diff --git a/packages/siwe/lib/client.test.ts b/packages/siwe/lib/client.test.ts index 1e903a6c..c59255ae 100644 --- a/packages/siwe/lib/client.test.ts +++ b/packages/siwe/lib/client.test.ts @@ -57,6 +57,7 @@ describe(`Message verification without suppressExceptions`, () => { .verify({ signature: test_fields.signature, time: (test_fields as any).time || test_fields.issuedAt, + scheme: (test_fields as any).scheme, domain: (test_fields as any).domainBinding, nonce: (test_fields as any).matchNonce, }) @@ -85,6 +86,7 @@ describe(`Message verification without suppressExceptions`, () => { .verify({ signature: test_fields.signature, time: (test_fields as any).time || test_fields.issuedAt, + scheme: (test_fields as any).scheme, domain: (test_fields as any).domainBinding, nonce: (test_fields as any).matchNonce, }) @@ -109,6 +111,7 @@ describe(`Message verification with suppressExceptions`, () => { { signature: test_fields.signature, time: (test_fields as any).time || test_fields.issuedAt, + scheme: (test_fields as any).scheme, domain: (test_fields as any).domainBinding, nonce: (test_fields as any).matchNonce, }, diff --git a/packages/siwe/lib/client.ts b/packages/siwe/lib/client.ts index 978a6a8f..1fd53a45 100644 --- a/packages/siwe/lib/client.ts +++ b/packages/siwe/lib/client.ts @@ -25,7 +25,7 @@ import { } from './utils'; export class SiweMessage { - /**RFC 3986 URI scheme */ + /**RFC 3986 URI scheme for the authority that is requesting the signing. */ scheme?: string; /**RFC 4501 dns authority that is requesting the signing. */ domain: string; @@ -118,7 +118,7 @@ export class SiweMessage { /** Validates all fields of the object */ this.validateMessage(); const headerPrefx = this.scheme ? `${this.scheme}://${this.domain}` : this.domain; - const header = `${headerPrefx} wants you to sign in with your Ethereum account:`; + const header = `${headerPrefx} wants you to sign in with your Ethereum account:`; const uriField = `URI: ${this.uri}`; let prefix = [header, this.address].join('\n'); const versionField = `Version: ${this.version}`; @@ -250,7 +250,20 @@ export class SiweMessage { }); } - const { signature, domain, nonce, time } = params; + const { signature, scheme, domain, nonce, time } = params; + + /** Scheme for domain binding */ + if (scheme && scheme !== this.scheme) { + fail({ + success: false, + data: this, + error: new SiweError( + SiweErrorType.SCHEME_MISMATCH, + scheme, + this.scheme + ), + }); + } /** Domain binding */ if (domain && domain !== this.domain) { diff --git a/packages/siwe/lib/types.ts b/packages/siwe/lib/types.ts index acf5b969..66bcdfd8 100644 --- a/packages/siwe/lib/types.ts +++ b/packages/siwe/lib/types.ts @@ -5,6 +5,9 @@ export interface VerifyParams { /** Signature of the message signed by the wallet */ signature: string; + /** RFC 3986 URI scheme for the authority that is requesting the signing. */ + scheme?: string; + /** RFC 4501 dns authority that is requesting the signing. */ domain?: string; @@ -17,6 +20,7 @@ export interface VerifyParams { export const VerifyParamsKeys: Array = [ 'signature', + 'scheme', 'domain', 'nonce', 'time', @@ -63,8 +67,8 @@ export class SiweError { this.received = received; } - /** Type of the error. */ - type: SiweErrorType | string; + /** Type of the error. */ + type: SiweErrorType | string; /** Expected value or condition to pass. */ expected?: string; @@ -83,6 +87,9 @@ export enum SiweErrorType { /** `domain` is not a valid authority or is empty. */ INVALID_DOMAIN = 'Invalid domain.', + /** `scheme` don't match the scheme provided for verification. */ + SCHEME_MISMATCH = 'Scheme does not match provided scheme for verification.', + /** `domain` don't match the domain provided for verification. */ DOMAIN_MISMATCH = 'Domain does not match provided domain for verification.',