diff --git a/libs/common/src/fido2/services/fido2-authenticator.service.spec.ts b/libs/common/src/fido2/services/fido2-authenticator.service.spec.ts index e392caf74c..7160d6716b 100644 --- a/libs/common/src/fido2/services/fido2-authenticator.service.spec.ts +++ b/libs/common/src/fido2/services/fido2-authenticator.service.spec.ts @@ -655,11 +655,16 @@ describe("FidoAuthenticatorService", () => { beforeEach(async () => { credentialIds = [Utils.newGuid(), Utils.newGuid()]; - ciphers = await Promise.all( - credentialIds.map((id) => - createCipherView({ type: CipherType.Login }, { nonDiscoverableId: id, rpId: RpId }) - ) - ); + ciphers = [ + await createCipherView( + { type: CipherType.Login }, + { nonDiscoverableId: credentialIds[0], rpId: RpId } + ), + await createCipherView( + { type: CipherType.Fido2Key, id: credentialIds[1] }, + { rpId: RpId } + ), + ]; params = await createParams({ allowCredentialDescriptorList: credentialIds.map((credentialId) => ({ id: Utils.guidToRawFormat(credentialId), diff --git a/libs/common/src/fido2/services/fido2-authenticator.service.ts b/libs/common/src/fido2/services/fido2-authenticator.service.ts index 00df0dcbf4..e1a848acda 100644 --- a/libs/common/src/fido2/services/fido2-authenticator.service.ts +++ b/libs/common/src/fido2/services/fido2-authenticator.service.ts @@ -66,7 +66,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint); } - const existingCipherIds = await this.findExistingCredentials( + const existingCipherIds = await this.findExcludedCredentials( params.excludeCredentialDescriptorList ); if (existingCipherIds.length > 0) { @@ -182,12 +182,12 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr // eslint-disable-next-line no-empty if (params.allowCredentialDescriptorList?.length > 0) { - cipherOptions = await this.findNonDiscoverableCredentials( + cipherOptions = await this.findCredentialsById( params.allowCredentialDescriptorList, params.rpId ); } else { - cipherOptions = await this.findDiscoverableCredentials(params.rpId); + cipherOptions = await this.findCredentialsByRp(params.rpId); } if (cipherOptions.length === 0) { @@ -254,7 +254,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr } /** Finds existing crendetials and returns the `cipherId` for each one */ - private async findExistingCredentials( + private async findExcludedCredentials( credentials: PublicKeyCredentialDescriptor[] ): Promise { const ids: string[] = []; @@ -274,6 +274,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr return ciphers .filter( (cipher) => + !cipher.isDeleted && cipher.organizationId == undefined && ((cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) || (cipher.type === CipherType.Login && @@ -283,7 +284,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr .map((cipher) => cipher.id); } - private async findNonDiscoverableCredentials( + private async findCredentialsById( credentials: PublicKeyCredentialDescriptor[], rpId: string ): Promise { @@ -303,15 +304,18 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr const ciphers = await this.cipherService.getAllDecrypted(); return ciphers.filter( (cipher) => - !cipher.isDeleted && - cipher.type === CipherType.Login && - cipher.login.fido2Key != undefined && - cipher.login.fido2Key.rpId === rpId && - ids.includes(cipher.login.fido2Key.nonDiscoverableId) + (!cipher.isDeleted && + cipher.type === CipherType.Login && + cipher.login.fido2Key != undefined && + cipher.login.fido2Key.rpId === rpId && + ids.includes(cipher.login.fido2Key.nonDiscoverableId)) || + (cipher.type === CipherType.Fido2Key && + cipher.fido2Key.rpId === rpId && + ids.includes(cipher.id)) ); } - private async findDiscoverableCredentials(rpId: string): Promise { + private async findCredentialsByRp(rpId: string): Promise { const ciphers = await this.cipherService.getAllDecrypted(); return ciphers.filter( (cipher) =>