Skip to content

Commit bbfc297

Browse files
smilingkylansmilingkylan
committed
Add test for empty sig_params canonicalization
1 parent e24a386 commit bbfc297

File tree

1 file changed

+22
-18
lines changed

1 file changed

+22
-18
lines changed

app/core/DeeplinkManager/utils/verifySignature.test.ts

Lines changed: 22 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -288,24 +288,28 @@ describe('verifySignature', () => {
288288
);
289289
});
290290

291-
// it('includes only sig_params when sig_params is empty string', async () => {
292-
// const validSignature = Buffer.from(new Array(64).fill(0)).toString('base64');
293-
// // sig_params is EMPTY - means "sign only the base path"
294-
// // UTMs are added AFTER signing and should be ignored
295-
// const url = new URL(
296-
// `https://link.metamask.io/perps?sig_params=&sig=${validSignature}&utm_source=carousel&utm_medium=in-product`,
297-
// );
298-
299-
// mockSubtle.verify.mockResolvedValue(true);
300-
// await verifyDeeplinkSignature(url);
301-
302-
// const verifyCall = mockSubtle.verify.mock.calls[0];
303-
// const canonicalUrl = new TextDecoder().decode(verifyCall[3] as Uint8Array);
304-
305-
// // ONLY sig_params should be in canonical URL
306-
// // UTMs should be EXCLUDED (they were added after signing)
307-
// expect(canonicalUrl).toBe('https://link.metamask.io/perps?sig_params=');
308-
// });
291+
it('includes only sig_params when sig_params is empty string', async () => {
292+
const validSignature = Buffer.from(new Array(64).fill(0)).toString(
293+
'base64',
294+
);
295+
// sig_params is EMPTY - means "sign only the base path"
296+
// UTMs are added AFTER signing and should be ignored
297+
const url = new URL(
298+
`https://link.metamask.io/perps?sig_params=&sig=${validSignature}&utm_source=carousel&utm_medium=in-product`,
299+
);
300+
301+
mockSubtle.verify.mockResolvedValue(true);
302+
await verifyDeeplinkSignature(url);
303+
304+
const verifyCall = mockSubtle.verify.mock.calls[0];
305+
const canonicalUrl = new TextDecoder().decode(
306+
verifyCall[3] as Uint8Array,
307+
);
308+
309+
// ONLY sig_params should be in canonical URL
310+
// UTMs should be EXCLUDED (they were added after signing)
311+
expect(canonicalUrl).toBe('https://link.metamask.io/perps?sig_params=');
312+
});
309313

310314
describe('with sig_params', () => {
311315
it('includes only parameters listed in sig_params for verification', async () => {

0 commit comments

Comments
 (0)