Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-01 23:01:28 +01:00
Code Issues Projects Releases Wiki Activity

[EC-598] feat: don't leak internal errors during creation

Browse Source
This commit is contained in:
Andreas Coroiu 2023-03-24 16:30:20 +01:00
parent e327e3f9d8
commit 800f032e92
No known key found for this signature in database
GPG Key ID: E70B5FFC81DFEC1A
2 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
View File

@ -202,6 +202,18 @@ describe("FidoAuthenticatorService", () => {
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
});
/** Spec: If any error occurred while creating the new credential object, return an error code equivalent to "UnknownError" and terminate the operation. */
it("should throw unkown error if creation fails", async () => {
const encryptedCipher = Symbol();
userInterface.confirmNewCredential.mockResolvedValue(true);
cipherService.encrypt.mockResolvedValue(encryptedCipher as unknown as Cipher);
cipherService.createWithServer.mockRejectedValue(new Error("Internal error"));
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.Unknown);
});
});
describe("creation of non-discoverable credential", () => {
@ -270,6 +282,18 @@ describe("FidoAuthenticatorService", () => {
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.NotAllowed);
});
/** Spec: If any error occurred while creating the new credential object, return an error code equivalent to "UnknownError" and terminate the operation. */
it("should throw unkown error if creation fails", async () => {
const encryptedCipher = Symbol();
userInterface.confirmNewNonDiscoverableCredential.mockResolvedValue(existingCipherView.id);
cipherService.encrypt.mockResolvedValue(encryptedCipher as unknown as Cipher);
cipherService.updateWithServer.mockRejectedValue(new Error("Internal error"));
const result = async () => await authenticator.makeCredential(params);
await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.Unknown);
});
});
});
});

8
libs/common/src/webauthn/services/fido2-authenticator.service.ts
View File

@ -70,6 +70,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
}
try {
const keyPair = await this.createKeyPair();
const cipher = new CipherView();
@ -78,6 +79,9 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
const encrypted = await this.cipherService.encrypt(cipher);
await this.cipherService.createWithServer(encrypted);
} catch {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
}
} else {
const cipherId = await this.userInterface.confirmNewNonDiscoverableCredential({
credentialName: params.rpEntity.name,
@ -88,6 +92,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
}
try {
const keyPair = await this.createKeyPair();
const encrypted = await this.cipherService.get(cipherId);
@ -95,6 +100,9 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
cipher.fido2Key = await this.createKeyView(params, keyPair.privateKey);
const reencrypted = await this.cipherService.encrypt(cipher);
await this.cipherService.updateWithServer(reencrypted);
} catch {
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
}
}
}