[EC-598] feat: allow user to confirm duplication

2025-03-02 03:41:09 +01:00 · 2023-03-21 14:55:49 +01:00 · 2023-03-21 14:55:49 +01:00 · 078bf9dcb5
commit 078bf9dcb5
parent c8ab590086
3 changed files with 33 additions and 3 deletions
--- a/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
+++ b/libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
@ -2,6 +2,16 @@ export abstract class Fido2AuthenticatorService {
  makeCredential: (params: Fido2AuthenticatorMakeCredentialsParams) => void;
 }

+export enum Fido2AutenticatorErrorCode {
+  CTAP2_ERR_CREDENTIAL_EXCLUDED,
+}
+
+export class Fido2AutenticatorError extends Error {
+  constructor(readonly errorCode: Fido2AutenticatorErrorCode) {
+    super(Fido2AutenticatorErrorCode[errorCode]);
+  }
+}
+
 /**
 * Parameters for {@link Fido2AuthenticatorService.makeCredential}
 *
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@ -6,7 +6,10 @@ import { Utils } from "../../misc/utils";
 import { CipherService } from "../../vault/abstractions/cipher.service";
 import { CipherType } from "../../vault/enums/cipher-type";
 import { CipherView } from "../../vault/models/view/cipher.view";
-import { Fido2AuthenticatorMakeCredentialsParams } from "../abstractions/fido2-authenticator.service.abstraction";
+import {
+  Fido2AutenticatorErrorCode,
+  Fido2AuthenticatorMakeCredentialsParams,
+} from "../abstractions/fido2-authenticator.service.abstraction";
 import { Fido2UserInterfaceService } from "../abstractions/fido2-user-interface.service.abstraction";
 import { Fido2Utils } from "../abstractions/fido2-utils";
 import { Fido2KeyView } from "../models/view/fido2-key.view";
@ -40,13 +43,24 @@ describe("FidoAuthenticatorService", () => {
      });

      /** Spec: wait for user presence */
-      it("should wait for confirmation from user", async () => {
+      it("should request confirmation from user", async () => {
        userInterface.confirmDuplicateCredential.mockResolvedValue(true);

        await authenticator.makeCredential(params);

        expect(userInterface.confirmDuplicateCredential).toHaveBeenCalled();
      });
+
+      /** Spec: then terminate this procedure and return error code */
+      it("should throw error if user denies duplication", async () => {
+        userInterface.confirmDuplicateCredential.mockResolvedValue(false);
+
+        const result = async () => await authenticator.makeCredential(params);
+
+        await expect(result).rejects.toThrowError(
+          Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED]
+        );
+      });
    });
  });
 });
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@ -1,5 +1,7 @@
 import { CipherService } from "../../vault/services/cipher.service";
 import {
+  Fido2AutenticatorError,
+  Fido2AutenticatorErrorCode,
  Fido2AuthenticatorMakeCredentialsParams,
  Fido2AuthenticatorService as Fido2AuthenticatorServiceAbstraction,
 } from "../abstractions/fido2-authenticator.service.abstraction";
@ -17,12 +19,16 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
  ) {}

  async makeCredential(params: Fido2AuthenticatorMakeCredentialsParams): Promise<void> {
-    this.userInterface.confirmDuplicateCredential(
+    const userConfirmation = await this.userInterface.confirmDuplicateCredential(
      [Fido2Utils.bufferToString(params.excludeList[0].id)],
      {
        credentialName: params.rp.name,
        userName: params.user.name,
      }
    );
+
+    if (!userConfirmation) {
+      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED);
+    }
  }
 }