example 'follow' or 'sm_gift_cards', etc.
              key: $("#custom_key").val(), // example 'posting' or 'active'
              json: $("#custom_json").val() // example  { "property1": "value1", ... }
              };

It should not show the checkbox at all since you can't turn off transfer confirmations.

I was wondering if there were any thoughts to opening up just doing a generic broadcast send (basically what steem-js what condenser uses)? It seems it can almost plug right into condenser that way.

I notice commenting with comment options is one method that this keychain handles that is using that steem-js API.

When you click "send" to send a transaction, the button should disappear and be replaced by a loading animation until the transaction completes.

Add the ability to send delegation requests in VESTS

There is a setting to hide the confirmation for signing operations.

But some users would want to know when a signature happens, maybe even with a few seconds of time to cancel.

So I propose a two properties on each "ignore this op" setting:

• Still show a confirmation popup that informs the tx took place
• Delay in seconds to wait before submitting the tx, with a button to pause/cancel

There should be an optional setting to set the extension to auto-lock after a certain amount of time. This will add additional security for those who want it.

If I open the extension it always shows info for the first account in the list. If i change to a different account using the drop down menu, can you make it save that selection so that if i go out of the extension popup then when i go back in it will show the last account i selected instead of the first account in the list?

Let me know if this doesn't make sense!

Right now as soon as you click "confirm" in the confirmation popup, it goes away. I think it would be better if it stays and shows a loading spinner at the bottom and then shows a success or error message for the transaction, just like when sending a transfer from the extension directly.

Then maybe it can close automatically after a couple seconds.

If you get an official domain name steemkeychain.com then you could create a system where users can send a SteemKeychain link, for example:
https://steemkeychain.com/transfer?from=stoodkey&to=quochuy&amount=10%20STEEM

That page would then parse the query string and send a request to the keychain extension to generate and sign the transaction. If the extension is not installed, the page would invite the user to install it.

Please show the STEEM, SBD, and SP balances for an account at the top under the account name after you select an account from the main menu (see attached screenshot).

If I try to add a key that is incorrect (either an old key or a key for a different account or something) it doesn't do anything and no error message is shown.

Add the RC Mana information (percentage)
Could also add the time before the mana is full on hover

If you put a # at the beginning of your transfer memo using the keychain extension (either directly from the extension or requested by a website) and the memo private key has been added for the account, it should encrypt the memo.

These operations are needed to implement a full Steem web interface.

Related to #43 . But in case there is no generic broadcast, these two methods would be needed.

I'm trying to submit a "vote" and "comment/post" transaction through the wallet, but when i click cancel or confirm it just toggles the state of the check box and doesn't actually do anything.

In the settings there should be an option to choose which RPC to connect to if you want to connect to something other than api.steemit.com. It should have a list of existing, popular RPC nodes (including testnet nodes) and also allow users to add other nodes not in the list via a free-form text field.

Currently if an app sends a transaction to the wallet extension for an account that hasn't been added to the extension by the user, it returns a "no_user" error message to the app. This can be used for malicious apps to determine which accounts a certain user "owns", which is a privacy concern.

Instead, the extension should always return the same error for failure (such as "user_cancel") so there is no way for the app to tell whether or not the current user has access to the specified account or not.

README does not contain any mentions of requestDelegation and also requestPost is missing comment_options there.

In the spec document it says the following:

The extension will have settings which include turning off/on notifications or features for different operations for different websites.

I envision this working as follows:

1. For all types of transactions EXCEPT transfers, there should be a checkbox on the popup notification that shows up to confirm the transaction that says "Always allow [transaction_type] transactions from [website]"

2. If that box is checked, then in the future whenever the current website requests to publish that type of transaction via the extension, it just does it automatically without showing any confirmation popup.

3. Somewhere in the main extension popup page there should be a settings button. When clicked it will show a settings screen which will show a list of the different types of transactions allowed by the extension, and within each type of transactions it will show a list of sites for which confirmations have been disabled. The user can then remove any of the websites listed if they want to start receiving confirmation popups if that site tries to publish that type of transaction through the extension in the future.

4. Transfer transactions should always show the confirmation popup and that should not be able to be turned off by the user.

If the user just closes the confirmation popup, then no message is ever sent back to the web page so it will just hang if it is waiting for a response from the wallet. It should send the same "user_cancel" message as the cancel button does.

Currently the confirmation popup always shows at the top right corner of my whole screen. I would prefer if it shows around where the extension button is in the top right corner of the browser window instead.

• Would be nice if the plugin shows a confirmation page before doing the actual transfer, just in case...
• Every time a transfer is successful, store the recipient in the local storage and allows a selection of previous recipients in the transfer view

Voting Power should be replaced by Voting Mana

dApps should be able to request the broadcast of a delegation

Hey, so it turns out the size of the confirmation dialog window is a bit different on windows than it is on mac/linux (which is why i had made those changes before). Do you think you can work something out so it looks nice on all platforms?

If you select an account in the main drop down in keychain, and then go into manage accounts in settings and delete that account, it breaks the extension so you need to completely reset it and add all your accounts again to fix it.

Change settings layout according to Nate update on XD :
https://xd.adobe.com/spec/5029708f-083d-421e-7926-78f8baad199b-2618/screen/24439431-bf2f-4665-b40f-268c0cec79ef/settings/

Found out recently that to get condenser feature flags working, there's one more API that condenser needs to be fully operational. I'm looking into exposing the necessary method, but it's this one:

https://github.com/steemit/condenser/blob/c91e21ae70fd1a68cfd6744fe134ea9fe5103d5c/src/app/redux/UserSaga.js#L412

using api.signedCall(...) in the steem-js library.

Hey guys, i hope the title is correct. =)

I want to edit a comment using steem_keychain.requestPost and patch it, newlines are displayed as %0A, the post gets updated but the response is not valid.

Reproduction:
https://pastebin.com/iBQ934RA

If a website requests a transfer transaction, the user should be able to choose which account to send the transfer from. This would also allow the website to not specify from the "from" account for the transaction.

SteemConnect links are widely used on the blockchain for a while now, all parameters in those links can be easily parsed and converted into a parameter for Steem Keychain.

Either Steem Keychain or Steem Plus could inject piece of JS when the current browser tab is on steemit.com or any other Steem condenser. That JS snippet would then check all anchors on the page and if it finds a steemconnect.com API URL, it would then parse and extract the parameters and convert it into a call to one of the Steem Keychain functions.

If Steem Keychain is not installed then render a modal dialog that describes what is the current action was supposed to be (transfer, upvote etc...) and give the user two options:

1. Install Steem Keychain extension in order to perform that action in a more secure manner
2. Let them continue to the original Steem Connect link (playing it fair 😊)

Users should be able to broadcast a comment_options along comments.
An additional parameter will hold the comment_options json.
Main options should be displayed on the popup.

I have a tool which I would restrict to certain steem users. Would be good if I can interrogate steem keychain to see who is currently signed into the extension. Alternatively, the website could send a username and steem keychain would respond with true or false depending if that user is signed in with steem keychain.

The extension should check if the current account has voted for us for witness (if the vote is not proxied) and if not show a message to support us by voting for us as witness at the bottom of the popup with a vote icon button that when clicked will broadcast the vote tx right from the extension.

The title is typically an empty string for comments, which does not pass request validation since title is required. This should not be the case, although setting title should not be a problem. It's just not usual.

This would make it possible to for example sign an image signature to upload an image to steemitimages.com, which would be super handy and convenient for some services.

I recently found out that custom_json transactions can be posted using either the posting key or the active key. To use the active key you just need to put the account name in the "required_auths" property instead of "required_posting_auths".

Can you please update the extension so that a website can specify which key they want to use to publish the transaction? If none is specified then posting key should be used by default.

If a web page tries to make a call to the extension while it is locked, it shows the attached "wallet is locked" error screen. Is it possible to allow the user to enter their wallet password right in that popup window and then continue to finish the transaction?

SteemConnect links are widely used on the blockchain for a while now, all parameters in those links can be easily parsed and converted into a parameter for Steem Keychain.

Either Steem Keychain or Steem Plus could inject piece of JS when the current browser tab is on steemit.com or any other Steem condenser. That JS snippet would then check all anchors on the page and if it finds a steemconnect.com API URL, it would then parse and extract the parameters and convert it into a call to one of the Steem Keychain functions.