[Bug]: Redesigned SIWE displays domain instead of URI field

lukaw3d commented 1 month ago

Describe the bug

URI field https://helloworld.io in SIWE message is not displayed

Expected behavior

See https://helloworld.io somewhere

Screenshots/Recordings

Screenshot from 2024-10-03 20-33-52

Steps to reproduce

Open https://metamask.github.io/test-dapp/ and run this in console:

address = (await window.ethereum.request({ method: 'eth_requestAccounts' }))[0]

message =
`metamask.github.io wants you to sign in with your Ethereum account:
${address}

I accept the MetaMask Terms of Service: https://community.metamask.io/tos

URI: https://helloworld.io
Version: 1
Chain ID: 1
Nonce: 32891757
Issued At: 2021-09-30T16:25:24.000Z`

window.ethereum.request({
  'method': 'personal_sign',
  'params': [
    Buffer.from(message, 'utf8').toString('hex'),
    address,
    'Example password'
  ]
})

URL field displays metamask.github.io

Error messages or log output

No response

Detection stage

In production (default)

Version

12.2.4

Build type

None

Browser

Chrome

Operating system

Linux

Hardware wallet

No response

Additional context

https://github.com/MetaMask/metamask-extension/blob/537b3fe32b8af594359e6c9180b9889288173e99/ui/pages/confirmations/components/confirm/info/personal-sign/siwe-sign/siwe-sign.tsx#L46-L48

doesn't use siweMessage.uri

cc @jpuri

Severity

No response

lukaw3d commented 1 month ago

For reference, if url and domain is message are swapped:

- `metamask.github.io wants you to sign in with your Ethereum account:
+ `helloworld.io wants you to sign in with your Ethereum account:

- URI: https://helloworld.io
+ URI: https://metamask.github.io

12.2.4 displayed: Screenshot from 2024-10-13 05-20-21

lukaw3d commented 1 month ago

If you still want the bad domain to also be visible on this screen then https://github.com/MetaMask/metamask-extension/pull/27754 isn't sufficient

MetaMask / metamask-extension