Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-03-02 03:41:09 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: hash client data and throw if aborted

Browse Source
This commit is contained in:
Andreas Coroiu 2023-03-30 15:05:58 +02:00
parent 259e646ed7
commit 6fd5801739
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libs/common/src/webauthn/services/fido2-client.service.spec.ts
View File

@ -100,6 +100,21 @@ describe("FidoAuthenticatorService", () => {
}); });
}); });
describe("aborting", () => {
// Spec: If the options.signal is present and its aborted flag is set to true, return a DOMException whose name is "AbortError" and terminate this algorithm.
it("should throw error if aborting using abort controller", async () => {
const params = createParams({});
const abortController = new AbortController();
abortController.abort();
const result = async () => await client.createCredential(params, abortController);
const rejects = expect(result).rejects;
await rejects.toMatchObject({ name: "AbortError" });
await rejects.toBeInstanceOf(DOMException);
});
});
function createParams(params: Partial<CreateCredentialParams> = {}): CreateCredentialParams { function createParams(params: Partial<CreateCredentialParams> = {}): CreateCredentialParams {
return { return {
origin: params.origin ?? "bitwarden.com", origin: params.origin ?? "bitwarden.com",

23
libs/common/src/webauthn/services/fido2-client.service.ts
View File

@ -1,5 +1,6 @@
import { parse } from "tldts"; import { parse } from "tldts";
import { Utils } from "../../misc/utils";
import { Fido2AuthenticatorService } from "../abstractions/fido2-authenticator.service.abstraction"; import { Fido2AuthenticatorService } from "../abstractions/fido2-authenticator.service.abstraction";
import { import {
AssertCredentialParams, AssertCredentialParams,
@ -14,9 +15,9 @@ import { Fido2Utils } from "../abstractions/fido2-utils";
export class Fido2ClientService implements Fido2ClientServiceAbstraction { export class Fido2ClientService implements Fido2ClientServiceAbstraction {
constructor(private authenticator: Fido2AuthenticatorService) {} constructor(private authenticator: Fido2AuthenticatorService) {}
createCredential( async createCredential(
params: CreateCredentialParams, params: CreateCredentialParams,
abortController?: AbortController abortController: AbortController = new AbortController()
): Promise<CreateCredentialResult> { ): Promise<CreateCredentialResult> {
if (!params.sameOriginWithAncestors) { if (!params.sameOriginWithAncestors) {
throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError"); throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError");
@ -52,6 +53,24 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
if (credTypesAndPubKeyAlgs.length === 0) { if (credTypesAndPubKeyAlgs.length === 0) {
throw new DOMException("No supported key algorithms were found", "NotSupportedError"); throw new DOMException("No supported key algorithms were found", "NotSupportedError");
} }
const collectedClientData = {
type: "webauthn.create",
challenge: params.challenge,
origin: params.origin,
crossOrigin: !params.sameOriginWithAncestors,
// tokenBinding: {} // Not currently supported
};
const clientDataJSON = JSON.stringify(collectedClientData);
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const clientDataHash = await crypto.subtle.digest(
{ name: "SHA-256" },
Utils.fromByteStringToArray(clientDataJSON)
);
if (abortController.signal.aborted) {
throw new DOMException(undefined, "AbortError");
}
} }
assertCredential( assertCredential(