[EC-598] fix: properly convert credentials to guid raw format

2025-01-31 22:51:28 +01:00 · 2023-03-28 15:50:01 +02:00 · 2023-03-28 15:50:01 +02:00 · 80fbfc9d13
commit 80fbfc9d13
parent c882c37f82
3 changed files with 25 additions and 10 deletions
--- a/libs/common/src/misc/utils.ts
+++ b/libs/common/src/misc/utils.ts
@ -618,7 +618,11 @@ export class Utils {
  }

  /** Convert raw 16 byte array to standard format (XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) UUID. */
-  static guidToStandardFormat(arr: Uint8Array) {
+  static guidToStandardFormat(bufferSource: BufferSource) {
+    const arr =
+      bufferSource instanceof ArrayBuffer
+        ? new Uint8Array(bufferSource)
+        : new Uint8Array(bufferSource.buffer);
    // Note: Be careful editing this code!  It's been tuned for performance
    // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434
    const guid = (
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@ -103,7 +103,7 @@ describe("FidoAuthenticatorService", () => {
        params = await createParams({
          excludeCredentialDescriptorList: [
            {
-              id: Fido2Utils.stringToBuffer(excludedCipherView.fido2Key.nonDiscoverableId),
+              id: Utils.guidToRawFormat(excludedCipherView.fido2Key.nonDiscoverableId),
              type: "public-key",
            },
          ],
@ -161,7 +161,7 @@ describe("FidoAuthenticatorService", () => {
        excludedCipherView = await excludedCipher.decrypt();
        params = await createParams({
          excludeCredentialDescriptorList: [
-            { id: Fido2Utils.stringToBuffer(excludedCipher.id), type: "public-key" },
+            { id: Utils.guidToRawFormat(excludedCipher.id), type: "public-key" },
          ],
        });
        cipherService.get.mockImplementation(async (id) =>
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@ -53,13 +53,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint);
    }

-    const isExcluded = await this.vaultContainsId(
-      params.excludeCredentialDescriptorList.map((key) => Fido2Utils.bufferToString(key.id))
-    );
-
+    const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList);
    if (isExcluded) {
      await this.userInterface.informExcludedCredential(
-        [Fido2Utils.bufferToString(params.excludeCredentialDescriptorList[0].id)],
+        [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
        {
          credentialName: params.rpEntity.name,
          userName: params.userEntity.name,
@ -152,9 +149,23 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
    throw new Error("Not implemented");
  }

-  private async vaultContainsId(ids: string[]): Promise<boolean> {
-    const ciphers = await this.cipherService.getAllDecrypted();
+  private async vaultContainsCredentials(
+    credentials: PublicKeyCredentialDescriptor[]
+  ): Promise<boolean> {
+    const ids: string[] = [];

+    for (const credential of credentials) {
+      try {
+        ids.push(Utils.guidToStandardFormat(credential.id));
+        // eslint-disable-next-line no-empty
+      } catch {}
+    }
+
+    if (ids.length === 0) {
+      return false;
+    }
+
+    const ciphers = await this.cipherService.getAllDecrypted();
    return ciphers.some(
      (cipher) =>
        (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||