diff --git a/libs/common/src/misc/utils.ts b/libs/common/src/misc/utils.ts
index e2d44443c2..93df47b39c 100644
--- a/libs/common/src/misc/utils.ts
+++ b/libs/common/src/misc/utils.ts
@@ -618,7 +618,11 @@ export class Utils {
}
/** Convert raw 16 byte array to standard format (XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) UUID. */
- static guidToStandardFormat(arr: Uint8Array) {
+ static guidToStandardFormat(bufferSource: BufferSource) {
+ const arr =
+ bufferSource instanceof ArrayBuffer
+ ? new Uint8Array(bufferSource)
+ : new Uint8Array(bufferSource.buffer);
// Note: Be careful editing this code! It's been tuned for performance
// and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434
const guid = (
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
index 82ebecfc09..cc7217f2c2 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@@ -103,7 +103,7 @@ describe("FidoAuthenticatorService", () => {
params = await createParams({
excludeCredentialDescriptorList: [
{
- id: Fido2Utils.stringToBuffer(excludedCipherView.fido2Key.nonDiscoverableId),
+ id: Utils.guidToRawFormat(excludedCipherView.fido2Key.nonDiscoverableId),
type: "public-key",
},
],
@@ -161,7 +161,7 @@ describe("FidoAuthenticatorService", () => {
excludedCipherView = await excludedCipher.decrypt();
params = await createParams({
excludeCredentialDescriptorList: [
- { id: Fido2Utils.stringToBuffer(excludedCipher.id), type: "public-key" },
+ { id: Utils.guidToRawFormat(excludedCipher.id), type: "public-key" },
],
});
cipherService.get.mockImplementation(async (id) =>
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
index 36a37648eb..f1a7288523 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@@ -53,13 +53,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint);
}
- const isExcluded = await this.vaultContainsId(
- params.excludeCredentialDescriptorList.map((key) => Fido2Utils.bufferToString(key.id))
- );
-
+ const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList);
if (isExcluded) {
await this.userInterface.informExcludedCredential(
- [Fido2Utils.bufferToString(params.excludeCredentialDescriptorList[0].id)],
+ [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
{
credentialName: params.rpEntity.name,
userName: params.userEntity.name,
@@ -152,9 +149,23 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
throw new Error("Not implemented");
}
- private async vaultContainsId(ids: string[]): Promise<boolean> {
- const ciphers = await this.cipherService.getAllDecrypted();
+ private async vaultContainsCredentials(
+ credentials: PublicKeyCredentialDescriptor[]
+ ): Promise<boolean> {
+ const ids: string[] = [];
+ for (const credential of credentials) {
+ try {
+ ids.push(Utils.guidToStandardFormat(credential.id));
+ // eslint-disable-next-line no-empty
+ } catch {}
+ }
+
+ if (ids.length === 0) {
+ return false;
+ }
+
+ const ciphers = await this.cipherService.getAllDecrypted();
return ciphers.some(
(cipher) =>
(cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||