Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Tom
    @tom-portis
    Thanks for the kind words @Kevinlivin_twitter ! The feature for differentiating the two values is nearly ready and will be live tomorrow
    Tom
    @tom-portis
    @Kevinlivin_twitter we just pushed the price breakdown feature. Refresh your browser to check it out! We'd love to hear your feedback / thoughts
    billy rennekamp
    @okwme
    hello, i'm not getting a response from global.web3.eth.net.getId() when i'm using portis as a provider
    Itay Radotzki
    @radotzki
    Hi @okwme, according to the web3js documentation please try this in order to get the network id:
    web3.version.network
    // or async
    web3.version.getNetwork(callback(error, result){ ... })
    billy rennekamp
    @okwme
    hi @radotzki, i'm using web3 v1.0 which uses the format i posted. it works with metamask connected to infura and shouldn't make a difference with different providers. I suspect it's soemthing to do with the RPC that is included with portis. are you running your own point or do you also connect to infura? is it possible to specify a node endpoint?
    Tom
    @tom-portis
    Hey @okwme , we're working on supporting that v1.0 functionality as well. Should be available very soon
    billy rennekamp
    @okwme
    look forward to it @tom-portis
    Itay Radotzki
    @radotzki
    Hi @okwme, when we test with web3 v1.0 we get a valid response when calling web3.eth.net.getId().
    Here is a plunkr demonstrating it in action: https://plnkr.co/edit/p0U0sgEpD790VmrrGofb?p=preview
    Swaroop Hegde
    @SwaroopH
    Is the login prompt meant to popup on every page load (no persistence + timeout)?
    Tom
    @tom-portis
    @SwaroopH since we don't want to keep the private key in any persistent client-side storage, yes, every page reload (which clears the process memory), the user will need to re-enter their credentials
    Uri Shaked
    @UriShaked_twitter
    Hello!
    Tom
    @tom-portis
    Hello @UriShaked_twitter , welcome aboard!
    Uri Shaked
    @UriShaked_twitter
    @tom-portis πŸ‘πŸ‘
    Swaroop Hegde
    @SwaroopH
    @tom-portis makes sense!
    Tom
    @tom-portis
    Portis v1.2.3 supports custom provider nodes! Find out more here: https://medium.com/@portis/portis-adds-supports-for-custom-provider-nodes-9ca4b23a94a0
    Parker Place
    @pakaplace
    Hi there, big fan of the product πŸ‘
    Tom
    @tom-portis
    @pakaplace Thank you, that’s very kind of you!
    billy rennekamp
    @okwme

    Hi again. I'd like to provide a user flow where they can close the portis popup but still use read only functions from the rpc endpoint. That way a user can browse through the dapps content before deciding to actually sign up w portis instead of being forced to do it right away. I usually build my own readonly provider in that scenario but would like to keep your suggested connection logic:

    if (typeof web3 !== 'undefined') {
      // Use Mist/MetaMask's provider
      global.web3 = new Web3(web3.currentProvider)
    } else {
      // Fallback - use Portis
      global.web3 = new Web3(
        new PortisProvider({
          apiKey: 'my-api-key'
        })
      )
    }

    is it possible to enable that sort of functionality with portis or do i need to handle it manually?

    Vinay Agarwal
    @vinay035
    Hey
    Itay Radotzki
    @itay-portis
    @vinay035 Hi!
    Tom
    @tom-portis
    Hi @okwme , that's an excellent suggestion, especially since it's something we've also been working on πŸ˜‰
    We're happy to let you know that we've just released an update which addresses this specific need! You can read all about it here: https://medium.com/@portis/portis-users-will-now-log-in-only-when-absolutely-necessary-3a2c9b0ae7c2
    billy rennekamp
    @okwme
    ayyy πŸŽ‰
    Scott Waddell
    @scotty595
    πŸŽ‰πŸŽ‰πŸŽ‰
    Gray Whale
    @grywhl_twitter
    Hey @tom-portis , this is a great product! I’m doing a super-provisional test on a site where, for many of our user interactions, we load a new page from the server. It seems Portis pops up the login window whenever this happens β€” any good way around this?
    Tom
    @tom-portis

    Hi @grywhl_twitter , unfortunately - no. For security reasons, the decrypted wallet is never stored locally, only in the process memory. That means that a refresh (or new page load) will require the user to sign in again. This isn't such a hassle as most users allow their browsers to save their passwords, so the autocomplete feature will provide a relatively smooth experience.

    If you are referring to the fact that the Portis window pops up "by it's own" straight away, we have improved the behaviour in a recent upgrade (https://medium.com/@portis/portis-users-will-now-log-in-only-when-absolutely-necessary-3a2c9b0ae7c2), but some actions will still require it to show (mainly - getAccounts and signTransaction), so if your code automatically calls getAccounts when the page loads, perhaps you should consider caching the user's public account address locally to the browser and checking there first, before calling the web3 method of getAccounts.

    lisa-jen
    @lisa-jen
    Hi, just a quick question, I know there is an API key I need to add to instantiate the PortisProvider object. Given that it is in plaintext, I am wondering if it is possible for others to simply use my API key and make requests?
    Tom
    @tom-portis
    Hi @lisa-jen , the API key is simply an identifier for your domain, making it simpler for us to validate that the request is indeed from a registered and approved domain. Since it is sent from the client side, it has no security related purpose.
    lisa-jen
    @lisa-jen
    @tom-portis : What do you mean there is no security related purpose. Do you mean concern? How is the domain verification done on the portis side? As a dApps dev, my API key will be visible to anyone, which means others can simply take my API key can use it. I have yet to find any relative information on protis website that says how the keys are handled. I guess my question came from the fact that domain name spoofing is easy. What mechanism do you guys have in place to make sure that the requests are authentic.
    Tom
    @tom-portis
    @lisa-jen , to clarify, we want to make sure Portis can deny service to certain DApps (in case they are promoting any iillegal activity such as gambling, drugs, etc.). That is the sole reason we verify the domain from which the iframe is being served. Due to browser security specifications, a website cannot spoof this value inside an iframe without requiring its users to install an extension or anything of the sort. An API key is used for simpler fetching of the DApp details from our DB, which we then compare to parent window domain inside the iframe. This is not a cryptographic security mechanism.
    lisa-jen
    @lisa-jen
    @tom-portis: I am not knowledgeable and unfamiliar with browser security + iframe. Could you point me to any resource/reference that I could read up on so I can be more educated?
    Tom
    @tom-portis

    @lisa-jen , in terms of pure documentation, you can see that according to the specs, the document.referrer value is readonly:
    https://www.w3.org/TR/2009/REC-DOM-Level-2-HTML-20090303/html.html#ID-95229140

    Also see:
    https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer

    In regards to actually manipulating it:
    https://stackoverflow.com/questions/9580575/how-to-manually-set-referer-header-in-javascript

    lisa-jen
    @lisa-jen

    @tom-portis: Thanks for the links. They are helpful. A few questions that I could think of.

    1. Assuming I am the attacker, and I create my own browser. Can I not easily override document.referrer?
    2. What is preventing me from running a local (127.0.0.1) dapp and override my domain name (ex: dapp.portis.com -> 127.0.0.1) and connecting to the production portis api with the API key from someone else registered with dapp.portis.com?

    Are these scenarios possible? If so, then I can intentionally use API key from others to do anything I want.

    billy rennekamp
    @okwme
    does portis work on mobile?
    Tom
    @tom-portis
    @lisa-jen Simply using Portis to sign transactions is not an attack vector.
    As we mention in our documentation (https://github.com/portis-project/portis-sdk#registration), when running Portis on localhost, we do not require an API Key. So obviously it doesn't matter which API Key you send in that case, as we don't even require it.
    And if an attacker were to build their own browser and spoof the domain, they will not cause any damage to Portis, its users or the dapp whose API Key it copied, it will simply create false values in our analytics
    @okwme YES! 😁 Since Portis is 100% JavaScript that means that if a device has a browser it can connect to the Ethereum network and sign transactions using Portis, without asking its users to install anything, all while giving them complete and secure control over their wallet. So if you're a web application, it'll simply work everywhere. And if you're a native application, you can easily embed Portis using a webview. We will release android and ios SDKs later on for even easier integration.
    billy rennekamp
    @okwme
    <3
    billy rennekamp
    @okwme
    hi i'm seeing the x button disappear sometimes when the popup comes up on mobile
    ios safari
    ah looks like the icon is just very slow to load sometimes, maybe it could me moved higher in the loading order
    billy rennekamp
    @okwme
    here's a question:
    so i don't like alerting my user with a portis popup right when they land if they don't have web3 in their browser. Instead i create a ZeroClientProvider pointed to infura for read only purposes. When a user decides to do something that needs a wallet, i instantiate portis. However, I don't get the portis popup when this happens. Can I trigger that somehow after page load? the normal way doesn't work:
    global.web3 = new Web3(
        new PortisProvider({
              apiKey: process.env.PORTIS_KEY
        })
    )
    Tom
    @tom-portis
    Hi @okwme , in regards to the x button - great catch, we will make sure to fix it, thanks! 😊 As for the Portis window popping up "by it's own" straight away, we have improved the behaviour in a recent upgrade (https://medium.com/@portis/portis-users-will-now-log-in-only-when-absolutely-necessary-3a2c9b0ae7c2), but some actions will still require it to show (mainly - getAccounts and signTransaction). But as long as you call web3 methods which don't require the user signing in, the Portis window shouldn't pop up, meaning Portis can function as your ZeroClientProvider. If you want the Portis pop up to manually appear, you can simply call web3.eth.getAccounts().
    billy rennekamp
    @okwme
    i'd like to be able to check if there are any accounts without forcing a popup. is that possible?
    Tom
    @tom-portis
    We are working on a new project (open-source) which will take care of multiple login methods and the relevant logic around them, which might also provide a solution for this scenario. We'd love to hear your thoughts, can we continue this discussion with you on email?
    As for your problem, perhaps you should consider caching the user's public account address locally to the browser and checking there first, before calling the web3 method of getAccounts. Obviously if the user hasn't signed in to your DApp yet we can't provide any account details.
    billy rennekamp
    @okwme
    hey i'd love to try hear about the new work, you can contact me at billy.rennekamp@gmail.com
    Peter Kieltyka
    @pkieltyka
    hey all
    is there a demo app using portis i could try? to see how the UX feels
    Tom
    @tom-portis
    hi @pkieltyka , welcome!
    We are currently creating a more "dev-friendly" demo app, but for now you can check out https://attendr.io, a simple proof of stake based events dapp - event organizers can create deposit boxes where event goers can make a deposit to show they are serious about attending. If they show up, they get their deposit back. If they don't, after the event it gets sent to a charity wallet address. Try creating a deposit box as an event organizer, and you'll see Portis popping up.
    If you want to see code, then this plunkr offers a very simple example, only fetching the user's accounts: https://embed.plnkr.co/2wcrwCGE7258gowDKcph/
    Peter Kieltyka
    @pkieltyka
    cool, thanks