feat: controller-utils: Add Sign-in-with-Ethereum origin validation

[legobeat]

Sign-in-with-Ethereum origin validation

• Add function isValidSIWEOrigin for origin validation of SIWE requests

Description

This is intended as a starting point and the current validation logic needs to be replaced or extended before merging.

• ADDED:

  • controller-utils: Add function isValidSIWEOrigin for origin validation of SIWE requests

Checklist

• Tests are included if applicable
• Any added code is fully documented

Issue

• Corresponding PR to use this in metamask-extension: Use SIWE origin validation logic from @metamask/controller-utils metamask-extension#18518
• Code broken out from Sign in with Ethereum: domain and origin should compare without port metamask-extension#18296
  • The current implementation is incomplete: There are invalid origins it accepts, and valid origins it rejects. Some of these are included in this PR as commented-out failing cases.
  • Some notes here
  • Sign in with Ethereum: domain and origin should compare without port metamask-extension#18296 (review)
• Other SIWE parts being migrated from extension to this repo
  • feat: use siwe detection from @metamask/controller-utils metamask-extension#18409

[legobeat]

Updated with proposal of new implementation of validation logic. For context see comment thread in MetaMask/metamask-extension#18188.

Test cases in siwe.test.js serve as reference for what's intended pass/fail for various scenarios.

[naugtur]

Why is URL() not used here? It would parse the origin to an object representation and let us remap the fields onto what we need.

[legobeat]

Main motivation being transparency (in terms of implementation) and flexibility (in case expected behavior would change).

I just pushed changes which replace both of the custom parsing implementations with URL(). As you note, the origin is the more obvious one.

https://github.com/MetaMask/core/pull/1163/files#diff-c7f76a57f21551632599e2cfb0cda2a7bd6e893fdf38e15b3ab49fd4420402e5R73 feels so-so, so I'm open to reverting the parseDomainParts part but mostly agnostic on which approach we use here.

[digiwand]

👍

[digiwand]

lgtm! nice implementation with tests! helpful change to provide better accuracy for domain binding warnings.

2 related notes for future iteration:

• I think when we introduce developer-mode and further restrict domain binding, we will want to update this logic. maybe we can consider providing the mismatched parts to the UI in this future iteration
• maybe we can consider running the check where we call detectSIWE and providing the value in the msgParams if the value will be handy in other places. In other words, we could replace calls to detectSIWE with something like detectSIWEAndCheckDomainBinding