fix: Fix/1723 add permission middleware

[Cal-L]

Description

This PR changes the following:

• Adds the missing permission middleware to the JsonRpcEngine stack. All RPC methods will now be validated by the PermissionController before it can reach the RPCMethodMiddleware (user facing RPC method handlers)
• Removes metadata from the permitted accounts in the PermissionController subject state. The result returned by eth_accounts handler should contain a list of permitted addresses. A migration is included in the changes to migrate the data.

Related issues

Fixes:

#9492 & #1723

Manual testing steps

PermissionController state should be successfully migrated

• GIVEN I have a previous version of the app installed
• AND I have accounts 1 and 2 connected to uniswap.org
• AND Account 1 is active on the dapp
• WHEN I upgrade the app to the version with this PR's changes
• AND I log in, access the browser tab, see uniswap tab opened
• THEN I should see accounts 1 and 2 are connected with Account 1 being active
• AND I should be able to freely connect or disconnect accounts without any issues

Un-permitted restricted RPC method should be blocked by permission middleware

• GIVEN I have no accounts connected to the dapp metamask.github.io/test-dapp
• WHEN I tap ETH_ACCOUNTS button
• THEN I should see an unauthorized error

Permitted restricted RPC method should be allowed by permission middleware

• GIVEN I have no accounts connected to the dapp metamask.github.io/test-dapp
• AND I connect Account 1 to the dapp
• WHEN I tap ETH_ACCOUNTS button
• THEN I should see my active+permitted account address

WC should still work and be able to trigger transaction

• GIVEN I select WC option from uniswap.org
• AND I use the QR reader to scan
• THEN I should receive the connect account prompt
• WHEN my account is connected the the dapp
• THEN I submit a transaction in the dapp
• THEN I should see the transaction prompt in the mobile app

Screenshots/Recordings

Before

After

When upgrading with PermissionController state migration

upgrade.mov

When calling restricted+un-permitted RPC method

unauthorized.mov

When calling restricted+permitted RPC method

authorized.mov

Interaction using WC to connect and prompt transaction

RPReplay_Final1714770943.MP4

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[sentry-io]

🔍 Existing Issues For Review

Your pull request is modifying functions with the following pre-existing issues:

📄 File: app/core/Permissions/specifications.js

Function	Unhandled Issue
validateCaveatAccounts	Error: eth_accounts error: Received unrecognized address: "".** accounts.forEach$argument_0(app/core/Permissions/... Event Count: 14 Affected Users: 11

---

_{Did you find this useful? React with a 👍 or 👎}

[github-actions]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 316fd36
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/d9c5e7eb-0e71-4736-9b46-5e9d8b36f1ad

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 26b28cb
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/dc6fa483-60c7-4d86-a1a9-6ec08160e3c9

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 367eb4f
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/302a93c7-7a7f-48b9-94de-b19b6e95db0d

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: ae2ecab
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/508144f5-cc96-4b5c-af9b-35c5016b3511

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[rekmarks]

LGTM!

[sonarcloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
63.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[Cal-L]

Also successfully pr_regression_e2e_pipeline - https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/08cea1fe-b7be-4331-9d83-47fcb67b7934

[Cal-L]

E2E passed from non-JSdoc change

[christopherferreira9]

SDK & WC remain untouched ✅