1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 01:39:44 +01:00

Sign-in with Ethereum Domain Binding (#16616)

* message error exploration

* validate siwe domain

* remove log

* added addUnapprovedMessage siwe tests

* updated error message + test

* improve detection test with counter-example

* fix test with mock

* added rejects
This commit is contained in:
Sam Gbafa 2023-02-08 07:06:01 -08:00 committed by GitHub
parent 1d0522fd88
commit 3233f76041
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 0 deletions

View File

@ -153,6 +153,15 @@ export default class PersonalMessageManager extends EventEmitter {
const siwe = detectSIWE(msgParams);
msgParams.siwe = siwe;
if (siwe.isSIWEMessage && req.origin) {
const { host } = new URL(req.origin);
if (siwe.parsedMessage.domain !== host) {
throw new Error(
`SIWE domain is not valid: "${host}" !== "${siwe.parsedMessage.domain}"`,
);
}
}
// create txData obj with parameters and meta data
const time = new Date().getTime();
const msgId = createId();

View File

@ -7,6 +7,7 @@ describe('Personal Message Manager', () => {
beforeEach(() => {
messageManager = new PersonalMessageManager({
metricsEvent: jest.fn(),
securityProviderRequest: jest.fn(),
});
});
@ -147,4 +148,45 @@ describe('Personal Message Manager', () => {
expect(output).toStrictEqual('0x12');
});
});
describe('#addUnapprovedMessage', () => {
const origin = 'http://localhost:8080';
const from = '0xFb2C15004343904e5f4082578c4e8e11105cF7e3';
const msgParams = {
from,
data: '0x6c6f63616c686f73743a383038302077616e747320796f7520746f207369676e20696e207769746820796f757220457468657265756d206163636f756e743a0a3078466232433135303034333433393034653566343038323537386334653865313131303563463765330a0a436c69636b20746f207369676e20696e20616e642061636365707420746865205465726d73206f6620536572766963653a2068747470733a2f2f636f6d6d756e6974792e6d6574616d61736b2e696f2f746f730a0a5552493a20687474703a2f2f6c6f63616c686f73743a383038300a56657273696f6e3a20310a436861696e2049443a20310a4e6f6e63653a2053544d74364b514d7777644f58453330360a4973737565642041743a20323032322d30332d31385432313a34303a34302e3832335a0a5265736f75726365733a0a2d20697066733a2f2f516d653773733341525667787636725871565069696b4d4a3875324e4c676d67737a673133705972444b456f69750a2d2068747470733a2f2f6578616d706c652e636f6d2f6d792d776562322d636c61696d2e6a736f6e',
};
it('should detect SIWE messages', async () => {
const request = { origin };
const nonSiweMsgParams = {
from,
data: '0x879a053d4800c6354e76c7985a865d2922c82fb5b3f4577b2fe08b998954f2e0',
};
// siwe message
const msgId = await messageManager.addUnapprovedMessage(
msgParams,
request,
);
const result = messageManager.getMsg(msgId);
expect(result.msgParams.siwe.isSIWEMessage).toStrictEqual(true);
// non-siwe message
const msgId2 = await messageManager.addUnapprovedMessage(
nonSiweMsgParams,
request,
);
const result2 = messageManager.getMsg(msgId2);
expect(result2.msgParams.siwe.isSIWEMessage).toStrictEqual(false);
});
it("should throw an error if the SIWE message's domain doesn't match", async () => {
const request = { origin: 'https://mismatched-domain.com' };
const { host: siweDomain } = new URL(origin);
const { host: browserDomain } = new URL(request.origin);
const expectedError = `SIWE domain is not valid: "${browserDomain}" !== "${siweDomain}"`;
await expect(async () => {
await messageManager.addUnapprovedMessage(msgParams, request);
}).rejects.toThrow(expectedError);
});
});
});