mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 01:39:44 +01:00
Sign-in with Ethereum Domain Binding (#16616)
* message error exploration * validate siwe domain * remove log * added addUnapprovedMessage siwe tests * updated error message + test * improve detection test with counter-example * fix test with mock * added rejects
This commit is contained in:
parent
1d0522fd88
commit
3233f76041
@ -153,6 +153,15 @@ export default class PersonalMessageManager extends EventEmitter {
|
||||
const siwe = detectSIWE(msgParams);
|
||||
msgParams.siwe = siwe;
|
||||
|
||||
if (siwe.isSIWEMessage && req.origin) {
|
||||
const { host } = new URL(req.origin);
|
||||
if (siwe.parsedMessage.domain !== host) {
|
||||
throw new Error(
|
||||
`SIWE domain is not valid: "${host}" !== "${siwe.parsedMessage.domain}"`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// create txData obj with parameters and meta data
|
||||
const time = new Date().getTime();
|
||||
const msgId = createId();
|
||||
|
@ -7,6 +7,7 @@ describe('Personal Message Manager', () => {
|
||||
beforeEach(() => {
|
||||
messageManager = new PersonalMessageManager({
|
||||
metricsEvent: jest.fn(),
|
||||
securityProviderRequest: jest.fn(),
|
||||
});
|
||||
});
|
||||
|
||||
@ -147,4 +148,45 @@ describe('Personal Message Manager', () => {
|
||||
expect(output).toStrictEqual('0x12');
|
||||
});
|
||||
});
|
||||
|
||||
describe('#addUnapprovedMessage', () => {
|
||||
const origin = 'http://localhost:8080';
|
||||
const from = '0xFb2C15004343904e5f4082578c4e8e11105cF7e3';
|
||||
const msgParams = {
|
||||
from,
|
||||
data: '0x6c6f63616c686f73743a383038302077616e747320796f7520746f207369676e20696e207769746820796f757220457468657265756d206163636f756e743a0a3078466232433135303034333433393034653566343038323537386334653865313131303563463765330a0a436c69636b20746f207369676e20696e20616e642061636365707420746865205465726d73206f6620536572766963653a2068747470733a2f2f636f6d6d756e6974792e6d6574616d61736b2e696f2f746f730a0a5552493a20687474703a2f2f6c6f63616c686f73743a383038300a56657273696f6e3a20310a436861696e2049443a20310a4e6f6e63653a2053544d74364b514d7777644f58453330360a4973737565642041743a20323032322d30332d31385432313a34303a34302e3832335a0a5265736f75726365733a0a2d20697066733a2f2f516d653773733341525667787636725871565069696b4d4a3875324e4c676d67737a673133705972444b456f69750a2d2068747470733a2f2f6578616d706c652e636f6d2f6d792d776562322d636c61696d2e6a736f6e',
|
||||
};
|
||||
|
||||
it('should detect SIWE messages', async () => {
|
||||
const request = { origin };
|
||||
const nonSiweMsgParams = {
|
||||
from,
|
||||
data: '0x879a053d4800c6354e76c7985a865d2922c82fb5b3f4577b2fe08b998954f2e0',
|
||||
};
|
||||
// siwe message
|
||||
const msgId = await messageManager.addUnapprovedMessage(
|
||||
msgParams,
|
||||
request,
|
||||
);
|
||||
const result = messageManager.getMsg(msgId);
|
||||
expect(result.msgParams.siwe.isSIWEMessage).toStrictEqual(true);
|
||||
// non-siwe message
|
||||
const msgId2 = await messageManager.addUnapprovedMessage(
|
||||
nonSiweMsgParams,
|
||||
request,
|
||||
);
|
||||
const result2 = messageManager.getMsg(msgId2);
|
||||
expect(result2.msgParams.siwe.isSIWEMessage).toStrictEqual(false);
|
||||
});
|
||||
|
||||
it("should throw an error if the SIWE message's domain doesn't match", async () => {
|
||||
const request = { origin: 'https://mismatched-domain.com' };
|
||||
const { host: siweDomain } = new URL(origin);
|
||||
const { host: browserDomain } = new URL(request.origin);
|
||||
const expectedError = `SIWE domain is not valid: "${browserDomain}" !== "${siweDomain}"`;
|
||||
await expect(async () => {
|
||||
await messageManager.addUnapprovedMessage(msgParams, request);
|
||||
}).rejects.toThrow(expectedError);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user