Merge pull request #377 from PureStake/master

AlgoSigner 1.8.0

.github/workflows/cla.yml

@@ -0,0 +1,36 @@
+name: "CLA Assistant"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize]
+
+jobs:
+  CLAssistant:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        # Beta Release
+        uses: cla-assistant/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # the below token should have repo scope and must be manually added by you in the repository's secret
+          PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          path-to-signatures: 'signatures/cla.v0.json'
+          path-to-document: 'https://github.com/PureStake/algosigner-cla/blob/main/CLA.md' # e.g. a CLA or a DCO document
+          # branch should not be protected
+          branch: 'main'
+          allowlist: janmarcano,fxgamundi,purestaketdb,PureBrent,mmaurello,ekenigs
+
+         #below are the optional inputs - If the optional inputs are not given, then default values will be taken
+          remote-organization-name: purestake
+          remote-repository-name:  algosigner-cla
+          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
+          #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
+          #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
+          #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
+          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
+          #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
+          #use-dco-flag: true - If you are using DCO instead of CLA

README.md

@@ -13,37 +13,13 @@ Developers working with dApps may also install directly from the release package
 # `AlgoSigner.sign()` and `AlgoSigner.signMultisig()` will be deprecated mid April.
 
 ## As of release 1.7.0, AlgoSigner no longer supports incomplete atomic groups signing.
-## 1.7.0 Release
+## 1.8.0 Release
 
 ### Functionality updates
-As part of maintaining the standards set by the Algorand Foundation, we've begun to deprecate some of the older signing methods provided by AlgoSigner.
-- Incomplete atomic groups signing is no longer supported.
-- v1 Signing (`AlgoSigner.sign()` && `AlgoSigner.multisign()`) will stop being supported in the next major release.
-- Preliminary error codes were added to all of the errors that AlgoSigner could provide.
-
-Other changes
-- A developer-oriented `Clear Cache` button was added to the Settings menu to help out with certain issues
-- Fixed account name sometimes not being visible during signing.
-- When signing more than one group of transactions, there's now an Indicator on which group you're currently signing.
-
-### 1.7.1 Patch
-
-- Added support for saving addresses as 'Contacts' for easier re-use
-- Added support for importing more than one address from a same ledger device
-
-### 1.7.2 Patch
-
-- Added support for Opting-out of ASAs from the UI
-- New Account Details page
-- Added Tooltip with Pending Rewards
-
-### 1.7.3 Patch
-
-- Fixed an error that prevented using Ledger devices when doing transactions from the UI
-- Fixed an issue where we were sending an incorrect error code on user refusal of transactions
-- Support for SDK v1.13.1
-- Renaming of `Add an asset` to `Opt-in to an asset`
-
+This update is focused around rekey and changes to accommodate it. Both normal accounts and new reference accounts can be used directly in the UI and used by dApps if the proper authAddr is provided in the transaction. 
+- Rekeying transactions now available
+- Transactions with rekeyed accounts now accepted 
+- Reference accounts can now be imported with public key only 
 
 ## New Users
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "algosigner",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "author": "https://developer.purestake.io",
   "description": "Sign Algorand transactions in your browser with PureStake.",
   "repository": "https://github.com/PureStake/algosigner",

packages/common/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@algosigner/common",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "author": "https://developer.purestake.io",
   "description": "Common library functions for AlgoSigner.",
   "repository": "https://github.com/PureStake/algosigner",

packages/common/src/strings.ts

@@ -15,3 +15,7 @@ and Indexer in JSON format:
 		"x-api-key": "xxxxxxxxx"
 	}
  }`;
+
+export const REFERENCE_ACCOUNT_TOOLTIP: string = `Reference accounts allow account tracking in AlgoSigner, but
+they do not contain signing keys. They can only sign transactions if
+they are rekeyed to another normal account also on AlgoSigner.`;

packages/crypto/package.json

@@ -1,6 +1,6 @@
 {
   "name": "algosigner-crypto",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "author": "https://developer.purestake.io",
   "description": "Cryptographic wrapper for saving and retrieving extention information in Algosigner.",
   "repository": {

packages/dapp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@algosigner/dapp",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "author": "https://developer.purestake.io",
   "repository": "https://github.com/PureStake/algosigner",
   "license": "MIT",

packages/extension/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "AlgoSigner",
   "author": "https://developer.purestake.io",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "description": "Algorand Wallet Extension | Send & Receive ALGOs | Sign dApp Transactions",
   "icons": {
     "48": "icon.png"

packages/extension/package.json

@@ -1,6 +1,6 @@
 {
   "name": "algosigner-extension",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "author": "https://developer.purestake.io",
   "repository": "https://github.com/PureStake/algosigner",
   "license": "MIT",

packages/extension/src/background/messaging/internalMethods.ts

@@ -43,10 +43,11 @@ export class InternalMethods {
 
       // Afterwards we can add in all the non-private keys and names into the safewallet
       for (let j = 0; j < wallet[key].length; j++) {
-        const { address, name } = wallet[key][j];
+        const { address, name, isRef } = wallet[key][j];
         safeWallet[key].push({
           address: address,
           name: name,
+          isRef: isRef,
         });
       }
     });
@@ -251,24 +252,30 @@ export class InternalMethods {
   }
 
   public static [JsonRpcMethod.ImportAccount](request: any, sendResponse: Function) {
-    const { mnemonic, name, ledger } = request.body.params;
+    const { mnemonic, address, isRef, name, ledger } = request.body.params;
     this._encryptionWrap = new encryptionWrap(request.body.params.passphrase);
+    let newAccount;
 
     try {
-      var recoveredAccountAddress = algosdk.mnemonicToSecretKey(mnemonic).addr;
-      var existingAccounts = session.wallet[ledger];
+      const existingAccounts = session.wallet[ledger];
+      let targetAddress = address;
+
+      if (!isRef) {
+        targetAddress = algosdk.mnemonicToSecretKey(mnemonic).addr;
+      }
 
       if (existingAccounts) {
         for (let i = 0; i < existingAccounts.length; i++) {
-          if (existingAccounts[i].address === recoveredAccountAddress) {
+          if (existingAccounts[i].address === targetAddress) {
             throw new Error(`Account already exists in ${ledger} wallet.`);
           }
         }
       }
 
-      var newAccount = {
-        address: recoveredAccountAddress,
-        mnemonic: mnemonic,
+      newAccount = {
+        address: targetAddress,
+        mnemonic: !isRef ? mnemonic : null,
+        isRef: isRef,
         name: name,
       };
     } catch (error) {
@@ -679,7 +686,7 @@ export class InternalMethods {
   }
 
   public static [JsonRpcMethod.AssetOptOut](request: any, sendResponse: Function) {
-    const { ledger, address, passphrase, id } = request.body.params;
+    const { ledger, address, passphrase, id, authAddr } = request.body.params;
     this._encryptionWrap = new encryptionWrap(passphrase);
     const algod = this.getAlgod(ledger);
 
@@ -689,10 +696,11 @@ export class InternalMethods {
         return false;
       }
       let account;
+      const signAddress = authAddr || address;
 
       // Find address to send algos from
       for (var i = unlockedValue[ledger].length - 1; i >= 0; i--) {
-        if (unlockedValue[ledger][i].address === address) {
+        if (unlockedValue[ledger][i].address === signAddress) {
           account = unlockedValue[ledger][i];
           break;
         }
@@ -803,7 +811,7 @@ export class InternalMethods {
   }
 
   public static [JsonRpcMethod.SignSendTransaction](request: any, sendResponse: Function) {
-    const { ledger, address, passphrase, txnParams } = request.body.params;
+    const { ledger, address, passphrase, txnParams, authAddr } = request.body.params;
     this._encryptionWrap = new encryptionWrap(passphrase);
     const algod = this.getAlgod(ledger);
 
@@ -813,10 +821,11 @@ export class InternalMethods {
         return false;
       }
       let account;
+      const signAddress = authAddr || address;
 
       // Find address to send algos from
       for (var i = unlockedValue[ledger].length - 1; i >= 0; i--) {
-        if (unlockedValue[ledger][i].address === address) {
+        if (unlockedValue[ledger][i].address === signAddress) {
           account = unlockedValue[ledger][i];
           break;
         }