[EC-598] feat: check user id length

2025-02-08 00:01:28 +01:00 · 2023-03-30 13:54:46 +02:00 · 2023-03-30 13:54:46 +02:00 · b8821ccd3d
commit b8821ccd3d
parent f172625f26
2 changed files with 34 additions and 3 deletions
--- a/libs/common/src/webauthn/services/fido2-client.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-client.service.spec.ts
@ -19,12 +19,37 @@ describe("FidoAuthenticatorService", () => {
  describe("createCredential", () => {
    describe("invalid input parameters", () => {
      /** Spec: If sameOriginWithAncestors is false, return a "NotAllowedError" DOMException. */
-      it("throw error if sameOriginWithAncestors is false", async () => {
+      it("should throw error if sameOriginWithAncestors is false", async () => {
        const params = createParams({ sameOriginWithAncestors: false });

        const result = async () => await client.createCredential(params);

-        await expect(result).rejects.toThrowError(new DOMException(undefined, "NotAllowedError"));
+        const rejects = await expect(result).rejects;
+        rejects.toMatchObject({ name: "NotAllowedError" });
+        rejects.toBeInstanceOf(DOMException);
+      });
+
+      /** Spec: If the length of options.user.id is not between 1 and 64 bytes (inclusive) then return a TypeError. */
+      it("should throw error if user.id is too small", async () => {
+        const params = createParams({ user: { id: "", displayName: "name" } });
+
+        const result = async () => await client.createCredential(params);
+
+        await expect(result).rejects.toBeInstanceOf(TypeError);
+      });
+
+      /** Spec: If the length of options.user.id is not between 1 and 64 bytes (inclusive) then return a TypeError. */
+      it("should throw error if user.id is too large", async () => {
+        const params = createParams({
+          user: {
+            id: "YWJzb2x1dGVseS13YXktd2F5LXRvby1sYXJnZS1iYXNlNjQtZW5jb2RlZC11c2VyLWlkLWJpbmFyeS1zZXF1ZW5jZQ",
+            displayName: "name",
+          },
+        });
+
+        const result = async () => await client.createCredential(params);
+
+        await expect(result).rejects.toBeInstanceOf(TypeError);
      });
    });

--- a/libs/common/src/webauthn/services/fido2-client.service.ts
+++ b/libs/common/src/webauthn/services/fido2-client.service.ts
@ -6,6 +6,7 @@ import {
  CreateCredentialResult,
  Fido2ClientService as Fido2ClientServiceAbstraction,
 } from "../abstractions/fido2-client.service.abstraction";
+import { Fido2Utils } from "../abstractions/fido2-utils";

 export class Fido2ClientService implements Fido2ClientServiceAbstraction {
  constructor(private authenticator: Fido2AuthenticatorService) {}
@ -15,7 +16,12 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
    abortController?: AbortController
  ): Promise<CreateCredentialResult> {
    if (!params.sameOriginWithAncestors) {
-      throw new DOMException(undefined, "NotAllowedError");
+      throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError");
+    }
+
+    const userId = Fido2Utils.stringToBuffer(params.user.id);
+    if (userId.length < 1 || userId.length > 64) {
+      throw new TypeError("Invalid 'user.id' length");
    }

    throw new Error("Not implemented");