normalize domains before comparing

solana-developers · Oct 2, 2024 · beb8c77 · beb8c77
1 parent 65888c2
commit beb8c77
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/packages/solana-actions/src/signMessageData.ts b/packages/solana-actions/src/signMessageData.ts
@@ -114,12 +114,15 @@ export function verifySignMessageData(
       errors.push(SignMessageVerificationErrorType.ADDRESS_MISMATCH);
     }
 
-    // verify if parsed domain is in the expected domains
-    if (expectedDomains && !expectedDomains.includes(data.domain)) {
-      errors.push(SignMessageVerificationErrorType.DOMAIN_MISMATCH);
+    if (expectedDomains) {
+      const expectedDomainsNormalized = expectedDomains.map(normalizeDomain);
+      const normalizedDomain = normalizeDomain(data.domain);
+
+      if (!expectedDomainsNormalized.includes(normalizedDomain)) {
+        errors.push(SignMessageVerificationErrorType.DOMAIN_MISMATCH);
+      }
     }
 
-    // verify if parsed chainId is same as the expected chainId
     if (
       expectedChainIds &&
       data.chainId &&
@@ -128,7 +131,6 @@ export function verifySignMessageData(
       errors.push(SignMessageVerificationErrorType.CHAIN_ID_MISMATCH);
     }
 
-    // verify if parsed issuedAt is within +- issuedAtThreshold of the current timestamp
     if (issuedAtThreshold !== undefined) {
       const iat = Date.parse(data.issuedAt);
       if (Math.abs(iat - now) > issuedAtThreshold) {
@@ -149,3 +151,7 @@ export function verifySignMessageData(
     return [SignMessageVerificationErrorType.INVALID_DATA];
   }
 }
+
+function normalizeDomain(domain: string): string {
+  return domain.replace(/^www\./, "");
+}
diff --git a/packages/solana-actions/test/signMessageData.test.ts b/packages/solana-actions/test/signMessageData.test.ts
@@ -214,6 +214,15 @@ Issued At: ${validSignMessageData.issuedAt}
       expect(errors).toStrictEqual([]);
     });
 
+    it("should pass verification with www domain data", () => {
+      const opts = {
+        expectedDomains: ["www.example.com"],
+      };
+
+      const errors = verifySignMessageData(validSignMessageData, opts);
+      expect(errors).toStrictEqual([]);
+    });
+
     it("should return ADDRESS_MISMATCH error if the address does not match", () => {
       const opts = {
         ...verificationOptions,