Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-18 01:41:27 +01:00
Code Issues Projects Releases Wiki Activity

[PM-5725] New passkeys should always return 0 as counter value (#8024)

Browse Source 
* [PM-5725] feat: do not increment counter if is zero

* [PM-5725] feat: skip save to server when counter is 0
This commit is contained in:
Andreas Coroiu 2024-03-01 14:58:55 +01:00 committed by GitHub
parent 8d528c2d4a
commit 7bbde647f4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts
View File

@ -656,14 +656,14 @@ describe("FidoAuthenticatorService", () => {
beforeEach(init); beforeEach(init);
/** Spec: Increment the credential associated signature counter */ /** Spec: Increment the credential associated signature counter */
it("should increment counter", async () => { it("should increment counter and save to server when stored counter is larger than zero", async () => {
const encrypted = Symbol(); const encrypted = Symbol();
cipherService.encrypt.mockResolvedValue(encrypted as any); cipherService.encrypt.mockResolvedValue(encrypted as any);
ciphers[0].login.fido2Credentials[0].counter = 9000;
await authenticator.getAssertion(params, tab); await authenticator.getAssertion(params, tab);
expect(cipherService.updateWithServer).toHaveBeenCalledWith(encrypted); expect(cipherService.updateWithServer).toHaveBeenCalledWith(encrypted);
expect(cipherService.encrypt).toHaveBeenCalledWith( expect(cipherService.encrypt).toHaveBeenCalledWith(
expect.objectContaining({ expect.objectContaining({
id: ciphers[0].id, id: ciphers[0].id,
@ -678,6 +678,17 @@ describe("FidoAuthenticatorService", () => {
); );
}); });
/** Spec: Authenticators that do not implement a signature counter leave the signCount in the authenticator data constant at zero. */
it("should not save to server when stored counter is zero", async () => {
const encrypted = Symbol();
cipherService.encrypt.mockResolvedValue(encrypted as any);
ciphers[0].login.fido2Credentials[0].counter = 0;
await authenticator.getAssertion(params, tab);
expect(cipherService.updateWithServer).not.toHaveBeenCalled();
});
it("should return an assertion result", async () => { it("should return an assertion result", async () => {
const result = await authenticator.getAssertion(params, tab); const result = await authenticator.getAssertion(params, tab);

11
libs/common/src/vault/services/fido2/fido2-authenticator.service.ts
View File

@ -257,14 +257,19 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
const selectedFido2Credential = selectedCipher.login.fido2Credentials[0]; const selectedFido2Credential = selectedCipher.login.fido2Credentials[0];
const selectedCredentialId = selectedFido2Credential.credentialId; const selectedCredentialId = selectedFido2Credential.credentialId;
++selectedFido2Credential.counter; if (selectedFido2Credential.counter > 0) {
++selectedFido2Credential.counter;
}
selectedCipher.localData = { selectedCipher.localData = {
...selectedCipher.localData, ...selectedCipher.localData,
lastUsedDate: new Date().getTime(), lastUsedDate: new Date().getTime(),
}; };
const encrypted = await this.cipherService.encrypt(selectedCipher);
await this.cipherService.updateWithServer(encrypted); if (selectedFido2Credential.counter > 0) {
const encrypted = await this.cipherService.encrypt(selectedCipher);
await this.cipherService.updateWithServer(encrypted);
}
const authenticatorData = await generateAuthData({ const authenticatorData = await generateAuthData({
rpId: selectedFido2Credential.rpId, rpId: selectedFido2Credential.rpId,