From 80fbfc9d13aa158db283033efeb0eba9236ef574 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Tue, 28 Mar 2023 15:50:01 +0200 Subject: [PATCH] [EC-598] fix: properly convert credentials to guid raw format --- libs/common/src/misc/utils.ts | 6 ++++- .../fido2-authenticator.service.spec.ts | 4 +-- .../services/fido2-authenticator.service.ts | 25 +++++++++++++------ 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/libs/common/src/misc/utils.ts b/libs/common/src/misc/utils.ts index e2d44443c2..93df47b39c 100644 --- a/libs/common/src/misc/utils.ts +++ b/libs/common/src/misc/utils.ts @@ -618,7 +618,11 @@ export class Utils { } /** Convert raw 16 byte array to standard format (XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) UUID. */ - static guidToStandardFormat(arr: Uint8Array) { + static guidToStandardFormat(bufferSource: BufferSource) { + const arr = + bufferSource instanceof ArrayBuffer + ? new Uint8Array(bufferSource) + : new Uint8Array(bufferSource.buffer); // Note: Be careful editing this code! It's been tuned for performance // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434 const guid = ( diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts index 82ebecfc09..cc7217f2c2 100644 --- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts +++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts @@ -103,7 +103,7 @@ describe("FidoAuthenticatorService", () => { params = await createParams({ excludeCredentialDescriptorList: [ { - id: Fido2Utils.stringToBuffer(excludedCipherView.fido2Key.nonDiscoverableId), + id: Utils.guidToRawFormat(excludedCipherView.fido2Key.nonDiscoverableId), type: "public-key", }, ], @@ -161,7 +161,7 @@ describe("FidoAuthenticatorService", () => { excludedCipherView = await excludedCipher.decrypt(); params = await createParams({ excludeCredentialDescriptorList: [ - { id: Fido2Utils.stringToBuffer(excludedCipher.id), type: "public-key" }, + { id: Utils.guidToRawFormat(excludedCipher.id), type: "public-key" }, ], }); cipherService.get.mockImplementation(async (id) => diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.ts index 36a37648eb..f1a7288523 100644 --- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts +++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts @@ -53,13 +53,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint); } - const isExcluded = await this.vaultContainsId( - params.excludeCredentialDescriptorList.map((key) => Fido2Utils.bufferToString(key.id)) - ); - + const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList); if (isExcluded) { await this.userInterface.informExcludedCredential( - [Fido2Utils.bufferToString(params.excludeCredentialDescriptorList[0].id)], + [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)], { credentialName: params.rpEntity.name, userName: params.userEntity.name, @@ -152,9 +149,23 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr throw new Error("Not implemented"); } - private async vaultContainsId(ids: string[]): Promise { - const ciphers = await this.cipherService.getAllDecrypted(); + private async vaultContainsCredentials( + credentials: PublicKeyCredentialDescriptor[] + ): Promise { + const ids: string[] = []; + for (const credential of credentials) { + try { + ids.push(Utils.guidToStandardFormat(credential.id)); + // eslint-disable-next-line no-empty + } catch {} + } + + if (ids.length === 0) { + return false; + } + + const ciphers = await this.cipherService.getAllDecrypted(); return ciphers.some( (cipher) => (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||