[pull] main from MetaMask:main#565
Merged
Merged
Conversation
…d assertions (#26710) ## **Description** Updates `amount-keyboard.test.tsx` to use `mockTheme` design token references instead of hardcoded hex values in test assertions, unblocking the design tokens upgrade to v8.2.1 (#26639). **What this PR does:** - Replaces hardcoded color hex values (`#b7bbc8`, `#121314`, `#ca3542`) with `mockTheme.colors.*` references in test assertions for `getBackgroundColor` and the disabled Next button **Why this is an improvement:** - Makes tests resilient to design token value changes - Ensures tests validate correct token usage rather than specific hex values - Aligns with design system best practices - Follows the same pattern established in #26657 ## **Changelog** CHANGELOG entry: null ## **Related issues** Dependency of: #26639 Related: #26657 ## **Manual testing steps** ```gherkin Scenario: Verify updated tests pass Given the repository with design tokens v8.2.1 When I run app/components/Views/confirmations/components/send/amount/amount-keyboard/amount-keyboard.test.tsx Then all 6 tests should pass ``` ## **Screenshots/Recordings** N/A - Test-only changes ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Test-only updates that swap fixed hex assertions for `mockTheme` token references, reducing brittleness during design token upgrades. No production logic changes; risk limited to potential mismatches with token names/structure. > > **Overview** > Updates `amount-keyboard.test.tsx` to stop asserting on hardcoded hex colors for the disabled Next/Continue button and `getBackgroundColor` output. > > Assertions now reference `mockTheme.colors.text.*` and `mockTheme.colors.error.*`, making the tests resilient to design token value changes while still verifying the correct token is used. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 95e250e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## **Description**
Fixes mobile CI build failures caused by invalid action tag references
in workflow files.
Several workflows were using
`MetaMask/github-tools/.github/actions/setup-e2e-env@v1.7`, but `v1.7`
does not exist in `MetaMask/github-tools` (valid refs include `v1` and
`v1.7.0`).
This PR updates those references to `@v1` to restore build job setup
resolution.
## **Changelog**
CHANGELOG entry: null
## **Related issues**
Fixes: N/A
## **Manual testing steps**
```gherkin
Feature: CI workflow setup action reference
Scenario: Build jobs resolve setup-e2e-env action
Given workflow files reference setup-e2e-env@v1
When CI runs Build Android E2E APKs and Build iOS E2E Apps jobs
Then job setup resolves the action successfully
And CI no longer fails with "unable to find version v1.7"
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jvbriones <jvbriones@users.noreply.github.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
Adds a "View PIN" option to the Card Home manage card section, allowing
users to securely view their card PIN through a PCI-compliant
image-based display.
**Why**: Users need to retrieve their card PIN (e.g. for ATM use or
in-store transactions). The PIN is never transmitted as plain text — it
is rendered as an image via a time-limited, single-use secure token from
the `POST /v1/card/pin/token` endpoint, ensuring PCI compliance.
**What changed**:
- **New SDK method** (`CardSDK.generateCardPinToken`): Calls `POST
/v1/card/pin/token` with optional `customCss` for theming the PIN image.
Mirrors the existing `generateCardDetailsToken` pattern with proper
error handling.
- **React Query integration**: New `cardQueries.pin` key factory and
`pinTokenMutationFn` following the established React Query patterns from
the codebase.
- **`useCardPinToken` hook**: Wraps `useMutation` for PIN token
generation. Automatically applies dark/light theme-aware `customCss`
(background and text colors) so the PIN image matches the app
appearance.
- **`ViewPinBottomSheet` component**: Displays the PIN image in a bottom
sheet with a skeleton loader and `CardScreenshotDeterrent` enabled to
prevent screenshots of sensitive data.
- **`CardHome` integration**: New `ManageCardListItem` for "View PIN"
with biometric authentication gating (matching the "View Card Details"
flow). Falls back to password bottom sheet with a PIN-specific
description when biometrics are not configured. Visible for US users
(all card types) and international users with non-virtual cards.
- **Analytics**: Added `VIEW_PIN_BUTTON` action to `CardActions` enum,
tracked via `CARD_BUTTON_CLICKED` event.
- **Navigation**: Registered `CardViewPinModal` route and added the
`ViewPinBottomSheet` screen to `CardModalsRoutes`.
- **Tests**: Added tests across 5 files — SDK method tests, query layer
tests, hook tests, bottom sheet snapshot/render tests, and 11 new
CardHome integration tests covering visibility conditions, biometric
auth flow, password fallback, and loading guards.
## **Changelog**
CHANGELOG entry: Added "View PIN" option to the Card Home screen,
allowing users to securely view their card PIN via biometric or password
authentication.
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: View card PIN
Scenario: View PIN button is visible for eligible users
Given the user is authenticated with an active card
And the user is a US user OR has a non-virtual (metal) card
When the user navigates to the Card Home screen
Then a "View PIN" option is displayed in the manage card section
Scenario: View PIN button is hidden for international virtual card users
Given the user is an international user with a virtual card
When the user navigates to the Card Home screen
Then the "View PIN" option is NOT displayed
Scenario: View PIN with biometric authentication
Given the user has biometric authentication configured
When the user taps "View PIN"
Then a biometric prompt is displayed
And upon successful authentication, the card PIN is shown as an image in a bottom sheet
And the PIN image matches the current theme (light/dark background)
Scenario: View PIN with password fallback
Given the user does NOT have biometric authentication configured
When the user taps "View PIN"
Then a password bottom sheet appears with the message "Enter your wallet password to view your card PIN."
And upon entering the correct password, the card PIN is shown in a bottom sheet
Scenario: View PIN biometric cancellation
Given the user has biometric authentication configured
When the user taps "View PIN" and cancels the biometric prompt
Then no PIN is displayed and the user returns to Card Home
Scenario: View PIN error handling
Given the user taps "View PIN" and authentication succeeds
When the PIN token request fails
Then an error toast is shown with "Failed to load PIN. Please try again."
Scenario: Screenshot prevention
Given the card PIN bottom sheet is displayed
When the user attempts to take a screenshot
Then the screenshot deterrent is active and prevents capture of the PIN
```
## **Screenshots/Recordings**
<!-- If applicable, add screenshots or recordings of the View PIN flow
-->
### **Before**
<!-- Card Home without View PIN option -->
### **After**
<!-- Card Home with View PIN option + View PIN bottom sheet -->
## **Pre-merge author checklist**
- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Adds a new authenticated flow to fetch and display a sensitive card
PIN image via a new SDK endpoint and modal UI, with biometric/password
gating and error handling. Risk is mainly around auth/error-state
handling and the new network call/token lifecycle.
>
> **Overview**
> Adds a new **“View PIN”** manage-card action on `CardHome`, shown only
for eligible users (authenticated, has a card, not loading; US users or
non-virtual cards), gated by `reauthenticate()` with a
password-bottom-sheet fallback when biometrics aren’t configured and
guarded against concurrent loads.
>
> Introduces PIN-token generation plumbing:
`CardSDK.generateCardPinToken` calling `POST /v1/card/pin/token`, React
Query `cardQueries.pin` + `useCardPinToken` (theme-aware `customCss`),
plus a new `ViewPinBottomSheet` modal route
(`Routes.CARD.MODALS.VIEW_PIN`) that renders the PIN image with a
skeleton loader and `CardScreenshotDeterrent` enabled.
>
> Updates analytics (`CardActions.VIEW_PIN_BUTTON`), test IDs, and
English strings, and adds comprehensive tests for the SDK/query/hook,
the new bottom sheet (snapshot/render), and CardHome
visibility/auth/error flows.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
514ae0c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** This PR aims to add the stocks section in the explore page. In order to get this PR to the finish line, I have: - Updated the core package [here](MetaMask/core#8019) to fix an issue with the `limit` param in the search endpoint request and support for a higher limit when calling with the QueryString `Ondo` - Asked the design team to add the corporate icon [here](#26492) - Raised the following issues in api-platform and got a fix - https://consensys.slack.com/archives/C03MLR70YSK/p1771489684959419 - https://consensys.slack.com/archives/C03MLR70YSK/p1771850443811719 - Added Geo-blocking (hardcoded for now but it should live on the API at some point) - Modified order of sections in explore page following @chaoticgoodpanda guidance - Modified predictions section to not be a carousel <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: added stocks section to explore page ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2635 & https://consensyssoftware.atlassian.net/browse/ASSETS-2632 ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** [Here](https://consensys.slack.com/archives/C07NF2K42LE/p1771849520486939) is a full video explaining the e2e functionality. https://github.com/user-attachments/assets/ac8c7c52-30c6-4913-9e69-7b8fe8e0db52 <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Adds a new Explore section and full-screen view backed by a new search hook with geo-restriction logic and new navigation routes, which could affect what data users see and how filtering/refetch behaves. Refactors Trending Tokens full view into shared layout/components, so regressions could impact existing trending-token filtering UI and bottom sheets. > > **Overview** > Adds a new **Stocks** section to Explore, including a new `RWATokensFullView` screen/route and `useRwaTokens` hook that queries Ondo RWA assets (with production geo-blocking) and supports search, network, and sort filters. > > Refactors `TrendingTokensFullView` into the `UI/Trending` area and introduces shared `TokenListPageLayout`, `FilterBar`, and `useTokenListFilters` to unify header/search/filter behavior across token list full views; updates the network bottom sheet to take an explicit `networks` prop and adjusts token sorting to push missing market data to the end. Explore/QuickActions/predictions presentation, navigation, mocks, and smoke tests are updated to include the new Stocks section and new predictions row rendering. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2be0c5a. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )