From c289b3b8a4e5fd5b613175962d90d766af3cef97 Mon Sep 17 00:00:00 2001 From: SmithThe4th Date: Wed, 27 Dec 2023 14:32:54 -0500 Subject: [PATCH] Removed automatic fallback to browser when no credentials exist (#7135) Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com> --- .../fido2/fido2-authenticator.service.spec.ts | 12 ------------ .../services/fido2/fido2-authenticator.service.ts | 5 ----- .../src/vault/services/fido2/fido2-client.service.ts | 5 ----- 3 files changed, 22 deletions(-) diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts index 4aea998981..6daa1c54fd 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts @@ -9,7 +9,6 @@ import { Fido2AuthenticatorGetAssertionParams, Fido2AuthenticatorMakeCredentialsParams, } from "../../abstractions/fido2/fido2-authenticator.service.abstraction"; -import { FallbackRequestedError } from "../../abstractions/fido2/fido2-client.service.abstraction"; import { Fido2UserInterfaceService, Fido2UserInterfaceSession, @@ -484,17 +483,6 @@ describe("FidoAuthenticatorService", () => { expect(userInterfaceSession.informCredentialNotFound).toHaveBeenCalled(); }); - it("should automatically fallback if no credential exists when fallback is supported", async () => { - params.fallbackSupported = true; - cipherService.getAllDecrypted.mockResolvedValue([]); - userInterfaceSession.informCredentialNotFound.mockResolvedValue(); - - const result = async () => await authenticator.getAssertion(params, tab); - - await expect(result).rejects.toThrowError(FallbackRequestedError); - expect(userInterfaceSession.informCredentialNotFound).not.toHaveBeenCalled(); - }); - it("should inform user if credential exists but rpId does not match", async () => { const cipher = await createCipherView({ type: CipherType.Login }); cipher.login.fido2Credentials[0].credentialId = credentialId; diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts index faeb95f70a..4b4d93a949 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts @@ -12,7 +12,6 @@ import { Fido2AuthenticatorService as Fido2AuthenticatorServiceAbstraction, PublicKeyCredentialDescriptor, } from "../../abstractions/fido2/fido2-authenticator.service.abstraction"; -import { FallbackRequestedError } from "../../abstractions/fido2/fido2-client.service.abstraction"; import { Fido2UserInterfaceService } from "../../abstractions/fido2/fido2-user-interface.service.abstraction"; import { SyncService } from "../../abstractions/sync/sync.service.abstraction"; import { CipherRepromptType } from "../../enums/cipher-reprompt-type"; @@ -225,10 +224,6 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr `[Fido2Authenticator] Aborting because no matching credentials were found in the vault.`, ); - if (params.fallbackSupported) { - throw new FallbackRequestedError(); - } - await userInterfaceSession.informCredentialNotFound(); throw new Fido2AuthenticatorError(Fido2AuthenticatorErrorCode.NotAllowed); } diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts index d3d576980e..4f446b112d 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts @@ -272,11 +272,6 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction { abortController, ); } catch (error) { - if (error instanceof FallbackRequestedError) { - this.logService?.info(`[Fido2Client] Aborting because of auto fallback`); - throw error; - } - if ( abortController.signal.aborted && abortController.signal.reason === UserRequestedFallbackAbortReason