Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-08 00:01:28 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: handle unsupported pinAuth

Browse Source
This commit is contained in:
Andreas Coroiu 2023-03-22 10:01:01 +01:00
parent e1833ca352
commit 260ea22adb
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/common/src/webauthn/abstractions/fido2-authenticator.service.abstraction.ts
View File

@ -11,6 +11,7 @@ export enum Fido2AutenticatorErrorCode {
CTAP2_ERR_CREDENTIAL_EXCLUDED,
CTAP2_ERR_UNSUPPORTED_ALGORITHM,
CTAP2_ERR_INVALID_OPTION,
CTAP2_ERR_PIN_AUTH_INVALID,
}
export class Fido2AutenticatorError extends Error {
@ -59,4 +60,5 @@ export interface Fido2AuthenticatorMakeCredentialsParams {
rk?: boolean;
uv?: boolean;
};
pinAuth?: unknown;
}

20
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@ -104,6 +104,25 @@ describe("FidoAuthenticatorService", () => {
);
});
});
/**
* Spec: Optionally, if the extensions parameter is present, process any extensions that this authenticator supports.
* Currently not supported.
*/
describe.skip("when extensions parameter is present", () => undefined);
/** Spec: If pinAuth parameter is present and the pinProtocol is not supported */
describe("when pinAuth parameter is present", () => {
it("should throw error", async () => {
const params = await createCredentialParams({ pinAuth: { key: "value" } });
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(
Fido2AutenticatorErrorCode[Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID]
);
});
});
});
});
@ -145,6 +164,7 @@ async function createCredentialParams(
rk: false as boolean,
uv: false as boolean,
},
pinAuth: params.pinAuth,
};
}

4
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@ -49,6 +49,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
if (params.options?.uv != undefined && typeof params.options.uv !== "boolean") {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_INVALID_OPTION);
}
if (params.pinAuth != undefined) {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_PIN_AUTH_INVALID);
}
}
private async vaultContainsId(ids: string[]): Promise<boolean> {