Skip to content

fix: Add logic to not add revocation transaction until user confirms it #7157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 19, 2025
Merged

fix: Add logic to not add revocation transaction until user confirms it #7157

merged 3 commits into from
Nov 19, 2025
+181 −6

Conversation

@MoMannn
Copy link
Contributor

@MoMannn MoMannn commented Nov 14, 2025
edited by cursor bot
Loading

Explanation

Addresses bug where permission goes into pending state if user cancels revocation transaction.

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

Note

Defers adding pending revocations until transactionApproved, cleans up on transactionRejected, subscribes to new events, and updates tests and changelog (breaking: messenger must allow approved/rejected events).

  • Controller (src/GatorPermissionsController.ts):
    • Add subscriptions to TransactionController:transactionApproved and TransactionController:transactionRejected.
    • Only add to pendingRevocations after transactionApproved; clean up without state changes on transactionRejected.
    • Maintain existing terminal-state handling (transactionConfirmed submits, transactionFailed/transactionDropped clean up) with timeout safety net; refine cleanup logic.
  • Messenger wiring (GatorPermissionsController.test.ts):
    • Allow new events in delegated messenger; publish transactionApproved/transactionRejected in tests.
  • Tests (src/GatorPermissionsController.test.ts):
    • New/updated cases to verify add-after-approval, no-add-on-rejection, and confirmation flow; ensure no submission on mismatched IDs/timeout/failure/drop.
  • Changelog (CHANGELOG.md):
    • Note fix for cancellation case and breaking requirement to allow transactionApproved/transactionRejected events.

Written by Cursor Bugbot for commit 8a9897a. This will update automatically on new commits. Configure here.

@MoMannn MoMannn requested a review from a team as a code owner November 14, 2025 10:08
@MoMannn MoMannn requested a review from a team as a code owner November 14, 2025 10:19
@MoMannn MoMannn mentioned this pull request Nov 14, 2025
Merged
7 tasks
@MoMannn MoMannn changed the title Add logic to not add revocation transaction until user confirms it fix: Add logic to not add revocation transaction until user confirms it Nov 14, 2025
hanzel98
hanzel98 reviewed Nov 18, 2025
View reviewed changes
packages/gator-permissions-controller/src/GatorPermissionsController.ts
Copy link
Contributor

@hanzel98 hanzel98 Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like this file is getting too big due to all the event handlers, it is hard to read, it might be amazing if we could move some of the logic to a different file

@MoMannn MoMannn added this pull request to the merge queue Nov 19, 2025
Merged via the queue into main with commit cc08297 Nov 19, 2025
272 checks passed
@MoMannn MoMannn deleted the fix-add-logic-if-the-user-canceled-revoke-transaction branch November 19, 2025 07:34
github-merge-queue bot pushed a commit to MetaMask/metamask-extension that referenced this pull request Nov 20, 2025
@MoMannn
fix: do not add revoke transaction until confirmed by user (#37839)
f37b36c 
## **Description**

Fixes bug where if users cancels revocation transaction it gets stuck in
pending revocation state.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/37839?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Depends on: MetaMask/core#7157

## **Manual testing steps**

1. Create an advance permission
2. Go to All permissions
3. Go to revoke a permission
4. Instead of confirming transaction - cancel it
5. Find the same permissions - you should be able to try to revoke it
again

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**



https://github.com/user-attachments/assets/9de5c630-1e5c-455b-8ec9-edf835c2d6fd



### **After**


https://github.com/user-attachments/assets/70b0c664-c67a-49d4-b312-252960b99057


## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds `transactionApproved`/`transactionRejected` event handling to the
Gator Permissions controller messenger and bumps
`@metamask/gator-permissions-controller` to ^0.5.0.
> 
> - **Gator Permissions Controller Messenger**
(`app/scripts/controller-init/messengers/gator-permissions/gator-permissions-controller-messenger.ts`):
> - Add support for `TransactionController:transactionApproved` and
`TransactionController:transactionRejected` events.
> - Extend `MessengerEvents` to include
`TransactionControllerTransactionApprovedEvent` and
`TransactionControllerTransactionRejectedEvent`.
> - **Dependencies**:
> - Upgrade `@metamask/gator-permissions-controller` from `^0.4.0` to
`^0.5.0`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6aa868e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mj-kiwi mj-kiwi mj-kiwi approved these changes

@hanzel98 hanzel98 hanzel98 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MoMannn @mj-kiwi @hanzel98